Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Is Your Browser Extension a Botnet Backdoor?

    A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition.

  • Security updates for Tuesday [LWN.net]

    Security updates have been issued by Arch Linux (bind, intel-ucode, ipmitool, isync, openssl, python, python-cryptography, python-httplib2, salt, tar, and thrift), Fedora (ansible, salt, webkit2gtk3, and wpa_supplicant), Oracle (bind), Red Hat (bind, kernel, and kpatch-patch), Scientific Linux (bind), SUSE (firefox, gnome-autoar, java-1_8_0-ibm, java-1_8_0-openjdk, nodejs10, open-iscsi, perl-XML-Twig, python-cryptography, and thunderbird), and Ubuntu (bind9).

  • Malicious NPM packages target Amazon, Slack with new dependency attacks [Ed: Microsoft delivering malware again, but the media (actually a Microsoft propaganda site in this case) does not mention Microsoft (similar to this)]

    Last month, BleepingComputer reported that security researcher Alex Birsan earned bug bounties from 35 companies by utilizing a new flaw in open-source development tools.

  • Working Spectre exploits for Windows and Linux devices uncovered

    A security researcher has discovered several working Spectre exploits that were uploaded to the VirusTotal database last month. Spectre, along with Meltdown, are two extremely severe hardware vulnerabilities that affect Intel, IBM POWER, and some ARM-based processors.

    While Intel has since implemented hardware mitigations for the vulnerability in newer processors, older ones have to rely on software fixes that come with a performance penalty, which prevents its blanket use. This means that there’s still a large number of systems that are vulnerable to the recently discovered exploits by security researcher Julien Voisin.

Spectre exploits in the "wild"

  • Spectre exploits in the "wild"

    Someone was silly enough to upload a working spectre (CVE-2017-5753) exploit for Linux (there is also a Windows one with symbols that I didn't look at.) on VirusTotal last month, so here is my quick Sunday afternoon lazy analysis.

    The binary has its -h option stripped, likely behind a #define to avoid detection, but some of its parameters are obvious, like specifying what file to leak, or the kernel base address. The authors didn't check (or care) that the logging function hasn't been entirely optimized out, leaving a bunch of strings helping in the reversing process.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Android Leftovers

Best Text Editors for CentOS

Based on RedHat Enterprise Linux, CentOS is an open-source Linux distribution. It is an ideal operating system platform for web hosting, thanks to active developer community support. It is completely free and a great platform for web application developers. Text editors are a very important tool in every operating system platform as they can be used for a variety of purposes from writing short notes to scripting big web applications and programs. Having a perfect text editor eases hectic tasks like programming and coding. Today, many text editors come with a variety of pre-defined functionalities that make the task of programming much easier and convenient. Read more

Best Apps to Install on Linux Mint in 2021

Linux Mint is a popular Linux distro alongside Ubuntu. There is not much difference between the functionalities and features of the two. Hence, the various app that is compatible with Ubuntu also works effortlessly on Linux Mint. The advantage of using Linux distros and apps is that most are free and open-source. As Linux Mint is an alternative to Ubuntu, you can find an alternative to every popular and widely used app. Thus, there is no scarcity of apps in each category. However, finding a reliable app is not an easy task because of so many options. Read more

KDE Frameworks 5.81 Released with KHamburgerMenu, Various Improvements

The biggest new feature in the KDE Frameworks 5.81 release is the implementation of a new, custom hamburger menu called KHamburgerMenu, which will be shown on QWidgets-based apps whenever the main menubar is hidden. The KDE Project plans to adopt the KHamburgerMenu for all KDE apps as it offers several advantages, including an alternative app menu in case you hide the default menubar by accident, more freedom when you want to take full advantage of the maximum vertical space, more compact design with only relevant menu items, as well as support for relocating, renaming, removing, or even changing its icon. Read more