Linux Blimp

Source: DarkReading – Posted by Brittany Day

Vulnerabilities in Apache functions have been at the root of significant breaches, including the one suffered by Equifax. Now new research indicates that another such vulnerability may be putting thousands of applications at risk. Lawrence Cashdollar, a vulnerability researcher and member of Akamai’s Security Incident Response Team, found an issue with the way that thousands of code projects are using Apache .htaccess, leaving them vulnerable to unauthorized access and a subsequent file upload attack in which auto-executing code is uploaded to an application.

Read this full article at DarkReading

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

Source

Kali Linux 2017.1 Xfce Installation on VMware Workstation

This video tutorial shows

Kali Linux 2017.1 Xfce installation

on VMware Workstation/Player step by step. This tutorial is also helpful to install Kali Linux Xfce 2017 on physical computer or laptop hardware. We also install

VMware Tools

(Open VM Tools) on Kali Linux 2017 Xfce for better performance and usability features such as Fit Guest Now, Drag-Drop File and Clipboard Sharing.

Kali Linux 2017.1 Xfce Desktop Installation Steps:

1. Download Kali Linux 2017.1 Xfce ISO
2. Create Virtual Machine on VMware Workstation/Player
3. Start Kali Linux 2017.1 Xfce Installation
4. Install VMware Tools (Open VM Tools)
5. Test VMware Tools Features: Fit Guest Now, Drag-Drop File and Clipboard Sharing

 

Kali Linux 2017.1 New Features and Improvements

Kali Linux

is a Debian-based distribution which features several security and forensics tools. Kali Linux 2017.1 features drivers for RTL8812AU wireless chipsets, improved GPU support and there are now Azure and AWS images of Kali Linux for cloud instances. Kali Linux 2017.1 brings with it a bunch of exciting updates and features. As with all new releases, you have the common denominator of updated packages, an updated kernel that provides more and better hardware support, as well as a slew of updated tools.

Kali Linux Website:

https://www.kali.org/

What is Xfce Desktop Environment?

Xfce is a lightweight desktop environment for UNIX-like operating systems. It aims to be fast and low on system resources, while still being visually appealing and user friendly. It includes a window manager, a file manager, desktop and panel.

Xfce Desktop Website:

https://www.xfce.org/

Hope you found this Kali Linux 2017.1 Xfce installation tutorial helpful and informative. Please consider sharing it. Your feedback and questions are welcome!

Source

One of the great aspects of Linux is the customization that users can adopt to make their experience unique, and one of the easiest customization features is that of the desktop, with wallpapers. Usually, setting a wallpaper is as simple as right-clicking on the Desktop to bring up the Wallpaper manager and making a choice, but what if you have multiple monitors and would like a different image on each?

Release the Hydra! (paper)

HydraPaper is a slick tool that lets you set a different background on each monitor within the GNOME desktop. It is built with the GTK toolset which means that compatibility should be good, as will downloading the necessary dependencies. The application also supports MATE and Budgie desktops, but for this article we are concerned with GNOME.

Installation

By far the easiest way to install HydraPaper is via Flatpak and FlatHub.

To install Flatpak on Ubuntu, open a Terminal, add the PPA, and type the following commands:

sudo apt-add-repository ppa:alexlarsson/flatpak

Once this is done, then update to load the new repository and install with the following:

sudo apt-get update && apt-get install gnome-software-plugin-flatpak

After this is complete, if you decide to use FlatHub (which makes things easier) then add the repository:

sudo flatpak remote-add –if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

Now restart your system.

Flatpak apps will be available within the Ubuntu Software Center. Search for HydraPaper, and it should appear. When it does, then simply click to install as you would any other package in Ubuntu.

Additionally, Flatpak is now supported in several major distributions, meaning it is widely accessible to users. You can find full instructions for your distribution of choice here.

Ready, Set … Wallpaper!

Once installed, the application can be found in the normal Applications menu. Click on it to start as you would any other application. When it opens, the images within your Pictures folder will be displayed, which is the default location. Should you wish to change this, you can.

