Language Selection

English French German Italian Portuguese Spanish

Leftovers: Security

Filed under
Security
  • Security updates for Thursday
  • Microsoft puts a bullet in blundering D-Link's leaked key that made malware VIPs on PCs

    Microsoft has finally revoked D-Link's leaked code-signing key, which gave malware the red carpet treatment on millions of Windows PCs.

    Last week, it emerged that, for six months between February and September, D-Link exposed its private code-signing key to the world in a firmware download. Anyone who stumbled upon this key could use it to dress up malware as a legit-looking D-Link application, tricking Windows and users into trusting it.

    The key expired at the start of this month, meaning it cannot be used to digitally sign new malware. But any software nasties signed using the key earlier in the year would still be trusted and run by Windows PCs.

  • Filling in the holes in Linux boot chain measurement, and the TPM measurement log

    When I wrote about TPM attestation via 2FA, I mentioned that you needed a bootloader that actually performed measurement. I've now written some patches for Shim and Grub that do so.

    The Shim code does a couple of things. The obvious one is to measure the second-stage bootloader into PCR 9. The perhaps less expected one is to measure the contents of the MokList and MokSBState UEFI variables into PCR 14. This means that if you're happy simply running a system with your own set of signing keys and just want to ensure that your secure boot configuration hasn't been compromised, you can simply seal to PCR 7 (which will contain the UEFI Secure Boot state as defined by the UEFI spec) and PCR 14 (which will contain the additional state used by Shim) and ignore all the others.

  • Would you trust Intel, Vodafone, Siemens et al with Internet of Things security? You'll have to

    A new non-profit foundation dedicated to improving security in the "internet of things" launched on Wednesday.

    More than 30 companies including Intel, Vodafone, Siemens, and BT are the founding members of the foundation, whose mission is to "make the Internet of Things secure, to aid its adoption, and maximize its benefits."

    The IoTSF will focus on best practices and knowledge sharing. It will host a conference in London in December on IoT security.

  • Security wares like Kaspersky AV can make you more vulnerable to attacks

More in Tux Machines

Open Hardware With Arduino: Counter and MKR ZERO

  • Keep track of your laps in the pool with this Arduino counter

    PeterQuinn925 swims for exercise, and to train for the occasional triathlon, but when doing so he often zones out and forgets how many laps he has swam. To solve this problem without spending a lot of money on a commercial solution, he created his own counter using an Arduino Nano and an ultrasonic sensor. The sensor detects when a swimmer approaches, and the system calculates distance based on this, assuming that a lap is roughly 50 yards or meters. This info is announced audibly via a speaker/amplifier using an Arduino speech library and is shown on a 7-segment display.

  • Recreating Rosie the Robot with a MKR ZERO

    While 2020 may seem like a very futuristic year, we still don’t have robotic maids like the Jetsons’ Rosie the Robot. For his latest element14 Presents project, DJ Harrigan decided to create such a bot as a sort of animatronic character, using an ESP8266 board for interface and overall control, and a MKR ZERO to play stored audio effects. The device features a moveable head, arms and eyes, and even has a very clever single-servo gear setup to open and close its mouth.

Python Programming

Audiocasts/Shows: Debian 10.5 KDE Plasma Run Through, Late Night Linux, Linux Headlines

  • Debian 10.5 KDE Plasma Run Through

    In this video, we are looking at Debian 10.5. Enjoy!

  • Late Night Linux – Episode 95

    A look back at the year in Linux so far, some speculation about what’s coming, Lineage OS on the Raspberry Pi, and KDE Korner.

  • 2020-08-03 | Linux Headlines

    Linux kernel 5.8 is out, BunsenLabs rebases to Debian 10 “Buster,” Mastodon releases version 3.2 with multimedia enhancements, and The Linux Foundation forms the Open Source Security Foundation.

today's howtos