Linux Blimp

By Jack M. Germain

Sep 12, 2018 12:08 PM PT

Widespread use of unpatched open source code in the most popular Android apps distributed by Google Play has caused significant security vulnerabilities, suggests an
American Consumer Institute report released Wednesday.

Thirty-two percent — or 105 apps out of 330 of the most popular apps in 16 categories sampled — averaged 19 vulnerabilities per app, according to the
report, titled “How Safe Are Popular Apps? A Study of Critical Vulnerabilities and Why Consumers Should Care.”

Researchers found critical vulnerabilities in many common applications, including some of the most popular banking, event ticket purchasing, sports and travel apps.

Distribution of Vulnerabilities Based on Security Risk Severity

ACI, a nonprofit consumer education and research organization, released the report to spearhead a public education campaign to encourage app vendors and developers to address the worsening security crisis before government regulations impose controls over Android and open source code development, said Steve Pociask, CEO of the institute.

The ACI will present the report in Washington D.C. on Wednesday, at a public panel attended by congressional committee members and staff. The session is open to the public.

“There were 40,000 known open source vulnerabilities in the last 17 years, and one-third of them came last year,” ACI’s Pociask told LinuxInsider. That is a significant cause for concern, given that 90 percent of all software in use today contains open source software components.

Pushing the Standards

ACI decided the public panel would be a good venue to start educating consumers and the industry about security failings that infect Android apps, said Pociask. The report is meant to be a starting point to determine whether developers and app vendors are keeping up with disclosed vulnerabilities.

“We know that hackers certainly are,” Pociask remarked. “In a way, we are giving … a road map to hackers to get in.”

The goal is to ward off the need for eventual government controls on software by creating a public dialog that addresses several essential questions. Given the study’s results, consumers and legislators need to know if app vendors and developers are slow to update because of the expense, or merely complacent about security.

Other essential unanswered questions, according to Pociask, include the following: Do the vendors notify users of the need to update apps? To what extent are customers updating apps?

Not everyone relies on auto update on the Android platform, he noted.

“Some vendors outsource their software development to fit their budget and don’t follow up on vulnerabilities,” Pociask said.

Having the government step in can produce detrimental consequences, he warned. Sometimes the solutions imposed are not flexible, and they can discourage innovation.

“It is important for the industry to get itself in order regarding privacy requirements, spoofing phone numbers and security issues,” said Pociask.

Report Parameters

Businesses struggle to provide adequate protection for consumer personal information and privacy. Governments in California and the European Union have been putting more aggressive consumer privacy laws in place. Americans have become more aware of how vulnerable to theft their data is, according to the report.

One seemingly indispensable device that most consumers and businesses use is a smartphone. However, the apps on it may be one of the most serious data and privacy security risks, the report notes.

Researchers tested 330 of the most popular Android apps on the Google Play Store during the first week in August. ACI’s research team used a binary code scanner — Clarity, developed by Insignary — to examine the APK files.

Rather than focus on a random sampling of Google Play Store apps, ACI researchers reported on the largest or most popular apps in categories. Most of the apps are distributed within the United States. Researchers picked 10 top apps in each of the 33 categories in the Play store.

Factoring the Results

Results were charted as critical, high, medium and low vulnerability scores. Of 330 tested apps, 105 — or 32 percent — contained vulnerabilities. Of those identified, 43 percent either were critical or high risk, based on the national vulnerability database, according to the report.

“We based our study on the most popular apps in each category. Who knows how much worse the untested apps are in terms of vulnerabilities?” Pociask asked.

In the apps sampled, 1,978 vulnerabilities were found across all severity levels, and 43 percent of the discovered vulnerabilities were deemed high-risk or critical. Approximately 19 vulnerabilities existed per app.

The report provides the names of some apps as examples of the various ways vendors deal with vulnerabilities. Critical vulnerabilities were found in many common applications, including some of the most popular banking, event ticket purchasing, sports and travel apps.

For example, Bank of America had 34 critical vulnerabilities, and Wells Fargo had 35 critical vulnerabilities. Vivid Seats had 19 critical and five high vulnerabilities.

A few weeks later, researchers retested some of the apps that initially tested way out of range. They found that the two banking apps had been cleaned up with updates. However, the Vivid Seats app still had vulnerabilities, said Pociask.

Indications for Remedies

More effective governance is critical to addressing “threats such as compromised consumer devices, stolen data, and other malicious activity including identity theft, fraud or corporate espionage,” states the report.

These results increasingly have been taking center stage, noted the researchers.

The ACI study recommends that Android app developers scan their binary files to ensure that they catch and address all known security vulnerabilities. The study also stresses the urgency and need for apps providers to develop best practices now, in order to reduce risks and prevent a backlash from the public and policymakers.

The researchers highlighted the complacency that many app providers have exhibited in failing to keep their software adequately protected against known open source vulnerabilities that leave consumers, businesses and governments open to hacker attacks, with potentially disastrous results.

Note: Google routinely scans apps for malware, but it does not oversee the vulnerabilities that could allow them.

“We want to create a lot more awareness for the need to update the vulnerabilities quickly and diligently. There is a need to push out the updates and notify consumers. The industries should get involved in defining best practices with some sort of recognizable safety seal or rating or certification,” Pociask said.

App Maker or User Problem?

This current ACI report, along with others providing
similar indications about software vulnerabilities, concerns an area many app users and vendors seem to ignore. That situation is exacerbated by hackers finding new ways to trick users into allowing them access to their devices and networks.

“Posing as real apps on an accredited platform like the Google Play Store makes this type of malicious activity all the more harmful to unsuspecting users,” said Timur Kovalev, chief technology officer at
Untangle.

It is critical for app users to be aware that hackers do not care who becomes their next victim, he told LinuxInsider.