Add your own folders where you keep images, and then these can be used. However, one caveat is that the application doesn’t dig down into your folders for nested folders and the images within them. Only those within the top folder will be selected.

One great aspect of the application is the ease of use.

By clicking on the icon in the upper-left corner, you can choose your image folders. Then once these are loaded, it is just a case of clicking the wallpaper that you want on the respective monitor. HydraPaper will also identify the monitors that are connected and distinguish between them based on their connection type. As you can see below, it supports HDMI, DVI and others.

HydraPaper will also remember the wallpaper selections that you pick between reboots.

At this point it seems HydraPaper is pretty flawless. However, it is not all great news. There are times when HydraPaper tends to combine wallpapers that have previously been used across separate monitors into one image. This happens when you remove the external monitor or if your connection somehow fails. It joins them together, which can look fairly garish if you have two contrasting images creating a split-screen effect.

Neither does the application support more than two monitors. For this you would need an alternative solution such as Syncwall. Unfortunately, the only place I could find online was here and mainly for Ubuntu-based systems.

Uninstalling HydraPaper

Should you desire, you can uninstall HydraPaper by entering the following in the Terminal:

sudo flatpak uninstall org.gabmus.hydrapaper

So what do you think? Is HydraPaper going to be the way that you pick your wallpapers from now on, or do you have a much easier or perhaps effective method? Let us know in the comments section.

Source

Bridge Constructor Portal, the rather amusing cross-over has been updated with a built-in level editor along with Steam Workshop support.

See Also: My previous thoughts on the game.

This was a feature that I weirdly didn’t consider back when trying it out originally in December of last year. While it has quite a number of levels built in, it’s certainly a game that benefits greatly from community made content. It helps player engagement and helps to increase the lifespan of games quite a bit when done right.

Pictured: A level from the Steam Workshop.

The fact that the level editor is built-in is good for us too, since it means Linux gamers can build, upload and download new levels to try out. The editor allows you to adjust the entry and exit for the test vehicles, add portals, buttons, hazardous goo, ramps and all sorts. It’s actually quite amusing, since it allows you to quickly test and edit any time and it’s really easy to use.

The only slight annoyance is that you need to reload the game after downloading levels, would have been better if it detected, downloaded and then updated the list without needing to do so. Aside from that, it’s a great addition to an already fun game.

Find it on Humble Store and Steam.

Source

CloudLinux 6 kernel version 2.6.32-954.3.5.lve1.4.58 is now available for download from our production repository.

Fixed CVE list:

• CVE-2018-3620, CVE-2018-3646: Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.
• CVE-2018-3693: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor’s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks.
• CVE-2018-5390: A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses.
• CVE-2018-3639: Kernel Side-Channel Attack using Speculative Store Bypass. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor’s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.
• CVE-2018-10901: A flaw was found in Linux kernel’s KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host’s userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.
• CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info() function in the ALSA subsystem in the Linux kernel allows attackers to induce a kernel memory corruption and possibly crash or lock up a system. Due to the nature of the flaw, a privilege escalation cannot be fully ruled out, although we believe it is unlikely.
• CVE-2018-7566: ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access.
• CVE-2018-1000004: In the Linux kernel versions 4.12, 3.10, 2.6, and possibly earlier, a race condition vulnerability exists in the sound system allowing for a potential deadlock and memory corruption due to use-after-free condition and thus denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.

Bugfixes:

• CKSIX-198: fixed ext4 file system Read-only remounts with Memory limits applied;
• CKSIX-190: disabled the ‘atomic file position’ mode due to possible locking starvation when IO limits are used;
• CKSIX-189: FS: fixed reference counting in user quotas;
• CKSIX-202: fixed Xen PV guest booting.

To update the kernel, run:

yum install kernel-2.6.32-954.3.5.lve1.4.58.el6

Source

Red Hat’s new vice president and general manager of its RHEL Business Unit, Stefanie Chiras, enthusiastically embraces the growing importance of Linux.

