Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Talking on Searchable Encryption at 32C3 in Hamburg, Germany

    This year again, I attended the Chaos Communication Congress. It’s a fabulous event. It has become much more popular than a couple of years ago. In fact, it’s so popular, that the tickets (probably ~12000, certainly over 9000) have been sold out a week or so after the sales opened. It’s gotten huge.

  • Things I learned from OpenSSH about reading very sensitive files

    You may have heard that OpenSSH had an exploitable issue with some bad client code (which is actually two CVEs, CVE-2016-0777 and CVE-2016-0778). The issue was reported by Qualys Security, who released a fascinating and very detailed writeup on the issues. While the direct problem is basically the same as in Heartbleed, namely trusting an attacker-supplied length parameter and then sending back whatever happened to be sitting in memory, Qualys Security identified several issues that allowed private keys to leak through this issue despite OpenSSH's attempts to handle them securely. The specific issues are also fascinating in how they show just how hard it is to securely read sensitive files.

  • How To Patch and Protect OpenSSH Client Vulnerability CVE-2016-0777 and CVE-2016-0778 [ 14/Jan/2016 ]

    The OpenSSH project released an ssh client bug info that can leak private keys to malicious servers. A man-in-the-middle kind of attack identified and fixed in OpenSSH are dubbed CVE-2016-0777 and CVE-2016-0778. How do I fix OpenSSH's client vulnerability on a Linux or Unix-like operating system?

  • WhatsApp virus affects iOS and Android – and maybe more

    WhatsApp’s popular messaging app has been targeted yet again by cybercriminals – the latest attack affects both iOS and Android users.

    As part of a random phishing campaign, cybercriminals send fake emails represented as official WhatsApp content to spread malware when the 'message' is clicked on.

    The emails are being sent from a rogue email address, disguised with an umbrella branding “WhatsApp,” but if users look at the actual FROM email address, they will see it is not from the company.

More in Tux Machines

today's leftovers

  • The future of xinput, xmodmap, setxkbmap, xsetwacom and other tools under Wayland
    This post applies to most tools that interface with the X server and change settings in the server, including xinput, xmodmap, setxkbmap, xkbcomp, xrandr, xsetwacom and other tools that start with x. The one word to sum up the future for these tools under Wayland is: "non-functional". An X window manager is little more than an innocent bystander when it comes to anything input-related. Short of handling global shortcuts and intercepting some mouse button presses (to bring the clicked window to the front) there is very little a window manager can do. It's a separate process to the X server and does not receive most input events and it cannot affect what events are being generated. When it comes to input device configuration, any X client can tell the server to change it - that's why general debugging tools like xinput work.
  • Please don't use pastebins in bugs
  • Linux Top 3: SparkyLinux 4.5, Mageia 5.1 and Peppermint 7
    SparkyLinux is (yet another) Debian based Linux distribution. The SparkyLinux 4.5 update codenamed "Tyche' was released on December 3, providing users with multiple desktop choice other than GNOME. SparkLinux 4.5 ships with KDE, LXDE, LXQt, MATE and Xfce.
  • Upcoming Linux Distributions Releasing In December 2016
    In December 2016, a big Linux distribution release is taking shape in the form of Linux Mint 18.1 Serena, flavored by Cinnamon 3.2. It’ll be accompanied by the release of security and privacy-focused Anonymous Live CD Tails 2.9.
  • AMD Extends Strategic Partnership with Mentor Graphics for Linux-based Embedded Solutions
  • Samsung Z2 gets Firmware Update to Tizen 2.4.0.6 Z200FDDU0BPK3 in India
    Samsung’s latest Tizen-based smartphone, the Z2 model number SM-Z200F, has had a new software / firmware update land in India today. The update takes it to Tizen version 2.4.0.6., firmware Z200FDDU0BPK3. The update log mentions the following improvements: Improved send SOS message (panic mode) and also improvements to the security of the device. Additional bug fixes and performance improvements may have also been bundled in.

Leftovers: Software

  • choqok 1.6 Twitter Client was released and completely ported with KDE Frameworks 5
    Choqok is a fast, efficient and simple to use twitter client for Linux (especially built for the KDE desktop environment) that is installed by default to some of the Linux distribution which shipped with KDE Desktop Environment. The name comes from an ancient Persian word, means Sparrow!
  • 10 open source tools for your sysadmin toolbox [Ed: Terrible list which starts with two suggestions of Microsoft EEE]
    Sysadmins, no matter what platforms they work on, are awash in great open source software tools. In this article, we highlight well-known—and not-so-well-known—tools that have released new versions in 2016.
  • NetworkManager 1.2.6 Lets You Activate Multiple PPPoE Connections Simultaneously
    Beniamino Galvani was proud to announce the release and general availability of a new maintenance update to the stable NetworkManager 1.2 series of the open source network connection manager software for GNU/Linux distributions. NetworkManager is the most used network connection manager, adopted by almost all Linux-based operating systems on the market, and NetworkManager 1.2.6 is now the most advanced release of the 1.2 stable series, coming four months after the NetworkManager 1.2.4 update to fix a few bugs and regressions reported by users since then.
  • GNOME loves to cook
    With the upcoming 20th birthday of GNOME next year, some of us thought that we should make another attempt at this application, maybe as a birthday gift to all of GNOME. Shortly after GUADEC, I got my hands on some existing designs and started to toy around with implementing them over a few weekends and evenings. The screenshots in this post show how far I got since then.

today's howtos

Linux Foundation: Blockchain and Automotive Grade Linux

  • Linux Foundation’s Blockchain Collective Hyperledger Hits 100 Members
    Hyperledger aims to enable organizations to build robust, industry-specific applications, platforms and hardware systems to support their individual business transactions by creating an enterprise grade, open source distributed ledger framework and code base.
  • The Blockchain Milestone You May Have Missed
  • Sasken becomes member of Automotive Grade Linux
    Sasken Communication Technologies Ltd has announced its membership with Automotive Grade Linux as its bronze member. This will enable Sasken to provide solutions to customers on Automotive Grade Linux (AGL). Sasken will provide product development and system integration services for automotive customers spanning in-vehicle infotainment (IVI), instrument cluster, heads-up display and telematics.