Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • New Year's Eve security updates
  • The current state of boot security

    I gave a presentation at 32C3 this week. One of the things I said was "If any of you are doing seriously confidential work on Apple laptops, stop. For the love of god, please stop." I didn't really have time to go into the details of that at the time, but right now I'm sitting on a plane with a ridiculous sinus headache and the pseudoephedrine hasn't kicked in yet so here we go.

  • Researcher criticises 'weak' crypto in Internet of Things alarm system

    Security shortcomings in an internet-connected burglar alarm system from UK firm Texecom leave it open to hack attacks, an engineer turned security researcher warns.

    Luca Lo Castro said he had come across shortcomings in the encryption of communication after buying Texecom’s Premier Elite Control Panel and ComIP module and assembling it.

    To be able to remote control the alarm system remotely, you open a firewall port in the router and do a port forwarding to the internet. But this allows the mobile app to directly connect to the ComIP module over an unencrypted connection, Lo Castro discovered.

    Using WireShark, he said he had discovered that data traffic between the mobile app and the control panel is done in clear text or encoded to BASE64. That means potentially confidential information like the alarm control panel (UDL) password, device name and location are exposed, as a blog post by Lo Castro explains.

Don't believe the hype: That GRUB backspace bug wasn't a big deal

Filed under
Linux
Security

You can hack any Linux system just by pressing the backspace key 28 times! That's what some sites would have you believe after an unfortunate GRUB bug was recently made public. But this won't actually allow you to easily own any Linux system.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Chaos Computer Club: Europe's biggest hackers' congress underway in Hamburg

    Some 12,000 hackers are challenging the power of Google, Facebook and Youtube to filter information and shape users' view of the world. One of them demonstrated how to hack into VW's cheating software.

  • Password-less database 'open-sources' 191m US voter records on the web

    Austin-based Chris Vickery – who earlier this month found records on 3.3 million Hello Kitty users splashed online – says the wide-open system contains the full names, dates of birth, home addresses, and phone numbers of voters, as well as their likely political affiliation and which elections they have voted in since 2000.

  • The next wave of cybercrime will come through your smart TV

    Smart TVs are opening a new window of attack for cybercriminals, as their security defenses often lag far behind those of smartphones and desktop computers.

    Smart TVs are opening a new window of attack for cybercriminals, as the security defenses of the devices often lag far behind those of smartphones and desktop computers.

    Running mobile operating systems such as Android, smart TVs present a soft target due to how to manufacturers are emphasizing convenience for users over security, a trade-off that could have severe consequences.

  • Nemesis Bootkit Malware the new stealthy Payment Card.

    After I read many articles I got this infos about Nemesis Bootkit Malware:
    - suspected to originate from Russia;
    - infect PCs by loading before Windows starts
    - has ability to modify the legitimate volume boot record;
    - seam to be like another Windows rootkit named Alureon;
    - intercepts several system interrupts to pass boot process;
    - can steal payment data from anyone's not just targeting financial institutions and retailers;
    - this malware hides between partitions and is also almost impossible to remove;

  • Thanks to Apple, WebKitGTK+ Devs Patch More Than 100 Security Vulnerabilities

    The developers of the WebKitGTK+ open source WebKit rendering engine used in the popular GNOME desktop environment reported that the software has been hit hard by over 130 security vulnerabilities, urging all users to update as soon as possible.

See why Keeper is a world-class Android password manager

Filed under
Android
Security

I highly recommend using a password manager on your mobile device. You have to do as much as you can to keep sensitive data from prying eyes. If you must carry passwords with you, an app like Keeper is a must have.

Read more

Open Source Software's Role in Breach Prevention and Detection

Filed under
OSS
Security

Security professionals are increasingly acknowledging an uncomfortable truth: No network is secure from a sufficiently skilled and determined attacker. So while every effort should be made to prevent intruders getting on to the corporate network, it's important that you can quickly spot an intrusion and minimize the damage that can result.

Anton Chuvakin, a security expert at Gartner, points out that if hackers are made to work hard to find what they are after, intrusion prevention and detection systems have a far greater chance of spotting them before they can do too much damage.

