Friday, 12 October 2012
Pinkie Pie Wins $60K In Pwnium2
The teenage hacker who goes by the handle "Pinkie Pie" once again successfully exploited the google chrome browser in the Pwnium 2 event held in HITB2012 conference in Kuala Luampur.
With the goal to reward the exceptional vulnerability researchers, Google Chromium team had started Pwnium earlier this year and this is the second installment of Pwnium.
Google software engineer Chris Evans writes in a blog post:
" We’re happy to confirm that we received a valid exploit from returning pwner, Pinkie Pie. This pwn relies on a WebKit Scalable Vector Graphics (SVG) compromise to exploit the renderer process and a second bug in the IPC layer to escape the Chrome sandbox. Since this exploit depends entirely on bugs within Chrome to achieve code execution, it qualifies for our highest award level as a “full Chrome exploit,” a $60,000 prize and free Chromebook. "
Chromium team has already released the patched and updated google chrome in less than 10 hours after the exploit was confirmed. The Stable channel has been updated to 22.0.1229.94 for Windows, Mac, and Linux which contains the fix for the security exploit discovered by Pinkie Pie
Read more...
Google software engineer Chris Evans writes in a blog post:
" We’re happy to confirm that we received a valid exploit from returning pwner, Pinkie Pie. This pwn relies on a WebKit Scalable Vector Graphics (SVG) compromise to exploit the renderer process and a second bug in the IPC layer to escape the Chrome sandbox. Since this exploit depends entirely on bugs within Chrome to achieve code execution, it qualifies for our highest award level as a “full Chrome exploit,” a $60,000 prize and free Chromebook. "
Chromium team has already released the patched and updated google chrome in less than 10 hours after the exploit was confirmed. The Stable channel has been updated to 22.0.1229.94 for Windows, Mac, and Linux which contains the fix for the security exploit discovered by Pinkie Pie
Read more...
Pinkie Pie Wins $60K In Pwnium2
2012-10-12T08:02:00+05:45
Cool Samar
hacking|news|
Comments
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Wednesday, 3 October 2012
Keccak Wins The SHA-3 Competition
After five years of competition, National Institute of Standards and Technology (NIST) has announced the winner of SHA-3 competition. The Keccak has been selected as the standard for SHA-3 algorithm among the 64 entries made for SHA-3 cryptographic algorithm announced by NIST back in November 2, 2007.
After three rounds of competitions, the finalists were five hash algorithms. On December 9, 2010, NIST announced five third-round candidates – BLAKE, Grøstl, JH, Keccak and Skein, to enter the final round of the competition. And, the winner is Keccak.
Keccak was designed by a team of cryptographers from Belgium and Italy, they are:
The NIST team praised the Keccak algorithm for its many admirable qualities, including its elegant design and its ability to run well on many different computing devices. The clarity of Keccak’s construction lends itself to easy analysis, and Keccak has higher performance in hardware implementations than SHA-2 or any of the other finalists.
“Keccak has the added advantage of not being vulnerable in the same ways SHA-2 might be,” says NIST computer security expert Tim Polk. “An attack that could work on SHA-2 most likely would not work on Keccak because the two algorithms are designed so differently.”
Though SHA-2 is still considered to be still secure enough for general usage, SHA-3 is thought to provide a new security tool for system and protocol designers, and that may create opportunities for security in networks that did not exist before.
If you are interested in quick summary about the pseudocode of Keccak, you can read the summary of Keccak.
Read more...
After three rounds of competitions, the finalists were five hash algorithms. On December 9, 2010, NIST announced five third-round candidates – BLAKE, Grøstl, JH, Keccak and Skein, to enter the final round of the competition. And, the winner is Keccak.
Keccak was designed by a team of cryptographers from Belgium and Italy, they are:
- Guido Bertoni (Italy) of STMicroelectronics,
- Joan Daemen (Belgium) of STMicroelectronics,
- Michaël Peeters (Belgium) of NXP Semiconductors,
- Gilles Van Assche (Belgium) of STMicroelectronics.