Everyone has data and private information that can be stolen and sold. App users must realize that while hackers want to gain access and control of their devices, most also will try to infiltrate a network that the device connects to. Once this happens, any device connected to that network is at risk, Kovalev explained.

Even if an app maker is conscientious about security and follows best practices, other vulnerable apps or malware on Android devices can put users at risk, noted Sam Bakken, senior product marketing manager at
OneSpan.

“App makers need to protect their apps’ runtime against external threats over which they don’t have control, such as malware or other benign but vulnerable apps,” he told LinuxInsider.

Part of the Problem Cycle

The issue of unpatched vulnerabilities makes the ongoing situation of malicious apps more troublesome. Malicious apps have been a consistent problem for the Google Play Store, said Chris Morales, head of security analytics at
Vectra.

Unlike Apple, Google does not maintain strict control over the applications developed using the Android software development kit.

“Google used to perform basic checks to validate an app is safe for distribution in the Google Play Store, but the scale of apps that exists today and are submitted on a daily basis means it has become very difficult for Google to keep up,” Morales told LinuxInsider.

Google has implemented new machine learning models and techniques within the past year, he pointed out, in an effort to improve the company’s ability to detect abuse — such as impersonation, inappropriate content or malware.

“While these techniques have proven effective at reducing the total number of malicious apps in the Google Play Store, there will always be vulnerabilities in application code that get by Google’s validation,” noted Morales.

Developers still need to address the problem of malicious or vulnerable apps that could be exploited after being installed on a mobile device. That would be handled by applying machine learning models and techniques on the device and on the network. That would help to identify malicious behaviors that would occur after an app is already installed and bypassed the Google security checks, Morales explained.

Time for Big Brother?

Having government agencies step in to impose solutions may lead to further problems. Rather than a one-size-fits-all solution, ACI’s Pociask prefers a system of priorities.

“Let’s see if the industry can come up with something before government regulations are imposed. Getting a knee-jerk reaction right now would be the wrong thing to do in terms of imposing a solution,” he cautioned.

Still, personal devices are the user’s responsibility. Users need to take more accountability with regards to what apps they are allowing on their devices, insisted Untangle’s Kovalev.

“Government intervention at this time is likely not needed, as both users and Google can take additional actions to protect themselves against malicious apps,” he said.

Frameworks Exist

Dealing with unpatched Android apps may not need massive efforts to reinvent the wheel. Two potential starting points already are available, according to OneSpan’s Bakken.

One is the U.S. National Institute of Standards and Technology, or NIST. It has guidelines for vetting mobile apps, which lay out a process for ensuring that mobile apps comply with an organization’s mobile security requirement.

“This can help an enterprise, for example, to keep some vulnerable mobile apps out of their environment, but instituting such a program is no small feat. It’s also simply guidance at this point,” said Bakken.

The other starting point could be the Federal Institutions Examination Council, or FFIEC, which provides some guidance for examiners to evaluate a financial institution’s management of mobile financial services risk. It also provides some safeguards an institution should implement to secure the mobile financial services they offer, including mobile apps.

“In the end, the effectiveness of any government intervention really depends on enforcement. It’s likely that any intervention would focus on a specific industry or industries, meaning not all mobile app genres would be in scope,” Bakken said. “That means that developers of some mobile apps for consumers would not necessarily have any incentive to secure their apps.”

What Needs to Happen?

One major solution focuses on patching the Google Play platform. Joining the platform is straightforward, according to Kovalev. Developers complete four basic steps and pay a fee.

Once joined, developers can upload their apps. Google processes them through a basic code check. Often, malicious apps do not appear to be malicious, as they have been programmed with a time-delay for malicious code to be executed, he noted.

“To combat these malicious apps, Google has begun to implement better vetting techniques — like AI learning and providing rewards to white hat pros who hunt down and surface these malicious apps,” Kovalev said.

While these techniques have helped to pinpoint malicious apps, the apps should be vetted more thoroughly prior to being publicly available to unsuspecting users, he stressed.

Final Solution

The ultimate fix for broken Android apps rests with app makers themselves, OneSpan’s Bakken said. They are in the best position to lead the charge.

He offered this checklist for mobile app developers:

• Do threat modeling and include security in product requirements.
• Provide secure code training to Android developers.
• Do security testing of their apps on a regular basis as part of the development cycle.
• Fix identified vulnerabilities as they go.
• Submit their apps to penetration testing prior to release.

“And then, finally, they should proactively strengthen their app with app-shielding technology that includes runtime protection,” Baken said, “so the app itself is protected, even in untrusted and potentially insecure mobile environments, to mitigate external threats from malware and other vulnerable apps.”

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.

Source

By Jack M. Germain

Sep 7, 2018 9:53 AM PT

The official release of version 3 of
Linux Mint Debian Edition hit the download servers at summer’s end, offering a subtle alternative to the distro’s Ubuntu-based counterpart.

Codenamed “Cindy,” the new version of LMDE is based on Debian 9 Stretch and features the Cinnamon desktop environment. Its release creates an unusual situation in the world of Linux distro competition. Linux Mint developers seem to be in competition with themselves.

LMDE is an experimental release. The Linux Mint community offers its flagship distro based on Ubuntu Linux in three desktop versions: Cinnamon, Mate and Xfce.

The Debian version is different under the hood.

For example, the software package base is provided by Debian repositories instead of from Ubuntu repositories. Another difference is the lack of point releases in LMDE. The only application updates between each annual major upgrade are bug and security fixes.

In other words, Debian base packages will stay the same in LMDE 3 until LMDE 4 is released next year. That is a significant difference.

Mint system and desktop components get updated continuously in a semi-rolling release process as opposed to periodic point releases. So newly developed features are pushed directly into LMDE. Those same changes are held for inclusion on the next upcoming Linux Mint (Ubuntu-based) point release.

