Security Leftovers

-
Security updates for Friday
-
Security updates for Thursday
-
Black Hat Researchers Hack Rifle for Fun
"The reason we started doing this in the first place is Runa [Sandvik] is from Norway and has a very romanticized vision of the U.S., so loving all things America, we needed to go to a gun show," Augur said.
At to the gun show, Sandvik became interested in the TrackingPoint weapon after learning that it is a Linux-powered device that could be connected to a phone via a mobile app.
-
And even Wintel is not safe
At the annual Black Hat conference delegates have been shown a new exploit for Intel and AMD x86 central processor units that has hitherto existed since 1977!
[...]
Christopher Domas, a security researcher with the Battelle Memorial Institute discovered the flaw. “By leveraging the flaw, attackers could install a rootkit in the processors System Management Mode (SMM), a protected region of code that underpins all the firmware security features in modern computers. Once installed, the rootkit could be used for destructive attacks like wiping the UEFI (Unified Extensible Firmware Interface) the modern BIOS or even to re-infect the OS after a clean install. Protection features like Secure Boot wouldn’t help, because they too rely on the SMM to be secure. The attack essentially breaks the hardware roots of trust,” Domas said.
-
HTML5 privacy hole left users open to tracking for three years
A feature of HTML5 that allows sites to detect battery life on a visitor's device can also be used to track behaviour, a piece of research has revealed.
-
Sick of Flash security holes? HTML5 has its own
HTML5 has been billed as the natural, standards-based successor to proprietary plug-ins such as Adobe's Flash Player for providing rich multimedia services on the Web. But when it comes to security, one of Flash's major weaknesses, HTML5 is no panacea.
In fact, HTML5 has security issues of its own. Julien Bellanger, CEO of application security monitoring firm Prevoty, says HTML5 makes security more complex, not simpler. HTML5 security has been a question mark for years, and it has not improved over the stretch, he says.
-
Attackers can access Dropbox, Google Drive, OneDrive files without a user's password
The attack differs from traditional man-in-the-middle attacks, which rely on tapping data in transit between two servers or users, because it exploits a vulnerability in the design of many file synchronization offerings, including Google, Box, Microsoft, and Dropbox services.
-
SDN switches aren't hard to compromise, researcher says
Onie is a small, Linux based operating system that runs on a bare-metal switch. A network operating system is installed on top of Onie, which is designed to make it easy and fast for the OS to be swapped with a different one.
-
Open Network Switches Pose Security Risk, Researcher Says
At the Black Hat show, a security expert demonstrates how vulnerable SDN switches that use the ONIE software are open to attacks by hackers.
-
OPM wins Pwnie, Google on Android security, DoJ on CFAA: Black Hat 2015 roundup
Black Hat USA is finishing up in Las Vegas. News from its 18th year includes nuclear nightmares, Department of Justice on computer crime and research, Google on the state of Android security and much more.
-
on the detection of quantum insert
The NSA has a secret project that can redirect web browsers to sites containing more sophisticated exploits called QUANTUM INSERT. (Do I still need to say allegedly?) It works by injecting packets into the TCP stream, though overwriting the stream may be a more accurate description. Refer to Deep dive into QUANTUM INSERT for more details. At the end of that post, there’s links to some code that can help one detect QI attacks in the wild. As noted by Wired and Bruce Schneier, among dozens of others, now we can defend ourselves against this attack (well, at least detect it).
-
- Login or register to post comments
Printer-friendly version
- 2196 reads
PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
today's howtos
| EasyOS 4.2.3 Released
|
Review: The Murena One phone running /e/OS 1.0
Earlier this year the Murena team announced the release of version 1.0 their /e/OS mobile operating system. To accompany this new milestone, the project also announced two smartphones which will be sold with /e/OS pre-installed. These devices are the Murena Teracube 2e and the Murena One. These devices sell for about $330 USD and $370 USD, respectively. (These amounts were converted to USD from the Canadian prices at time of writing and may change over time.)
I currently own a Samsung S9 running /e/OS. I've had it for just over two years and it's been an unusually positive experience for a mobile device. The /e/OS platform is basically Android, but with the Google components, ads, and nag screens removed. The Google cloud services - storage, contact synchronization, and file sharing - have been swapped out in favour of Murena services. These services run on a custom, open source Nextcloud platform. It's a setup which I've found useful, convenient, and unusually trouble-free so far.
I asked the Murena team if I could test drive one of their new phones and they kindly sent me a Murena One. The package, a small black box, arrived containing the Murena One and some useful accessories. Along with the phone is a USB charge cable, a power adaptor which appears to work with both North American and (I believe) European outlets. There is a quick-start guide which explains how to insert a SIM card into the phone, go through the configuration screens and, optionally connect to the Murena cloud service. There is a small widget for opening the SIM bay, a couple of screen cleaning wipes, and a protective case for the phone. The phone, I was happy to note, had a full battery when it arrived.
| Black Box is a GTK4 Terminal App With Unique Look
Tired of the standard GNOME Terminal but cool on its successor Console? You’ll definitely want to check in with Black Box.
Black Box is a new GTK4 terminal emulator built in Vala and GTK4. The debutant release on Flathub has all of the core features you’d expect, plus a large dose of ones you might not. Yes, this app has a few innovative UI approaches that make it stand out from the (many) terminal apps already available for Linux desktops.
I do think of Black Box as the “eye candy terminal”. It may sound like contradiction given that CLIs are usually focused on raw function (and it may sound like a negative, but it’s not; things are allowed to look nice).
Thing is, Black Box isn’t afraid to be ‘beautiful’, as its immersive ‘headerbar-less’ mode proves. When enabled this gives every inch of the console’s canvas over to whatever command is running.
|
Recent comments
11 hours 37 min ago
11 hours 40 min ago
11 hours 41 min ago
11 hours 44 min ago
11 hours 53 min ago
11 hours 54 min ago
15 hours 45 min ago
19 hours 47 min ago
20 hours 23 min ago
22 hours 12 min ago