Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Tor browser co-creator: Experian breach shows encryption may not be security panacea

    The Experian/T-Mobile hack may be more worrisome than Experian’s carefully worded description of it suggests, some security experts said Friday.

    One is the co-creator of the Tor secure browser, David Goldschlag, (now SVP of strategy at Pulse Secure). Goldschlag previously was head of mobile at McAfee, and also once worked at the NSA.

    I asked Goldschlag a simple question: “After the Office of Personnel Management and Experian hacks, is there reason to fear that hackers now have the means to steal actual financial information (credit card numbers, etc.) from banks or insurers?”

  • AV-TEST tests Linux security solutions against Linux and Windows threats

    To do so, it is often sufficient to copy files from a Linux environment to Windows.” it further adds. The most obvious mode of attack involves luring victims to install software or updates via third-party package sources. The team conducted test by running 16 different Anti-virus solutions and splitting test session into three distinct phases,

    The detection of Windows malware
    The detection of Linux malware and
    The test for false positives.

    Out of 16 antivirus solutions 8 detected between 95-99% of the 12,000 Windows threat used in the test: The Anti-virus solutions that helped in detection include Bitdefender, ESET, Avast, F-Secure, eScan, G Data, Sophos and Kaspersky Lab (server version).

  • Outlook.com had classic security blunder in authentication engine

    The cross-site request forgery vulnerability means that any user visiting a malicious page can have their accounts hijacked without further interaction.

    The since-patched hole existed in Microsoft Live.com and could have been spun into a dangerous worm, Wineberg says.

  • Meet the White Team, Makers of the Linux.Wifatch Viligante Malware

    However, Softpedia News noted that the Linux.Wifatch source code has not been released in its entirety. That’s likely because the White Team is worried that traditional cybercriminals would exploit the malware for more nefarious purposes. It also explains why it was a clandestine operation in which router owners weren’t aware their systems had been infected, even if it was only to defend them against black-hat attackers.

    Whether or not anyone appreciates the White Team’s form of vigilante security tactics, they may believe the work should serve as a warning to those who don’t follow basic data protection procedures, Hacked said. For example, there are still untold numbers of home routers that use default passwords and leave admin access wide open to malware and other threats.

  • Practical SHA-1 Collision Months, Not Years, Away
  • Search engine can find the VPN that NUCLEAR PLANT boss DIDN'T KNOW was there - report

    The nuclear industry is ignorant of its cybersecurity shortcomings, claimed a report released today, and despite understanding the consequences of an interruption to power generation and the related issues, cyber efforts to prevent such incidents are lacking.

    The report adds that search engines can "readily identify critical infrastructure components with" VPNs, some of which are power plants. It also adds that facility operators are "sometimes unaware of" them.

    Nuclear plants don't understand their cyber vulnerability, stated the Chatham House report, which found industrial, cultural and technical challenges affecting facilities worldwide. It specifically pointed to a "lack of executive-level awareness".

More in Tux Machines

Programming Leftovers

  • Notes on packaging Krita with G’MIC

    Krita 3 and later are compatible with G’MIC, an open-source digital image processing framework. This support is provided by G’MIC-Qt, a Qt-based frontend for G’MIC. Since its inception, G’MIC-Qt was shipped as a standalone, externally built executable that is an optional, runtime dependency of Krita. Krita 5 changes the way G’MIC-Qt is consumed. In order to support CentOS and macOS, G’MIC-Qt has been converted into a dynamically loadable library that is a dependent of Krita. This file reviews these changes, and how to package Krita accordingly.

  • Qt WebAssembly clipboard

    Clipboard use on desktop platforms is ubiquitous. Most people use it without thinking. Copy, Paste, and Cut keyboard strokes are in-grained into muscle memory. On the web, it can present security issues as someone could read or write to your clipboard without you knowing. Up until now, Qt for WebAssembly's clipboard was text-only and only within the app itself. Qt 6.3 will have better clipboard support between host and app but also adds copy/pasting of images.

  • Attempting to compile Shotcut video editor
  • The Numbers: Performance benefits of the new Qt Quick Compiler

    In my previous post, the history and general architecture of the new Qt Quick Compiler technology was explained. As promised there, the performance numbers are presented in this post.

