Language Selection

English French German Italian Portuguese Spanish

Security: Kali Linux Forensics Tools, SSH Primer and “Yelp, but for MAGA” Mad About Holes

Filed under
Security
  • Kali Linux Forensics Tools

    Kali Linux is a powerful Operating system especially designed for Penetration Tester and Security Professionals. Most of its features and tools are made for security researchers and pentesters but it has a separate “Forensics” tab and a separate “Forensics” mode for Forensics Investigators.
    Forensics is becoming very important in Cyber Security to detect and backtrack Black Hat Criminals. It is essential to remove Hackers’ malicious backdoors/malwares and trace them back to avoid any possible future incidents. In Kali’s Forensics mode, Operating System doesn’t mount any partition from System’s hard drive and doesn’t leave any changes or fingerprints on host’s system.

    Kali Linux comes with pre-installed popular forensics applications and toolkits. Here we’ll review some famous open source tools present in Kali Linux.

  • What is SSH (Secure shell protocol)?

    SSH stands for Secure Shell which is a security protocol based on the application layer. We use the SSH to securely access the remote servers and Desktops to execute various commands. In short, we can control the complete system remotely, if we have login information and SSH server access. Because The Secure Shell (SSH) is a cryptographic network protocol designed to replace the Telnet and access the remote system even on the unsecured remote shell by encrypting data before sending.

  • Security Researcher Discovers Flaws In Yelp-For-MAGAs App, Developer Threatens To Report Him To The Deep State

    Even a cursory look at past stories we've done about how companies treat security researchers who point out the trash-state of their products would reveal that entirely too many people and companies seem to think shooting the messenger is the best response. I have never understood the impulse to take people who are essentially stress-testing your software for free, ultimately pointing out how the product could be safer than it is, and then threatening those people with legal action or law enforcement. But, then, much of the world makes little sense to me.

    Such as why a Yelp-for-MAGA people should ever be a thing. But it absolutely is a thing, with conservative news site 63red.com releasing a mobile app that is essentially a Yelp-clone, but with the twist that its chief purpose is to let other Trump supporters know how likely they are to be derided when visiting a restaurant. This is an understandable impulse, I suppose, given the nature of politics in 2019 America, though the need for an app seems like overkill. Regardless, the app was released and a security researcher found roughly all the security holes in it.

  • “Yelp, but for MAGA” turns red over security disclosure, threatens researcher

    But the safe space for 63red founder Scott Wallace was violated quickly when French security researcher Elliot Alderson discovered some fundamental security flaws in Safe's architecture—making it not so safe.

    Because the application is build in React Native, a JavaScript- and JSX-based scripting language that basically turns Web apps into "native" Apple iOS and Android applications, the entire architecture of the application is available to anyone who downloads and unpacks it. And in that code, Alderson discovered a few things: [...]

More in Tux Machines

A Look at KDE Plasma 5.17 Beta and Report From Akademy 2019

  • KDE Plasma 5.17 Beta Run Through

    In this video, we look at KDE Plasma 5.17 Beta, enjoy!

  • TSDgeos' blog: Akademy 2019

    It's 10 days already since Akademy 2019 finished and I'm already missing it :/ Akademy is a week-long action-packed conference, talks, BoFs, daytrip, dinner with old and new friends, it's all a great combination and shows how amazing KDE (yes, the community, that's our name) is. On the talks side i missed some that i wanted to attend because i had to extend my time at the registration booth helping fellow KDE people that had forgotten to register (yes, our setup could be a bit easier, doesn't help that you have to register for talks, for travel support and for the actual conference in three different places), but I am not complaining, you get to interact with lots of people in the registration desk, it's a good way to meet people you may not have met otherwise, so please make sure you volunteer next year ;) One of the talks i want to highlight is Dan VrĂĄtil's talk about C++, I agree with him that we could do much better in making our APIs more expressive using the power of "modern" C++ (when do we stop it calling modern?). It's a pity that the slides are not up so you'll have to live with KĂŠvin Ottens sketch of it for now.

