Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Hacking Team’s Leak Helped Researchers Hunt Down a Zero-Day

    The vulnerability, which Microsoft called “critical” in a patch released to customers on Tuesday, would allow an attacker to infect your system after getting you to visit a malicious website where the exploit resides—usually through a phishing email that tricks you into clicking on a malicious link. The attack works with all of the top browsers except Chrome—but only because Google removed support for the Silverlight plug-in in its Chrome browser in 2014.

    [...]

    In July 2015, a hacker known only as “Phineas Fisher” targeted the Italian surveillance firm Hacking Team and stole some 400 GB of the company’s data, including internal emails, which he dumped online. The hack exposed the company’s business practices, but it also revealed the business of zero-day sellers who were trying to market their exploits to Hacking Team. The controversial surveillance firm, which sells its software to law enforcement and intelligence agencies around the world—including to oppressive regimes like Sudan, Bahrain, and Saudi Arabia—uses zero-day exploits to help sneak its surveillance tools onto targeted systems.

  • Flexible, secure SSH with DNSSEC

    With version 6.2 of OpenSSH came a feature that allows the remote host to retrieve a public key in a customised way, instead of the typical authorized_keys file in the ~/.ssh/ directory. For example, you can gather the keys of a group of users that require access to a number of machines on a single server (for example, an LDAP server), and have all the hosts query that server when they need the public key of the user attempting to log in. This saves a lot of editing of authorized_keys files on each and every host. The downside is that it's necessary to trust the source these hosts retrieve public keys from. An LDAP server on a private network is probably trustworthy (when looked after properly) but for hosts running in the cloud, that’s not really practical.

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story today's leftovers Roy Schestowitz 14/05/2022 - 1:50pm
Story today's howtos Roy Schestowitz 14/05/2022 - 1:48pm
Story Proprietary Software and Openwashing Roy Schestowitz 14/05/2022 - 1:45pm
Story Today in Techrights Roy Schestowitz 14/05/2022 - 1:01pm
Story Ubuntu 22.10 (Kinetic Kudu) development starts. Here are all the details you need to know. arindam1989 14/05/2022 - 9:15am
Story NanoPi and Raspberry Pi Roy Schestowitz 1 14/05/2022 - 7:15am
Story Android Leftovers Rianne Schestowitz 14/05/2022 - 7:10am
Story This week in KDE: something for everyone Rianne Schestowitz 14/05/2022 - 7:01am
Story Builder GTK 4 Porting, Part IV Rianne Schestowitz 14/05/2022 - 6:58am
Story Games: Lovecraft, Please Fix The Road, and More Roy Schestowitz 14/05/2022 - 6:27am