Language Selection

English French German Italian Portuguese Spanish

Security: Kali Linux Forensics Tools, SSH Primer and “Yelp, but for MAGA” Mad About Holes

Filed under
Security
  • Kali Linux Forensics Tools

    Kali Linux is a powerful Operating system especially designed for Penetration Tester and Security Professionals. Most of its features and tools are made for security researchers and pentesters but it has a separate “Forensics” tab and a separate “Forensics” mode for Forensics Investigators.
    Forensics is becoming very important in Cyber Security to detect and backtrack Black Hat Criminals. It is essential to remove Hackers’ malicious backdoors/malwares and trace them back to avoid any possible future incidents. In Kali’s Forensics mode, Operating System doesn’t mount any partition from System’s hard drive and doesn’t leave any changes or fingerprints on host’s system.

    Kali Linux comes with pre-installed popular forensics applications and toolkits. Here we’ll review some famous open source tools present in Kali Linux.

  • What is SSH (Secure shell protocol)?

    SSH stands for Secure Shell which is a security protocol based on the application layer. We use the SSH to securely access the remote servers and Desktops to execute various commands. In short, we can control the complete system remotely, if we have login information and SSH server access. Because The Secure Shell (SSH) is a cryptographic network protocol designed to replace the Telnet and access the remote system even on the unsecured remote shell by encrypting data before sending.

  • Security Researcher Discovers Flaws In Yelp-For-MAGAs App, Developer Threatens To Report Him To The Deep State

    Even a cursory look at past stories we've done about how companies treat security researchers who point out the trash-state of their products would reveal that entirely too many people and companies seem to think shooting the messenger is the best response. I have never understood the impulse to take people who are essentially stress-testing your software for free, ultimately pointing out how the product could be safer than it is, and then threatening those people with legal action or law enforcement. But, then, much of the world makes little sense to me.

    Such as why a Yelp-for-MAGA people should ever be a thing. But it absolutely is a thing, with conservative news site 63red.com releasing a mobile app that is essentially a Yelp-clone, but with the twist that its chief purpose is to let other Trump supporters know how likely they are to be derided when visiting a restaurant. This is an understandable impulse, I suppose, given the nature of politics in 2019 America, though the need for an app seems like overkill. Regardless, the app was released and a security researcher found roughly all the security holes in it.

  • “Yelp, but for MAGA” turns red over security disclosure, threatens researcher

    But the safe space for 63red founder Scott Wallace was violated quickly when French security researcher Elliot Alderson discovered some fundamental security flaws in Safe's architecture—making it not so safe.

    Because the application is build in React Native, a JavaScript- and JSX-based scripting language that basically turns Web apps into "native" Apple iOS and Android applications, the entire architecture of the application is available to anyone who downloads and unpacks it. And in that code, Alderson discovered a few things: [...]

More in Tux Machines

KDE Usability & Productivity: Week 72

Week 72 in Usability & Productivity initiative is here and it’s chock-full of goodies! We continue to polish Plasma 5.16 ahead of its release in two weeks. There was one point in time when veteran KDE developer and author of the new notifications system Kai Uwe Broulik was literally committing fixes faster than I could add them to this blog post! In addition, features for Plasma 5.17 as well as many of our apps are starting to trickle in. Check it out... Read more

Iran & Iraq Are Embracing GNU Health Project | Dr Axel Braun

In this episode of Let’s Talk, Dr Axel Braun talks about the new features and updates of the GNU Health project. He also talked about the increasing adoption of the project. Read more Also: The Man Behind OpenSUSE Conference – Douglas DeMaio

GNOME 3.33.2 released!

Hello GNOME developers,

GNOME 3.33.2 is now available. This is the second unstable release
leading to 3.34 stable series.

I had to disable gnome-contacts, gnome-calendar and gnome-maps because of the not-very-well coordinated evolution-data-server transition.

If you want to compile GNOME 3.33.2, you can use the official
BuildStream project snapshot.

https://download.gnome.org/teams/releng/3.33.2/gnome-3.33.2.tar.xz

The list of updated modules and changes is available here:

https://download.gnome.org/core/3.33/3.33.2/NEWS

The source packages are available here:

https://download.gnome.org/core/3.33/3.33.2/sources/

WARNING!
--------
This release is a snapshot of development code. Although it is
buildable and usable, it is primarily intended for testing and hacking
purposes. GNOME uses odd minor version numbers to indicate development
status.

For more information about 3.34, the full schedule, the official module
lists and the proposed module lists, please see our 3.33 wiki page:

https://www.gnome.org/start/unstable


Cheers,

Abderrahim Kitouni,
GNOME Release Team
Read more Also: GNOME 3.33.2 Released As Another Step Towards The GNOME 3.34 Desktop

Security Leftovers

  • Serious Security: Don't let your SQL server attack you with ransomware [Ed: Article focuses on things like Windows and RDP. SQL Server is proprietary software that runs on a platform with NSA back doors. So if you choose it, then you choose to have no security at all, only an illusion of it. Why does the article paint Windows issues as pertaining to MySQL?]
    Tales from the honeypot: this time a MySQL-based attack. Old tricks still work, because we're still making old mistakes - here's what to do. [...] As regular readers will know, one of the popular vehicles for malware crooks at the moment is Windows RDP, short for Remote Desktop Protocol.
  • How Screwed is Intel without Hyper-Threading?
    As it stands Microsoft is pushing out OS-level updates to address the four MDS vulnerabilities and you’ll get those with this month's Windows 10 1903 update. However, this doesn’t mitigate the problem entirely, for that we need motherboard BIOS updates and reportedly Intel has released the new microcode to motherboard partners. However as of writing no new BIOS revisions have been released to the public. We believe we can test a worst case scenario by disabling Hyper-Threading and for older platforms that won’t get updated this might end up being the only solution.
  • SandboxEscape drops three more Windows 10 zero-day exploits

    SandboxEscaper also indicated that she was in the market to sell flaws to "people who hate the US", a move made in apparent response to FBI subpoenas against her Google account.

  • Huawei can’t officially use microSD cards in its phones going forward

    The SD Association is also by no means the first to cut ties: Google, ARM, Intel, Qualcomm, and Broadcom are also among the companies that have stopped working with Huawei due to the ban. The Wi-Fi Alliance (which sets Wi-Fi standards across the industry) has also “temporarily restricted” Huawei’s membership due to the US ban, and Huawei has also voluntarily left JEDEC (a semiconductor standards group best known for defining RAM specifications) over the issues with the US as well, according to a report from Nikkei Asian Review. All this could severely hamper Huawei’s ability to produce hardware at all, much less compete in the US technology market.

  • Huawei barred from SD Association: What’s that mean for its phones and microSD cards?

    As such, companies that aren’t on the SD Association’s list of members can’t officially produce and sell devices with SD card support that use the SD standards. According to SumahoInfo, the member page showed Huawei a few weeks ago, but no longer lists the firm this week.