Language Selection

English French German Italian Portuguese Spanish

Security

Put portable pwning power in your pocket with the Pwn Phone

Filed under
Android
Linux
Security

Mobile technology has made it possible for people to do an amazing amount with tablets and smartphones within the workplace—including hacking the living daylights out of the corporate network and other people’s devices. Pwnie Express is preparing to release a tool that will do just that. Its Pwn Phone aims to help IT departments and security professionals quickly get a handle on how vulnerable their networks are in an instant. All someone needs to do is walk around the office with a smartphone.

Pwnie Express’ Kevin Reilly gave Ars a personal walk-through of the latest Pwn Phone, the second generation of the company’s mobile penetration testing platform. While the 2012 first-generation Pwn Phone was based on the Nokia N900 and its Maemo 5 Linux-based operating system, the new phone is based on LG Nexus 5 phone hardware. However, it doesn’t exactly use Google’s vanilla Android.

Read more

The oRouter Is A Tor-Powered Linux Box That Secures Your Internet Connection

Filed under
Linux
Security

Longtime TechCrunch Disrupt NY hackathon participants, Kay Anar and Gilad Shai showed off their hardware hack today called the “oRouter” – a Linux-powered, Raspberry Pi-like computer offering secure Wi-Fi access via the Tor network. The idea is to offer an affordable alternative to downloading the Tor software to your computer, as well as a way to more easily connect to Tor over mobile devices like an iPhone.

Read more

Android home automation hub focuses on security

Filed under
Android
Security

The Android-based “ALYT” home automation system supports numerous wireless protocols, and offers self-learning algorithms and advanced security functions.

Read more

Designing a Prize for Usable Cryptography

Filed under
OSS
Security

To that end, EFF is evaluating the feasibility of offering a prize for the first usable, secure, and private end-to-end encrypted communication tool. We believe a prize based on objective usability metrics (such as the percentage of users who were able to install and start using the tool within a few minutes, and the percentage who survived simulated impersonation or man-in-the-middle attacks) might be an effective way to determine which project or projects are best delivering communication security to vulnerable user communities; to promote and energize those tools; and to encourage interaction between developers, interaction designers and academics interested in this space.

Read more

Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware and The Linux Foundation Form New Initiative to Support Critical Open Source Projects

Filed under
OSS
Security

“We are expanding the work we already do for the Linux kernel to other projects that may need support,” said Jim Zemlin, executive director of The Linux Foundation. “Our global economy is built on top of many open source projects. Just as The Linux Foundation has funded Linus Torvalds to be able to focus 100% on Linux development, we will now be able to support additional developers and maintainers to work full-time supporting other essential open source projects. We are thankful for these industry leaders’ commitment to ensuring the continued growth and reliability of critical open source projects such as OpenSSL.”

Read more

OpenBSD forks, prunes, fixes OpenSSL

Filed under
Security
BSD

OpenSSL is the dominant SSL/TLS library on the Internet, but has suffered significant reputation damage in recent days for the Heartbleed bug. The incident has revived criticism of OpenSSL as a poorly-run project with source code that is impenetrable and documented, where it is at all documented, badly and inaccurately.

Read more

Easter egg: DSL router patch merely hides backdoor instead of closing it

Filed under
Hardware
Security
Legal

First, DSL router owners got an unwelcome Christmas present. Now, the same gift is back as an Easter egg. The same security researcher who originally discovered a backdoor in 24 models of wireless DSL routers has found that a patch intended to fix that problem doesn’t actually get rid of the backdoor—it just conceals it. And the nature of the “fix” suggests that the backdoor, which is part of the firmware for wireless DSL routers based on technology from the Taiwanese manufacturer Sercomm, was an intentional feature to begin with.

Back in December, Eloi Vanderbecken of Synacktiv Digital Security was visiting his family for the Christmas holiday, and for various reasons he had the need to gain administrative access to their Linksys WAG200G DSL gateway over Wi-Fi. He discovered that the device was listening on an undocumented Internet Protocol port number, and after analyzing the code in the firmware, he found that the port could be used to send administrative commands to the router without a password.

