Language Selection

English French German Italian Portuguese Spanish

Security

pfSense 2.4.0-RELEASE Now Available!

Filed under
Security
BSD

We are excited to announce the release of pfSense® software version 2.4, now available for new installations and upgrades!

pfSense software version 2.4.0 was a herculean effort! It is the culmination of 18 months of hard work by Netgate and community contributors, with over 290 items resolved. According to git, 671 files were changed with a total 1651680 lines added, and 185727 lines deleted. Most of those added lines are from translated strings for multiple language support!

pfSense 2.4.0-RELEASE updates and installation images are available now!

Read more

Also: pfSense 2.4 Released, Rebased To FreeBSD 11.1 & New Installer

Security: Updates, Reproducible Builds, T-Mobile, ATMs, Microsoft Outlook "Fake Crypto" and Accenture

Filed under
Security
  • Security updates for Tuesday
  • Reproducible Builds: Weekly report #128
  • T-Mobile customer data plundered thanks to bad API

    A bug disclosed and patched last week by T-Mobile in a Web application interface allowed anyone to query account information by simply providing a phone number. That includes customer e-mail addresses, device identification data, and even the answers to account security questions. The bug, which was patched after T-Mobile was contacted by Motherboard's Lorenzo Franceschi-Bicchierai on behalf of an anonymous security researcher, was apparently also exploited by others, giving them access to information that could be used to hijack customers' accounts and move them to new phones. Attackers could potentially gain access to other accounts protected by SMS-based "two factor" authentication simply by acquiring a T-Mobile SIM card.

  • Criminals stole millions from E. Europe banks with ATM “overdraft” hack

    Banks in several former Soviet states were hit with a wave of debit card fraud earlier this year that netted millions of dollars worth of cash. These bank heists relied on a combination of fraudulent bank accounts and hacking to turn nearly empty bank accounts into cash-generating machines. In a report being released by TrustWave's SpiderLabs today, SpiderLabs researchers detailed the crime spree: hackers gained access to bank systems and manipulated the overdraft protection on accounts set up by proxies and then used automated teller machines in other countries to withdraw thousands of dollars via empty or nearly empty accounts.

    While SpiderLabs' investigation accounted for about $40 million in fraudulent withdrawals, the report's authors noted, "when taking into account the undiscovered or uninvestigated attacks along with investigations undertaken by internal groups or third parties, we estimate losses to be in the hundreds of millions in USD." This criminal enterprise was a hybrid of traditional credit fraud and hacking. It relied on an army of individuals with fake identity documents, as these folks were paid to set up accounts at the targeted institutions with the lowest possible deposit. From there, individuals requested debit cards for the accounts, which were forwarded to co-conspirators in other countries throughout Europe and in Russia.

  • Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For Months

    Beware, If you are using S/MIME protocol over Microsoft Outlook to encrypt your email communication, you need to watch out.

    From at least last 6 months, your messages were being sent in both encrypted and unencrypted forms, exposing all your secret and sensitive communications to potential eavesdroppers.

    S/MIME, or Secure/Multipurpose Internet Mail Extensions, is an end-to-end encryption protocol—based on public-key cryptography and works just like SSL connections—that enables users to send digitally signed and encrypted messages.

  • Fake Crypto: Microsoft Outlook S/MIME Cleartext Disclosure (CVE-2017-11776)

    Outlook version XXX (we are still waiting for Microsoft to release detailed information and update the blog accordingly) was the first affected version. So any S/MIME encrypted mail written since that date might be affected.

    Unfortunately there is no easy solution to remediate the impact of this vulnerability (we are still waiting for Microsoft to release detailed information and update the blog).

    In cases where mails have been send to third parties (recipient is outside of the sender’s organization) remediation is not possible by the sending party, since the sender has no authority over the recipient’s mail infrastructure.

  • Accenture data leak: 'Keys to the kingdom' left exposed via multiple unsecured cloud servers

    A massive trove of sensitive corporate and customer data was left freely exposed to the public by Accenture, one of the world's biggest management firms. The tech giant left at least four cloud storage servers, which contained highly sensitive decryption keys and passwords, exposed to the public, without any password protections.

