Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Hacking Team’s Leak Helped Researchers Hunt Down a Zero-Day

    The vulnerability, which Microsoft called “critical” in a patch released to customers on Tuesday, would allow an attacker to infect your system after getting you to visit a malicious website where the exploit resides—usually through a phishing email that tricks you into clicking on a malicious link. The attack works with all of the top browsers except Chrome—but only because Google removed support for the Silverlight plug-in in its Chrome browser in 2014.

    [...]

    In July 2015, a hacker known only as “Phineas Fisher” targeted the Italian surveillance firm Hacking Team and stole some 400 GB of the company’s data, including internal emails, which he dumped online. The hack exposed the company’s business practices, but it also revealed the business of zero-day sellers who were trying to market their exploits to Hacking Team. The controversial surveillance firm, which sells its software to law enforcement and intelligence agencies around the world—including to oppressive regimes like Sudan, Bahrain, and Saudi Arabia—uses zero-day exploits to help sneak its surveillance tools onto targeted systems.

  • Flexible, secure SSH with DNSSEC

    With version 6.2 of OpenSSH came a feature that allows the remote host to retrieve a public key in a customised way, instead of the typical authorized_keys file in the ~/.ssh/ directory. For example, you can gather the keys of a group of users that require access to a number of machines on a single server (for example, an LDAP server), and have all the hosts query that server when they need the public key of the user attempting to log in. This saves a lot of editing of authorized_keys files on each and every host. The downside is that it's necessary to trust the source these hosts retrieve public keys from. An LDAP server on a private network is probably trustworthy (when looked after properly) but for hosts running in the cloud, that’s not really practical.

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story Android Leftovers Rianne Schestowitz 27/05/2022 - 1:40pm
Story TypeScript Based Headless CMS 'Payload' Becomes Open Source Rianne Schestowitz 27/05/2022 - 1:18pm
Story SailfishOS adds support for Sony Xperia 10iii Rianne Schestowitz 27/05/2022 - 1:15pm
Story Banana Pi announces alternative to Raspberry Pi CM4 Rianne Schestowitz 27/05/2022 - 1:12pm
Story Linux Candy: projectM - music visualizer originally based on Milkdrop Rianne Schestowitz 27/05/2022 - 1:07pm
Story Fwupd 1.8.1 Linux Firmware Updater Brings More Hardware Support and New Features Marius Nestor 27/05/2022 - 12:10pm
Story today's leftovers Roy Schestowitz 27/05/2022 - 8:14am
Story wayland 1.20.91 Roy Schestowitz 27/05/2022 - 8:07am
Story Top 5 Laptops for Programmers in 2022 trendoceangd 27/05/2022 - 8:01am
Story today's howtos Roy Schestowitz 27/05/2022 - 7:46am