After Vanderbecken published his results, others confirmed that the same backdoor existed on other systems based on the same Sercomm modem, including home routers from Netgear, Cisco (both under the Cisco and Linksys brands), and Diamond. In January, Netgear and other vendors published a new version of the firmware that was supposed to close the back door.

Read more

Oracle updates users on Heartbleed progress

Filed under
Red Hat
Server
Security

The Heartbleed fallout continues, but enterprise customers can draw some comfort from the fact that the companies that keep them in software are clearly as concerned as they are. For example, Oracle Corp. has announced mostly good, some bad and a bit of ugly news when it comes to security holes in its products.

Read more

Safety you can bank on: Chromebook, Linux, phone

Filed under
GNU
Linux
Security

If you're not deterred by learning strange software, you can save hundreds of dollars by downloading a copy of the open-source Linux operating system and burning it to a CD or copying it to a flash drive. As security journalist Brian Krebs explained in the summer of 2012, you can pop that into your Windows PC, boot the machine off it, and go online insulated from whatever might lurk in your copy of Windows.

(In that post, Krebs endorsed a version of Linux with the charming name Puppy Linux; I usually recommend a different variety called Ubuntu, but the differences don't amount to much in this context.)

Using Linux just for online banking also insulates you from most of its potential complexity: You're only running a browser.

But if installing new apps in Windows already fills you with dread, or the thought of picking one version of Linux out of dozens makes your head hurt, spend money instead of time. A Chromebook just might work — and might be all the computer you needed in the first place.

Read more

OpenSSL and Linux: A Tale of Two Open-Source Projects

Filed under
Linux
Security

Linux, arguably the world’s most emblematic open-source project, provides a counterpoint to OpenSSL’s problems. Volunteers all over the world submit seven changes to Linux every hour, and millions of lines of code improvements and fixes are voluntarily added to the software every year. Over 180 major companies, including Hewlett-Packard, Oracle, IBM and Samsung, every year contribute around half a million dollars to the Linux Foundation, the nonprofit that supports the Linux system.

So what explains the discrepancy between the inattention to OpenSSL and the great fortune of Linux? Good old lack of awareness, experts say.

Open-source advocates and participants say Linux has simply had the benefit of strong brand ambassadors and better name recognition than OpenSSL.

Read more

Syndicate content

More in Tux Machines

Qt/KDE: Qt5 in Debian and Slackware, QtCreator on Android, KDE Discover, and Plasma's 10th Anniversary

  • moving Qt 4 from Debian testing (aka Buster): some statistics, update II
    We started filing bugs around September 9. That means roughly 32 weeks which gives us around 5.65 packages fixed per week, aka 0.85 packages per day. Obviously not as good as we started (remaining bugs tend to be more complicated), but still quite good.
  • [Slackware] Plasma5 – April 18 edition for Slackware
    The KDE-5_18.04 release of ‘ktown‘ for Slackware-current offers the latest KDE Frameworks (5.45.0), Plasma (5.12.4) and Applications (18.04.0). The Qt5 was upgraded to 5.9.5. Read the README file for more details and for installation/upgrade instructions. Enjoy the latest Plasma 5 desktop environment.
  • Perfect Debugging Experience with QtCreator on Android
    While I was working on a yet-to-be-announced super secret and cool Qt on Android project, I had to do a lot of debugging. This way I found that debugging Qt apps on Android using QtCreator was ok, but it had some issues, which was kinda frustrating.
  • Discover – Easily Install Software on KDE Neon Desktop
    KDE Discover is an Open Source GUI app installer that comes packaged with KDE Neon. It was particularly built from the ground up to be compatible with other modern Linux distros with emphasis on beauty and convenience. KDE Discover was also designed to allow for an intuitive User Experience as it features a clean and clear layout with a high readability value which makes it easy to browse, search for, install, and uninstall applications.
  • Almost 10 years of Plasma-Desktop
    Last week I was at work and start to listen my boss said: “We need to show this to our director”. So I went to my coworker table to see what was happening. So they were using Gource to make a video about the git history of the project. Gource is a software version control visualization tool. So that triggered in my mind some memories about a friend talking about Python and showing how the project as grow in this past years, but I never discovered about the tool that made that amazing video. So well, I started to make some Gource videos, and because my love about KDE Community, why not make one about it?

