Security
Security: Kali Linux, More FUD, Australian Incident and Debian LTS Work
Submitted by Roy Schestowitz on Sunday 10th of February 2019 03:44:10 AM Filed under
-
How to install Kali Linux on Vmware on Windows or Linux
-
New Crypto-Mining Malware Cleans the Linux Host to Maximize its Benefits [Ed: This targets compromised machines. Once taken over, anything can be done. This is the same old FUD pattern. Microsoft-NSA back doors were used to pick millions of machines, including servers. These too could be used to mine coins.]
-
[Intruders] gain entry to Federal Parliament network
The computer network at the Federal Parliament has been infiltrated and security agencies are now trying to find out if any data was stolen in the attack and who was responsible.
-
Federal MPs' computer network [cracked] in possible foreign government attack
Alastair MacGibbon, head of the Australian Cyber Security Centre, said the government's cyber experts would work over coming days and weeks to make sure all the breaches had been detected and the [intruders'] presence removed.
-
Mike Gabriel: My Work on Debian LTS/ELTS (January 2019)
In January 2019, I have worked on the Debian LTS project for 10 hours and on the Debian ELTS project for 2 hours (of originally planned 6 + 1 hours) as a paid contributor. The non-worked 5 ELTS hours I have given back to the pool of available work hours.
- Login or register to post comments
Printer-friendly version
- Read more
- 1172 reads
PDF version
Parrot Security OS: Product Review
Submitted by Roy Schestowitz on Sunday 10th of February 2019 01:40:10 AM Filed under



Generally, Parrot OS is pretty great user friendly and lightweight distro. While using it, you’ll find it nearly equal to Kali Linux except for some minor differences. It may not offer a lot of tools that are present in Kali Linux but overall collection of tools is amazing. It also offers some tools that are not present in Kali and other similar distros. Parrot Security OS isn’t just for Ethical Hacking and Pentesting, it is also for development, anonymity and privacy
- Login or register to post comments
Printer-friendly version
- Read more
- 1058 reads
PDF version
Security: RDP and Free Software
Submitted by Roy Schestowitz on Saturday 9th of February 2019 04:21:35 PM Filed under
-
Microsoft and Open Source RDP Clients Are Vulnerable to System Takeover Attacks [Ed: Microsoft protocols were all along designed to be vulnerable (for remote access by the state)]
-
Remote Desktop Protocols Riddled With Vulns: Check Point Finds 16 Modes of Pwnage [Ed: Remote Desktop Protocol (RDP) has long been known to be crap, but Microsoft still loves it.]
-
Open Source Software: How Good Is Its Overall Security?
Open source software has been a boon to many individual users and businesses. Open source software development brought about the rise of the Linux and Ubuntu operating systems and the Firefox browser.
[...]
Although it’s possible for a rogue developer to insert malicious code into open source software, this behavior is discouraged by legitimate developers. Software developers form a close community and strive to create the best possible products, so they have a vested interest in keeping their software secure and free from problems.
CEO Vlad Vorobiov of Ruby Garage notes, “Simply put, the more eyes are looking at code, the more bugs will be found and fixed in a stated period of time……the fact that the software has a strong community around it, which is interested to make it better and believes in its future potential, is a great security indicator on its own.”
-
The dangers of proprietary software
Let us consider what would have happened if Apple was an open source software or project. First, you would not need to wait for the main developers to patch the issue. You could review the code, make changes and update them as you wish. You could also submit the change to the project’s repository – GitHub or GitLab – and if accepted, the updated code would be implemented for all people to benefit from.
You wouldn’t need a resume or an interview to see if you are worthy to contribute. You would be judged based on your work. You could be a 10-year-old living in the Arctics, it would not matter.
As for the reporting of bugs in an open source environment, you can use the available social media channels, messaging platforms or the repository management system to directly reach the main development team. A common practice within open source communities, whether it is involving public blockchains or open source software and projects.
Such communities are openly available for collaboration, suggestions or participation via an array of social platforms – such as Telegram, Slack, Discord and IRC. This is why they are so powerful, adaptable and robust.
- Login or register to post comments
Printer-friendly version
- Read more
- 1041 reads
PDF version
Security Updates and More FUD
Submitted by Roy Schestowitz on Saturday 9th of February 2019 10:15:33 AM Filed under
-
Security updates for Friday
-
Scaling up Azure Service Fabric Linux Clusters using Ubuntu Xenial? Not so fast, friend [Ed: When you allow Microsoft to manage GNU/Linux; also see what they did a couple of years back.]
-
Coinminer Targets Linux, Kills Competition to Maximize Profits [Ed: Another day, another piece of FUD about "Linux" (actually, not about GNU/Linux), neglecting to mention how the miners actually get on the systems in the first place (it's hard)]
-
New Linux Backdoor “SpeakUp” Found Exploiting Flaws In Multiple Linux Distros[Ed: A couple more articles that call a Trojan "back door" because a proprietary software firm called it that]
-
'SpeakUp' backdoor Trojan could spell further trouble for Linux servers[Ed: Had it been as simple as choosing a GNU/Linux server and putting miners on it, the world would be in chaos. In reality, however, unpatched and vulnerable ones (neglected) are picked by parallel scans and it's the fault of admins, not "Linux".]
