Language Selection

English French German Italian Portuguese Spanish

Security: Kali Linux Forensics Tools, SSH Primer and “Yelp, but for MAGA” Mad About Holes

Filed under
Security
  • Kali Linux Forensics Tools

    Kali Linux is a powerful Operating system especially designed for Penetration Tester and Security Professionals. Most of its features and tools are made for security researchers and pentesters but it has a separate “Forensics” tab and a separate “Forensics” mode for Forensics Investigators.
    Forensics is becoming very important in Cyber Security to detect and backtrack Black Hat Criminals. It is essential to remove Hackers’ malicious backdoors/malwares and trace them back to avoid any possible future incidents. In Kali’s Forensics mode, Operating System doesn’t mount any partition from System’s hard drive and doesn’t leave any changes or fingerprints on host’s system.

    Kali Linux comes with pre-installed popular forensics applications and toolkits. Here we’ll review some famous open source tools present in Kali Linux.

  • What is SSH (Secure shell protocol)?

    SSH stands for Secure Shell which is a security protocol based on the application layer. We use the SSH to securely access the remote servers and Desktops to execute various commands. In short, we can control the complete system remotely, if we have login information and SSH server access. Because The Secure Shell (SSH) is a cryptographic network protocol designed to replace the Telnet and access the remote system even on the unsecured remote shell by encrypting data before sending.

  • Security Researcher Discovers Flaws In Yelp-For-MAGAs App, Developer Threatens To Report Him To The Deep State

    Even a cursory look at past stories we've done about how companies treat security researchers who point out the trash-state of their products would reveal that entirely too many people and companies seem to think shooting the messenger is the best response. I have never understood the impulse to take people who are essentially stress-testing your software for free, ultimately pointing out how the product could be safer than it is, and then threatening those people with legal action or law enforcement. But, then, much of the world makes little sense to me.

    Such as why a Yelp-for-MAGA people should ever be a thing. But it absolutely is a thing, with conservative news site 63red.com releasing a mobile app that is essentially a Yelp-clone, but with the twist that its chief purpose is to let other Trump supporters know how likely they are to be derided when visiting a restaurant. This is an understandable impulse, I suppose, given the nature of politics in 2019 America, though the need for an app seems like overkill. Regardless, the app was released and a security researcher found roughly all the security holes in it.

  • “Yelp, but for MAGA” turns red over security disclosure, threatens researcher

    But the safe space for 63red founder Scott Wallace was violated quickly when French security researcher Elliot Alderson discovered some fundamental security flaws in Safe's architecture—making it not so safe.

    Because the application is build in React Native, a JavaScript- and JSX-based scripting language that basically turns Web apps into "native" Apple iOS and Android applications, the entire architecture of the application is available to anyone who downloads and unpacks it. And in that code, Alderson discovered a few things: [...]

More in Tux Machines

Linux Candy: ASCIIQuarium – embrace marine life from the terminal

Who loves eye candy? Don’t be shy — you can raise both hands!! Linux Candy is a new series of articles covering interesting eye candy software. We’re only going to feature open-source software in this series. I’m not going to harp on about the tired proverb “All work and no play makes Jack a dull boy”. But there’s a certain element of truth here. If you spend all day coding neural networks, mastering a new programming language, sit in meetings feeling bored witless, you’ll need some relief at the end of the day. And what better way by making your desktop environment a bit more memorable. Read more

Bookworm is a light-weight eBook reader for Linux

While Calibre has a built-in reader, and is the absolute best when it comes to managing and converting eBooks, some people may prefer an alternative when it comes to reading ebooks. Bookworm, a lightweight ebook reader for Linux, offers a minimalist experience. Developed for Elementary OS, Bookworm is also available for other Linux distributions such as Ubuntu or OpenSUSE. Options to install from source or flatpack are provided as well. Read more

Review: Drauger OS 7.4.1, and EndeavourOS 2019.07.15

This week I once again turned to the DistroWatch waiting list to sample new items I had not tried before. Near the top of the list of projects waiting for evaluation was Drauger OS, a Linux distribution based on Xubuntu. The project uses the Xfce desktop environment and is built to run on 64-bit (x86_64) computers. The project places a strong focus on offering easy access to games and, correspondingly, good desktop performance. To this end, Drauger ships with Steam installed by default, along with WINE and PlayOnLinux. Drauger OS also comes with the modified, low-latency, Liquorix Linux kernel, which is based off the ZEN kernel. According to the project's documentation, the distribution can run on UEFI-enabled machines, but booting in legacy BIOS mode is recommended. The documentation also mentions that in place of the regular Xubuntu installer, Drauger uses the System Install utility to copy the operating system from the live media to the local hard drive. While most of the project's listed features are technical in nature, one of the main talking points goes a bit over the top when describing Drauger's security advantage: "Drauger OS is far more secure than the leading desktop operating system. This means that you can game without fear of trolls hacking into your computer, getting a virus, or losing your data." Of course Linux systems can be hacked and certainly may lose data due to various bugs, security breaches or hardware failure. The developers' claims strike me as being optimistic, at best. Drauger is available in one edition and the distribution's ISO file is a 3.2GB download. Booting from the disc brings up a menu asking if we would like to run a live desktop session or launch a system installer. The live option shows the Ubuntu boot screen, which identifies the distribution as "Ubuntu 7.4.1". The system then presents us with a graphical login screen where we are given the choice of using a "user" account or a "guest" account. In either case we can sign in without a password. Drauger's live mode uses the Xfce 4.12 desktop. Once the desktop loads, a welcome screen appears, showing buttons that open links to the distribution's website, launch a tool for installing third-party drivers, open a readme file, and link to some on-line resources. There is also a tutorial button which opens a series of pop-up messages about the desktop elements. We can only move forward through the tutorial tips one at a time, and cannot go back to previous pop-ups. The Additional Drivers button opens the Ubuntu software sources, updates and driver utility. On-line resources and documentation are opened in the Firefox web browser. The welcome window is pretty straight forward to use and navigate and I like that we are put in touch with both on-line and off-line resources. Read more

GNU Guile 2.9.4 (beta) released

We are delighted to announce GNU Guile 2.9.4, the fourth beta release in preparation for the upcoming 3.0 stable series. See the release announcement for full details and a download link. This release enables inlining of references to top-level definitions within a compilation unit, speeding up some programs by impressive amounts. It also improves compilation of floating-point routines like sin, implements the Ghuloum/Dybvig "Fixing Letrec (reloaded)" algorithm, and allows mixed definitions and expressions within lexical contours, as is the case at the top level. Try it out, it's good times! GNU Guile 2.9.4 is a beta release, and as such offers no API or ABI stability guarantees. Users needing a stable Guile are advised to stay on the stable 2.2 series. Experience reports with GNU Guile 2.9.4, good or bad, are very welcome; send them to guile-devel@gnu.org. If you know you found a bug, please do send a note to bug-guile@gnu.org. Happy hacking! Read more