Security: Updates, Accenture, Microsoft and More

Filed under
Security
  • Security updates for Wednesday
  • Accenture left a huge trove of highly sensitive data on exposed servers

    Technology and cloud giant Accenture has confirmed it inadvertently left a massive store of private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys that could have inflicted considerable damage on the company and its customers.

  • Crypto Anchors: Exfiltration Resistant Infrastructure

    The obvious way to implement a tokenization service is to generate a random token and store a mapping of that token and a one-way hash of the sensitive piece of data.

    Unfortunately, the maximum number of possible SSNs is just under 1 billion, making it trivial for an attacker that downloads the database to brute-force them offline.

  • Detecting DDE in MS Office documents

    Dynamic Data Exchange is an old Microsoft technology that can be (ab)used to execute code from within MS Office documents. Etienne Stalmans and Saif El-Sherei from Sensepost published a blog post in which they describe how to weaponize MS Office documents.

  • Stack Overflow Considered Harmful?

    What proportion of Android apps in the Play store include security-related code snippets copied directly from Stack Overflow? Does the copied code increase or decrease application security?

  • ‘UK teen almost hacking US officials a serious concern for American security’

    It should be very concerning for the US security services that a teenager almost got to access to private information of top officials, including that of the CIA chief, as other hackers might actually do some real harm, Mark Chapman of the UK Pirate Party believes.

    British teenager Kane Gamble pleaded guilty to trying to hack top US officials’ personal computers.

    Gamble is autistic and was only 15 years old when he attempted to hack the computers of former CIA chief John Brennan and the head of security of the Obama administration. He was released on bail and is due to be sentenced by a British regional court in December.

Security: Accenture, Australian Cyber Security Centre, Voting and North Korea

Filed under
Security
  • Accenture's crown jewels found exposed in unsecured AWS buckets

    Global corporate consulting and management firm Accenture left at least four cloud-based storage servers unsecured and open to the public, the security company UpGuard has found.

    Exposed to the world were secret API data, authentication credentials, certificates, decryption keys, customer information and other data that could have been used to attack both the company and its clients.

  • Cyber terror? Ain't seen it yet, says Australian Cyber Security Centre

    Despite all the hyper-ventilation by politicians who paint grim scenarios of cyber Armageddon always being around the corner, Australia is yet to face malicious activity that would constitute a cyber attack, according to the Australian Cyber Security Centre.

  • The Race to Secure Voting Tech Gets an Urgent Jumpstart

    On Tuesday, representatives from the hacking conference DefCon and partners at the Atlantic Council think tank shared findings from a report about DefCon's Voting Village, where hundreds of hackers got to physically interact with—and compromise—actual US voting machines for the first time ever at the conference in July. Work over three days at the Village underscored the fundamental vulnerability of the devices, and raised questions about important issues, like the trustworthiness of hardware parts manufactured in other countries, including China. But most importantly, the report highlights the dire urgency of securing US voting systems before the 2018 midterm elections.

  • North Korean Hack [sic] of U.S. War Plans Shows Off Cyber Skills

Security: Kromtech, Nginx, Equifax, Kickstarter, Microsoft Windows

Filed under
Security
  • [Older] The creepiest data breach till date: Passwords of 540,000 Car Tracking Devices Leaked Online

    Data breaches have become so common these days that every single day we get news about a data breach. We have seen data breaches from big to small, from dangerous to embarrassing, but this is one is the creepiest data breach of 2017, this leak of credentials of almost 540,000 Car Tracking Devices might take the biscuit.

    The Kromtech Security Center recently found over half a million login credentials belonging to SVR, a company specializes in “vehicle recovery”, is leaked online and is publicly accessible. SVR provides its customers with around-the-clock surveillance of cars and trucks, just in case those vehicles are towed or stolen.

  • Nginx 1.13.6 Patches Web Server for the Year 2038 Flaw

    Developers and organizations around the world rushed to fix the Y2K bug nearly 20 years ago as the calendar rolled over to the new millennium. There is also a similar bug that is resident in Unix/Linux systems known as the Year 2038 bug.

    The latest vendor to fix its software for the 2038 bug is open-source web application server vendor nginx. The new nginx 1.13.6 release debuts on Oct. 10, fixing 11 different bugs.

    "Bugfix: nginx did not support dates after the year 2038 on 32-bit platforms with 64-bit time_t," the nginx changelog noted.

