Language Selection

English French German Italian Portuguese Spanish

Security, Digital Restrictions (DRM), and Proprietary Problems

Filed under
Security
  • Best forensic and pentesting Linux distros of 2020

    20.04 LTS and uses the Xfce desktop, and is available as a single ISO only for 64-bit machines. In addition to the regular boot options, the distro’s boot menu also offers the option to boot into a forensics mode where it doesn’t mount the disks on the computer.

    BackBox includes some of the most common security and analysis tools. The project aims for a wide spread of goals, ranging from network analysis, stress tests, sniffing, vulnerability assessment, computer forensic analysis, exploitation, privilege escalation, and more.

    All the pentesting tools are neatly organized in the Auditing menu under relevant categories. These are broadly divided into three sections. The first has tools to help you gather information about the environment, assess vulnerabilities of web tools, and more. The second has tools to help you reverse-engineer programs and social-engineer people. The third has tools for all kinds of analysis.

    BackBox has further customized its application menu to display tooltips with a brief description of each bundled tool, which will be really helpful for new users who aren’t familiar with the tools.

    As an added bonus, the distro also ships with Tor and a script that will route all Internet bound traffic from the distro via the Tor network.

  • Thanksgiving security updates

    Security updates have been issued by openSUSE (blueman, chromium, firefox, LibVNCServer, postgresql10, postgresql12, thunderbird, and xen), Slackware (bind), SUSE (bluez, kernel, LibVNCServer, thunderbird, and ucode-intel), and Ubuntu (mutt, poppler, thunderbird, and webkit2gtk).

  • Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

    AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:UncommonVulnerability: Arbitrary PHP code executionCVE IDs: CVE-2020-28949CVE-2020-28948Description:
    The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see:

    CVE-2020-28948
    CVE-2020-28949
    Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them.

    To mitigate this issue, prevent untrusted users from uploading .tar, .tar.gz, .bz2 or .tlz files.

    This is a different issue than SA-CORE-2019-12, similar configuration changes may mitigate the problem until you are able to patch.

  • Financial software firm cites security, control as reasons for moving from email to Slack [Ed: Unbelievable stupidity; Slack is illegal mass surveillance and it’s centralised proprietary software (whereas E-mail can be encrypted, e2e)]

    ASX-listed financial software firm Iress is moving away from email to Slack for communications and its chief technology officer, Andrew Todd, says this is because the app offers improved security and control.

  • Introducing another free CA as an alternative to Let's Encrypt

    Let's Encrypt is an amazing organisation doing an amazing thing by providing certificates at scale, for free. The problem though was that they were the only such organisation for a long time, but I'm glad to say that the ecosystem is changing.

  • Denuvo's Anti-Piracy Protection Probably Makes Sense For Big-Selling AAA Titles

    A hacking team believed to have obtained data from gaming giant Ubisoft has published documents that claim to reveal the costs of implementing Denuvo's anti-piracy protection. While the service doesn't come cheap, the figures suggest that for a big company putting out big titles with the potential for plenty of sales, the anti-tamper technology may represent value for money.

  • Disappointing: Netflix Decides To Settle With Chooseco LLC Over 'Bandersnatch' Lawsuit

    Well, it's been quite a stupid and frustrating run in the trademark lawsuit between Netflix and Chooseco LLC, the folks behind Choose Your Own Adventure books from our youth. At issue was the Black Mirror production Bandersnatch, in which the viewer takes part in an interactive film where they help decide the outcome. The main character is creating a book he refers to as a "choose your own adventure" book. Chooseco also complained that the dark nature of the film would make the public think less of CYOA books as a result. Netflix fought back hard, arguing for a dismissal on First Amendment grounds, since the film is a work of art and the limited use or reference to CYOA books was an important, though small, part of that art. The court decided that any such argument was better made at trial and allowed this madness to proceed, leading Netflix to petition for the cancellation of Chooseco's trademark entirely. This story all seemed to be speeding towards an appropriately impactful conclusion.

  • TPM circumvention and website blocking orders: An EU perspective

    Website blocking orders in IP cases (mostly, though not solely, in relation to copyright-infringing websites) are routinely granted in several jurisdictions, whether in Europe or third countries. The availability of such relief has been established in case law, administrative frameworks and academic studies alike.