The NIST team praised the Keccak algorithm for its many admirable qualities, including its elegant design and its ability to run well on many different computing devices. The clarity of Keccak’s construction lends itself to easy analysis, and Keccak has higher performance in hardware implementations than SHA-2 or any of the other finalists.
“Keccak has the added advantage of not being vulnerable in the same ways SHA-2 might be,” says NIST computer security expert Tim Polk. “An attack that could work on SHA-2 most likely would not work on Keccak because the two algorithms are designed so differently.”
Though SHA-2 is still considered to be still secure enough for general usage, SHA-3 is thought to provide a new security tool for system and protocol designers, and that may create opportunities for security in networks that did not exist before.
If you are interested in quick summary about the pseudocode of Keccak, you can read the summary of Keccak.
Read more...
Keccak Wins The SHA-3 Competition
2012-10-03T22:19:00+05:45
Cool Samar
encryption|news|
Comments
Labels:
encryption,
news
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Tuesday, 2 October 2012
Binary, Hex, Octal and Decimal Conversion Under Linux
Base conversions are easy with linux CLI. No need of fancy GUI-based calculator to perform base conversions when there is our favorite linux terminal.
We will be using bc, a calculator language that supports arbitrary precision numbers with interactive execution of statements. We will exploit the pipelining feature of shell and will let the bc process our query to convert the numbers from one base to other.
As seen in all the examples above, the conversion to decimal numbers does not require you to specify the obase as obase defaults to decimal. The same thing applies for ibase i.e. ibase defaults to decimal base by default as seen in the examples below.
Now lets try some conversion with decimal numbers as the input base.
Below are few more examples of base conversions to clarify the use of the command.
I hope this is helpful ;-)
Read more...
We will be using bc, a calculator language that supports arbitrary precision numbers with interactive execution of statements. We will exploit the pipelining feature of shell and will let the bc process our query to convert the numbers from one base to other.
From binary to decimal
The syntax is obvious and we will follow the similar syntax for all the conversions. In this first example, we are converting the binary number 1101101 from input base binary to decimal(obase defaults to decimal unless specified).
samar@samar-Techgaun:~$ echo "ibase=2;1101101" | bc
109
109
From octal to decimal
samar@samar-Techgaun:~$ echo "ibase=8;1101101" | bc
295489
295489
From Hexadecimal to decimal
samar@samar-Techgaun:~$ echo "ibase=16;A1F3DF" | bc
10613727
10613727
From N-base to decimal
All you need to do is provide the appropriate ibase value (eg. ibase=4 for 4-base to decimal conversion).
samar@samar-Techgaun:~$ echo "ibase=16;A1F3DF" | bc
10613727
10613727
As seen in all the examples above, the conversion to decimal numbers does not require you to specify the obase as obase defaults to decimal. The same thing applies for ibase i.e. ibase defaults to decimal base by default as seen in the examples below.
Now lets try some conversion with decimal numbers as the input base.
From decimal to binary
samar@samar-Techgaun:~$ echo "obase=2;109" | bc
1101101
1101101
From decimal to octal
samar@samar-Techgaun:~$ echo "obase=8;295489" | bc
1101101
1101101
From decimal to hexadecimal
samar@samar-Techgaun:~$ echo "obase=16;10613727" | bc
A1F3DF
A1F3DF
From decimal to N-base
All you need to do is provide the appropriate obase value (eg. obase=4 for decimal to 4-base conversion).
samar@samar-Techgaun:~$ echo "obase=4;121" | bc
1321
1321
Below are few more examples of base conversions to clarify the use of the command.
From binary to octal
samar@samar-Techgaun:~$ echo "ibase=2;obase=8;1111" | bc
17
17
From hexadecimal to binary
samar@samar-Techgaun:~$ echo "ibase=16;obase=2;AFBE" | bc
1010111110111110
1010111110111110
I hope this is helpful ;-)
Read more...