While you may not spend a lot of time thinking about this, the role Linux plays in the technology that we all use everyday is growing quite significantly. In an effort to more fully appreciate this, I had an opportunity to speak with the new vice resident and general manager of Red Hat’s RHEL Business Unit — Dr. Stefanie Chiras — and ask about her vision for RHEL and Linux in general. She was very enthusiastic — not just for Red Hat, but for the open source movement overall and the rising importance of Linux.

Chiras started with Red Hat in July — not quite four months ago — and already describes herself as a “true Red Hatter.” She explained that she has had a serious focus on Linux for the last six years or more. As she points out, we all do development differently these days because of the open source movement. The changes in just the last five years have moved us to very different ways of doing things whether we’re working on public or private clouds, containers, or bare metal.

During the interview, I learned to properly pronounce “RHEL,” which I’d in the past always expanded to its full name (Red Hat Enterprise Linux). Chiras — and probably everyone else at Red Hat — simply says “rel” as in the beginning of “relevant.”

Chiras was most excited about joining Red Hat at what she sees as a pivotal point with Linux providing greater stability and security and the rapid current of innovation. Developers are increasingly turning to Linux for rapid deployment, using tools such as OpenShift for rapid delivery.

Linux is everywhere

Linux is playing an increasingly important role in all of our lives. In fact, it has become one of the most important pieces of computer software in the world. Even those of us who don’t own or manage Linux systems probably use it every day — on our phones and tablets, through the web pages that we frequent, when we check our friends’ Facebook pages, when we find our way to websites using Google, or when we research topics on Wikipedia. Those of us who manage Linux systems have probably noticed that we’re not so much the oddballs on the tech staff that we were five or 10 years ago. The systems we set up and manage are moving to the mainstream and providing more important services than they ever did in the past.

What the increase in Linux means to us

Linux skills are increasingly valuable. Regardless of the technology in use, the OS is just as important as ever — on every platform and not at all diminished.

How everything comes together is vital and exciting. Open source and Linux in particular have dramatically changed the computing world and brought us to an increasingly flexible, powerful, and fast moving technological landing pad. Developers and Linux professionals are as important as ever. Put on your seat belts, and try to keep up. We’re all going places, and the technology that’s moving us forward is very exciting.

Join the Network World communities on  Facebook      and    LinkedIn

to comment on topics that are top of mind.

Sandra Henry-Stocker has been administering Unix systems for more than 30 years. She describes herself as “USL” (Unix as a second language) but remembers enough English to write books and buy groceries. She lives in the mountains in Virginia where, when not working with or writing about Unix, she’s chasing the bears away from her bird feeders.

Source

Last updated September 11, 2018 By Avimanyu Bandyopadhyay

Besides Switzerland and the USA, Japan is now the most recent implementer of Blockchain in its voting system. Let’s take a look at the news in brief and also the current challenges in the model. Can Open Source help in tackling them?

To learn more on Blockchain, please look into one of our previous articles where we have discussed Blockchain in detail.

First let us look into the voting system into which Blockchain was implemented at Tsukuba, Japan.

Like there is the allocation of Social Security Number (SSN) in the USA, Japan has a similar system called My Number that was launched in October 2015, which is a unique 12 digit identification number.

By transferring and integrating all of these records into a Blockchain, voters can now be uniquely identified digitally, making the voting process very convenient, as described by the mayor of Tsukuba, Tatsuo Igarashi:

“I had thought [Blockchain] would involve more complicated procedures, but I found that it’s minimal and easy.”

Tsukuba Mayor, Tatsuo Igarashi

The following video highlights his views and also mentions a setback in the new system.

Complete details of the initiative (translated) are available on the Tsukuba city page.

Though integrating Blockchain with the “My Number” system makes the voting process easier, there really are some notable setbacks, one of which is described in the video that needs to be dealt with in order to improve this voting system.

Tackling Blockchain based Voting System Challenges with an Open Source Approach

The first setback is a necessary requirement to remember passwords as shown in the video above. It’s a common scenario where voters can easily forget them.

Well, a solution to eliminate such an issue could be initiatives like Remme.io, where they are building an Open Source Distributed Public Key Infrastructure (PKI) protocol to make passwordless authentication possible. This Open Source code base is freely accessible on GitHub. There are more passwordless authorization systems from six other Blockchain solution providers as well:

Obtained from Remme’s business model overview report located here

Another challenge is probable fear among people about how trustworthy this system really is.

