Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • This Bluetooth Attack Can Steal a Tesla Model X in Minutes

    Lennert Wouters, a security researcher at Belgian university KU Leuven, today revealed a collection of security vulnerabilities he found in both Tesla Model X cars and their keyless entry fobs. He discovered that those combined vulnerabilities could be exploited by any car thief who manages to read a car's vehicle identification number—usually visible on a car's dashboard through the windshield—and also come within roughly 15 feet of the victim's key fob. The hardware kit necessary to pull off the heist cost Wouters around $300, fits inside a backpack, and is controlled from the thief's phone. In just 90 seconds, the hardware can extract a radio code that unlocks the owner's Model X. Once the car thief is inside, a second, distinct vulnerability Wouters found would allow the thief to pair their own key fob with the victim's vehicle after a minute's work and drive the car away.

  • Ransomware gangs likely to start monetising stolen data: researcher

    Ransomware gangs have shown themselves to be an innovative lot, incorporating more and more tactics as they look to extort money from their victims and this trend will continue into the new year, a veteran researcher of this brand of malware says.

  • Victory! Court Protects Anonymity of Security Researchers Who Reported Apparent Communications Between Russian Bank and Trump Organization

    Security researchers who reported observing Internet communications between the Russian financial firm Alfa Bank and the Trump Organization in 2016 can remain anonymous, an Indiana trial court ruled last week.

    The ruling protects the First Amendment anonymous speech rights of the researchers, whose analysis prompted significant media attention and debate in 2016 about the meaning of digital records that reportedly showed computer servers linked to the Moscow-based bank and the Trump Organization in communication.

    Imagine walking down the street, looking for a good cup of coffee. In the distance, a storefront glows in green through your smart glasses, indicating a well-reviewed cafe with a sterling public health score. You follow the holographic arrows to the crosswalk, as your wearables silently signal the self-driving cars...

    Despite widespread complaints about its effects on human rights, the Brazilian Senate has fast-tracked the approval of “PLS 2630/2020”, the so-called “Fake News” bill. The bill lacked the necessarily broad and intense social participation that characterized the development of the 2014 Brazilian Civil Rights...

  • Every system is a privileged system: Incorporating Unix/Linux in your privilege management strategy

    Despite their importance, Unix/Linux local and privileged accounts often don’t get sufficient oversight in a centralized PAM strategy.

    True, the Unix/Linux userbase is typically more technically savvy and has a greater understanding of security than your typical user. In some ways, Unix/Linux actually led the move toward PAM decades ago. The problem is, not much has changed in decades. They still heavily rely on their own methods for privileged management, such as Sudo controls, and are still using Sudo with few differences from when it was first introduced.

    No matter how savvy the user, Unix/Linux privileged accounts are time-consuming and tedious to manage, so they often don’t get sufficient oversight. In addition, when it comes time for an audit, it’s extremely difficult to piece together all of the privileged account activities and security controls. You might have one report for Windows and Mac and a separate one or many for Unix/Linux. You can’t get a consolidated view of risk to use for decision-making or show progress to your auditors.

  • Strange case of the art dealer, the tech billionaire, his email and Picasso’s lover

    The only problem, a judge said yesterday, is that Allen may not have written the email. In fact, Mr Justice Trower said, evidence pointed to the email having been fabricated “for the purpose of misleading the court”.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.