Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
  • Open-source code from Mars rover used in espionage campaign targeting Indian government

    Two open-source code libraries used in the development of the historic Mars rover have been exploited by cybercriminals and moulded into an effective espionage tool that is being used to target high-level officials in the Indian government.

    First exposed by security researchers at Palo Alto Networks, the malware, now dubbed Rover, was found in a malicious phishing email received by India's ambassador to Afghanistan that was made to look like it was sent from India's defence minister which, if opened, would have installed a slew of vicious exploits on the computer system.

    Upon analysis, the experts found the malware, which contained code that attacked a flaw in Office XP, boasted a range of spying features including the ability to hijack computer files, launch a keylogger, take screenshots and even record audio and video in real-time. All of the data compromised would be sent straight to the malware creator's command and control (C&C) server.

  • Open Source Code Of Mars Rover Being Used To Create Malware To Target Indian Government

    Last year on December 24, 2015, a potential online target was identified which was delivered via an email to a high profile Indian diplomat, an Ambassador to Afghanistan. The email was spoofed and crafted as if it was sent by the current defence minister of India, Mr. Manohar Parikar. The mail commended the Ambassador to Afghanistan on his contributions and success.

  • Report: 3.5 Million HTTPS Servers Vulnerable to DROWN

    A report released Tuesday on the DROWN vulnerability raises concerns about possible attacks that could expose encrypted communications. DROWN is a serious vulnerability that affects HTTPS and other services using SSL version 2, according to the team of security researchers who compiled the report. The protocols affected are some of the essential cryptographic protocols for Internet security. An attack could decrypt secure HTTPS communications, such as passwords or credit card numbers, within minutes.

  • OpenSSL update fixes Drown vulnerability
  • HTTPS DROWN flaw: Security bods' hearts sink as tatty protocols wash away web crypto

    DROWN (aka Decrypting RSA with Obsolete and Weakened eNcryption) is a serious design flaw that affects HTTPS websites and other network services that rely on SSL and TLS – which are core cryptographic protocols for internet security. As previously reported, about a third of all HTTPS servers are vulnerable to attack, the computer scientists behind the discovery of the issue warn.

More in Tux Machines

Lumina Desktop 1.1 Released

The BSD-focused, Qt-powered Lumina Desktop Environment is out with its version 1.1 update. The developers behind the Lumina Desktop Environment consider it a "significant update" with both new and reworked utilities, infrastructure improvements, and other enhancements. Lumina 1.1 adds a pure Qt5 calculator, text editor improvements, the file manager has been completely overhauled, system application list management is much improved, and there is a range of other improvements. Read more

Radeon vs. Nouveau Open-Source Drivers On Mesa Git + Linux 4.9

For your viewing pleasure this Friday are some open-source AMD vs. NVIDIA numbers when using the latest open-source code on each side. Linux 4.9-rc1 was used while Ubuntu 16.10 paired with the Padoka PPA led to Mesa Git as of earlier this week plus LLVM 4.0 SVN. As covered recently, there are no Nouveau driver changes for Linux 4.9 while we had hoped the boost patches would land. Thus the re-clocking is still quite poor for this open-source NVIDIA driver stack. For the Nouveau tests I manually re-clocked each graphics card to the highest performance state (0f) after first re-clocking the cards to the 0a performance state for helping some of the GPUs that otherwise fail with memory re-clocking at 0f, as Nouveau developers have expressed this is the preferred approach for testing. Read more

Ubuntu MATE, Not Just a Whim

I've stated for years how much I dislike Ubuntu's Unity interface. Yes, it's become more polished through the years, but it's just not an interface that thinks the same way I do. That's likely because I'm old and inflexible, but nevertheless, I've done everything I could to avoid using Unity, which usually means switching to Xubuntu. I actually really like Xubuntu, and the Xfce interface is close enough to the GNOME 2 look, that I hardly miss the way my laptop used to look before Unity. I wasn't alone in my disdain for Ubuntu's flagship desktop manager switch, and many folks either switched to Xubuntu or moved to another Debian/Ubuntu-based distro like Linux Mint. The MATE desktop started as a hack, in fact, because GNOME 3 and Unity were such drastic changes. I never really got into MATE, however, because I thought it was going to be nothing more than a hack and eventually would be unusable due to old GNOME 2 libraries phasing out and so forth. Read more

EU-Fossa project submits results of code audits

The European Commission’s ‘EU Free and Open Source Software Auditing’ project (EU-Fossa) has sent its code review results to the developers of Apache HTTP server target and KeePass. The audit results are not yet made public, however, no critical vulnerabilities were found. Read more