Language Selection

English French German Italian Portuguese Spanish

Security: Defcon, Carbon Black, Open-Source Cyber Fusion Centre, Open Source Security Podcast and Avaya

Filed under
Security
  • DARPA's $10 million voting machine couldn't be hacked at Defcon (for the wrong reasons)

    For the majority of Defcon, hackers couldn't crack the $10 million secure voting machine prototypes that DARPA had set up at the Voting Village. But it wasn't because of the machine's security features that the team had been working on for four months. The reason: technical difficulties during the machines' setup.

    Eager hackers couldn't find vulnerabilities in the DARPA-funded project during the security conference in Las Vegas because a bug in the machines didn't allow hackers to access their systems over the first two days. (DARPA is the Defense Advanced Research Projects Agency.) Galois brought five machines, and each one had difficulties during the setup, said Joe Kiniry, a principal research scientist at the government contractor.

    "They seemed to have had a myriad of different kinds of problems," the Voting Village's co-founder Harri Hursti said. "Unfortunately, when you're pushing the envelope on technology, these kinds of things happen."

    It wasn't until the Voting Village opened on Sunday morning that hackers could finally get a chance to look for vulnerabilities on the machine. Kiniry said his team was able to solve the problem on three of them and was working to fix the last two before Defcon ended.

  • At hacking conference, Pentagon's transparency highlights voting companies' secrecy

    At the country's biggest election security bonanza, the US government is happy to let hackers try to break into its equipment. The private companies that make the machines America votes on, not so much.

    The Def Con Voting Village, a now-annual event at the US's largest hacking conference, gives hackers free rein to try to break into a wide variety of decommissioned election equipment, some of which is still in use today. As in the previous two years, they found a host of new flaws.
    The hunt for vulnerabilities in US election systems has underscored tensions between the Voting Village organizers, who argue that it's a valuable exercise, and the manufacturers of voting equipment, who didn't have a formal presence at the convention.

  • Carbon Black Open-Source Binary Emulator Eases Malware Analysis

    Carbon Black, the cybersecurity and endpoint protection software provider, has unveiled the Binee open-source binary emulator for real-time malware analysis. The company announced Binee at last week’s DEF CON 27 hacker conference in Las Vegas, Nevada.

    [...]

    Carbon Black also has been gaining momentum with MSPs and MSSPs over the past few months. In fact, Carbon Black recorded revenue of $60.9 million and a net loss of $14.6 million in the second quarter of 2019; both of these figures generally beat Wall Street’s expectations.

  • Concordia receives $560K for a new Open-Source Cyber Fusion Centre

    The call for collaborative projects in the area of information communication technologies led to the genesis of the Open-Source Cyber Fusion Centre, a project that will provide companies with a wide array of tools and methodologies for cybersecurity.

    The project is a joint initiative with Carleton University and two industrial partners, eGloo and AvanTech, all of which have recognized expertise in open-source software application programming interfaces (APIs) and technology stacks.

    [...]

    The Open-Source Cyber Fusion Centre’s ongoing research will help strengthen and democratize the Canadian economy. By mitigating cyberthreats, projects of this kind promote entrepreneurship and help nurture a more diverse economy.

    In addition, the centre provides students with unique opportunities to participate in an ever-changing, complex cybersecurity industry that is becoming increasingly prevalent in Canada.

    SMEs can get in touch with the centre and its partners to receive support on their security operations. They can install advanced technologies in their corporate network as a free service to monitor the security of their operations.

  • Open Source Security Podcast Ep. 151– The DARPA Cyber Grand Challenge with David Brumley

    Open Source Security Podcast helps listeners better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers, the pair covers a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day.

  • McAfee Discovers Vulnerability in Avaya VoIP Phones

    McAfee researchers have uncovered a remote code execution (RCE) vulnerability in open-source software from a popular line of Avaya VoIP phones.

    McAfee is warning organizations that use Avaya VoIP phones to check that firmware on the devices have been updated. Avaya’s install base covers 90% of the Fortune 100, with products targeting customers from small business and midmarket, to large corporations.

More in Tux Machines

Spartan Edge Accelerator Arduino Compatible Board Combines ESP32 & Spartan-7 FPGA

Xilinx Spartan FPGAs have been around for a while, and a few years ago we covered Spartan-6 FPGA boards such as Spartixed and miniSpartan6+. Read more

Fedora: rpminspect, Fedora 31 Upgrade Test Day, Cockpit 203 and More

  • rpminspect-0.6 released with new inspections and bug fixes

    This release also includes a lot of bug fixes. I really appreciate all of the feedback users have been providing. It is really helping round out the different inspections and ensure it works across all types of builds. For details on what is new in rpminspect-0.6, see the release page.

  • Fedora 31 Upgrade Test Day 2019-09-23

    Monday 2019-09-23, is the Fedora 31 Upgrade Test Day! As part of preparing for the final release of Fedora 31, we need your help to test if everything runs smoothly!

  • Cockpit Project: Cockpit 203

    Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 203.

  • Attention: Fedora Yahoo Email Users

    Going from a blast of the past we are currently going through one of the Yahoo is not allowing many emails with either fedoraproject.org OR from our mail routers. It would seem that the way to get yahoo to blacklist a domain is to get subscribed to mailing lists and then report the lists as SPAM. Enough accounts (or maybe if one person does it enough times).. yahoo will helpfully blacklist the domain completely. [It then is usually a multi-month process of people explaining that no Fedora is not a spam site, hasn't been taken over by a spam site, or a bunch of other things which do happen so any mail admin is going to be wary on.]

SMARC carrier board and design service supports six modules

MSC announced a compact SimpleFlex carrier board and custom manufacturing service that supports six MSC SMARC 2.0 modules with i.MX8, i.MX8M. i.MX8M Mini. i.MX6, Intel Apollo Lake, and Xilinx Zynq UltraScale+. In 2016, Avnet-owned MSC Technologies announced a 148 x 102mm carrier board form-factor and manufacturing service called SimpleFlex with an initial MSC Q7-MB-EP5 product designed for its Qseven modules. Now, it has announced a smaller, 146 x 80mm MSC SM2S-MB-EP5 version for MSC SMARC 2.0 “short” modules. The new board adds a USB Type-C port with DisplayPort along with an M.2 M-key slot for storage. Read more

today's leftovers

  • FAI 5.8.7 and new ISO images using Debian 10

    The new FAI release 5.8.7 now supports apt keys in files called package_config/CLASS.gpg. Before we only supported .asc files. fai-mirror has a new option -V, which checks if variables are used in package_config/ and uses variable definitions from class/.var.

  • Video recap: LibreOffice Conference 2019 in Almeria, Spain

    Here’s a quick recap of the LibreOffice Conference 2019 that took place last week in Almeria, Spain! Over the next couple of weeks, we’ll also upload videos from the individual presentations…