Prof. Kazunori Kawamura of Tohoku University, who is already familiar with online voting and specializes in Political Informatics, expressed his views on the same:

“Due to fears of errors, administrative organizations and election boards are likely to find it difficult to introduce [Blockchain].”

Tohoku University Prof. Kazunori Kawamura

The best way to tackle this situation would be to bring in the use of Open Standards, which would make the entire model transparent (We have mentioned Open Standards in our first Science article). Tech Communities can come together in raising awareness about this new Blockchain based model to encourage more people to adopt this system.

Code that is being used for the development of Blockchain based platforms can be declared Open Source, to enable experts in the field to easily contribute to making eVoting better and better. One example for this is Democracy.earth, who have their entire code base available on GitHub.

It should be noted that Japan has indeed adopted an Open Model into its Blockchain practices before conducting this voting experiment. A Japanese Internet Giant launched an Open Source Blockchain Project on July 6 last year.

Also, on June 26 and 27 this year, Japan held their first International Blockchain Conference at Tokyo, where more than 100 technologists participated in sharing their knowledge in the field, with approximately 10,000 visitors!

Do you like the idea of an Open Source powered Blockchain based Voting System? Would you like your locality to adopt the idea? Feel free to share your thoughts about it in the comments section below.

About Avimanyu Bandyopadhyay

Avimanyu is a Doctoral Researcher on GPU-based Bioinformatics and a big-time Linux fan. He strongly believes in the significance of Linux and FOSS in Scientific Research. Deep Learning with GPUs is his new excitement! He is a very passionate video gamer (his other side) and loves playing games on Linux, Windows and PS4 while wishing that all Windows/Xbox One/PS4 exclusive games get support on Linux some day! Both his research and PC gaming are powered by his own home-built computer. He is also a former Ubisoft Star Player (2016) and mostly goes by the tag “avimanyu786” on web indexes.

Source

The Mozilla Firefox project is a redesign of Mozilla’s browser component, written using the XUL user interface language and designed to be cross-platform, supporting Linux, Android, Microsoft Windows and Mac OS X operating systems. It is a fast, small and very easy-to-use web browser/navigator/explorer that offers many advantages over other similar products, such as the ability to block pop-up windows and the feature-rich tabbed browsing experience.

Features at a glance

The application offers a well designed graphical user interface that integrates search (powered by Google, Bing, Yahoo, etc.), and industry leading accessibility with Find As You Type – find links and page text by simply typing. As mentioned before, the Firefox browser features comprehensive pop-up controls, which will keep unwanted advertising off your desktop. A tab browsing mode will let you open several pages in a single window, allowing you to load links in the background without leaving the page you’re on.

Powerful plugin architecture

Moreover, the Mozilla Firefox web browser includes simplified privacy controls that let you cover your tracks more effectively, a streamlined browser window that allows you see more of the page than any other web browser, while at the same time being more configurable. A large variety of free downloadable extensions and themes that add specific functionality and visual changes to the browser are available to users from the official Mozilla website.

Features a Private Mode

The Private Mode, the ability to Pin tabs, which will always be there when you need them (even after a restart), the powerful Firefox Sync functionality that helps users to keep all of their passwords, bookmarks, browsing history, preferences, tabs, and add-ons in perfect sync across multiple devices, and much more other amazing features are all part of the world’s best web browser, Mozilla Firefox.

Better than Google Chrome and Opera

Because the Opera and Google Chrome web browsers are now based on Chromium, which has a poor collection of extensions, the Mozilla Firefox web browser became the number one choice for many Linux-based operating systems, including Ubuntu, Linux Mint, Debian, openSUSE, Fedora, Red Hat Enterprise Linux, and others.

Softpedia uses Mozilla Firefox

Here at Softpedia, we use the Mozilla Firefox web browser everyday on multiple computers with different hardware configurations. The application works exceptionally and it does the job very well, helping us to do our work much better than if we were using a different web surfing product. We strongly recommend to use the Mozilla Firefox web browser for all your Internet surfing needs on a daily basis. You will not regret it!

