Feed cleverhans-blog [copy] http://www.cleverhans.io/feed.xml has loading error: cURL error 22: The requested URL returned error: 404
Feed Security (b)log [copy] http://securityblogru.livejournal.com/data/rss has loading error: cURL error 22: The requested URL returned error: 403 Forbidden
Qubes Air: Generalizing the Qubes Architecture
The Qubes OS project has been around for nearly 8 years now, since its original announcement back in April 2010 (and the actual origin date can be traced back to November 11th, 2009, when an initial email introducing this project was sent within ITL internally). Over these years Qubes has achieved reasonable success: according to our estimates, it has nearly 30k regular users. This could even be considered a great success given that 1) it is a new operating system, rather than an application that can be installed in the user’s favorite OS; 2) it has introduced a (radically?) new approach to managing one’s digital life (i.e. an...
DIY Portable Secrets Manager With a Raspberry Pi Zero and ARC
For the last few days I’ve been working on a new project which I developed for very specific needs and reasons:
I need to store safely (encrypted) my passwords, sensitive files, notes, etc.I need to access them from anywhere, with every possible device ( desktop, mobile, terminal ).I need those objects to be syncronized accros all my devices.I don’t want to use “the cloud”.I don’t want to pay for a server.I don’t want to enable port forwarding and host it myself with DynDNS or alikes.So I wrote ARC.
Of course there are plenty of solutions already that mostly involve the use of...
Объем утечек персональных и финансовых данных за первое полугодие 2017 вырос...в 8 раз.
Мы стараемся "держать руку на пульсе" и делаем регулярные "замеры" объемов утечек в нашей стране и в мире.
Аналитики InfoWatch готовят свежий отчет каждые полгода.
Новая аналитика за первое полугодие 2017 заслуживает внимания хотя бы одной причине: объем утечек персональных и финансовых данных вырос...в восемь раз с 1,06 млрд до 7,78 млрд записей. Напомним, что общий объем скомпрометированной в 2016 году информации в мире составлял всего около трех миллиардов записей.
Резкое увеличение объема потерянной чувствительной информации в первом полугодии 2017 года произошло в результате 20 мега-утечек (от 10 млн записей), на которые пришлось 98% пострадавших записей ПДн и финансовых данных. По...
Introducing the Next Generation Qubes Core Stack
This is the 2nd post from the “cool things coming in Qubes 4.0” series, and it discusses the next generation Qubes Core Stack version 3, which is the heart of the new Qubes 4.x releases. The previous part discussed the Admin API which we also introduced in Qubes 4.0 and which heavily relies on this new Qubes Core Stack.
Qubes Core Stack vs. Qubes OSQubes Core Stack is, as the name implies, the core component of Qubes OS. It’s the glue that connects all the other components together, and which allows users and admins to interact with and configure the system. For the record, the other components of...
This Is Not a Post About BLE, Introducing BLEAH
https://invidious.privacyredirect.com/watch?v=qbmWs6Jf5dc
This is not a post about BLE, but rather on how to hack it … well, to be honest, BLE devices are usually very easy to hack, so it’s just a quick intro to it, I’ll also take the chance to open source one of the last tools I’ve made and that I kept private so far. I moved the features I thought to be dangerous ( aka: auto fuzzing all the BLE things and bring chaos ) in a private fork which will stay private, however it’s not that complicated to chain bleah with other tools ( cough …...
Hacking a Herb Vaporizer to Set Its Temperature Limit From 190C to 6553.5C Remotely
Tonight my brain decided, instead of sleeping (why even bother trying, right?), to start a new short adventure in the Bluetooth Low Energy world. I’m a happy Crafty vaporizer owner and as I discovered by chance, I can access it using my laptop.
BTLE is conceptually easy, you’ve got “descriptors”, each one with an unique identifier and each one is arbitrarily used by the vendor for configuration purposes, control of the device, etc by read or write operations. So, first thing first, let’s reverse their mobile application in order to identify interesting descriptors!
Here it is, we can read and write stuff...
GPD Pocket 7: Impressions, GNU/Linux Installation and Offensive Setup
It’s no secret I’ve been recently playing with the GPD Pocket 7, an ultra small laptop which can run GNU/Linux and has more than decent hardware. Tablets are cool and everything, but I’ve been a fan of ultra portable Linux devices since the Sharp Zaurus series. Considering that a lot of people were interested I decided to write this post to share my impressions, installation procedure and configuration tips.
SpecsLet’s start with the hardware specs of this sweet little thing:
7-inch full-HD (1920×1200) IPS touch displayIntel Atom x7-Z8750 CPU (Quad Core) @ 1.6GHz8GB RAM128GB eMMC7,000 mAh battery (12 hours battery life estimated)802.11ac...Qubes OS 4.0-rc1 has been released!
Finally, after years of work, we’re releasing the first release candidate for Qubes 4.0!
Next Generation Qubes Core Stack for better integrationNo doubt this release marks a major milestone in Qubes OS development. The single most import undertaking which sets this release apart, is the complete rewrite of the Qubes Core Stack. We have a separate set of posts detailing the changes (Why/What/How), and the first post is planned to be released in the coming 2 weeks.
This new Core Stack allows to easily extend the Qubes Architecture in new directions, allowing us to finally build (in a clean way) lots of things we’ve wanted for years, but which...
Мы знаем, что вы сделали прошлым летом (с)
На днях стало известно о крупнейшей утечке данных избирателей в США. Пострадали 200 млн человек или 61% населения всей страны, а это, на секундочку, ни много ни мало - 80% избирателей.
База данных объемом 25 ТБ содержит имена, даты рождения, электронную почту, физические адреса, религиозные и политические пристрастия, а также расовую принадлежность. Есть там и смоделированные данные о вероятных позициях избирателя по самым «горячим» вопросам: от «насколько вероятно, что он проголосовал за Обаму в 2012 году», согласны ли они с внешней политикой Трампа «America First» до отношения к ношению оружия и запрету абортов. Мы проанализировали историю вопроса, ущерб и главное -...
Introducing the Qubes Admin API
This post starts the “cool things coming in Qubes 4.0” series and focuses on what we call the “Qubes Admin API.” This should not be confused with Qubes Salt Stack integration, which we have already introduced in Qubes 3.2.
High-level overviewLet’s start with a high-level architecture picture of how the Admin API fits into the Qubes OS architecture:
As we can see, the main concept behind the Admin API is to let select VMs preform various select administrative functions over the Qubes OS system.
If this idea scares the hell out of you, then, my dear reader, we’re on the same side. Indeed, if we’re not careful, we...