Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Hijacking webcams with Screencastify | Almost Secure

    Everyone has received the mails trying to extort money by claiming to have hacked a person’s webcam and recorded a video of them watching porn. These are a bluff of course, but the popular Screencastify browser extension actually provides all the infrastructure necessary for someone to pull this off. A website that a user visited could trick the extension into starting a webcam recording among other things, without any indications other than the webcam’s LED lighting up if present. The website could then steal the video from the user’s Google Drive account that it was uploaded to, along with anything else that account might hold.

    Screencastify is a browser extension that aids you in creating a video recording of your entire screen or a single window, optionally along with your webcam stream where you explain what you are doing right now. Chrome Web Store shows “10,000,000+ users” for it which is the highest number it will display – same is shown for extensions with more than 100 million users. The extension is being marketed for educational purposes and gained significant traction in the current pandemic.

    As of now, it appears that Screencastify only managed to address the Cross-site Scripting vulnerability which gave arbitrary websites access to the extension’s functionality, as opposed to “merely” Screencastify themselves and a dozen other vendors they work with. As this certainly won’t be their last Cross-site Scripting vulnerability, I sincerely recommend staying clear of this browser extension.

  • Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems [Ed: This is not an OS issue; it's about people installing malware on their own systems and it's not even an "Open Source" issue; led by companies that put NSA back doors in their proprietary software, there's an effort underway to say "Open Source" is the real threat and they tell us the solution to the problem is with the firms that help NSA invade machines]

    The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.

  • Why sudo is so important in Linux and how to use it | ZDNet

    When I first started using Linux, things were exponentially more complicated. The distributions were far less mature, but they also required the use of a particular system account to get certain things done. That account was root, and with it, you had unlimited power over your operating system.

    To demonstrate the power of root, one trick you could always play on unsuspecting users was to tell them to change to the root user with the command su and then have them issue the following command:

  • An uncomplicated introduction to Uncomplicated Firewall | ZDNet

    When I first started using Linux, back in '97, working with the built-in firewall was not something just anyone could do. In fact, it was quite complicated. Starting around 1998, if you want to manage the security of a system, you had to learn iptables (which is a suite of commands for manipulating the Netfilter packet filtering system).

  • Best Wi-Fi Security & Performance Testing Tools for 2022

    The prevalence of Wi-Fi has been accelerating for two decades, but in the last two years, it’s surged even further as so many people were forced to work from home. That trend led to many strengthening the performance of their Wi-Fi networks. But security remains a problem.

  • CISA Adds 21 Known Exploited Vulnerabilities to Catalog [Ed: A huge chunk of these are Microsoft holes, actively exploited while Microsoft commandeers the media to obsess over "Linux"]

    CISA has added 21 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the "Date Added to Catalog" column, which will sort by descending dates.

  • Surfshark introduces Linux VPN app with a graphical user interface (GUI)

    Surfshark is one of the better-known VPN providers and is often seen being promoted by large YouTube accounts. Today, the company announced the availability of its VPN on Linux with an entire graphical user interface, or GUI.

More in Tux Machines

Qubes OS 4.0 reaches EOL on 2022-08-04

Qubes OS 4.0 is scheduled to reach end-of-life (EOL) on 2022-08-04 — one month from the date of this announcement. Read more

Absolute64-20220701 released

Vivaldi is the default browser, but Firefox still installed. Kind-of UN-UNIXy... but what can I do? I want the speed and customization of Vivaldi, but I want old and slow, Mr dependable to hang around. I let Vivaldi block trackers internally but use ublock origin as an ad blocker. TIP: To Drag-N-Drop a link from Vivaldi into AROX, you left-click, hold and start drag VERTICALLY-ONLY, then you can drop link into arox window. (I thought someone online was joking when I first read about it :-) Read more

Linux Distro Reviews: Intro

This series of articles will review some of the most popular Linux distributions (distros) with an eye to everyday desktop use. Linux has been growing in popularity as an alternative to Windows and macOS, especially for users that want privacy, security, and control over how their data is used. Linux is also unencumbered by Microsoft’s TPM requirements, making it a good option for hardware left behind by Windows 10 or Windows 11. The fact that Linux, and most of the software running on it, is entirely free is yet another bonus. Read more

today's howtos