  • Equifax: About those 400,000 UK records we lost? It's now 15.2M. Yes, M for MEELLLIOON

    Last month, US credit score agency Equifax admitted the personal data for just under 400,000 UK accounts was slurped by hackers raiding its database. On Tuesday this week, it upped that number ever-so-slightly to 15.2 million.

    In true buck-passing fashion, at the time of writing, Equifax hadn't even released a public statement on the matter. Instead it fell to Blighty's National Cyber Security Centre to reveal the bad news that a blundering American firm had put them at risk of phishing attacks.

    “We are aware that Equifax was the victim of a criminal cyber attack in May 2017," the NCSC said in a statement today.

    “Equifax have today updated their guidance to confirm that a file containing 15.2m UK records dating from between 2011 and 2016 was attacked in this incident. NCSC advises that passwords are not re-used on any accounts if you have been told by Equifax that any portion of your membership details have been accessed.”

  • Major Data Breach Left 15 Million Accounts from These Popular Sites Vulnerable

    In what seems like an ever-lengthening line of data breaches in recent weeks (This restaurant, this financial services company, and this supermarket have all been breached in the past month), Lifehacker has reported that information from 15 million Kickstarter and Bitly accounts are now available to the public due to a 2014 data breach. The breach itself isn’t new, much like the fresh news about Yahoo’s massive breach, but it’s much less disconcerting. Although the information is now public, it is still encrypted, and both Kickstarter and Bitly took swift action to notify users of the breach when it originally occurred, urging them to change their passwords and nullifying the breach ones if user action was not taken.

  • It's 2017... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too

    Microsoft today released patches for more than 60 CVE-listed vulnerabilities in its software. Meanwhile, Adobe is skipping October's Patch Tuesday altogether.

    Among the latest holes that need papering over via Windows Update are three vulnerabilities already publicly disclosed – with one being exploited right now by hackers to infect vulnerable machines. That flaw, CVE-2017-11826, is leveraged when a booby-trapped Microsoft Office document is opened, allowing malicious code within it to run with the same rights as the logged-in user, and should be considered a top priority to patch.

    Dustin Childs, of Trend Micro's Zero Day Initiative, noted today that users and administrators should also pay special attention to Microsoft's ADV170012, an advisory warning of weak cryptographic keys generated by Trusted Platform Modules (TPMs) on Infineon motherboards.

Security: Equifax, Forrester, Akamai, Disqus, WhatsApp, FBI, Accenture

Filed under
Security
  • Equifax will give your salary history to anyone with your SSN and date of birth
  • Forrester Research Discloses Limited Website Data Breach

    At 6:17 ET PM on Oct.6, Forrester Research publicly admitted that it was the victim of a cyber-attack. According to the firm, the attack had limited impact, with no evidence that confidential client data had been stolen.

    According to Forrester Research's preliminary investigation, attackers were able to gain access to Forrester.com content that was intended to be limited exclusively to clients.

    "We recognize that hackers will attack attractive targets—in this case, our research IP," George F. Colony, chairman and chief executive officer of Forrester, stated.

    "We also understand there is a tradeoff between making it easy for our clients to access our research and security measures," Colony added. "We feel that we have taken a common-sense approach to those two priorities; however, we will continuously look at that balance to respond to changing cyber-security risk."

  • Akamai Reports Fast Flux Botnets Remain a Security Risk

    Attackers are continuing to benefit from the use many different technique to remain hidden. New research released Oct.10 by Akamai reveals that a botnet with over 14,000 IP addresses has been using the fast flux DNS technique to evade detection, while still causing damage to users and organizations.

    Fast Flux is an attacker technique that uses the Domain Name System (DNS) to hide the source of an attack. DNS operates by referring a domain name to a specific IP address

  • Disqus reveals data breach, but wins points for transparency

    Disqus has publicly announced that its user database leaked in 2012, exposing the usernames, email addresses, sign-up dates, and last login dates of more than 17 million users.

    In addition, the data included crackable SHA1-hashed passwords of “about one-third” of users. Presumably many accounts registered with the popular blog-commenting service do not have associated passwords due to many users signing-in using third-party social media accounts such as Google or Facebook.

    Quite how the security breach occurred is currently a mystery, and – frankly – despite their good intentions, Disqus may find it difficult to pinpoint exactly what happened five years after the event.

