Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security updates for Friday
  • Security updates for Thursday
  • Black Hat Researchers Hack Rifle for Fun

    "The reason we started doing this in the first place is Runa [Sandvik] is from Norway and has a very romanticized vision of the U.S., so loving all things America, we needed to go to a gun show," Augur said.

    At to the gun show, Sandvik became interested in the TrackingPoint weapon after learning that it is a Linux-powered device that could be connected to a phone via a mobile app.

  • And even Wintel is not safe

    At the annual Black Hat conference delegates have been shown a new exploit for Intel and AMD x86 central processor units that has hitherto existed since 1977!

    [...]

    Christopher Domas, a security researcher with the Battelle Memorial Institute discovered the flaw. “By leveraging the flaw, attackers could install a rootkit in the processors System Management Mode (SMM), a protected region of code that underpins all the firmware security features in modern computers. Once installed, the rootkit could be used for destructive attacks like wiping the UEFI (Unified Extensible Firmware Interface) the modern BIOS or even to re-infect the OS after a clean install. Protection features like Secure Boot wouldn’t help, because they too rely on the SMM to be secure. The attack essentially breaks the hardware roots of trust,” Domas said.

  • HTML5 privacy hole left users open to tracking for three years

    A feature of HTML5 that allows sites to detect battery life on a visitor's device can also be used to track behaviour, a piece of research has revealed.

  • Sick of Flash security holes? HTML5 has its own

    HTML5 has been billed as the natural, standards-based successor to proprietary plug-ins such as Adobe's Flash Player for providing rich multimedia services on the Web. But when it comes to security, one of Flash's major weaknesses, HTML5 is no panacea.

    In fact, HTML5 has security issues of its own. Julien Bellanger, CEO of application security monitoring firm Prevoty, says HTML5 makes security more complex, not simpler. HTML5 security has been a question mark for years, and it has not improved over the stretch, he says.

  • Attackers can access Dropbox, Google Drive, OneDrive files without a user's password

    The attack differs from traditional man-in-the-middle attacks, which rely on tapping data in transit between two servers or users, because it exploits a vulnerability in the design of many file synchronization offerings, including Google, Box, Microsoft, and Dropbox services.

  • SDN switches aren't hard to compromise, researcher says

    Onie is a small, Linux based operating system that runs on a bare-metal switch. A network operating system is installed on top of Onie, which is designed to make it easy and fast for the OS to be swapped with a different one.

  • Open Network Switches Pose Security Risk, Researcher Says

    At the Black Hat show, a security expert demonstrates how vulnerable SDN switches that use the ONIE software are open to attacks by hackers.

  • OPM wins Pwnie, Google on Android security, DoJ on CFAA: Black Hat 2015 roundup

    Black Hat USA is finishing up in Las Vegas. News from its 18th year includes nuclear nightmares, Department of Justice on computer crime and research, Google on the state of Android security and much more.

  • on the detection of quantum insert

    The NSA has a secret project that can redirect web browsers to sites containing more sophisticated exploits called QUANTUM INSERT. (Do I still need to say allegedly?) It works by injecting packets into the TCP stream, though overwriting the stream may be a more accurate description. Refer to Deep dive into QUANTUM INSERT for more details. At the end of that post, there’s links to some code that can help one detect QI attacks in the wild. As noted by Wired and Bruce Schneier, among dozens of others, now we can defend ourselves against this attack (well, at least detect it).

More in Tux Machines

today's howtos

  • How to Change Comment Color in Vim – Fix Unreadable Blue Color

    Are you annoyed about the comment color in vim? The dark blue color of the comment is often hard to read. In this tutorial, we learn how to change the comment color in Vim. There are few methods we can use to look vim comment very readable.

  • How to Add Repository to Debian

    APT checks the health of all the packages, and dependencies of the package before installing it. APT fetches packages from one or more repositories. A repository (package source) is basically a network server. The term "package" refers to an individual file with a .deb extension that contains either all or part of an application. The normal installation comes with default repositories configured, but these contain only a few packages out of an ocean of free software available. In this tutorial, we learn how to add the package repository to Debian.

  • Making a Video of a Single Window

    I recently wanted to send someone a video of a program doing some interesting things in a single X11 window. Recording the whole desktop is easy (some readers may remember my post on Aeschylus which does just that) but it will include irrelevant (and possibly unwanted) parts of the screen, leading to unnecessarily large files. I couldn't immediately find a tool which did what I wanted on OpenBSD [1] but through a combination of xwininfo, FFmpeg, and hk I was able to put together exactly what I needed in short order. Even better, I was able to easily post-process the video to shrink its file size, speed it up, and contort it to the dimension requirements of various platforms. Here's a video straight out of the little script I put together: [...]

  • Things You Can And Can’t Do

    And it got me thinking about what you can and can’t do — what you do and don’t have control over.

  • allow-new-zones in BIND 9.16 on CentOS 8 Stream under SELinux

    We run these training systems with SELinux enabled (I wouldn’t, but my colleague likes it :-), and that’s the reason I aborted the lab: I couldn’t tell students how to solve the cause other than by disabling SELinux entirely, but there wasn’t enough time for that.

  • Will the IndieWeb Ever Become Mainstream?

    This is an interesting question, thanks for asking it, Jeremy. I do have some history with the IndieWeb, and some opinions, so let’s dive in.

    The short answer to the question is a resounding no, and it all boils down to the fact that the IndieWeb is really complicated to implement, so it will only ever appeal to developers.

  • How to Install CUPS Print Server on Ubuntu 22.04

    If your business has multiple personal computers in the network which need to print, then we need a device called a print server. Print server act intermediate between PC and printers which accept print jobs from PC and send them to respective printers. CUPS is the primary mechanism in the Unix-like operating system for printing and print services. It can allow a computer to act as a Print server. In this tutorial, we learn how to set up CUPS print server on Ubuntu 22.04.

Open Hardware: XON/XOFF and Raspberry Pi Pico

  • From XON/XOFF to Forward Incremental Search

    In the olden days of computing, software flow control with control codes XON and XOFF was a necessary feature that dumb terminals needed to support. When a terminal received more data than it could display, there needed to be a way for the terminal to tell the remote host to pause sending more data. The control code 19 was chosen for this. The control code 17 was chosen to tell the remote host to resume transmission of data.

  • Raspberry Pi Pico Used in Plug and Play System Monitor | Tom's Hardware

    Dmytro Panin is at it again, creating a teeny system monitor for his MacBook from scratch with help from our favorite microcontroller, the Raspberry Pi Pico. This plug-and-play system monitor (opens in new tab) lets him keep a close eye on resource usage without having to close any windows or launch any third-party programs. The device is Pico-powered and plugs right into the MacBook to function. It has a display screen that showcases a custom GUI featuring four bar graphs that update in real-time to show the performance of different components, including the CPU, GPU, memory, and SSD usage. It makes it possible to see how hard your PC is running at a glance.

Security Leftovers

How to Apply Accent Colour in Ubuntu Desktop

A step-by-step tutorial on how to apply accent colour in Ubuntu desktop (GNOME) with tips for Kubuntu and others. Read more