Using LMDE instead of the regular Linux Mint distro is more cutting edge — but only if you use the Cinnamon desktop. LMDE does not offer versions with Mate and Xfce desktops.

Personal Quest

Linux Mint — as in the well-established Ubuntu-based release — is my primary computing workhorse, mostly thanks to the continuing refinements in the Cinnamon desktop. However, I spend a portion of my weekly computing time using a variety of other Linux distros on a collection of “test bench” desktops and laptops dedicated to my regular Linux distro reviews.

The most critical part of my regular distro hopping is constantly adjusting to the peculiar antics of a host of user interfaces, including GNOME, Mate, KDE Plasma and Xfce. I return to some favorites more than others depending on a distro’s usability. That, of course, is a function of my own preferences and computing style.

So when LMDE 3 became available, I gave in to finding the answer to a question I had avoided since the creation of Linux Mint Debian Edition several years ago. I already knew the issues separating Debian from Ubuntu.

The dilemma: Does Debian-based versus Ubuntu-based Linux Mint really matter?

Linux Mint Debian is a near-identical replication of the Ubuntu-based Standard Linux Mint Cinnamon version.

Confusing Scenario

Does a Debian family tree make Linux Mint’s Cinnamon distro better than the Ubuntu-based main version? Given the three desktop options in the Linux Mint distro, does a duplicate Cinnamon desktop choice involving a Debian base instead of an Ubuntu base make more sense?

Consider this: Ubuntu Linux is based on Debian Linux. The Linux Mint distro is based on Ubuntu, which is based on Debian.

So why does Linux Mint creator and lead developer Clement Lefebvre care about developing a Debian strain of Linux Mint Cinnamon anyway? The Debian distro also offers a Cinnamon desktop option, but no plans exist for other desktop varieties.

Clarifying Clarity

I have found in years of writing software reviews that two factors are critical to how I respond to a particular Linux distribution. One is the underlying infrastructure or base a particular distro uses.

A world of differences can exist when comparing an Arch-based distro to a Debian- or RPM- or Slackware-based distro, for instance — and yes, there are numerous more family categories of Linux distributions.

My second critical factor is the degree of tweaking a developer applies to the chosen desktop environment. That also involves considering the impact of whether the distro is lightweight for speed and simplicity or heavyweight for productivity and better performance.

Some desktop options are little more than window managers like Openbox or Joe’s Window Manager (JWN), IceWM or Fluxbox. Others are shell environments patched over GNOME 3 like Mate and Cinnamon.

Assessing performance gets more involved when a distro offers more than one desktop option. Or when a distro uses a more modern or experimental desktop environment like Enlightenment, Pantheon, LXQt or Budgie.

Reasonable Need

What if the Ubuntu base went away? The Ubuntu community is headed by a commercial parent company, Canonical. The road to Linux development is littered with used-to-be Linux distros left abandoned. Their users had to move on.

When the Ubuntu community years ago made its new Unity desktop the default, Lefebvre created Linux Mint as an alternative and replaced Unity with the infant Cinnamon he helped create. Ironically, the Ubuntu community recently jettisoned Unity and replaced it with the GNOME desktop.

In Lefebvre’s release notes for LMDE 3, he noted the development team’s main goal was to see how viable the Linux Mint distribution would be and how much work would be necessary if Ubuntu ever should disappear.

Same Difference Maybe

The challenge is to make LMDE as similar as possible to Linux Mint without using Ubuntu. I am not a programmer, but it seems to me that what Lefebvre has been doing is make square pegs fit into round holes.

It seems to be working. Debian, Linux Mint and Ubuntu all hail from the Debian repositories. Ubuntu also is derived from Debian. However, the base editions are different.

The main difference between editions, Lefebvre explained, is that the standard edition may have a desktop application for some features. To get the same features in LMDE, users might have to compensate by altering a configuration file using a text editor.

So far, that makes LMDE less polished than the standard (Ubuntu-based) edition, just as Debian tends to be less polished on the first bootup than Ubuntu, he suggested.

His point is well taken. Linux Mint modifies the base integration to create a better user experience. That is why years ago, as an Ubuntu user, I crossed over to Linux Mint. It also bolsters what I previously said about my two essential factors in reviewing Linux distros.

From Lefebvre’s view, LMDE likely is a smarter choice over the Ubuntu-based version for users who prioritize stability and security. Users looking for more recent packages likely will be less satisfied with LMDE 3. Despite the more rigorous updates, some packages on LMDE could be several years old by the time the next release comes out.

Some software package delays and other minor differences lie under the surface of the Debian edition of Linux Mint, but you will look long and hard to find them.

First Impressions

“Cindy” installed and ran without issue. Its iteration of the Cinnamon desktop displayed and performed like its near-twin from the Ubuntu family. That was a pleasant surprise that reinforced my longstanding reliance on the Cinnamon desktop over other options.

To say that the Cindy release *just works* is an understatement. The menus and configuration settings are the same. The panel bar is an exact replica in terms of its appearance and functionality. The hot corners work the same way in both versions. So do the applets and desklets that I have grown so fond of over the years.

Even the Software Center remains the same. Of course, the location of the repositories points to different locations, but the same package delivery system underlies both LMDE 3 and the Ubuntu-based Tara version of Linux Mint Cinnamon.

My only gripe with functionality centers on the useless extensions. I hoped that the experience with Cindy would transcend the longstanding failure of extensions in the Ubuntu-based Cinnamon desktop. It didn’t.

Almost every extension I tried issued a warning that the extension was not compatible with the current version of the desktop. So in one way at least, the Debian and the Ubuntu versions remain in sync. Neither works — and yes, both Cinnamon versions were the current 3.8.8.

Other Observations

I was disappointed to see LibreOffice 5 preinstalled rather than the current LibreOffice 6.1. Cindy has both Ubiquity and Calamares installers.