  • WhatsApp Exploit Can Allow Hackers To Monitor Your Sleep And Other Things
  • Multi-Layered Defenses Needed to Improve Cyber-Security, FBI Says
  • Hacking is inevitable, so it’s time to assume our data will be stolen

    If recent hacking attacks such as the one at Equifax, which compromised personal data for about half of all Americans, have taught us anything, it’s that data breaches are a part of life. It’s time to plan for what happens after our data is stolen, according to Rahul Telang, professor of information systems at Carnegie Mellon University.

    Companies are prone to understating the scale of hacks, which suggests that there needs to be better standards for disclosing breaches. Yahoo recently confessed that its data breach actually impacted 3 billion user accounts, three times what it disclosed in December. Equifax also boosted the number of people it says were affected by its hack.

  • 7 Security Risks User and Entity Behavior Analytics Helps Detect
  • UpGuard Reports Accenture Data Exposure, Debuts Risk Detection Service

    Security vendor UpGuard announced on Oct.10 that it discovered that global consulting firm Accenture had left at least four cloud-based storage servers publicly available. UpGuard alleges that the exposed cloud servers could have left Accenture customers to risk, though Accenture is publicly downplaying the impact of the cloud data exposure.

    "There was no risk to any of our clients – no active credentials, PII and other sensitive information was compromised," Accenture noted in a statement sent to eWEEK. "The information involved could not have provided access to client systems and was not production data or applications."

    Accenture added that the company has a multi-layered security model and the data in question would not have allowed anyone that found it to penetrate any of those layers.

Security: Updates, Deloitte Crack, 'Optionsbleed', Browsers Will Store Credit Card Details

Filed under
Security
  • Security updates for Monday
  • Deloitte hack hit server containing emails from across US government

    The hack into the accountancy giant Deloitte compromised a server that contained the emails of an estimated 350 clients, including four US government departments, the United Nations and some of the world’s biggest multinationals, the Guardian has been told.

    Sources with knowledge of the hack say the incident was potentially more widespread than Deloitte has been prepared to acknowledge and that the company cannot be 100% sure what was taken.

    Deloitte said it believed the hack had only “impacted” six clients, and that it was confident it knew where the hackers had been. It said it believed the attack on its systems, which began a year ago, was now over.

    However, sources who have spoken to the Guardian, on condition of anonymity, say the company red-flagged, and has been reviewing, a cache of emails and attachments that may have been compromised from a host of other entities.

  • Apache Patches Optionsbleed Flaw in HTTP Server

    The Apache HTTP Web Server (commonly simply referred to as 'Apache') is the most widely deployed web server in the world, and until last week, it was at risk from a security vulnerability known as Optionsbleed.

  • Browsers Will Store Credit Card Details Similar to How They Save Passwords

    A new W3C standard is slowly creeping into current browser implementations, a standard that will simplify the way people make payments online.

    Called the Payment Request API, this new standard relies on users entering and storing payment card details inside browsers, just like they currently do with passwords.

Security: gnURL 7.56.0, CyberShaolin, Open Source Security Podcast

Filed under
Security
  • gnURL 7.56.0 released

    Merges from cURL 7.56.0 upstream release and some gnURL specific fixes.
    For more info you can read the git log or the generated CHANGELOG file (only present in the tarball).

  • CyberShaolin: Teaching the Next Generation of Cybersecurity Experts

    Reuben Paul is not the only kid who plays video games, but his fascination with games and computers set him on a unique journey of curiosity that led to an early interest in cybersecurity education and advocacy and the creation of CyberShaolin, an organization that helps children understand the threat of cyberattacks. Paul, who is now 11 years old, will present a keynote talk at Open Source Summit in Prague, sharing his experiences and highlighting insecurities in toys, devices, and other technologies in daily use.

  • [Open Source Security Podcast] Episode 65 - Will aliens overthrow us before AI?

Security: AWS, Disqus, Drone Program

Filed under
Security
  • Forget stealing data — these hackers broke into Amazon's cloud to mine bitcoin

    A report from the security intelligence group RedLock found at least two companies which had their AWS cloud services compromised by hackers [sic] who wanted nothing more than to use the computer power to mine the cryptocurrency bitcoin. The hackers [sic] ultimately got access to Amazon's cloud servers after discovering that their administration consoles weren't password protected.

