Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Open-source code from Mars rover used in espionage campaign targeting Indian government

    Two open-source code libraries used in the development of the historic Mars rover have been exploited by cybercriminals and moulded into an effective espionage tool that is being used to target high-level officials in the Indian government.

    First exposed by security researchers at Palo Alto Networks, the malware, now dubbed Rover, was found in a malicious phishing email received by India's ambassador to Afghanistan that was made to look like it was sent from India's defence minister which, if opened, would have installed a slew of vicious exploits on the computer system.

    Upon analysis, the experts found the malware, which contained code that attacked a flaw in Office XP, boasted a range of spying features including the ability to hijack computer files, launch a keylogger, take screenshots and even record audio and video in real-time. All of the data compromised would be sent straight to the malware creator's command and control (C&C) server.

  • Open Source Code Of Mars Rover Being Used To Create Malware To Target Indian Government

    Last year on December 24, 2015, a potential online target was identified which was delivered via an email to a high profile Indian diplomat, an Ambassador to Afghanistan. The email was spoofed and crafted as if it was sent by the current defence minister of India, Mr. Manohar Parikar. The mail commended the Ambassador to Afghanistan on his contributions and success.

  • Report: 3.5 Million HTTPS Servers Vulnerable to DROWN

    A report released Tuesday on the DROWN vulnerability raises concerns about possible attacks that could expose encrypted communications. DROWN is a serious vulnerability that affects HTTPS and other services using SSL version 2, according to the team of security researchers who compiled the report. The protocols affected are some of the essential cryptographic protocols for Internet security. An attack could decrypt secure HTTPS communications, such as passwords or credit card numbers, within minutes.

  • OpenSSL update fixes Drown vulnerability
  • HTTPS DROWN flaw: Security bods' hearts sink as tatty protocols wash away web crypto

    DROWN (aka Decrypting RSA with Obsolete and Weakened eNcryption) is a serious design flaw that affects HTTPS websites and other network services that rely on SSL and TLS – which are core cryptographic protocols for internet security. As previously reported, about a third of all HTTPS servers are vulnerable to attack, the computer scientists behind the discovery of the issue warn.

More in Tux Machines

Add-on board expands i.MX6 UL SBC

MYIR released an add-on board for its Linux-driven, i.MX6 UL-based MYS-6ULX SBC that adds a second LAN port, plus CAN, RS485, camera, audio, and RTC. In April, MYIR released a Linux-powered MYS-6ULX SBC, which was notable for being available in two different versions using NXP’s low power, Cortex-A7 i.MX6 UltraLite (UL) or the more affordable, and almost identical i.MX6 ULL SoC. Now, MYIR has released an “MYB-6ULX Expansion Board” designed to stack onto either model. The $21.20 accessory adds a second 10/100 Ethernet port to the MYS-6ULX, as well as new CAN, RS485, audio, micro-USB, RTC, and camera functions. Read more

Hardware: PocketBeagle, Purism Librem 5, Aaeon Embedded PCs

Finding the Mainframers of the Future Through Open Source Ecosystem Development

Speak the word “mainframe” to many millennial techies, and the first things that likely come to mind are in the form of grainy sepia photos of floor-to-ceiling, wall-to-wall computers with big spinning tapes. But that’s far from the reality of the modern mainframe. Imagine instead up to 240 10-core, 5.2ghz processors, 32TB of RAIM (redundant array of independent memory), hardware-based encryption, and fully hot-swappable hardware components. Those are the specs of the newly released IBM z14 – a single machine that could replace the computing resources of an average corporate data center with room to spare. Read more

Linux Foundation’s Open Source Networking Days and KDE's Randa

  • Introducing The Linux Foundation’s Open Source Networking Days
    One of my primary goals at The Linux Foundation is to foster innovation across the entire open source networking ecosystem. This involves coordinating across multiple open source projects and initiatives and identifying key areas for collaboration to create an open source networking stack. We are working across the entire ecosystem with industry-leading partners — from developers to service providers to vendors — to unify various open source components and create solutions that will accelerate network transformation. As part of this journey, I am pleased to introduce Open Source Networking Days (OSN Days), a series of free events that are hosted and organized by local user groups and The Linux Foundation members, with support from our projects, including DPDK, FD.io, ONAP, OpenDaylight, OPNFV, PNDA, and others.
  • Randa news, release update
    Last week, from wednesday to saturday I attended KDE’s annual Randa sprint organized by wonderful people. This was an occasion to work fulltime on Kdenlive.