Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • sudo with TouchID and Apple Watch, even inside tmux

    Fast forward three years to today, and while griping to a friend about how it didn’t work inside tmux, I discovered that technology has advanced and there is now a fix, named pam_reattach! It’s a PAM module that you configure to run before the built-in pam_tid.so, and it makes the sudo command able to find and use the TouchID module to authenticate, even from inside tmux.

  • Excel spreasheet macro kicks off Formbook infection

    Formbook has been around for years. According to FireEye, Formbook has been "..advertised in various hacking forums since early 2016." My previous diary about Formbook was back in November 2019, and not much has changed since then. It still bears documentation, though, if only to show this malware is still active and remains part of our threat landscape.

  • Report: Most Popular Home Routers Have ‘Critical’ Flaws

    A new report reveals that common home routers from Netgear, Linksys, D-Link and other vendors contain serious security vulnerabilities that even updates don’t fix. While Linux can be a very secure OS in theory, researchers have found that many of these vulnerable routers are powered by very old versions of Linux that lack support and are riddled with security issues as a result.

  • Links: July 12, 2020

    The first story comes from Mexico, where apparently everything our community does will soon be illegal. We couch that statement because the analysis is based on Google translations of reports from Mexico, possibly masking the linguistic nuances that undergird legislative prose. So we did some digging and it indeed appears that the Mexican Senate approved a package of reforms to existing federal copyright laws that will make it illegal to do things like installing a non-OEM operating system on a PC, or to use non-branded ink cartridges in a printer. Reverse engineering ROMs will be right out too, making any meaningful security research illegal. There appear to be exceptions to the law, but those are mostly to the benefit of the Mexican government for “national security purposes.” It’ll be a sad day indeed for Mexican hackers if this law is passed.

    The other story comes from Germany, where a proposed law would grant sweeping surveillance powers to 19 state intelligence bodies. The law would require ISPs to install hardware in their data centers that would allow law enforcement to receive data and potentially modify it before sending it on to where it was supposed to go. So German Internet users can look forward to state-sponsored man-in-the-middle attacks and trojan injections if this thing passes.

More in Tux Machines

Android Leftovers

Wandboard IMX8M-Plus SBC debuts AI-enabled i.MX8M Plus

TechNexion’s “Wandboard IMX8M-Plus” SBC runs Linux or Android on NXP’s new i.MX8M Plus with 2.3-TOPS NPU. Pre-orders go for $134 with 2GB RAM or $159 with 4GB and WiFi/BT, both with 32GB and M.2 with NVMe. In January, NXP announced its i.MX8M Plus — its first i.MX8 SoC with an NPU for AI acceleration — but so far the only product we’ve seen based on it is a briefly teased Verdin iMX8M Plus module from Toradex. Now, TechNexion has opened pre-orders for a Wandboard IMX8M-Plus SBC based on a SODIMM-style “EDM SOM” module equipped with the i.MX8M Plus. Read more Also: Wandboard 8MPLUS SBC Gets NXP i.MX 8M Plus SoC with 2.3TOPS NPU

Debian Janitor: 8,200 landed changes landed so far

The Debian Janitor is an automated system that commits fixes for (minor) issues in Debian packages that can be fixed by software. It gradually started proposing merges in early December. The first set of changes sent out ran lintian-brush on sid packages maintained in Git. This post is part of a series about the progress of the Janitor. The bot has been submitting merge requests for about seven months now. The rollout has happened gradually across the Debian archive, and the bot is now enabled for all packages maintained on Salsa , GitLab , GitHub and Launchpad. Read more

Optimised authentication methods for Ubuntu Desktop

Still counting on passwords to protect your workstation? When set up properly, alternatives to passwords provide a streamlined user experience while significantly improving security. These alternative authentication methods can also easily be combined to create a custom and adaptive authentication profile. This whitepaper introduces three popular authentication methods that provide a solid alternative to passwords. Perhaps you’d like to configure your laptop for login using a YubiKey hardware token connected to a dock. Another option could be to login with a Duo push notification when not connected to the dock, but use a Google Authenticator one-time password when no network is available. Maybe you need a separate hardware token just for ssh authentication, and you always need to keep a long, complex password for emergency authentication should all other methods fail. All of these scenarios can be easily configured within Ubuntu. Read more