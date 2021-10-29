Language Selection

Security Leftovers

Security
  • An Inside Look at a K-12 Ransomware Incident (Part 2) [Ed: Responsible teachers and pupils don't use Microsoft Windows in schools]

    In 2020, there were 408 publicly-disclosed cyber incidents impacting K-12 school districts. Of those 408 incidents, roughly 50 consisted of ransomware. These incidents often resulted in school closures and prevented districts from accessing sensitive data and critical systems because they were encrypted by cybercriminals.

    During an attack, school district IT teams scramble to find all the ransomware symptoms to see which systems have been impacted and assess the severity. Another threat emerging is the exfiltration of data by attackers to try and force school districts to pay the ransom. This makes data loss prevention for districts more critical to have in place as part of their cloud application security checklist.

  • WebSpec, a formal framework for browser security analysis, reveals new cookie attack

    Folks at Technische Universität Wien in Austria have devised a formal security framework called WebSpec to analyze browser security.

    And they've used it to identify multiple logical flaws affecting web browsers, revealing a new cookie-based attack and an unresolved Content Security Policy contradiction.

    These logical flaws are not necessarily security vulnerabilities, but they can be. They're inconsistencies between Web platform specifications and the way these specs actually get implemented within web browsers.

    WebSpec was developed by Lorenzo Veronese, Benjamin Farinier, Mauro Tempesta, Marco Squarcina, Matteo Maffei in an effort to bring rigor to web security through automated, verifiable rule checking rather than manual evaluation.

  • Wireshark 3.6.1

    Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed. Wireshark is perhaps one of the best open source packet analyzers available today.

  • Broward Breach Highlights Healthcare Supply-Chain Problems

    The attackers breached the Broward Health network by compromising a third-party provider on Oct. 15, according to the organization’s disclosure, accessing: patient names; dates of birth; addresses; phone numbers; financial or bank information; Social-Security numbers; insurance information and account numbers; medical information including history, treatment and diagnosis; driver’s license numbers; and email addresses.

  • Latest web hacking tools – Q1 2022 | The Daily Swig

    After our recent end-of-year retrospectives, it’s time to look back again – this time at some of the most compelling open source hacking tools released during the final quarter of 2021.

    The arsenals of pen testers, researchers, and bug hunters have been bolstered for 2022 by new tools for detecting dependency confusion attacks, finding novel HTTP request smuggling techniques, and uncovering leaked, paired private and public keys that are potentially dangerous.

  • Key Considerations for Canada’s Forthcoming National Cyber Security Strategy

    On December 16, Prime Minister Justin Trudeau released mandate letters tasking his ministers of national defense, foreign affairs, public safety, and industry to develop a new “National Cyber Security Strategy.” He specifically highlighted the need for the strategy to “articulate Canada’s long-term strategy to protect our national security and economy, deter cyber threat actors, and promote norms-based international behavior in cyberspace,” as quoted by Global News.

today's howtos

  • How to install MariaDB on NetBSD? | LibreByte

    NetBSD is a UNIX-like operating system with a focus on security, simplicity, elegance and clean source code, it is highly portable and robust. MariaDB is a RDBMS created from MySQL 5.1 source code by the original MySQL developers and designed as a direct and improved MySQL replacement. MariaDB is fast, scalable, and robust, with a rich ecosystem of storage engines, plugins, and other tools that make it versatile and flexible in different scenarios. MariaDB is available on the official NetBSD repositories then we can install it using the pkgin package manager.

  • How to install Java on Linux Mint | FOSS Linux

    Whether it’s the versatile development potential or its multifaceted portability, Java is one of the most popular programming languages in the world. It has many development-friendly features that make it stand out from its competition. For starters, the ability to run compiled Java code on any supported platform without having to recompile it is one of the defining functions that Java boasts. In this article, we will learn how to install Java (OpenJDK) on Linux Mint version 20. OpenJDK is a free and open-source distribution of Java. There is also another Java distribution called Oracle JDK, but that comes commercially packaged and is not required unless you have specific requirements. We will be using the Cinnamon edition of Linux Mint 20.2, which is most widely used among the operating system’s three different versions. However, the installation method used here should work on the other two, MATE and Xfce. Let’s get right into the installation now.

  • How to Install SQLite 3 on Ubuntu 22.04 LTS - LinuxCapable

    SQLite is a free, lightweight relational database management system (RDBMS) in a C library. SQLite is not a client-server database engine. Instead, it is embedded into the end program. Primarily all programming languages support SQLite, which how languages embed the program is with a file with .sqlite3/.sqlite/.DB extension. The software is a popular choice for local/client storage such as web browsers, Android devices, and much more. The list is quite extensive. In the following tutorial, you will learn how to install SQLite 3 with Ubuntu 22.04 LTS Jammy Jellyfish.