Binary, Hex, Octal and Decimal Conversion Under Linux
2012-10-02T22:12:00+05:45
Cool Samar
command line|linux|mathematics|tricks and tips|ubuntu|
Comments
Labels:
command line,
linux,
mathematics,
tricks and tips,
ubuntu
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Friday, 28 September 2012
Mozilla Announces First Beta Release Of Persona
Persona is finally ready for use. Today, Mozilla is going to announce the first public beta release of Persona, a login management system that eliminates per-site passwords in websites while being safe, secure and easy to use.
Mozilla Persona is a completely decentralized and secure authentication system for the web based on the open BrowserID protocol. To get started with Mozilla Persona, you'll have to signup here. FYI, Persona was first introduced as BrowserID.
Persona is now ready to use for authentication and will be available from today to the public as the first beta release. It works in all major smartphone, tablet, and desktop browsers and the user experience has been thoroughly reviewed and polished.
Available in more than 25 languages, Persona does not need any API keys and it will always remain free. Persona is an open source project and you can easily use persona with your site. Persona is safe, secure, and built on top of public key cryptography. Instead of a password, the user's browser generates a cryptographic "identity assertion" that expires after a few minutes and is only valid on a single site. Because there are no site-specific passwords, websites using Persona don't have to worry about securely storing or potentially losing a password database.
The sites such as OpenPhoto and Times Crossword are already using Mozilla Persona in their websites.
Persona is built upon BrowserID protocol. Once popular browser vendors implement BrowserID, they will no longer need to rely on Mozilla to log in. You can easily integrate Persona in few minutes. Persona is already getting integrated in different applications.
Lets see how successful will be Mozilla Persona, its success depends upon the adoption by websites and applications and then the subsequent use by the users.
Want to read more?
Announcing the Beta release of Persona
Mozilla Persona Documentation
New API for Persona
Read more...
Persona is now ready to use for authentication and will be available from today to the public as the first beta release. It works in all major smartphone, tablet, and desktop browsers and the user experience has been thoroughly reviewed and polished.
Available in more than 25 languages, Persona does not need any API keys and it will always remain free. Persona is an open source project and you can easily use persona with your site. Persona is safe, secure, and built on top of public key cryptography. Instead of a password, the user's browser generates a cryptographic "identity assertion" that expires after a few minutes and is only valid on a single site. Because there are no site-specific passwords, websites using Persona don't have to worry about securely storing or potentially losing a password database.
The sites such as OpenPhoto and Times Crossword are already using Mozilla Persona in their websites.
Persona is built upon BrowserID protocol. Once popular browser vendors implement BrowserID, they will no longer need to rely on Mozilla to log in. You can easily integrate Persona in few minutes. Persona is already getting integrated in different applications.
Lets see how successful will be Mozilla Persona, its success depends upon the adoption by websites and applications and then the subsequent use by the users.
Want to read more?
Announcing the Beta release of Persona
Mozilla Persona Documentation
New API for Persona
Read more...
Mozilla Announces First Beta Release Of Persona
2012-09-28T17:46:00+05:45
Cool Samar
mozilla firefox|news|
Comments
Labels:
mozilla firefox,
news
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Ubuntu 12.10 Beta 2 Released
The ubuntu developers have just released the Beta 2 of Ubuntu 12.10 Quantal Quetzal which gives the preview of the next version of ubuntu. The final ubuntu 12.10 release is scheduled for 18th October this year.
The Beta 2 release is intended to give the preview of how the final release of Quantal Quetzal will be like. The previous beta 1 release was released on 6th September.
As always, Ubuntu has chosen the Quetzal as codename for Ubuntu 12.10. According to Wikipedia, Quetzals are strikingly colored birds in the trogon family. They are found in forests and woodlands, especially in humid highlands, with the five species from the genus Pharomachrus being exclusively Neotropical, while the single Euptilotis species is almost entirely restricted to western Mexico.