  • Disqus discovers hack [sic] of 17.5m user details after five years

    The biggest Web comment hosting service Disqus was breached in 2012 but the company only knew of it last week, according to an announcement made on Friday.

  • A Mysterious Virus Has Infiltrated America's Drone Program

    There’s something deeply wrong at Creech Air Force Base, the notorious home of America’s drone program, where pilots remotely order US Reaper and Predator drones to unleash destructive missile strikes on unsuspecting villagers in Yemen, Libya, Iraq, Syria, Afghanistan and other war zones.

    Less than a week after the Department of Homeland Security advised all federal agencies using anti-virus software created by Kaspersky Labs to remove the programs from their systems immediately, Ars Technica reports that two weeks ago the Defense Information Systems Agency detected mysterious spyware embedded in the drone “cockpits” – the control stations that pilots use to control the deadly machines.

Security: FireEye, Disqus, EFF on Apple

Filed under
Security
  • FireEye Warns of Expanding FormBook Malware Attacks

    "Because of the affiliate model (or Malware-as-a-Service) set up and its open availability on the web, it is difficult to determine the attack origins, and could be attributed to anyone who has subscribed to the service," Randi Eitzman, FireEye Analyst, told eSecurityPlanet.

    FormBook is being distributed via different document formats, including PDF, DOC and archive files that have some form of download link, macro or executable payload.

  • Disqus hacked [sic] : More than 17.5 million users' details stolen by hackers in 2012 data breach

    About a third of the compromised accounts contained passwords that were salted and hashed using the weak SHA-1 algorithm. Disqus said the exposed user data dates back to 2007 with the most recent data exposed from July 2012.

  • iOS 11’s Misleading “Off-ish” Setting for Bluetooth and Wi-Fi is Bad for User Security

    Turning off your Bluetooth and Wi-Fi radios when you’re not using them is good security practice (not to mention good for your battery usage). When you consider Bluetooth’s known vulnerabilities, it’s especially important to make sure your Bluetooth and Wi-Fi settings are doing what you want them to. The iPhone’s newest operating system, however, makes it harder for users to control these settings.

    On an iPhone, users might instinctively swipe up to open Control Center and toggle Wi-Fi and Bluetooth off from the quick settings. Each icon switches from blue to gray, leading a user to reasonably believe they have been turned off—in other words, fully disabled. In iOS 10, that was true. However, in iOS 11, the same setting change no longer actually turns Wi-Fi or Bluetooth “off.”

    Instead, what actually happens in iOS 11 when you toggle your quick settings to “off” is that the phone will disconnect from Wi-Fi networks and some devices, but remain on for Apple services. Location Services is still enabled, Apple devices (like Apple Watch and Pencil) stay connected, and services such as Handoff and Instant Hotspot stay on. Apple’s UI fails to even attempt to communicate these exceptions to its users.

Syndicate content

More in Tux Machines

Qt/KDE: Qt5 in Debian and Slackware, QtCreator on Android, KDE Discover, and Plasma's 10th Anniversary

  • moving Qt 4 from Debian testing (aka Buster): some statistics, update II
    We started filing bugs around September 9. That means roughly 32 weeks which gives us around 5.65 packages fixed per week, aka 0.85 packages per day. Obviously not as good as we started (remaining bugs tend to be more complicated), but still quite good.
  • [Slackware] Plasma5 – April 18 edition for Slackware
    The KDE-5_18.04 release of ‘ktown‘ for Slackware-current offers the latest KDE Frameworks (5.45.0), Plasma (5.12.4) and Applications (18.04.0). The Qt5 was upgraded to 5.9.5. Read the README file for more details and for installation/upgrade instructions. Enjoy the latest Plasma 5 desktop environment.
  • Perfect Debugging Experience with QtCreator on Android
    While I was working on a yet-to-be-announced super secret and cool Qt on Android project, I had to do a lot of debugging. This way I found that debugging Qt apps on Android using QtCreator was ok, but it had some issues, which was kinda frustrating.
  • Discover – Easily Install Software on KDE Neon Desktop
    KDE Discover is an Open Source GUI app installer that comes packaged with KDE Neon. It was particularly built from the ground up to be compatible with other modern Linux distros with emphasis on beauty and convenience. KDE Discover was also designed to allow for an intuitive User Experience as it features a clean and clear layout with a high readability value which makes it easy to browse, search for, install, and uninstall applications.
  • Almost 10 years of Plasma-Desktop
    Last week I was at work and start to listen my boss said: “We need to show this to our director”. So I went to my coworker table to see what was happening. So they were using Gource to make a video about the git history of the project. Gource is a software version control visualization tool. So that triggered in my mind some memories about a friend talking about Python and showing how the project as grow in this past years, but I never discovered about the tool that made that amazing video. So well, I started to make some Gource videos, and because my love about KDE Community, why not make one about it?