    The Court of Justice of the European Union ('CJEU') expressly acknowledged the compatibility of such a remedy with EU law in its 2014 decision in UPC Telekabel. Also the European Court of Human Rights recently found that, although it is necessary that this particular remedy is available within a balanced and carefully drafted legislative framework which contains a robust and articulated set of safeguards against abuse, website blocking orders are not per se contrary to the provision in Article 10 ECHR.

    Over time, courts and other authorities (including administrative authorities in certain EU Member States) have dealt with applications which have: been based on different legal grounds; been aimed at protecting different types of rights; and resulted in different types of orders against internet service providers ('ISPs').

    An interesting recent development concerns website blocking orders in relation to websites that market and sell devices and software aimed at circumventing technological protection measures (‘TPMs’). TPMs offer rights holders an ancillary right of protection and are deployed to protect against infringement of copyright in works that subsist in multimedia content such as video games. TPMs are a cornerstone in copyright protection in the digital age where large-scale copying and dissemination of copyright-protected content is so prevalent.

    [...]

    In light of the foregoing, copyright owners appear entitled to seek injunctions against intermediaries to also block access to websites dealing with TPM-circumventing devices. The legal basis for that can also be, subject to satisfying all the other requirements under EU and national law, the domestic provision implementing Article 8(3) of the InfoSoc Directive.

    All in all, it appears likely that we will see more blocking orders in the future, including orders – issued by courts and competent authorities around Europe – targeting websites that provide TPM-circumventing devices. This is an unsurprising and natural evolution of website blocking jurisprudence. It also serves to show the very flexibility of this type of remedy and, matched inter alia with the loose notion of ‘intermediary’, its inherently broad availability.

  • Prolonged AWS outage takes down a big chunk of the internet

    Many apps, services, and websites have posted on Twitter about how the AWS outage is affecting them, including 1Password, Acorns, Adobe Spark, Anchor, Autodesk, Capital Gazette, Coinbase, DataCamp, Getaround, Glassdoor, Flickr, iRobot, The Philadelphia Inquirer, Pocket, RadioLab, Roku, RSS Podcasting, Tampa Bay Times, Vonage, The Washington Post, and WNYC. Downdetector.com has also shown spikes in user reports of problems with many Amazon services throughout the day.

More in Tux Machines

Movim: An Open-Source Decentralized Social Platform Based on XMPP Network

Just like some other XMPP desktop clients, Movim is a web-based XMPP front-end to let you utilize it as a federated social media. Since it relies on XMPP network, you can interact with other users utilizing XMPP clients such as Conversations (for Android) and Dino (for Desktop). In case you didn’t know, XMPP is an open-standard for messaging. So, Movim can act as your decentralized messaging app or a full-fledged social media platform giving you an all-in-one experience without relying on a centralized network. It offers many features that can appeal to a wide variety of users. Let me briefly highlight most of the important ones. Read more

Revive Classic Nintendo DS Games on Linux With Emulation

Want to play Nintendo DS games on your Linux system but can't figure out how? Back in the day, Nintendo DS was a very popular handheld console with a huge collection of games. But over time, advanced consoles were launched in the market that rendered DS obsolete. Luckily, several emulators are available that allow you to play classic Nintendo DS games on your system. DeSmuMe is a great example of a stable Nintendo DS emulator for a Linux machine. Read more

Patched Linux 5.11 Continues Looking Great For AMD Ryzen/EPYC Performance

While the initial AMD Linux 5.11 performance regression written about at the end of last year was of much concern given the performance hits to AMD Zen 2 / Zen 3 processors with the out-of-the-box "Schedutil" governor, with a pending patch the regression is not only addressed but in various workloads we continue seeing better performance than even compared to Linux 5.10. Here is the latest from several more days of extensive performance testing. Read more

DIN-rail gateway offers dual LAN and dual RS485

The Unipi Gate G110 and G100 are PLC-ready DIN-rail gateways that run Linux on a quad -A53 SoC with 16GB eMMC, GbE and 10/100 LAN ports, and up to 2x RS485 ports with modular extensions. Czech based Unipi, which started out in 2014 with a Raspberry Pi based UniPi automation controller board and followed up with products including an Allwinner H5-based Axon automation controller, has now launched the $243 Unipi Gate G100 and $272 Unipi Gate G110 DIN-rail gateways. Read more