  • Monetizing cross-platform use cases faster and easier with Qt Digital Advertising Platform

    Many of you have been raising the question: when will Qt provide a full framework to monetize my Qt-based cross-platform application, implementing an advertising campaign directly on my user interface? Now all the community and Qt users in general can start in no time implementing and managing advertising campaigns targeting cross-platform use cases. We are excited to announce that Qt Digital Advertising 1.0 has been released!

  • Ads may be coming to KDE, the popular Linux desktop [Ed: Misleading clickbait. KDE and #Qt are not the same thing]
  • Qt Launches Digital Advertising Platform To Integrate Ads Into App UIs

    The Qt Company this morning announced Qt Digital Advertising 1.0 as its new ad platform that allows for developers to easily integrate advertising campaigns into Qt-based, cross-platform applications. The Qt Company devised Qt Digital Advertising as a way for the community and Qt users to integrate and manage advertising campaigns within Qt-powered programs. This is a new plug-in for the Qt toolkit for managing and monetizing campaigns for any Qt-based application.

  • Parsing PNGs Differently | Hackaday

    There are millions of tiny bugs all around us, in everything from our desktop applications to the appliances in the kitchen. Hidden, arbitrary conditions that cause unintended outputs and behaviors. There are many ways to find these bugs, but one way we don’t hear about very often is finding a bug in your own code, only to realize someone else made the same mistake. For example, [David Buchanan] found a bug in his multi-threaded PNG decoder and realized that the Apple PNG decoder had the same bug. PNG (Portable Network Graphics) is an image format just like JPEG, WEBP, or TIFF designed to replace GIFs. After a header, the rest of the file is entirely chunks. Each chunk is prepended by a four-letter identifier, with a few chunks being critical chunks. The essential sections are IHDR (the header), IDAT (actual image data), PLTE (the palette information), and IEND (the last chunk in the file). Compression is via the DEFLATE method used in zlib, which is inherently serial. If you’re interested, there’s a convenient poster about the format from a great resource we covered a while back.

Announcing the D-Installer Project | YaST

As you may know, YaST is not only a control center for (open)SUSE Linux distributions, but it is also the installer. And, in that regard, we think it is a competent installer. However, time goes by, and YaST shows its age in a few aspects. During summer 2021, the team discussed how YaST should look in the near future. Read more

Qubes OS 4.1.0-rc4 has been released!

The fourth release candidate for Qubes 4.1.0 is here! There are no major changes to report. We’ve just focused on fixing bugs that were discovered and reported in the third release candidate. If you’re currently using any Qubes 4.1.0 release candidate, a regular update is sufficient to upgrade to the latest one. Otherwise, read on for more about how to get started with testing Qubes 4.1.0-rc4. Read more

Google v. Oracle: The End of an Era - Software Freedom Law Center

The Supreme Court?s April 3rd decision of the long-running dispute between Oracle and Google brings to a last victorious conclusion the free software movement?s legal campaign, which began more than thirty years ago. Though the Justices have only now resolved the issue of API copyright, it was among the first of the legal problems with which FSF and I dealt. The heart of the free software movement?s long-term strategy was to harness the power of independent reinvention. Writing from scratch new programs that implemented both sides of all major software APIs was the technical pillar of our master plan. Licensing those programs on terms that protected the resulting commons?giving every user rights to study, copy, modify and share, with copyleft restriction on downstream licensing?was the legal pillar. The master plan of GNU was the independent reimplementation of both sides of all Unix APIs, thus allowing anything that could be done by general purpose computers to be done by software in which users had rights and free invention could flourish. When FSF and I started working together, in 1993, the Foundation?which was made possible by Richard Stallman?s 1990 MacArthur prize?was new, and the 1991 GPLv2 license brilliantly constructed for Stallman by Jerry Cohen was even newer. Gaining broad legal acceptance for GPLv2 and assessing the risk from the patenting of purely software inventions were immediate legal problems in need of my attention. But the threat posed by broad API copyright was the most urgent. The urgency arose because the issue was already headed for the US Supreme Court. Read more