Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Keylogger Discovered in HP Audio Driver
  • [EN] Keylogger in Hewlett-Packard Audio Driver

    Security reviews of modern Windows Active Domain infrastructures are – from our point of view – quite sobering. Therefore, we often look left and right, when, for example, examining the hardening of protection mechanisms of a workstation. Here, we often find all sorts of dangerous and ill-conceived stuff. We want to present one of these casually identified cases now, as it's quite an interesting one: We have discovered a keylogger in an audio driver package by Hewlett-Packard.

    A keylogger is a piece of software for which the case of dual-use can rarely be claimed. This means there are very few situations where you would describe a keylogger that records all keystrokes as 'well-intended'. A keylogger records when a key is pressed, when it is released, and whether any shift or special keys have been pressed. It is also recorded if, for example, a password is entered even if it is not displayed on the screen.

  • Microsoft rushes emergency fix for critical antivirus bug

    The critical security vulnerability in the Microsoft Malware Protection Engine affects a number of Microsoft products, including Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Forefront Security for SharePoint, Microsoft Endpoint Protection, and Microsoft Forefront Endpoint Protection. These tools are enabled by default in Windows 8, 8.1, 10, and Windows Server 2012.

  • Google Offers $20000 Rewards to Drive OSS-Fuzz Initiative
  • Call the fuzz, says Google, get the reward
  • How Google’s OSS-Fuzz is securing open-source software

    Google released OSS-Fuzz five months ago with a mission to make open-source projects stable, secure and reliable. Since then, the continuous fuzzing solution has found more than 1,000 bugs with 264 of them flagged as potential security bugs.

  • Google Fuzzing Service for OS Finds 1K Bugs in Five Months

    A Google-led initiative to find security vulnerabilities in popular open source projects has unearthed more than 1,000 bugs in various open source software in the five months since the effort was launched.

  • The IoT's Scramble to Combat Botnets

    With shadowy botnet armies lurking around the globe and vigilante gray-hat actors inoculating susceptible devices, the appetite for Internet of Things security is stronger than ever.

  • Exploiting the Linux kernel via packet sockets

    Lately I’ve been spending some time fuzzing network-related Linux kernel interfaces with syzkaller. Besides the recently discovered vulnerability in DCCP sockets, I also found another one, this time in packet sockets. This post describes how the bug was discovered and how we can exploit it to escalate privileges.

More in Tux Machines

Android Leftovers

  • Pimp your smartphone with the latest Android O Pixel launcher
    If your device is running Android 6.0.1 Marshmallow or above, you can now pimp it out with the latest Google O Pixel launcher. One of the contributors on the XDA Developers forum has recently posted the APK file, which you can install on your smartphone. Before you download the file, make sure your device can install apps that aren’t listed on the Play Store. To do so, open up the Settings menu, tap on Security, and enable the “Unknown sources” option. Once that’s done, all you have to do is download the file and then tap on it in the notification shade to install the launcher on your device.
  • Google is killing off Android's emoji blobs
    The best emojis on the market are no more: Google’s weird blobs are being retired in favour of more conventional circular yellow faces.
  • Google I/O: What about Android on Chrome OS?
    The hottest tech-show ticket these days is Google I/O. In the just-finished 2017 conference, Google announced lots of great stuff, including a lightweight version of Android, Android Go; a first look at the next version of Android, Android O; and a major upgrade to Google Home. One thing that was noticeably missing, however: big news about Android apps on Chrome OS.
  • RaspAnd Marshmallow 6.0.1 Android OS Now Available for Raspberry Pi 3 and 2 SBCs
    After informing us about the availability of a new build of his RaspAnd Nougat operating system for Raspberry Pi 3 and 2 SBCs based on Android 7.1.2, Arne Exton released an updated RaspAnd Marshmallow 6 version.

today's howtos

LinuxAndUbuntu Distro Review Of The Week - Deepin OS

​Depth/Deepin OS is not just another Linux Distro, but one with something new to show. Deepin OS is simply speaking, just beautiful. Deepin OS, formerly known as Deepin, Linux Deepin, and Hiweed GNU/Linux is a Linux distro with an identity crisis. Seriously, this distro has undergone name changes you always have to check twice if the name is still the same. And that is all the negative you are going to say about this distro. Honestly speaking, Deepin OS is surely going to blow you away. I have been keeping an eye on this distro since 2013 and it still manages to impress me. Read more

KDE Leftovers: digikam, KDevelop, Kate, GSoC, and Akademy

  • [digikam] Call to Test the Pre-Release of 5.6.0
    Once again a lot has been going on behind the scenes since the last release. The HTML gallery tool is back, database shrinking (e.g. purging stale thumbnails) is also supported on MySQL, grouping has been improved and additional sidecars can now be specified. Therefore the release of 5.6.0 will be (is already) delayed, as we would like to invite you to test all these features. As usual they are available in the pre-release bundles or obviously directly from the git repository. Please report any dysfunctions, unexpected behaviour or suggestions for improvement to our bug tracker.
  • KDevelop runtimes: Docker and Flatpak integration
    On my last blog post I discussed about how some assumptions such as the platform developed on can affect our development. We need to minimize it by empowering the developers with good tools so that they can develop properly. To that end, I introduced runtimes in our IDE to abstract platforms (much like on Gnome’s Builder or Qt Creator).
  • Kate 17.04.1 available for Windows
  • GSoC - Community Bonding Period with Krita
  • First month report: my feelings about gsoc
  • My Akademy Plans
    The Akademy programme (saturday, sunday) is actually pretty long; the conference days stretch into feels-like-evening to me. Of course, the Dutch are infamous for being “6pm at the dinner table, and eat potatoes” so my notion of evening may not match what works on the Mediterranean coast. Actually, I know it doesn’t since way back when at a Ubuntu Developer Summit in Sevilla it took some internal-clock-resetting to adjust to dinner closer to midnight than 18:00.