GNOME: Getting Real GNOME Back in Ubuntu 18.04, Bug Fix for Memory Leak

  • Getting Real GNOME Back in Ubuntu 18.04 [Quick Tip]
    Ubuntu 18.04 uses a customized version of GNOME and GNOME users might not like those changes. This tutorial shows you how to install vanilla GNOME on Ubuntu 18.04. One of the main new features of Ubuntu 18.04 is the customized GNOME desktop. Ubuntu has done some tweaking on GNOME desktop to make it look similar to its Unity desktop. So you get minimize options in the windows control, a Unity like launcher on the left of the screen, app indicator support among some other changes.
  • The Infamous GNOME Shell Memory Leak
    at this point, I think it’s safe to assume that many of you already heard of a memory leak that was plaguing GNOME Shell. Well, as of yesterday, the two GitLab’s MRs that help fixing that issue were merged, and will be available in the next GNOME version. The fixes are being considered for backporting to GNOME 3.28 – after making sure they work as expected and don’t break your computer.
  • The Big GNOME Shell Memory Leak Has Been Plugged, Might Be Backported To 3.28
    The widely talked about "GNOME Shell memory leak" causing excessive memory usage after a while with recent versions of GNOME has now been fully corrected. The changes are currently staged in Git for what will become GNOME 3.30 but might also be backported to 3.28. Well known GNOME developer Georges Stavracas has provided an update on the matter and confirmed that the issue stems from GJS - the GNOME JavaScript component - with the garbage collection process not being fired off as it should.

Graphics: AMDVLK, XWayland and Vulkan

  • AMDVLK Vulkan Driver Stack Gets Updated With More Extensions, Optimizations & Fixes
    AMD developers maintaining their official Vulkan cross-platform driver code have pushed their end-of-week updates to their external source repositories for those wanting to build the AMDVLK driver on Linux from source. This latest AMDVLK push updates not only their PAL (Platform Abstraction Layer) and XGL (Vulkan API Layer) components but it also updates their fork of the LLVM code-base used for their shader compilation.
  • EGLStreams XWayland Code Revised Ahead Of X.Org Server 1.20
    It's still not clear if the EGLStreams XWayland support will be merged for xorg-server 1.20 but at least the patches were revised this week, making it possible to merge them into this next X.Org Server release for allowing the NVIDIA proprietary driver to work with XWayland.
  • Vulkan 1.1.74 Released With Minor Fixes & Clarifications
    Vulkan continues sticking to the "release early, release often" mantra with the availability today of Vulkan 1.1.74.

Xfce Releases/Updates

  • Xfce Settings 4.12.3 / 4.13.2 Released
    Fixes galore! Xfce Settings 4.12.3 and 4.13.2 were released on March 18th with several improvements, feature parity, and translations.
  • Xfce PulseAudio Plugin 0.4.0 (and 0.4.1) Released
    Stable as a rock. Xfce PulseAudio Plugin hit a new stable milestone with the 0.4.0 release. This release wraps up the awesome development cycle we’ve had on this over the last few months and is recommended for all users.
  • Xfce Settings Update Brings Better Multi-Monitor Support
    While still waiting on the long-awaited Xfce 4.14, out this weekend is an Xfce Settings 4.14.2 preview release as well as an Xfce Settings 4.12.3 stable series update. Both of these Xfce Settings updates bring better multi-monitor support, including visualization of all display configuration states, visually noting if two displays are mirrored, always drawing the active display last so it's on top, and a number of fixes pertaining to the multi-monitor display handling from this Xfce desktop settings agent.