Language Selection

English French German Italian Portuguese Spanish

Security

Security: ATI Systems, 'Smart' Meters, Despacito, AntiVirus Tools, Mitre ATT&CK Test Tools

Filed under
Security
  • Researchers Rickrolled Emergency Alert Sirens in Proof-of-Concept Hack

    A researcher from wireless security startup Bastille found that the emergency alert systems made by ATI Systems—which makes and installs emergency mass notification and alert warning systems—transmitted commands unencrypted, allowing anyone with a radio transmitter (and the ability to reverse engineer the commands) to hijack them.

  • The tricks power firms use to force us to switch to digital meters | This is Money
  • Here’s How Hackers Might Have Deleted Despacito Video From YouTube
  • Top 5 Absolutely Free Open-Source AntiVirus Tools for PC

    Antivirus software’s made us feel at ease in using our mobile phones, tablets, and computers. It allows us to browse safely on the net without the fear of making your private information spread to the others (or by any cause of viruses). Antivirus software also is known as anti-malware software, is a computer software that is used to prevent, detect and remove malicious software’s. It can protect the computer from malicious browser helper objects, ransomware, keyloggers, backdoors, trojan horses, worms, fraud tools, and adware etc.

    Some antivirus also includes protections from other computer threats like a spam, online banking attacks, infected and malicious URLs, scam and phishing attacks, online identity (privacy), social engineering techniques, advanced persistent threat (APT) and botnet DDoS attacks.

  • 4 open-source Mitre ATT&CK test tools compared

    One way to learn how to better defend your enterprise is to train a red team to simulate attacks. The Mitre ATT&CK framework, which can be a very useful collection of threat tactics and techniques for such a team. The framework classifies and describes a wide range of attacks. To make it even more effective, various commercial and open-source general testing tools have been built to complement its schemas.

Security: Updates, 'Cloud' Hardening, Two Factor Authentication, Launchpad

Filed under
Security

FUD Against FOSS From CA Technologies (Veracode and SourceClear)

Filed under
OSS
Security

Security: E-Mail Vulnerability, Reproducible Builds, 'IoT', YouTube and Mythology About Security (Back Doors Intentional)

Filed under
Security
  • Obscure E-Mail Vulnerability

     

    I think the problem is more subtle. It's an example of two systems without a security vulnerability coming together to create a security vulnerability. As we connect more systems directly to each other, we're going to see a lot more of these. And like this Google/Netflix interaction, it's going to be hard to figure out who to blame and who -- if anyone -- has the responsibility of fixing it.

  • Reproducible Builds: Weekly report #154
  • A Long-Awaited IoT Crisis Is Here, and Many Devices Aren't Ready

     

    ou know by now that Internet of Things devices like your router are often vulnerable to attack, the industry-wide lack of investment in security leaving the door open to a host of abuses. Worse still, known weaknesses and flaws can hang around for years after their initial discovery. Even decades. And Monday, the content and web services firm Akamai published new findings that it has observed attackers actively exploiting a flaw in devices like routers and video game consoles that was originally exposed in 2006.

  • Feral Interactive Releases GameMode, YouTube Music Videos Hacked, Oregon Passes Net Neutrality Law and More

    YouTube was hacked this morning, and many popular music videos were defaced, including the video for the hit song Despacito, as well as videos by Shakira, Selena Gomez, Drake and Taylor Swift. According to the BBC story, "A Twitter account that apparently belongs to one of the hackers posted: 'It's just for fun, I just use [the] script 'youtube-change-title-video' and I write 'hacked'."

  • Despacito YouTube music video hacked plus other Vevo clips

    YouTube's music video for the hit song Despacito, which has had over five billion views, has been hacked.

    More than a dozen other artists, including Shakira, Selena Gomez, Drake and Taylor Swift are also affected. The original clips had been posted by Vevo.

    [...]

    Cyber-security expert Prof Alan Woodward, from Surrey University, said it was unlikely that the hacker was able to gain access so easily.

  • YouTube Hacked? Most Watched Video “Despacito” And Other Clips Deleted (And Restored)

    Just five days ago, Luis Fonsi’s viral Despacito music video earned the title of world’s most watched video on YouTube with more than 5 billion views. Apparently, YouTube hackers managed to delete the video, along with other Vevo clips.

    However, as per the latest development, the deleted videos have been restored on the website. Earlier, after the hack, Despacito video showed a thumbnail with masked people holding guns. After clicking the video, it said: “This video is unavailable.”

  • Mythology about security…

    Government export controls crippled Internet security and the design of Internet protocols from the very beginning: we continue to pay the price to this day.  Getting security right is really, really hard, and current efforts towards “back doors”, or other access is misguided. We haven’t even recovered from the previous rounds of government regulations, which has caused excessive complexity in an already difficult problem and many serious security problems. Let us not repeat this mistake…

Security: Updates, Etherpad, Beep, Ubuntu, SourceClear

Filed under
Security

Security Leftovers

Filed under
Security
  • The dots do matter: how to scam a Gmail user

    And even in the rare case that a Gmail user is aware of their infinite set of addresses, and they’re aware of the phishing attacks that this can expose them to, this user is unlikely to pick up on it, because the user interfaces of Gmail and Inbox don’t hint anything about a possible scam. In fact it barely even acknowledges that the email was to a non-standard address. The only clue in the screenshot above is that the interface says “to james.hfisher”, instead of “to me”.