Read more

WebKitGTK+ security status

Filed under
GNOME
Security

Security: GNU/Linux Versus Windows

Filed under
Microsoft
Security
  • Towards (reasonably) trustworthy x86 laptops

    Can we build trustworthy client systems on x86 hardware? What are the main challenges? What can we do about them, realistically? Is there anything we can?

  • Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key [Ed: yes, flawed by design]

    One of the excellent features of new Windows devices is that disk encryption is built-in and turned on by default, protecting your data in case your device is lost or stolen. But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key – which can be used to unlock your encrypted disk – to Microsoft’s servers, probably without your knowledge and without an option to opt-out.

    During the “crypto wars” of the nineties, the National Security Agency developed an encryption backdoor technology – endorsed and promoted by the Clinton administration – called the Clipper chip, which they hoped telecom companies would use to sell backdoored crypto phones. Essentially, every phone with a Clipper chip would come with an encryption key, but the government would also get a copy of that key – this is known as key escrow – with the promise to only use it in response to a valid warrant. But due to public outcry and the availability of encryption tools like PGP, which the government didn’t control, the Clipper chip program ceased to be relevant by 1996. (Today, most phone calls still aren’t encrypted. You can use the free, open source, backdoorless Signal app to make encrypted calls.)

Security Leftovers

Filed under
Security
  • Security Researchers Offer Warnings About Hackable Railroads

    The well-being of critical infrastructure and transportation has long been the elephant in the room when it comes to cybersecurity: plenty of researchers have warned about the possibility of attacks on power-plants, the national grid, and, more recently, even the emergence of internet connected cars.

    Now, researchers are warning of the gaping holes in the security of railroad systems. On Sunday at Chaos Communication Congress, a security, arts and politics conference held annually in Hamburg, Germany, members of the SCADA StrangeLove collective presented a long list of problems with railroad systems that attackers could exploit.

  • DLL Hijacking Just Won’t Die

    To make a long and complicated story short, a bad guy who exploits this vulnerability places a malicious DLL into your browser’s Downloads folder, then waits. When you run an installer built by an earlier version of NSIS from that folder, the elevation prompt (assuming it runs at admin) shows the legitimate installer’s signature asking you for permission to run the installer. After you grant permission, the victim installer loads the malicious DLL which runs its malicious code with the installer’s permissions. And then it’s not your computer anymore.

  • CA Council to Improve Internet Certificate Security in 2016

    At the heart of much of the Internet's security is the use of Secure Sockets Layer/Transport Layer Security (SSL/TLS), which provides encryption for data in motion. Certificate Authorities (CAs) are the trusted entities that issue TLS certificates, and as a group, the CAs are gearing up for big year in 2016, with multiple efforts designed to improve the security of the Internet.

  • Backspace Flaw Enables Linux Zero-Day Attack
Syndicate content

More in Tux Machines

SuperTux 0.4 review

You’ve probably played SuperTux in the past – it’s been around for a while. In your distro’s repository, you’ll have 0.1.3, the last stable release, dating from 2005. Development on the unstable 3.n branch has been going along mostly unremarked for more than a decade, and now a new stable release, 0.4, bursts onto the scene! Read more

Font improvements in Fedora 24 Workstation

Cavaliers vs Raptors Live Streaming Cleveland Cavaliers vs Toronto Raptors Live Streaming

Study: Sweden should boost open source competence

Sweden should bolster its competence on the use of open source and open standards in public administrations, a study for the country’s Ministry of Enterprise and Innovation recommends. Public administrations must also be required to consider switching to free and open source alternatives, when procuring ICT solutions, and justify why they continue to use proprietary software. Read more

Font improvements in Fedora 24 Workstation

Cantarell is the default font in Fedora Workstation. It comes courtesy of the GNOME desktop community, which designed and chose Cantarell. Recently the maintainers of Canatrell have done a great deal of work on the typeface to improve readability and appearance. There are now two maintainers, Jakub Steiner and Nikolaus Waxweiler, who both contribute to the GNOME desktop environment as well as Cantarell. Read more