Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security Researchers Offer Warnings About Hackable Railroads

    The well-being of critical infrastructure and transportation has long been the elephant in the room when it comes to cybersecurity: plenty of researchers have warned about the possibility of attacks on power-plants, the national grid, and, more recently, even the emergence of internet connected cars.

    Now, researchers are warning of the gaping holes in the security of railroad systems. On Sunday at Chaos Communication Congress, a security, arts and politics conference held annually in Hamburg, Germany, members of the SCADA StrangeLove collective presented a long list of problems with railroad systems that attackers could exploit.

  • DLL Hijacking Just Won’t Die

    To make a long and complicated story short, a bad guy who exploits this vulnerability places a malicious DLL into your browser’s Downloads folder, then waits. When you run an installer built by an earlier version of NSIS from that folder, the elevation prompt (assuming it runs at admin) shows the legitimate installer’s signature asking you for permission to run the installer. After you grant permission, the victim installer loads the malicious DLL which runs its malicious code with the installer’s permissions. And then it’s not your computer anymore.

  • CA Council to Improve Internet Certificate Security in 2016

    At the heart of much of the Internet's security is the use of Secure Sockets Layer/Transport Layer Security (SSL/TLS), which provides encryption for data in motion. Certificate Authorities (CAs) are the trusted entities that issue TLS certificates, and as a group, the CAs are gearing up for big year in 2016, with multiple efforts designed to improve the security of the Internet.

  • Backspace Flaw Enables Linux Zero-Day Attack

More in Tux Machines

Amazon Linux 2022 Benchmarks - Offers Competitive Performance Against Ubuntu, CentOS

Last week Amazon Web Services released Amazon Linux 2022 in preview form and since then I've been trying out their new cloud-optimized Linux distribution. It's been working out well on AWS (to no surprise) but also great was the level of performance provided by this now-Fedora-based distribution. Amazon Linux 2022 transitions to being a Fedora-based Linux distribution that AWS intends to support for at least the next five years. Amazon Linux to this point had been based on a combination of RHEL and Fedora packages. Besides shifting the package base to Fedora, AWS engineers have adjusted various defaults of the distribution, employed extra kernel hardening, other package updates/changes, forthcoming kernel live patching, and other alterations in the name of security and AWS performance. Read more

Android Leftovers

Bootlin contributions to Linux 5.14 and 5.15

It’s been a while we haven’t posted about Bootlin contributions to the Linux kernel, and in fact missed both the Linux 5.14 and Linux 5.15 releases, which we will cover in this blog post. Linux 5.14 was released on August 29, 2021. The usual KernelNewbies.org page and the LWN articles on the merge window (part 1 and part 2) provide the best summaries of the new features and hardware support offered by this release. Read more

CaribouLite RPi HAT open-source SDR Raspberry Pi HAT tunes up to 6 GHz (Crowdfunding)

CaribouLite RPi HAT is an open-source dual-channel software-defined radio (SDR) Raspberry Pi HAT – or rather uHAT – that works in the sub-GHz ISM range and optionally the 30 MHz – 6 GHz range for the full version. Developed by Israel-based CaribouLabs, the micro HAT is equipped with a Lattice Semi ICE40LP1K FPGA, a Microchip AT86RF215 RF transceiver, two SMA antenna connectors, a Pmod expansion connector, and designed for any Raspberry Pi board with a 40-pin GPIO header. Read more