GNOME: Getting Real GNOME Back in Ubuntu 18.04, Bug Fix for Memory Leak

  • Getting Real GNOME Back in Ubuntu 18.04 [Quick Tip]
    Ubuntu 18.04 uses a customized version of GNOME and GNOME users might not like those changes. This tutorial shows you how to install vanilla GNOME on Ubuntu 18.04. One of the main new features of Ubuntu 18.04 is the customized GNOME desktop. Ubuntu has done some tweaking on GNOME desktop to make it look similar to its Unity desktop. So you get minimize options in the windows control, a Unity like launcher on the left of the screen, app indicator support among some other changes.
  • The Infamous GNOME Shell Memory Leak
    at this point, I think it’s safe to assume that many of you already heard of a memory leak that was plaguing GNOME Shell. Well, as of yesterday, the two GitLab’s MRs that help fixing that issue were merged, and will be available in the next GNOME version. The fixes are being considered for backporting to GNOME 3.28 – after making sure they work as expected and don’t break your computer.
  • The Big GNOME Shell Memory Leak Has Been Plugged, Might Be Backported To 3.28
    The widely talked about "GNOME Shell memory leak" causing excessive memory usage after a while with recent versions of GNOME has now been fully corrected. The changes are currently staged in Git for what will become GNOME 3.30 but might also be backported to 3.28. Well known GNOME developer Georges Stavracas has provided an update on the matter and confirmed that the issue stems from GJS - the GNOME JavaScript component - with the garbage collection process not being fired off as it should.

Graphics: AMDVLK, XWayland and Vulkan

  • AMDVLK Vulkan Driver Stack Gets Updated With More Extensions, Optimizations & Fixes
    AMD developers maintaining their official Vulkan cross-platform driver code have pushed their end-of-week updates to their external source repositories for those wanting to build the AMDVLK driver on Linux from source. This latest AMDVLK push updates not only their PAL (Platform Abstraction Layer) and XGL (Vulkan API Layer) components but it also updates their fork of the LLVM code-base used for their shader compilation.
  • EGLStreams XWayland Code Revised Ahead Of X.Org Server 1.20
    It's still not clear if the EGLStreams XWayland support will be merged for xorg-server 1.20 but at least the patches were revised this week, making it possible to merge them into this next X.Org Server release for allowing the NVIDIA proprietary driver to work with XWayland.
  • Vulkan 1.1.74 Released With Minor Fixes & Clarifications
    Vulkan continues sticking to the "release early, release often" mantra with the availability today of Vulkan 1.1.74.

Xfce Releases/Updates

  • Xfce Settings 4.12.3 / 4.13.2 Released
    Fixes galore! Xfce Settings 4.12.3 and 4.13.2 were released on March 18th with several improvements, feature parity, and translations.
  • Xfce PulseAudio Plugin 0.4.0 (and 0.4.1) Released
    Stable as a rock. Xfce PulseAudio Plugin hit a new stable milestone with the 0.4.0 release. This release wraps up the awesome development cycle we’ve had on this over the last few months and is recommended for all users.
  • Xfce Settings Update Brings Better Multi-Monitor Support
    While still waiting on the long-awaited Xfce 4.14, out this weekend is an Xfce Settings 4.14.2 preview release as well as an Xfce Settings 4.12.3 stable series update. Both of these Xfce Settings updates bring better multi-monitor support, including visualization of all display configuration states, visually noting if two displays are mirrored, always drawing the active display last so it's on top, and a number of fixes pertaining to the multi-monitor display handling from this Xfce desktop settings agent.