Programming Leftovers

  • DevNation Live: Event-driven business automation powered by cloud-native Java

    DevNation Live tech talks are hosted by the Red Hat technologists who create our products. These sessions include real solutions and code and sample projects to help you get started. In this talk, presented by Red Hat’s Maciej Swiderski, Principal Software Engineer, and Burr Sutter, Chief Developer Evangelist, you’ll learn about event-driven business automation using Kogito, Quarkus, and more. Kogito is a new Java toolkit, based on Drools and jBPM, that’s made to bring rules and processes to the Quarkus world. This DevNation Live presentation shows how Kogito can be used to build cloud-ready, event-driven business applications, and it includes a demo of implementing the business logic of a complex domain. Kogito itself is defined as a cloud-native business automation toolkit that helps you to build intelligent applications. It’s way more than just a business process or a single business rule—it’s a bunch of business rules, and it’s based on battle-tested capabilities.

  • NVIDIA Video Codec SDK 9.1 Brings CUDA CUStream Support, Other Encoder Improvements

    Following the February release of Video Codec SDK 9.0, NVIDIA recently did a quiet release of the Video Codec SDK 9.1 update that furthers along this cross-platform video encode/decode library.

  • Mike Driscoll: PyDev of the Week: Peter Farrell

    This week we welcome Peter Farrell (@hackingmath) as our PyDev of the Week! Peter is the author Math Adventures with Python and two other math related Python books. You can learn more about Peter by visiting his website.

  • Mutation testing by example: How to leverage failure
  • Reuven Lerner: Looking for Python podcast co-hosts

    As you might know, I’m a panelist on the weekly “Freelancers Show” podcast, which talks about the business of freelancing. The good news: The same company that’s behind the Freelancers Show, Devchat.tv, is putting together a weekly podcast about Python, and I’m going to be on that, too! We’ll have a combination of discussion, interviews with interesting people in the Python community, and (friendly) debates over the current and future state of the language.

  • Getting started with data science using Python

    Data science is an exciting new field in computing that's built around analyzing, visualizing, correlating, and interpreting the boundless amounts of information our computers are collecting about the world. Of course, calling it a "new" field is a little disingenuous because the discipline is a derivative of statistics, data analysis, and plain old obsessive scientific observation. But data science is a formalized branch of these disciplines, with processes and tools all its own, and it can be broadly applied across disciplines (such as visual effects) that had never produced big dumps of unmanageable data before. Data science is a new opportunity to take a fresh look at data from oceanography, meteorology, geography, cartography, biology, medicine and health, and entertainment industries and gain a better understanding of patterns, influences, and causality. Like other big and seemingly all-inclusive fields, it can be intimidating to know where to start exploring data science. There are a lot of resources out there to help data scientists use their favorite programming languages to accomplish their goals, and that includes one of the most popular programming languages out there: Python. Using the Pandas, Matplotlib, and Seaborn libraries, you can learn the basic toolset of data science.

Excellent Utilities: Liquid Prompt – adaptive prompt for Bash & Zsh

This is a new series highlighting best-of-breed utilities. We’re covering a wide range of utilities including tools that boost your productivity, help you manage your workflow, and lots more besides. There’s a complete list of the tools in this series in the Summary section. The Command Line Interface (CLI) is a way of interacting with your computer. And if you ever want to harness all the power of Linux, it’s highly recommended to master it. It’s true the CLI is often perceived as a barrier for users migrating to Linux, particularly if they’re grown up using GUI software exclusively. While Linux rarely forces anyone to use the CLI, some tasks are better suited to this method of interaction, offering inducements like superior scripting opportunities, remote access, and being far more frugal with a computer’s resources. For anyone spending time at the CLI, they’ll rely on the shell prompt. My favorite shell is Bash. By default, the configuration for Bash on popular distributions identifies the user name, hostname, and the current working directory. All essential information. But with Liquid Prompt you can display additional information such as battery status, CPU temperature, and much more. Read more

today's howtos