- Login or register to post comments
Printer-friendly version
- Read more
- 857 reads
PDF version
Security: Lots of FUD This Past Week (About What Can Happen When Your GNU/Linux Server is Already Compromised)
Submitted by Roy Schestowitz on Friday 8th of February 2019 03:14:58 PM Filed under
-
Monero-mining Outlaw Shellbot targets Linux servers [Ed: Won't work unless these serves are compromised. Skips that critical point, as do the Microsoft boosters who pretend malware just magically lands on GNU/Linux filesystems.]
-
Latest Target Of Cryptojackers – Linux Users [Ed: Those rely on already-compromised GNU/Linux servers, sometimes compromised by proprietary software that sits on top of them]
-
New Campaign Exploiting Linux Servers to Insert Backdoor “SpeakUp” Trojan [Ed: They keep calling "back doors" things which are actually Trojans and require some holes to get in there (in the first place)]
-
New Monero Cryptojacking Malware Targets Linux and IoT Users [Ed: Does not target a weakness in Linux itself; usually a bad password]
-
SpeakUp - Backdoor Linux Trojan [Ed: The term "Backdoor Linux Trojan" is meaningless because it's actually a Trojan, not a back door, and it needs holes to get through in the first place. This is coordinated propaganda from a proprietary software firm.]
-
Cryptojacking Malware Targets Linux and IoT Users to Mine Monero Cryptocurrency [Ed: Better put, but still makes it sound like "Linux" is the issue (and it is not)]
- Login or register to post comments
Printer-friendly version
- Read more
- 987 reads
PDF version
Security: The 'Bad of IOT', Overflows and Securing Privileged Access
Submitted by Roy Schestowitz on Friday 8th of February 2019 09:23:03 AM Filed under
-
IOT: the good, the bad and the ugly
It may come as a surprise that the 'bad of IOT' is not security, but service complexity. The security problems are as a result of the service complexity and SqwidNet is on a journey to simplify this to the ABC... D of IOT: that is, application + back-end + connectivity + device. In the industrial and enterprise sector, security provided by SqwidNet is not impacted by the security challenges that face the consumer sector. In the consumer sector, IOT rears its 'ugly' head with its security nightmares, solutions built on devices and applications that cannot be updated over time, and security vulnerabilities that cannot be addressed properly.
-
Your Android Phone Could Get Hacked Just By Opening A PNG Image [Ed: relies on maliciously-crafted files]
-
More Ghostscript vulnerabilities, more PostScript problems [Ed: relies on maliciously-crafted files]
-
Ten Tips for Securing Privileged Access
Manage *NIX SSH keys. SSH keys are gold to an external attacker or malicious insider. With them, they can leverage unmanaged SSH keys to log in with root access and take over the *NIX (Linux and Unix systems) technology stack. These keys must also be secured in a vault, and subsequently be rotated regularly based on policy. Moreover, a solution that enables event notifications and automation to lessen the potential impact of human error should be deployed in all circumstances.
- Login or register to post comments
Printer-friendly version
- Read more
- 966 reads
PDF version
Security: Survey, Apple Holes and updates
Submitted by Roy Schestowitz on Friday 8th of February 2019 06:08:50 AM Filed under
-
A third of companies are largely unprepared for cybersecurity attacks: eSecurity Planet Survey
There are a number of measures organizations can and should take to help reduce the risk of cybersecurity attacks and data breaches. Unfortunately, about a third of organizations say they are largely unprepared for such attacks, according to eSecurity Planet's newly released 2019 State of IT Security survey.
The survey asked about specific threats and how well organizations are prepared to defend against them.
Among the most common and pervasive vulnerabilities found in applications is SQL injection, which can potentially lead to remote code execution and data breaches. Across organization of all sizes, over a quarter of respondents (26.8 percent) said they have doubts about their defenses against SQL injection attacks.
-
Researcher Refuses To Disclose Critical macOS Keychain Security Flaw
Linus Henze, a security researcher, has uncovered a security flaw in macOS Mojave Keychain that can allow bad actors to steal the stored passwords without administrator privileges.
In a video, Henze demoed how anybody can get access to your password stored in Apple’s secure vault. This isn’t the first time when Henze has discovered a critical security flaw in iOS and macOS.
-
Update Now to Fix Group FaceTime on Your iPhone, iPad, and Mac
-
Security updates for Thursday
- Login or register to post comments
Printer-friendly version
- Read more
- 923 reads
PDF version
Disk Encryption for Low-End Hardware
Submitted by Roy Schestowitz on Friday 8th of February 2019 03:30:34 AM Filed under

Unfortunately, they were not able to find any existing encryption algorithm that was both fast and secure, and that would work with existing Linux kernel infrastructure. They, therefore, designed the Adiantum encryption mode, which they described in a light, easy-to-read and completely non-mathematical way.