  • Episode 91 - Security lessons from a 7 year old

    Josh and Kurt talk to a 7 year old about security. We cover Minecraft security, passwords, hacking, and many many other nuggets of wisdom.

  • Update for Ubuntu 16.04 LTS patches security vulnerabilities

    Canonical has released a kernel update for Ubuntu 16.04 LTS.

    The “important update” patches 39 security vulnerabilities, according to a report by Softpedia.

    The update covers Ubuntu 16.04 LTS and its official derivatives, including Kubuntu, Lubuntu, and Xubuntu.

    Security fixes contained in the update cover a wide range of issues, such as vulnerabilities in the Linux kernel’s USB over IP implementation – which allowed remote attacks.

Security: Switches, Cisco, FUD, Beep, Android

Filed under
Security

Important Kernel Update for Ubuntu 16.04 LTS Patches 39 Security Vulnerabilities

Filed under
Security
Ubuntu

After releasing a major kernel update for the Ubuntu 17.10 (Artful Aardvark) operating system series on both 64/32-bit and Raspberry Pi 2 devices, Canonical released an important kernel update for Ubuntu 16.04 LTS (Xenial Xerus) systems.

The new kernel update published earlier this week addresses a total of 39 security vulnerabilities for the long-term supported Ubuntu 16.04 LTS (Xenial Xerus) operating system series and its official derivatives, including Kubuntu, Lubuntu, Xubuntu, Ubuntu MATE, Ubuntu Kylin, and Ubuntu Studio.

Read more

Security: Storing Passwords, Updates, and FUD

Filed under
Security
  • Another day, another breach: At what point does storing passwords in plaintext become criminally negligent?

    News of the Finnish breach (Google Translate) arrived yesterday, and while there isn’t a lot of details, we learn two important things: the leak was relatively big (the third largest in Finland), and cleartext passwords with usernames leaked, because they had hundreds of thousands of passwords stored in cleartext.

    …and they had passwords stored in cleartext.

    This is so bad security, it should not exist anywhere, period. It should not even be taught in a coding class as an intermediate step on the way to how to do it the right way.

    You don’t store passwords in cleartext because of two reasons combined:

  • Storing passwords in cleartext: don't ever

    This year I've implemented a rudimentary authentication server for work, called Qvisqve. I am in the process for also using it for my current hobby project, ick, which provides HTTP APIs and needs authentication. Qvisqve stores passwords using scrypt: source. It's not been audited, and I'm not claiming it to be perfect, but it's at least not storing passwords in cleartext. (If you find a problem, do email me and tell me: liw@liw.fi.)

    This week, two news stories have reached me about service providers storing passwords in cleartext. One is a Finnish system for people starting a new business. The password database has leaked, with about 130,000 cleartext passwords. The other is about T-mobile in Austria bragging on Twitter that they store customer passwords in cleartext, and some people not liking that.

    In both cases, representatives of the company claim it's OK, because they have "good security". I disagree. Storing passwords is itself shockingly bad security, regardless of how good your other security measures are, and whether your password database leaks or not. Claiming it's ever OK to store user passwords in cleartext in a service is incompetence at best.

  • Security updates for Friday
  • One-Fifth of Open-Source Serverless Apps Have Critical Vulnerabilities [Ed: One-Fifth of [buzzword] Apps [sic] need to be updated. Problem solved. With proprietary software you have back doors that cannot be fixed]

Security: Linux Foundation's 'Product Placement' for Nitrokey and New FUD

Filed under
Security
Syndicate content

More in Tux Machines

Android Leftovers

Canonical Releases AMD Microcode Updates for All Ubuntu Users to Fix Spectre V2

The Spectre microprocessor side-channel vulnerabilities were publicly disclosed earlier this year and discovered to affect billions of devices made in the past two decades. Unearthed by Jann Horn of Google Project Zero, the second variant (CVE-2017-5715) of the Spectre vulnerability is described as a branch target injection attack. The security vulnerability affects all microprocessors that use branch prediction and speculative execution function, and it can allow unauthorized memory reads via side-channel attacks if the system isn't patched. For example, a local attacker could use it to expose sensitive information, including kernel memory. Read more

PulseAudio 12 Open-Source Sound System Released with AirPlay, A2DP Improvements

Highlights of PulseAudio 12.0 include better latency reporting with the A2DP Bluetooth profile, which also improves A/V sync, more accurate latency reporting on AirPlay devices, the ability to prioritize HDMI output over S/PDIF output, HSP support for more Bluetooth headsets, and the ability to disable input and output on macOS. PulseAudio 12.0 also adds support for Steelseries Arctis 7 USB headset stereo output and Dell's Thunderbolt Dock TB16 speaker jack, a new "dereverb" option that can be used for the Speex echo canceller, a new module-always-source module, better detection of Native Instruments Traktor Audio 6, and improved digital input support for various USB sound cards. Read more

Automatically Change Wallpapers in Linux with Little Simple Wallpaper Changer

Here is a tiny script that automatically changes wallpaper at regular intervals in your Linux desktop. Read more