  • How to list all the loaded extensions by PHP - Linux Shout

    In this tutorial, we will see how to install and check the PHP extensions loaded on Linux using a command terminal or GUI web interface. PHP is a popular computer language used by thousands of web servers to run various web applications. It is open source distributed under the PHP license. The abbreviation PHP originally stands for Personal Home Page Tools also popularly known as Hypertext Preprocessor. The PHP infrastructure is installed on an estimated 82% of all web servers on the Internet. More than 200 million apps and websites developed with PHP are online. Over 5 million software developers use the programming language.

Programming Leftovers

  • Dyn async traits, part 7: a design emerges?

    Hi all! Welcome to 2022! Towards the end of last year, Tyler Mandry and I were doing a lot of iteration around supporting “dyn async trait” – i.e., making traits that use async fn dyn safe – and we’re starting to feel pretty good about our design. This is the start of several blog posts talking about where we’re at. In this first post, I’m going to reiterate our goals and give a high-level outline of the design. The next few posts will dive more into the details and the next steps.

  • Extract content between the first \" and the last \" double quotes
  • To whom this MySQL UTF-8 news may concern | Aristotle [blogs.perl.org]

    This is not exactly news, given that it dates from early 2018, but I hadn’t heard of this before, so I still find it worth disseminating.

  • A simple automated build pipeline for Node.js | InfoWorld

    Build processes can be quite sophisticated for enterprise applications, but even simple and early-stage projects can benefit from automated build pipelines. This article describes a quick-to-deploy system for running an automated build, test, and deploy pipeline with Node.js, Jenkins, and Git. You’ll need Git and Node/NPM installed on your system to follow along. You’ll also need a Google Cloud Platform (GCP) account. (Google offers a generous free trial account.)

  • Nibble Stew: Portability is not sufficient for portability

    Before looking into portable software, let's first examine portability from a hardware perspective. When you ask most people what they consider a "portable computer", they'll probably think of laptops or possibly even a modern smartphone. [...] Some years ago I ported a sizable fraction of LibreOffice to build with Meson. It worked only on Linux as it used system dependencies. I rebased it to current trunk and tried to see if it could be built using nothing but Visual Studio by getting dependencies via the WrapDB. This repo contains the code, which now actually does build some code including dependencies like libxml, zlib and icu. The code that is there is portable in the laptop sense. You only need to do a git checkout and start the build in a VS x64 dev tools prompt. It does cheat in some points, such as using pregenerated flex + bison sources, but it's not meant to be production quality, just an experiment.

  • Java & JVM Panel

    Simone Bordet, Cay Horstmann discuss Java’s new release cadence which brings exciting new features at a more consistent pace, what have been the strongest points of Java, what are we missing?

DRM Leftovers

  • The Year Of Owning It | Hackaday

    Talking over the year in review on the Podcast, Tom Nardi and I were brainstorming what we thought was the single overarching trend in 2021, and we came up with many different topics: victories in the right to repair, increasingly dystopian service contracts, a flourishing of cyberdecks, and even greater prevalence of reverse engineering style hacks. And then we realized: they are all different faces of the same beast — people just want to own the devices that they own. Like Dr. Jekyll and Mr. Hyde, our modern Internet-connected-everythings have two sides. On one side, we get so much additional functionality from having everything on the net. But on the other, if your car is always connected, it gives Toyota a means to make you pay a monthly fee to use a car fob, and if you have to use Cricut’s free online service to upload designs to the cutter, they can suddenly decide to start charging you. It allows Samsung to not only spy on whatever you’re currently watching on your smart TV, but to also brick it if they want to. More and more, we don’t actually own (in the sense of control) the devices that we own (in the sense of having purchased).

  • Keurig ‘Recyclable’ K-Cups Not Quite That Recyclable After All

Set fire to your applications with Burn My Windows 7

Those effects were amazing, and not for their time. It was able to minimize your windows using a Mac OS X-like genie effect, dissolve them, rotate your desktop on a cube, and even burn your windows alive! It even inspired StarDock’s WindowFX. Many of the more practical effects like genie minimization, have been available in Kwin (the venerable KDE’s window manager) all along, but they’ve completely disappeared on the contemporary, GTK powered side of the Linux desktop. No longer. Open-source developer Simon Scheegans is working on a project called Burn My Windows that restores classic desktop effects like burning windows to Gnome 3x and Gnome 40x, respectively. The project debuted only 3 weeks ago and is hilariously already on version 7. Version 5, which introduced the compelling if not somewhat terrifying T-Rex-Attack effect, was released only two days ago. At this rate, it may be at version 2005 sometime next year. Read more