I suggest using the Calamares installer. It has a great disk partitioning tool and a more efficient automated installation process. For newcomers, the Linux Mint installer is easier to use, though.

As for the kernel, the Cindy version is a bit behind the times. It ships with kernel version 4.9.0-8; my regular Linux Mint distro is updated to 4.15-0-33.

Also consider the basic hardware requirements for LMDE. They might not be as accommodating as the Ubuntu version of Linux Mint Cinnamon.

You will need at least 1 GB RAM, although 2 GB is recommended for a comfortable fit. Also, 15 GB of disk space is the minimum, although 20 GB is recommended.

Here are some additional potential limitations for your hardware:

• The 64-bit ISO can boot with BIOS or UEFI;
• The 32-bit ISO can only boot with BIOS;
• The 64-bit ISO is recommended for all computers sold since 2007 as they are equipped with 64-bit processors.

Bottom Line

If you are considering taking Cindy for a joyride, be sure to check out the release notes for known issues. Also, thoroughly test the live session before installing LMDE 3 to any mission-critical computers.

If you do follow through and install the Debian version of Linux Mint, consider the move a short-term computing solution — that is, unless you like doing a complete system upgrade. LMDE is not a long-term support release.

Unlike the five-year support for the regular LTS release with the Ubuntu-based version, Cindy’s support runs out perhaps at the end of this year. The developers cannot project an exact release schedule for LMDE 4, either.

Lefebvre warned that several potential compatibility issues loom in the near future. For example, Cinnamon 4.0 is likely to be incompatible with Debian Stretch. A contemplated change in the Meson build system may get in the way as well.

Want to Suggest a Review?

Is there a Linux software application or distro you’d like to suggest for review? Something you love or would like to get to know?

Please
email your ideas to me, and I’ll consider them for a future Linux Picks and Pans column.

And use the Reader Comments feature below to provide your input!

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.

Source

by
Pradeep Kumar
·
Published August 8, 2018
· Updated August 8, 2018

‘,
enableHover: false,
enableTracking: true,
buttons: { twitter: },
click: function(api, options){
api.simulateClick();
api.openPopup(‘twitter’);
}
});
$(‘#facebook’).sharrre({
share: {
facebook: true
},
template: ‘

‘,
enableHover: false,
enableTracking: true,
buttons:,
click: function(api, options){
api.simulateClick();
api.openPopup(‘facebook’);
}
});
$(‘#googleplus’).sharrre({
share: {
googlePlus: true
},
template: ‘

‘,
enableHover: false,
enableTracking: true,
buttons:,
urlCurl: ‘https://www.linuxtechi.com/wp-content/plugins/hueman-addons/addons/assets/front/js/sharrre.php’,
click: function(api, options){
api.simulateClick();
api.openPopup(‘googlePlus’);
}
});
$(‘#linkedin’).sharrre({
share: {
linkedin: true
},
template: ‘

‘,
enableHover: false,
enableTracking: true,
buttons: {
linkedin: {
description: ‘How to Install and use Open vSwitch 2.9 with KVM on CentOS 7 / RHEL 7 Server’,media: ‘https://www.linuxtechi.com/wp-content/uploads/2018/08/Install-openvswitch-KVM-CentOS7-RHEL7.jpg’ }
},
click: function(api, options){
api.simulateClick();
api.openPopup(‘linkedin’);
}
});


// Scrollable sharrre bar, contributed by Erik Frye. Awesome!
var $_shareContainer = $(“.sharrre-container”),
$_header = $(‘#header’),
$_postEntry = $(‘.entry’),
$window = $(window),
startSharePosition = $_shareContainer.offset(),//object
contentBottom = $_postEntry.offset().top + $_postEntry.outerHeight(),
topOfTemplate = $_header.offset().top,
topSpacing = _setTopSpacing();

//triggered on scroll
shareScroll = function(){
var scrollTop = $window.scrollTop() + topOfTemplate,
stopLocation = contentBottom – ($_shareContainer.outerHeight() + topSpacing);

$_shareContainer.css();

if( scrollTop > stopLocation ){
$_shareContainer.css( { position:’relative’ } );
$_shareContainer.offset(
{
top: contentBottom – $_shareContainer.outerHeight(),
left: startSharePosition.left,
}
);
}
else if (scrollTop >= $_postEntry.offset().top – topSpacing){
$_shareContainer.css( { position:’fixed’,top: ‘100px’ } );
$_shareContainer.offset(
{
//top: scrollTop + topSpacing,
left: startSharePosition.left,
}
);
} else if (scrollTop 1024 ) {
topSpacing = distanceFromTop + $(‘.nav-wrap’).outerHeight();
} else {
topSpacing = distanceFromTop;
}
return topSpacing;
}

//setup event listeners
$window.scroll( _.throttle( function() {
if ( $window.width() > 719 ) {
shareScroll();
} else {
$_shareContainer.css({
top:”,
left:”,
position:”
})
}
}, 50 ) );
$window.resize( _.debounce( function() {
if ( $window.width() > 719 ) {
shareMove();
} else {
$_shareContainer.css({
top:”,
left:”,
position:”
})
}
}, 50 ) );

});

Source

by
Narendra K
·
Published August 15, 2018
· Updated August 15, 2018

‘,
enableHover: false,
enableTracking: true,
buttons: { twitter: },
click: function(api, options){
api.simulateClick();
api.openPopup(‘twitter’);
}
});
$(‘#facebook’).sharrre({
share: {
facebook: true
},
template: ‘

‘,
enableHover: false,
enableTracking: true,
buttons:,
click: function(api, options){
api.simulateClick();
api.openPopup(‘facebook’);
}
});
$(‘#googleplus’).sharrre({
share: {
googlePlus: true
},
template: ‘