Essentially, Adiantum is not a new form of encryption; it relies on the ChaCha stream cipher developed by D. J. Bernstein in 2008. As Eric put it, "Adiantum is a construction, not a primitive. Its security is reducible to that of XChaCha12 and AES-256, subject to a security bound; the proof is in Section 5 of our paper. Therefore, one need not 'trust' Adiantum; they only need trust XChaCha12 and AES-256."
Eric reported that Adiantum offered a 20% speed improvement over his and Paul's earlier HPolyC encryption mode, and it offered a very slight improvement in actual security.
Eric posted some patches, adding Adiantum to the Linux kernel's crypto API. He remarked, "Some of these patches conflict with the new 'Zinc' crypto library. But I don't know when Zinc will be merged, so for now, I've continued to base this patchset on the current 'cryptodev'."
- 3 comments
Printer-friendly version
- Read more
- 1296 reads
PDF version
Security: Apple Holes, Banks and Political Games
Submitted by Roy Schestowitz on Thursday 7th of February 2019 05:14:39 PM Filed under
-
Teen discovers password-pilfering flaw in Apple's macOS Mojave
Henze discovered he could create an app that could read the data in macOS' keychain, which stores private password and keys, without the need for explicit privileges or admin access.
-
Fraudsters use stolen mobile numbers to ‘drain thousands’ from bank accounts, says TIO
Australian consumers are reporting having their bank accounts drained by fraudsters and their email inboxes accessed in the latest scam involving theft of mobile numbers, according to the newly published report on fraud from the Telecommunications Industry Ombudsman.
-
MPs warned of 'malicious hack' that attempts to access private contacts
Deputy chief whip Christopher Pincher warned MPs to ignore texts and emails that ask them to "provide overseas contact details" or to "download a secure message app".
-
A "Malicious Hack" Accessing MPs' Phone And Email Contacts Is Being Investigated By Parliament
Parliamentary authorities are investigating after MPs were targeted by an attempt to [break] into their email and phone contact lists on Monday, BuzzFeed News has learned.
- Login or register to post comments
Printer-friendly version
- Read more
- 887 reads
PDF version
Security: FUD and RIP, RDP
Submitted by Roy Schestowitz on Thursday 7th of February 2019 09:51:37 AM Filed under
-
Malware takes control of vulnerable Linux servers to mine crypto-cash [Ed: The first accurate headline I've found about this, by John Leyden]
-
Linux Servers Endangered by A New Crypto-Mining Malware [Ed: These servers are actually endangered by neglectful sysadmins that never patch them. With loads of holes piling up, anything can happen and it is not a "Linux" problem.]
-
New Instance of Monero Malware Sees Cryptojackers Target Linux Users [Ed: No, it targets neglected servers with loads of flaws piled up (sometimes stuff installed on GNU/Linux, nothing to do with "Linux" itself)
-
RIP, RDP... nearly: Security house Check Point punches holes in remote desktop tools [Ed: On remote access the Microsoft way. The company that colluded with the NSA for 20 years to enable backdoor remote access,]
Security biz Check Point has found some 25 security vulnerabilities in three of the most popular remote desktop protocol (RDP) tools for Windows and Linux.
The infosec outfit tasked its bug-hunters with a manual code audit on Microsoft mstsc as well as the FreeRDP and rdesktop remote desktop utilities, and what they turned up was a glut of potentially serious flaws and security weaknesses.
- Login or register to post comments
Printer-friendly version
- Read more
- 977 reads
PDF version

More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
qoob – excellent foobar-like music player for Linux
Are you debilitated by the countless music players that use web technologies with a massive RAM footprint? Maybe you want a lean yet slick audio player with a good range of features?
You might be interested in qoob. It’s a music player written in the versatile and hugely popular Python programming language. The software uses Qt 5, a cross-platform application framework and widget toolkit for creating classic and embedded graphical user interfaces.
qoob is similar to foobar2000, a freeware audio player respected for its highly modular design, breadth of features, and extensive user flexibility in configuration. Unlike foobar, qoob is available for Linux and it’s released under an open source license.
| Programming: GStreamer, Rust, Python and More
|
NVIDIA: GTX 1660 and Linux
| Betty – A Friendly Interface For Your Linux Command Line
All Linux experts might already know this statement “Command line mode is more powerful than GUI” but newbies are scared about CLI.
Don’t think that working on Linux CLI is difficult as everything is opensource nowadays and you can get it in online whatever you want.
If you have any doubt just google it and you will get many suggestion, select the suitable one and move forward.
If you are looking for some virtual assistant tool instead of google.
Yes, there is a tool is available for this and the tool name is Betty which helps you to get the information right from your terminal.
Do you want to try? if so, go through the entire article for details.
|
Recent comments
16 hours 20 min ago
1 day 3 hours ago
1 day 4 hours ago
1 day 7 hours ago
1 day 9 hours ago
1 day 9 hours ago
1 day 10 hours ago
1 day 11 hours ago
1 day 17 hours ago
1 day 17 hours ago