Language Selection

English French German Italian Portuguese Spanish

Security: Kali Linux Forensics Tools, SSH Primer and “Yelp, but for MAGA” Mad About Holes

Filed under
Security
  • Kali Linux Forensics Tools

    Kali Linux is a powerful Operating system especially designed for Penetration Tester and Security Professionals. Most of its features and tools are made for security researchers and pentesters but it has a separate “Forensics” tab and a separate “Forensics” mode for Forensics Investigators.
    Forensics is becoming very important in Cyber Security to detect and backtrack Black Hat Criminals. It is essential to remove Hackers’ malicious backdoors/malwares and trace them back to avoid any possible future incidents. In Kali’s Forensics mode, Operating System doesn’t mount any partition from System’s hard drive and doesn’t leave any changes or fingerprints on host’s system.

    Kali Linux comes with pre-installed popular forensics applications and toolkits. Here we’ll review some famous open source tools present in Kali Linux.

  • What is SSH (Secure shell protocol)?

    SSH stands for Secure Shell which is a security protocol based on the application layer. We use the SSH to securely access the remote servers and Desktops to execute various commands. In short, we can control the complete system remotely, if we have login information and SSH server access. Because The Secure Shell (SSH) is a cryptographic network protocol designed to replace the Telnet and access the remote system even on the unsecured remote shell by encrypting data before sending.

  • Security Researcher Discovers Flaws In Yelp-For-MAGAs App, Developer Threatens To Report Him To The Deep State

    Even a cursory look at past stories we've done about how companies treat security researchers who point out the trash-state of their products would reveal that entirely too many people and companies seem to think shooting the messenger is the best response. I have never understood the impulse to take people who are essentially stress-testing your software for free, ultimately pointing out how the product could be safer than it is, and then threatening those people with legal action or law enforcement. But, then, much of the world makes little sense to me.

    Such as why a Yelp-for-MAGA people should ever be a thing. But it absolutely is a thing, with conservative news site 63red.com releasing a mobile app that is essentially a Yelp-clone, but with the twist that its chief purpose is to let other Trump supporters know how likely they are to be derided when visiting a restaurant. This is an understandable impulse, I suppose, given the nature of politics in 2019 America, though the need for an app seems like overkill. Regardless, the app was released and a security researcher found roughly all the security holes in it.

  • “Yelp, but for MAGA” turns red over security disclosure, threatens researcher

    But the safe space for 63red founder Scott Wallace was violated quickly when French security researcher Elliot Alderson discovered some fundamental security flaws in Safe's architecture—making it not so safe.

    Because the application is build in React Native, a JavaScript- and JSX-based scripting language that basically turns Web apps into "native" Apple iOS and Android applications, the entire architecture of the application is available to anyone who downloads and unpacks it. And in that code, Alderson discovered a few things: [...]

More in Tux Machines

New features in OpenStack Neutron

OpenStack is the open source cloud infrastructure software project that provides compute, storage, and networking services for bare-metal, container, and VM workloads. To get a sense of the core functionality and additional services, check out the OpenStack map. The platform has a modular architecture that works across industry segments because infrastructure operators can choose the components they need to manage their infrastructure in the way that best supports their application workloads. The modules are also pluggable to provide further flexibility and make sure they can be used with a specific storage backend or software-defined networking (SDN) controller. Neutron is an OpenStack project to provide a de-facto standard REST API to manage and configure networking services and make them available to other components such as Nova. Read more

today's leftovers

  • Full Circle Weekly News #125
  • Why Open19 Designs Matter for Edge Computing [Ed: Openwashing Microsoft without even any source code]
    On the opening day of this year's Data Center World in Phoenix, Yuval Bachar, LinkedIn's principal engineer of data center architecture, was on hand to explain why the social network's Open19 Project will be an important part of data centers' move to the edge.
  • Course Review: Applied Hardware Attacks: Rapid Prototying & Hardware Implants
    Everyone learns in different ways. While Joe is happy to provide as much help as a student needs, his general approach probably caters most to those who learn by doing. Lecture is light and most of the learning happens during the lab segments. He gives enough space that you will make mistakes and fail, but not so badly that you never accomplish your objective. If you read the lab manual carefully, you will find adequate hints to get you in the right direction. On the other hand, if you’re a student that wants to site in a classroom and listen to an instructor lecture for the entire time, you are definitely in the wrong place. If you do not work on the labs, you will get very, very, little out of the course. The rapid prototyping course is a good introduction to using the 3D printer and pcb mill for hardware purposes, and would be valuable even for those building hardware instead of breaking it. It really opened my eyes to the possibilities of these technologies. On the other hand, I suspect that the hardware implants course has limited application. It’s useful to learn what is possible, but unless you work in secure hardware design or offensive security that would use hardware implants, it’s probably not something directly applicable to your day to day.
  • Nulloy – Music Player with Waveform Progress Bar
    I’ve written a lot about multimedia software including a wide range of music players, some built with web-technologies, others using popular widget toolkits like Qt and GTK. I want to look at another music player today. You may not have heard of this one, as development stalled for a few years. But it’s still under development, and it offers some interesting features. It’s called Nulloy. The software is written in the C++ programming language, with the user interface using the Qt widget toolkit. It’s first release was back in 2011.
  • A Complete List of Google Drive Clients for Linux

Security Leftovers

SmartArt and Contributors to LibreOffice

  • SmartArt improvements in LibreOffice, part 4
    I recently dived into the SmartArt support of LibreOffice, which is the component responsible for displaying complex diagrams from PPTX. I focus on the case when only the document model and the layout constraints are given, not a pre-rendered result. First, thanks to our partner SUSE for working with Collabora to make this possible.
  • Things to know if you are a new contributor to LibreOffice code
    When I began contributing code to LibreOffice, I faced some issues because I didn't know several facts that the other active contributors knew. This blog post summarizes some of those facts, and I hope it will be useful for other new contributors!