‘,
enableHover: false,
enableTracking: true,
buttons:,
urlCurl: ‘https://www.linuxtechi.com/wp-content/plugins/hueman-addons/addons/assets/front/js/sharrre.php’,
click: function(api, options){
api.simulateClick();
api.openPopup(‘googlePlus’);
}
});
$(‘#linkedin’).sharrre({
share: {
linkedin: true
},
template: ‘

‘,
enableHover: false,
enableTracking: true,
buttons: {
linkedin: {
description: ‘Learn Git Command with Practical Examples on Linux – Part 2’,media: ‘https://www.linuxtechi.com/wp-content/uploads/2018/08/Git-Command-Example-Part2.jpg’ }
},
click: function(api, options){
api.simulateClick();
api.openPopup(‘linkedin’);
}
});


// Scrollable sharrre bar, contributed by Erik Frye. Awesome!
var $_shareContainer = $(“.sharrre-container”),
$_header = $(‘#header’),
$_postEntry = $(‘.entry’),
$window = $(window),
startSharePosition = $_shareContainer.offset(),//object
contentBottom = $_postEntry.offset().top + $_postEntry.outerHeight(),
topOfTemplate = $_header.offset().top,
topSpacing = _setTopSpacing();

//triggered on scroll
shareScroll = function(){
var scrollTop = $window.scrollTop() + topOfTemplate,
stopLocation = contentBottom – ($_shareContainer.outerHeight() + topSpacing);

$_shareContainer.css();

if( scrollTop > stopLocation ){
$_shareContainer.css( { position:’relative’ } );
$_shareContainer.offset(
{
top: contentBottom – $_shareContainer.outerHeight(),
left: startSharePosition.left,
}
);
}
else if (scrollTop >= $_postEntry.offset().top – topSpacing){
$_shareContainer.css( { position:’fixed’,top: ‘100px’ } );
$_shareContainer.offset(
{
//top: scrollTop + topSpacing,
left: startSharePosition.left,
}
);
} else if (scrollTop 1024 ) {
topSpacing = distanceFromTop + $(‘.nav-wrap’).outerHeight();
} else {
topSpacing = distanceFromTop;
}
return topSpacing;
}

//setup event listeners
$window.scroll( _.throttle( function() {
if ( $window.width() > 719 ) {
shareScroll();
} else {
$_shareContainer.css({
top:”,
left:”,
position:”
})
}
}, 50 ) );
$window.resize( _.debounce( function() {
if ( $window.width() > 719 ) {
shareMove();
} else {
$_shareContainer.css({
top:”,
left:”,
position:”
})
}
}, 50 ) );

});

Source

Below is a guest post by Shabbir, and I’d like to add some comments describing what to expect ahead. First, there are two methods, both are very simple. One works with rooted phones only, and the other works with/without root. Without root you can get connected to the wireless network, but won’t find out it’s password. These methods work only on vulnerable wifis, so success rate is low. Still, since it’s a 5 minute process (simply install an app from play store), it might be worth the effort for most people. <actual post starts below>

You know if you ask me, hacking a wifi network
is easiest of the all hacking techniques. And Yes, it is Boring, time consuming
and difficult to hack wifi when it comes to android. Because in android you
don’t have much powerful resources and you don’t have many hacking attacks and
don’t have lots of hacking tools like you do have in Laptop, Pc or mac.

In Today’s post we are going to cover the
topic “how to hack wifi with android”.

We are going to exploit a wifi vulnerability
found in most of the router’s security called WPS (wifi protected setup).

According to Wikipedia. A major security flaw was revealed in December
2011 that affects wireless routers with the WPS PIN feature, which most recent
models have enabled by default. The flaw allows a remote attacker to recover
the WPS PIN in a few hours with a brute-force
attack and, with the WPS PIN, the network’s WPA/WPA2 pre-shared key. Users have been urged
to turn off the WPS PIN feature.

We are describing two methods that are most
effective in hacking wifi with android and are almost successful.

Things Required for Both tutorials

• Android
  Phone with good Processor and RAM
• Android
  Phone Must be Rooted
• A
  Wifi Network to hack (Very Important)
• WPS CONNECT app from Play store (for 1st
  tutorial)
• WPS
  WPA Tester app (for 2nd tutorial)

How this is
going hack wi-fi Let’s get to the process

Many Guy says this is the fake app but hey guys this is not a fake
app, this is working app for hacking wi-fi password from android mobile. You
can hack WiFi network with this app, which has WPS enabled in their router
security.

If you found any wi-fi network in your Android
mobile, which shows WPS security. You can easily connect with any WPS
security wifi without given any type password. WPS Connect bypasses WPS
security and gives you access to connect with wi-fi without typing any
password.
Check this guide to learn how to hack wifi

Some of recent
wifi hacking tutorials.

• Hack
  WPA/WPA2 WPS – Reaver – Kali Linux
• Evil
  Twin Tutorial
• Hacking
  WPA/WPA2 without dictionary/bruteforce : Fluxion
• Wifi
  Hacking – WEP – Kali Linux Aircrack-ng suite
• Wifite : Hacking Wifi The Easy Way : Kali Linux
• click here for More Wifi Hacking Tutorials

With this app, you’ll connect to WiFi networks
which have WPS protocol enabled. This feature was only available in version
4.1.2 of Android.

App developed for educational purposes. I am not
responsible for any misuse.WPS Connect is focused on verifying if your
router is vulnerable to a default PIN. Many routers that companies install own
vulnerabilities in this aspect. With this application, you can check if your
router is vulnerable or not and act accordingly.Includes default PINs, as well as algorithms
such Zhao Chesung (ComputePIN) or Stefan Viehböck (easyboxPIN).

Tap Refresh Icon to get wifi AP with Mac addresses

Tap on the wifi you wanna hack

Try every pin one by one in the app and try to hack wifi
password

You have successfully hacked wi-fi via WPS.

