Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security advisories for Monday
  • John McAfee: McAfee antivirus is one of the worst products on the planet
  • Highway to hack: why we’re just at the beginning of the auto-hacking era

    Imagine it’s 1995, and you’re about to put your company’s office on the Internet. Your security has been solid in the past—you’ve banned people from bringing floppies to work with games, you’ve installed virus scanners, and you run file server backups every night. So, you set up the Internet router and give everyone TCP/IP addresses. It’s not like you’re NASA or the Pentagon or something, so what could go wrong?

    That, in essence, is the security posture of many modern automobiles—a network of sensors and controllers that have been tuned to perform flawlessly under normal use, with little more than a firewall (or in some cases, not even that) protecting it from attack once connected to the big, bad Internet world. This month at three separate security conferences, five sets of researchers presented proof-of-concept attacks on vehicles from multiple manufacturers plus an add-on device that spies on drivers for insurance companies, taking advantage of always-on cellular connectivity and other wireless vehicle communications to defeat security measures, gain access to vehicles, and—in three cases—gain access to the car’s internal network in a way that could take remote control of the vehicle in frightening ways.

  • backdooring your javascript using minifier bugs

    In addition to unforgettable life experiences and personal growth, one thing I got out of DEF CON 23 was a copy of POC||GTFO 0x08 from Travis Goodspeed. The coolest article I’ve read so far in it is “Deniable Backdoors Using Compiler Bugs,” in which the authors abused a pre-existing bug in CLANG to create a backdoored version of sudo that allowed any user to gain root access. This is very sneaky, because nobody could prove that their patch to sudo was a backdoor by examining the source code; instead, the privilege escalation backdoor is inserted at compile-time by certain (buggy) versions of CLANG.

    That got me thinking about whether you could use the same backdoor technique on javascript. JS runs pretty much everywhere these days (browsers, servers, arduinos and robots, maybe even cars someday) but it’s an interpreted language, not compiled. However, it’s quite common to minify and optimize JS to reduce file size and improve performance. Perhaps that gives us enough room to insert a backdoor by abusing a JS minifier.

More in Tux Machines

Ubuntu Unity 20.10 Launches Officially for the Raspberry Pi

After more than two months of development, Ubuntu Unity 20.10 is now available in a final form for the Raspberry Pi. Like I said in my previous report, this distro is better run the Raspberry Pi 4 Model B series, as well as the recent Raspberry Pi 400 complete personal computer built into a compact keyboard, which is also based on the Raspberry Pi 4. According to the developer, you can also run Ubuntu Unity 20.10 on the older Raspberry Pi 3 Model B and Raspberry Pi 3 Model B+ models, but the entire experience might be a bit sluggish, especially when surfing the Web with the Mozilla Firefox web browser. Read more

Android Leftovers

How to Install VMware Workstation 16 Pro on Ubuntu?

Suppose you want to taste multiple Linux Distribution but your skeptical about which Linux distribution you should choose which will be the best for you. It cannot decide easily, for that you have to try the distribution after using you can say yes this OS or Distribution is best for me. For FreeBSD 13 there is now the import of the WireGuard kernel module. This follows OpenBSD adding WireGuard earlier in the year, various Linux kernel back-ports have been adding WireGuard too now like the Oracle Unbreakable Enterprise Kernel, and Android 12 looks to support WireGuard. The WireGuard port for Windows was also recently updated.So, we will share with you the process to get out of this kind of dilemma. Thanks to Virtualization, You can use multiple Operating Systems or Distribution without affecting your primary OS. Many years ago, I also struggled to select which version should I use for my daily drive, and thanks to Virtualization, I have tried different OS and Linux Distribution. After this, I was not convinced which virtualization software I should use, But after trying different virtualization, I decided to use VMware for virtualization. Read more

The 15 Best Raspberry Pi 4 Projects For Pi Enthusiasts in 2021

Since its release, the Raspberry Pi 4 has been getting a lot of attention from hobbyists because of the noteworthy changes it came with. The CPU got more powerful, got an amazing ability to run dual 4K displays, and the gigabyte ethernet has increased the overall performance. Getting all these amazing features at such a low price is sure to make you go crazy! Even we were confused at first about which projects will be the best choice with the new Pi. After much research and experiments, we came with these 15 Raspberry Pi 4 projects that every Pi geek should try at least once with the newly improved Pi. Read more