Language Selection

English French German Italian Portuguese Spanish

Android Leftovers

More in Tux Machines

Android Leftovers

Security: Scare, Onion and Listening Devices

  • Yes, if you install malicious programs, then they will likely do malicious things [Ed: Yes, if you install malicious programs, then they will likely do malicious things]

    The researchers determined that parts of a specific component used by Cobalt in the third stage of an attack are present in PureLocker. It is the JScript loader for the "more_eggs" backdoor, described by security researchers at Morphisec. In previous research, IBM X-Force revealed that FIN6, another cybercriminal group targeting financial organizations, also used the "more_eggs" malware kit. Most of the code in PureLocker is unique, though. This suggests that the malware is either a new one or an existent threat that has been heavily modified.

  • What is Security Onion? And is it better than a commercial IDS?

    Back in the early oughts, a common complaint about Linux was that while it was free/libre, it came with no support and you had to pay expensive senior sysadmins to run Linux systems. Fast forward to today, and Linux has conquered basically every field except for the desktop market. [...] Security Onion is looking more and more polished with every year that passes, and it may be worth considering if you've got a deep enough security bench to customize, deploy and maintain Security Onion for your enterprise.

  • Fooling Voice Assistants with Lasers

    Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible—and sometimes invisible—commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works against Facebook Portal and a variety of phones. Shining a low-powered laser into these voice-activated systems allows attackers to inject commands of their choice from as far away as 360 feet (110m). Because voice-controlled systems often don’t require users to authenticate themselves, the attack can frequently be carried out without the need of a password or PIN. Even when the systems require authentication for certain actions, it may be feasible to brute force the PIN, since many devices don’t limit the number of guesses a user can make. Among other things, light-based commands can be sent from one building to another and penetrate glass when a vulnerable device is kept near a closed window. The attack exploits a vulnerability in microphones that use micro-electro-mechanical systems, or MEMS. The microscopic MEMS components of these microphones unintentionally respond to light as if it were sound. While the researchers tested only Siri, Alexa, Google Assistant, Facebook Portal, and a small number of tablets and phones, the researchers believe all devices that use MEMS microphones are susceptible to Light Commands attacks.

Canonical Donates More Ubuntu Phones to UBports and You Can Get One Right Now

Once again, Canonical decided to donate even more Ubuntu Touch devices to UBports, but this time there's even better news for those interested in contributing to the development of Ubuntu Touch, the mobile OS created by Canonical for Ubuntu Phones, which is now entirely maintained by the UBports Foundation. This time, UBports decided to donate the Ubuntu Touch devices, which consists of two dozen BQ Aquaris E4 phones, two BQ Aquaris M10 tablets, one Meizu MX4 phone, and several other we can't identify, to any developer interested in joining the Ubuntu Phone movement and contribute to the development of Ubuntu Touch. Read more

Automation controller switches to Real-time Linux

WAGO has converted to Linux for its second-gen “PFC200” controller. The 1GHz Cortex-A8 device, which has an e!COCKPIT CODESYS V3 runtime in addition to Real-time Linux, offers dual 10/100 Ethernet, a serial port, and connections to the modular WAGO-I/O-System fieldbus modules. WAGO has switched over to Linux for the second-gen version of its PFC200 Controller for Programmable Logic Controller (PLC) applications, although it continues to offer its e!COCKPIT CODESYS V3 runtime environment and development environment for traditional CODESYS programming. The system is designed to support its modular WAGO-I/O-System of I/O modules, which we were reporting on as early as 2007 back at the old LinuxDevices site in regard to its integration with Kontron’s ThinkIO-Duo computer. WAGO also announced that a similarly Real-time Linux based PFC200 BACnet/IP Controller will arrive in mid-2020. Read more