Source

Securing your Kubernetes cluster is one thing, keeping it secure is a continuous uphill struggle. However, with the introduction of new features to Kubernetes it is becoming much easier to do both.

Kubernetes (as of version 1.6) has introduced the concept of Role-Based Access Control (RBAC), allows administrators to define policies to restrict the actions of users of your cluster. This means it is possible to create a user with limited access, allowing you to restrict access to resources such as Secrets, or by limiting access of that user to a specific Namespace.

This blog post will not look at how to implement RBAC, as there are many decent sources of information that cover it in vast detail:

Instead, this post will focus on how to ensure your business’s compliance and requirements are actually being adhered to and to ensure that we need to test our applied RBAC objects, to ensure they do what we intend them to do.

Read more at Medium

Source

There are different commands on both Linux and UNIX server to see what TCP/UDP ports are listening or open on your server. You can use netstat command, which prints network connections, routing tables, interface statistics, masquerade connections, and multicast memberships, etc.

Method 1:

netstat command to find open ports

ravi@linuxforfreshers.com>>sudo netstat –listen

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 *:1234 *:* LISTEN

tcp 0 0 *:8084 *:* LISTEN

tcp 0 0 192.168.122.1:domain *:* LISTEN

tcp 0 0 *:ssh *:* LISTEN

tcp 0 0 *:ipp *:* LISTEN

tcp 0 0 *:microsoft-ds *:* LISTEN

tcp 0 0 *:7070 *:* LISTEN

tcp 0 0 localhost:mysql *:* LISTEN

tcp 0 0 *:netbios-ssn *:* LISTEN

tcp6 0 0 [::]:ssh [::]:* LISTEN

tcp6 0 0 [::]:ipp [::]:* LISTEN

tcp6 0 0 [::]:microsoft-ds [::]:* LISTEN

tcp6 0 0 [::]:netbios-ssn [::]:* LISTEN

udp 0 0 *:39505 *:*

udp 0 0 *:ipp *:*

udp 0 0 *:mdns *:*

udp 0 0 *:mdns *:*

Active UNIX domain sockets (only servers)

Proto RefCnt Flags Type State I-Node Path

unix 2 [ ACC ] STREAM LISTENING 12950 /var/run/acpid.socket

unix 2 [ ACC ] STREAM LISTENING 18259042 @atpl-com.canonical.Unity.Scope.rhythmbox.T516689809663571

unix 2 [ ACC ] STREAM LISTENING 19096 /run/user/1000/keyring-n7CcyZ/control

unix 2 [ ACC ] STREAM LISTENING 22589 @/tmp/.ICE-unix/3779

unix 2 [ ACC ] STREAM LISTENING 21540 @/tmp/dbus-u6IauIGH5I

To display open ports and established TCP connections, enter:

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 0.0.0.0:1234 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:8084 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:7070 0.0.0.0:* LISTEN

To display only open UDP ports try the following command:

ravi@linuxforfreshers.com>>sudo netstat -vaun

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State

udp 0 0 0.0.0.0:39505 0.0.0.0:*

udp 0 0 0.0.0.0:631 0.0.0.0:*

● -l = only services which are listening on some port

● -n = show port number, don’t try to resolve the service name

● -p = name of the program

To display the list of open ports, enter:

To display all open files, use:

To display all open IPv4 network files in use by the process whose PID is 10050, use:

# lsof -iTCP -sTCP:LISTEN

Quickest way to test if a TCP port is open (including any hardware firewalls you may have), is to type, from a remote computer (e.g. your desktop):

telnet hostip port_number

ravi@linuxforfreshers.com>>telnet 192.168.101.156 22

Trying 192.168.101.156…

Connected to 192.168.101.156

Escape character is ‘^]’.

ravi@linuxforfreshers.com>>telnet localhost 22

ravi@linuxforfreshers.com>>ss -lntu

Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port

tcp UNCONN 0 0 *:39505 *:*

tcp UNCONN 0 0 *:631 *:*

tcp UNCONN 0 0 *:5353 *:*

 

Source