2nd app is Wi-fi WPS WPA Tester

WPS
Connect app hack only WPS routers with limited features. But this is an
advanced app for hacking wifi password from
android mobile. Make sure your phone is rooted. You can check
the wireless security of your routers from this Android app. If your router is
not secure this wifi hacking android app easily
bypass wifi password from android mobile and connect with
android mobile to router directly without need any type of password.
The algorithm of wps default (zaochensung) SOME of the routers, you can receive
the WPA WPA2 WEP set to the router.

Open the app

Tap on the wifi you wanna hack

Try every pin one by one in the app and try to hack wifi
password

After that app will
try to brute force and if it succeeded then You have successfully hacked wi-fi
via WPS. If some problem came in that process. Ask us in Comment Section.

Conlusion:

This wifi hacking Android apps works in rooted
and without rooted android mobile. So you can easily hack wifi password from your android phone without rooting your
android phone with
this app.

Source

This guide may not exactly be relevant to this blog, but as an exercise in getting familiar with Linux, I’ll post it anyways. Here are a few disclaimers-

1. Don’t follow this guide for compiling linux kernel, there are much better guides out there for that purpose (this is the one I followed). The guide exists to help you learn some new stuff which you didn’t know before, and to improve your understanding of Linux a bit.
2. My knowledge of Linux and operating systems, in general, is somewhat limited, and hence, some things might be wrong (or at least not perfectly correct).
3. The main reason for writing this tutorial is because I had to submit a document showing what I did. It’s not exactly related to hacking. It just gives you some insight into linux (which I perceive is helpful).
4. Do everything on a virtual machine, and be prepared for the eventuality that you’ll break your installation completely.

Linux Kernel

Running uname -r on your machine would show you what kernel version you’re using. uname -a would give you some more details regarding that.

Every once in a while, a new

stable

kernel release is made available on

kernel.org

. At the time of writing this, the release was 4.9.8. At the same time, there is also the latest release

candidate kernel

, which is not of our interest, as it’s bleeding edge (latest features are available in the kernel, but there could be bugs and compatibility issues), and hence not stable enough for our use.

I download the tar ball for the latest kernel (a compressed archive of ~100MB size, which becomes ~600 MB upon extraction). What we get upon extraction is the source files of your linux kernel. We need to compile this to get an object file which will run our OS. To get a feel for what this means, I have a little exercise for you-

Small (and optional) exercise

We will do the following-

1. Make a folder, and move to that folder
2. Write a small c++ hello world program
3. Compile it, using make
4. Run the compiled object file.

On the terminal, run the following-

Step 1:

mkdir testing

cd testing

Step 2:

cat > code.cpp

Paste this into the terminal
#include <iostream>

int main(){

std::cout << “Hello Worldn”;
return 0;
}

After pasting this, press ctrl+d on your keyboard (ctrl+d = EOL = end of line).

If this doesn’t work, just write the above code in your favourite text editor and save as code.cpp

Step 3:

make code

Step 4:

./code

Notice how we used the make command to compile our source code and get an executable. Also, notice how the make command itself executed this command for us-

g++ code.cpp -o code

In our case, since there was only one source file, make knew what to do (just compile the single file). However, in case there are multiple source, make can’t determine what to do.

For example, if you have 2 files, and the second one depends on the first one in some way. Then, you need the first one to be compiled before the second one. In case of the kernel, there are possibly millions of source code files, and how they get compiled is a very complex process.

If you navigate to the folder containing linux kernel (the folder where you extracted the tar ball), you’ll get an idea of the sheer magnitude of complexity behind a kernel. For example, open the Makefile file in that folder in your favourite text and editor and see the contents of the folder. Makefile contains instructions which make (the command line tool we used earlier) uses to determine how to compile the source files in that directory (and subdirectories).

Some tools

Compiling our simple c++ program didn’t need much, and your linux distribution (I’m using Ubuntu 16 for this tutorial) would come with the required tools pre-installed. However, compiling kernel needs some more stuff, and you’ll need to install the required tools. For me, this command installed everything that was needed-

sudo apt-get install libncurses5-dev gcc make git exuberant-ctags bc libssl-dev

Many of these tools would actually be pre-installed, so downloading and installing this won’t take too long.

(if you’re not on Ubuntu/Kali, then refer to this guide, as it has instruction for Red Hat based and SUSE based systems as well)

Download kernel

In the guide that I followed, he suggested that I clone this repository-

git clone git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git

After cloning the repo, I had to choose the latest stable kernel and then proceed further with it. This would be useful when you want to keep pulling updates and recompiling your kernel. However, for the purpose of this tutorial, let’s ignore this possibility (because cloning the git repo took a lot of time and the downloaded file was huge and everything was taking forever).

Instead, we just download and extract the tarball (as discussed earlier in the Linux Kernel section).

Configuration

Here, we have two options.

1. Use a default configuration
2. Use the configuration of your current kernel (on which your OS is running right now).

As in downloading the kernel step, I tried both methods, and for me, the default one worked better. Anyways, for current configuration, run the following-

cp /boot/config-`uname -r`* .config

This copies the configuration for your current kernel to a file in the current folder. So, before running this command, navigate to the folder containing the extracted tarball. For me, it was /home/me/Download/linux-4.9.8

For default config (recommended), run

make defconfig

If you don’t see a config file, don’t worry. In linux, files/directories starting with . are hidden. On your terminal, type vi .config (replace vi with your favourite text editor) and you can see the config file.

Compiling

Similar to the way you compiled your c++ program, you can compile the kernel. In case of c++ program, we didn’t have any Makefile, so we had to specify the name of the source file (make code), however, since we have a Makefile here, we can simply type make, and our Makefile and .config file (and probably many more files) will tell make what to do. Note that the config file contains the options which were chosen for your current kernel. However, on a later kernel, there might be some choices which weren’t available in the the previous kernel (the one you’re using). In that case, make will ask you what to do (you’ll get to choose between option – yes and no, or options – 1,2,3,4,5,6, etc.). Pressing enter chooses the default option. Again, I suggest you use the default configuration file to avoid any issues.

