Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Out-of-Control CIA Continues to be Exposed in WikiLeaks’ Vault 7

    After installing a small file, the operators would then be able to instruct the computer to kill any use of a web browser on a set schedule. For instance, the software could be instructed to shut down Firefox every 25-35 seconds. Similarly, the example included a measure to “lock up” PowerPoint files 10 minutes after they were loaded. It would also allow operators to create a delay when PowerPoint files were attempting to load.

    While the examples they used are simple and relatively harmless, the software could perform virtually any assigned task. Because the data is encrypted with a key stored outside of the machine, the code would be extremely difficult to detect and/or decipher.

    After installing the software, the documentation instructs users to “kick back” and “Relax – After Midnight will take care of the rest.”

    The second piece of software detailed is similar to “AfterMidnight” and is called “Assassin.” That piece of software is a relatively simple way of collecting data remotely and then delivering results to a listening post on a schedule.

    Through screenshots in the documents, it can be seen that the author is named “Justin,” is working from a Dell computer, and desktop shortcuts to an encrypted chat program called ‘Pidgin,’ as well as a folder entitled “drone.”

  • Global ‘Wana’ Ransomware Outbreak Earned Perpetrators $26,000 So Far

    However, I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward. It’s particularly galling because this attack potentially endangered the lives of many.

  • Ransomware: Microsoft can no longer claim to be 'proactive'

    Microsoft's reaction to the Windows ransomware crisis that occurred on Friday and Saturday has shown one thing: no longer can the company continue to use the business buzzword "proactive" when it talks about itself. It was caught unawares and left looking very old and tired in the way it responded to the situation.

  • Cyber attack: Hackers {sic} in China try to seize control of WannaCry ransomware's 'kill switch'

    “What you can follow is the money,” Mr Raiu said. “You can follow the Bitcoins [although] following the Bitcoins is kind of an art in itself.”

  • [Old] The Software Industry IS the Problem

    The question is how to introduce product liability, because just imposing it would instantly shut down any and all software houses with just a hint of a risk management function on their organizational charts.

  • [Old] Why Not Use Port Knocking?

    The robots currently at work knocking around for your guessable password could easily be repurposed to guess your Unicode password currently known as your port knocking sequence, and quite likely have been already.

More in Tux Machines

Security: Equifax, Kodi, Infrared, and Windows XP in 2017

  • Safer but not immune: Cloud lessons from the Equifax breach
  • Warning: If you are using this Kodi repository, you could be in danger
    Kodi is quite possibly the best media center software of all time. If you are looking to watch videos or listen to music, the open source solution provides an excellent overall experience. Thanks to its support for "addons," it has the potential to become better all the time. You see, developers can easily add new functionality by writing an addon for the platform. And yes, some addons can be used for piracy, but not all of them are. These addons, such as Exodus and Covenant, are normally added using a repository, which hosts them. [...] We do not know 100 percent if the person that re-registered the metalkettle name on GitHub is planning anything evil, but it is better to be safe than sorry.
  • Infrared signals in surveillance cameras let malware jump network air gaps
    The malware prototype could be a crucial ingredient for attacks that target some of the world's most sensitive networks. Militaries, energy producers, and other critical infrastructure providers frequently disconnect such networks from the Internet as a precaution. In the event malware is installed, there is no way for it to make contact with attacker-controlled servers that receive stolen data or issue new commands. Such airgaps are one of the most basic measures for securing highly sensitive information and networks. The proof-of-concept malware uses connected surveillance cameras to bridge such airgaps. Instead of trying to use the Internet to reach attacker-controlled servers, the malware weaves passwords, cryptographic keys, and other types of data into infrared signals and uses a camera's built-in infrared lights to transmit them. A nearby attacker then records the signals with a video camera and later decodes embedded secrets. The same nearby attackers can embed data into infrared signals and beam them to an infected camera, where they're intercepted and decoded by the network malware. The covert channel works best when attackers have a direct line of sight to the video camera, but non-line-of-sight communication is also possible in some cases.
  • Manchester police still relies on Windows XP
    England's second biggest police force has revealed that more than one in five of its computers were still running Windows XP as of July. Greater Manchester Police told the BBC that 1,518 of its PCs ran the ageing operating system, representing 20.3% of all the office computers it used. Microsoft ended nearly all support for the operating system in 2014. Experts say its use could pose a hacking risk. The figure was disclosed as part of a wider Freedom of Information request. "Even if security vulnerabilities are identified in XP, Microsoft won't distribute patches in the same way it does for later releases of Windows," said Dr Steven Murdoch, a cyber-security expert at University College London.

Flock 2017, Fedora 27, and New Fedora 26 (F26) ISO

  • Flock 2017: How to make your application into a Flatpak?
  • Flock to Fedora 2017
  • Flock 2017 – A Marketing talk about a new era to come.
    I had two session at Flock this year, one done by me and another in support of Robert Mayr in the Mindshare one, if there were been any need for discussing. Here I’m talking about my session: Marketing – tasks and visions (I will push the report about the second one after Robert’s one, for completion). In order to fit the real target of a Flock conference (that is a contributor conference, not a show where people must demonstrate how much cool they are; we know it!) is to bring and show something new, whether ideas, software, changes and so on, and discuss with other contributors if they’re really innovative, useful and achievable.
  • F26-20170918 Updated Live isos released
  • GSoC2017 Final — Migrate Plinth to Fedora Server
  • Building Modules for Fedora 27
    Let me start with a wrong presumption that you have everything set up – you are a packager who knows what they want to achieve, you have a dist-git repository created, you have all the tooling installed. And of course, you know what Modularity is, and how and why do we use modulemd to define modular content. You know what Host, Platform, and Bootstrap modules are and how to use them.

Red Hat Financial Results Expectations High

Will Microsoft love Linux to death? Shuttleworth and Stallman on whether Windows 10 is free software's friend

Richard Stallman is a free-software activist and creator of the GNU OS that forms part of the basis of modern GNU/Linux distros. He believes that Microsoft's decision to build a Windows Subsystem for Linux (WSL) amounts to an attempt to extinguish software that users are free to run, copy, distribute, study, change and improve. "It certainly looks that way. But it won't be so easy to extinguish us, because our reasons for using and advancing free software are not limited to practical convenience," he said. "We want freedom. As a way to use computers in freedom, Windows is a non-starter." Read more