Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Hacking Team’s Leak Helped Researchers Hunt Down a Zero-Day

    The vulnerability, which Microsoft called “critical” in a patch released to customers on Tuesday, would allow an attacker to infect your system after getting you to visit a malicious website where the exploit resides—usually through a phishing email that tricks you into clicking on a malicious link. The attack works with all of the top browsers except Chrome—but only because Google removed support for the Silverlight plug-in in its Chrome browser in 2014.

    [...]

    In July 2015, a hacker known only as “Phineas Fisher” targeted the Italian surveillance firm Hacking Team and stole some 400 GB of the company’s data, including internal emails, which he dumped online. The hack exposed the company’s business practices, but it also revealed the business of zero-day sellers who were trying to market their exploits to Hacking Team. The controversial surveillance firm, which sells its software to law enforcement and intelligence agencies around the world—including to oppressive regimes like Sudan, Bahrain, and Saudi Arabia—uses zero-day exploits to help sneak its surveillance tools onto targeted systems.

  • Flexible, secure SSH with DNSSEC

    With version 6.2 of OpenSSH came a feature that allows the remote host to retrieve a public key in a customised way, instead of the typical authorized_keys file in the ~/.ssh/ directory. For example, you can gather the keys of a group of users that require access to a number of machines on a single server (for example, an LDAP server), and have all the hosts query that server when they need the public key of the user attempting to log in. This saves a lot of editing of authorized_keys files on each and every host. The downside is that it's necessary to trust the source these hosts retrieve public keys from. An LDAP server on a private network is probably trustworthy (when looked after properly) but for hosts running in the cloud, that’s not really practical.

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story today's howtos Roy Schestowitz 15/05/2022 - 3:10pm
Story Proprietary leftovers Roy Schestowitz 15/05/2022 - 12:49pm
Story Barry Kauler on Debian Bookworm-'Based' EasyOS Roy Schestowitz 1 15/05/2022 - 12:47pm
Story Top 10 Best Linux Distributions in 2022 For Everyone arindam1989 15/05/2022 - 12:37pm
Story Fedora Linux 35 Released with GNOME 41, Fedora Kinoite Flavor, and WirePlumber Marius Nestor 17 15/05/2022 - 12:05pm
Story Free Sofwtare Leftovers Roy Schestowitz 15/05/2022 - 11:08am
Story Programming and Servers Roy Schestowitz 15/05/2022 - 11:05am
Story Open Hardware: Raspberry Pi and RISC-V Roy Schestowitz 15/05/2022 - 10:48am
Story GNU/Linux in Devices Roy Schestowitz 15/05/2022 - 10:47am
Story Security Leftovers Roy Schestowitz 15/05/2022 - 10:27am