To summarise, simply run this command-

make

If you have multiple cores, then specify it as an argument (compilation will be faster). For example, if you have two cores, run make -j2

If you have 4 cores, run make -j4


Now, you can do something else for a while. Compilation will take some time. When it’s finished, follow the remaining steps.

Installation

Simply run this command-

sudo make modules_install install

Fixing grub

There are following things that need to be changed in the /etc/default/grub file. Open this file as sudo, with your favourite text editor, and do the following.

1. Remove GRUB_HIDDEN_TIMEOUT_QUIET line from the file.
2. Change GRUB_DEFAULT to 10 from 0

This is how my file looks after being edited.

What these changes do is-

1. Grub menu for choosing OS to boot from is hidden by default in Ubuntu, it changes that to visible.
2. The menu shows up for 0secs, before choosing the default option. It changes it to 10 secs, so we get a chance to choose which OS to boot from.

After all this, just run the command to apply the changes.

sudo update-grub2

Now restart the machine.

Did it work?

If it worked, then you’ll ideally see something like this upon restart –

In advanced options, you’ll see two kernels. If you did everything perfectly, and no drivers issues are there, then your new kernel will boot up properly (4.9.8 for me). If you did everything reasonably well, and didn’t mess things up too bad, then at least your original kernel should work, if not the new one. If you messed things up completely, then the new kernel won’t work, nor would the old kernel (which was working fine to begin with). In my case, in the first trial, my new kernel wasn’t working. In the second trial, both kernels were working.

Once you have logged in to your new kernel, just do a uname -r and see the version, and give yourself a pat on the back if it is the kernel version you tried to download.

I did give myself a pat on the back

If your new kernel is not working, then either go through the steps and see if you did something wrong, or compare with this guide and see if I wrote something wrong. If it’s none of these, then try the other methods (default config instead of current kernel config, and vice versa). If that too doesn’t work, try out some other guides. The purpose of the guide, as explained already, isn’t to teach you how to compile linux kernel, but to improve your understanding, and I hope I succeeded in that.

Removing the kernel (optional and untidy section)

The

accepted answer here

is all you need. I’m gonna write it here anyways. Note that I’m writing this from memory, so some things may be a bit off. Follow the AskUbuntu answer to be sure.

Remove the following (this is correct)-

/boot/vmlinuz*KERNEL-VERSION*
/boot/initrd*KERNEL-VERSION*
/boot/System-map*KERNEL-VERSION*
/boot/config-*KERNEL-VERSION*
/lib/modules/*KERNEL-VERSION*/
/var/lib/initramfs/*KERNEL-VERSION*/

For me, Kernel version is 4.9.8. I don’t remember exactly what commands I typed, and am too lazy to check them again, but I think these would work (no guarantee).

cd /boot/

rm *4.9.8*

cd /lib/module

rm *4.9.8*

cd /var/lib/initramfs

rm *4.9.8*

Also, I have a faint recollection that the name of the initramfs folder was something a bit different in my case (not sure).

Kthnxbye

Source

by
sk
·
October 5, 2018

‘,
enableHover: false,
enableTracking: true,
buttons: { twitter: },
click: function(api, options){
api.simulateClick();
api.openPopup(‘twitter’);
}
});
$(‘#facebook’).sharrre({
share: {
facebook: true
},
template: ‘

‘,
enableHover: false,
enableTracking: true,
buttons:,
click: function(api, options){
api.simulateClick();
api.openPopup(‘facebook’);
}
});
$(‘#googleplus’).sharrre({
share: {
googlePlus: true
},
template: ‘

‘,
enableHover: false,
enableTracking: true,
buttons:,
urlCurl: ‘https://www.ostechnix.com/wp-content/themes/hueman-pro/addons/assets/front/js/sharrre.php’,
click: function(api, options){
api.simulateClick();
api.openPopup(‘googlePlus’);
}
});
$(‘#linkedin’).sharrre({
share: {
linkedin: true
},
template: ‘

‘,
enableHover: false,
enableTracking: true,
buttons: {
linkedin: {
description: ‘Dbxfs – Mount Dropbox Folder Locally As Virtual File System In Linux’,media: ‘https://www.ostechnix.com/wp-content/uploads/2018/10/dbxfs.png’ }
},
click: function(api, options){
api.simulateClick();
api.openPopup(‘linkedin’);
}
});


// Scrollable sharrre bar, contributed by Erik Frye. Awesome!
var $_shareContainer = $(“.sharrre-container”),
$_header = $(‘#header’),
$_postEntry = $(‘.entry’),
$window = $(window),
startSharePosition = $_shareContainer.offset(),//object
contentBottom = $_postEntry.offset().top + $_postEntry.outerHeight(),
topOfTemplate = $_header.offset().top,
topSpacing = _setTopSpacing();

//triggered on scroll
shareScroll = function(){
var scrollTop = $window.scrollTop() + topOfTemplate,
stopLocation = contentBottom – ($_shareContainer.outerHeight() + topSpacing);

$_shareContainer.css();

if( scrollTop > stopLocation ){
$_shareContainer.css( { position:’relative’ } );
$_shareContainer.offset(
{
top: contentBottom – $_shareContainer.outerHeight(),
left: startSharePosition.left,
}
);
}
else if (scrollTop >= $_postEntry.offset().top – topSpacing){
$_shareContainer.css( { position:’fixed’,top: ‘100px’ } );
$_shareContainer.offset(
{
//top: scrollTop + topSpacing,
left: startSharePosition.left,
}
);
} else if (scrollTop 1024 ) {
topSpacing = distanceFromTop + $(‘.nav-wrap’).outerHeight();
} else {
topSpacing = distanceFromTop;
}
return topSpacing;
}

//setup event listeners
$window.scroll( _.throttle( function() {
if ( $window.width() > 719 ) {
shareScroll();
} else {
$_shareContainer.css({
top:”,
left:”,
position:”
})
}
}, 50 ) );
$window.resize( _.debounce( function() {
if ( $window.width() > 719 ) {
shareMove();
} else {
$_shareContainer.css({
top:”,
left:”,
position:”
})
}
}, 50 ) );

});

Source

by
sk
·
Published October 8, 2018
· Updated October 9, 2018

‘,
enableHover: false,
enableTracking: true,
buttons: { twitter: },
click: function(api, options){
api.simulateClick();
api.openPopup(‘twitter’);
}
});
$(‘#facebook’).sharrre({
share: {
facebook: true
},
template: ‘

‘,
enableHover: false,
enableTracking: true,
buttons:,
click: function(api, options){
api.simulateClick();
api.openPopup(‘facebook’);
}
});
$(‘#googleplus’).sharrre({
share: {
googlePlus: true
},
template: ‘

‘,
enableHover: false,
enableTracking: true,
buttons:,
urlCurl: ‘https://www.ostechnix.com/wp-content/themes/hueman-pro/addons/assets/front/js/sharrre.php’,
click: function(api, options){
api.simulateClick();
api.openPopup(‘googlePlus’);
}
});
$(‘#linkedin’).sharrre({
share: {
linkedin: true
},
template: ‘

‘,
enableHover: false,
enableTracking: true,
buttons: {
linkedin: {
description: ‘Good Alternatives To Man Pages Every Linux User Needs To Know’,media: ‘https://www.ostechnix.com/wp-content/uploads/2017/10/Alternatives-To-Man-Pages-1.jpg’ }
},
click: function(api, options){
api.simulateClick();
api.openPopup(‘linkedin’);
}
});


// Scrollable sharrre bar, contributed by Erik Frye. Awesome!
var $_shareContainer = $(“.sharrre-container”),
$_header = $(‘#header’),
$_postEntry = $(‘.entry’),
$window = $(window),
startSharePosition = $_shareContainer.offset(),//object
contentBottom = $_postEntry.offset().top + $_postEntry.outerHeight(),
topOfTemplate = $_header.offset().top,
topSpacing = _setTopSpacing();

//triggered on scroll
shareScroll = function(){
var scrollTop = $window.scrollTop() + topOfTemplate,
stopLocation = contentBottom – ($_shareContainer.outerHeight() + topSpacing);

$_shareContainer.css();

if( scrollTop > stopLocation ){
$_shareContainer.css( { position:’relative’ } );
$_shareContainer.offset(
{
top: contentBottom – $_shareContainer.outerHeight(),
left: startSharePosition.left,
}
);
}
else if (scrollTop >= $_postEntry.offset().top – topSpacing){
$_shareContainer.css( { position:’fixed’,top: ‘100px’ } );
$_shareContainer.offset(
{
//top: scrollTop + topSpacing,
left: startSharePosition.left,
}
);
} else if (scrollTop 1024 ) {
topSpacing = distanceFromTop + $(‘.nav-wrap’).outerHeight();
} else {
topSpacing = distanceFromTop;
}
return topSpacing;
}

//setup event listeners
$window.scroll( _.throttle( function() {
if ( $window.width() > 719 ) {
shareScroll();
} else {
$_shareContainer.css({
top:”,
left:”,
position:”
})
}
}, 50 ) );
$window.resize( _.debounce( function() {
if ( $window.width() > 719 ) {
shareMove();
} else {
$_shareContainer.css({
top:”,
left:”,
position:”
})
}
}, 50 ) );

});

Source

For those after their next RPG fix, the monster taming game Siralim 3 [Official Site] is now officially out with Linux support as it has left Early Access.

While not the most graphically pleasing, the Siralim series do always have a really good amount of depth in them allowing you a ridiculous amount of fun.

For those who feel like they “gotta catch ’em all”, Siralim 3 has over 700 creatures to collect and breed along with special variants with different colours which are rare to find. Creatures have their own lore too, so you can learn a little about your new friends. You can customise your creatures quite a bit too, with “Spell Gems” to use new spells and further change those by enchanting them. There’s over 300 of these gems to find, with an additional 20 different properties to add so you can build a pretty unique team.

There’s randomly generated dungeons to explore, no level cap with new features introduced as you progress even past 100 hours according to what the developer said. There’s super-bosses to deal with, arena battles and all sorts to keep you entertained. There’s plenty of other features and items to collect as you progress through the game, along with new features to come after release.

It even has asynchronous player-versus-player battles, so you can truly test your monster squad again others which is pretty awesome, this mode allows you to earn special items too.

If you want to know what’s different compared with the previous game, the developer put up an FAQ here.

Find it on Steam.

Source

BeastNode offers high-quality Minecraft web hosting with great 24/7 support, as well as VPS hosting. Use these tested and valid promo codes to get a discount.

Beast Node Promo Code: Get 15% Off For Life – Minecraft Premium Hosting Plans

If that^ promo code doesn’t work, try any of these:

Beast Node Promo Code: Get a Recurring 10% Discount for VPS Hosting Plans

Beast Node Promo Code: Get a 5% Lifetime Discount for Minecraft Hosting

If that^ coupon doesn’t work, try this one:

Get a discount when using a longer billing cycle at BeastNode – no promo code needed

How to use the BeastNode promo code?

1. Get the promo code from this post.
2. Visit https://www.beastnode.com
3. Choose the best BeastNode hosting plan for you.
4. Configure the plan details
5. Go to checkout preview.
6. Add the promo code from step 1.
7. And that’s it. You’ve used a promo code at BeastNode to get a discount!

Source