Like we heard earlier, Ubuntu 12.10 releases are no longer available as Live CD.
Download Quantal Quetzal 12.10 Beta 2 Release
Read more...
As always, Ubuntu has chosen the Quetzal as codename for Ubuntu 12.10. According to Wikipedia, Quetzals are strikingly colored birds in the trogon family. They are found in forests and woodlands, especially in humid highlands, with the five species from the genus Pharomachrus being exclusively Neotropical, while the single Euptilotis species is almost entirely restricted to western Mexico.
Like we heard earlier, Ubuntu 12.10 releases are no longer available as Live CD.
Download Quantal Quetzal 12.10 Beta 2 Release
Read more...
Ubuntu 12.10 Beta 2 Released
2012-09-28T16:21:00+05:45
Cool Samar
news|quantal quetzal|ubuntu|ubuntu 12.10|
Comments
Labels:
news,
quantal quetzal,
ubuntu,
ubuntu 12.10
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Thursday, 27 September 2012
GNOME 3.6 Released
The GNOME project has released its third update v. 3.6 to its 3.X series. This latest version of GNOME 3 includes a number of new features and enhancements, as well as many bug fixes and minor improvements. Together, they represent a significant upgrade to the GNOME 3 user experience.
Andreas Nilsson, President of the GNOME Foundation, said: “The GNOME Foundation is proud to present this latest GNOME release, and I would like to congratulate the GNOME community on its achievement.” He described the release as “an important milestone in our mission to bring a free and open computing environment to everyone.”
Highlights for this release include:
GNOME 3.6 Released: Evolution in the making
GNOME 3.6 Release Notes
Getting GNOME
Read more...
Andreas Nilsson, President of the GNOME Foundation, said: “The GNOME Foundation is proud to present this latest GNOME release, and I would like to congratulate the GNOME community on its achievement.” He described the release as “an important milestone in our mission to bring a free and open computing environment to everyone.”
Highlights for this release include:
- Big improvements to notifications, including a redesigned Message Tray, smarter notifications, and other tweaks and refinements.
- An enhanced Activities Overview with an improved layout.
- A greatly enhanced Files application, with functional file search, a new Recent location, redesigned interface and lots of bug fixes and handy new features.
- Integrated Input Sources, which makes inputting different character sets (eg. Japanese or Chinese) fast and easy.
- Accessibility on demand, meaning that universal access features like the Orca screen reader can be enabled with the push of a button.
- A new Lock Screen. This provides an attractive view when the device is locked, plus handy functionality like media controls and notifications.
GNOME 3.6 Released: Evolution in the making
GNOME 3.6 Release Notes
Getting GNOME
Read more...
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Saturday, 15 September 2012
Things To Do On The Ocassion Of Software Freedom Day
If you are FOSS enthusiast then you are possibly seeking for some ideas to celebrate Software Freedom Day in different way. I have come up with some ideas I could think of doing on the ocassion of software freedom day today.
Software Freedom Day (SFD) is annually celebrated on the third saturday of September with the aim of increasing awareness of Free Software and its virtues, and encouraging its use. SFD was first observed in 28th of August back in 2004 and since 2006, it is observed on the 3rd saturday of september. Software Freedom International acts as the central legal body for organizing software freedom day and each local team is responsible for organizing the local chapters of Software Freedom Day.
Software Freedom Day is not just about attending an event that is organized locally in your area. Rather, you can do anything that hits your mind to celebrate software freedom day. Below are some of the ideas in my mind.
Any other idea that hits your mind? Share as the comment :)
And at last, happy software freedom day to all the freedom lovers :)
Read more...
Software Freedom Day (SFD) is annually celebrated on the third saturday of September with the aim of increasing awareness of Free Software and its virtues, and encouraging its use. SFD was first observed in 28th of August back in 2004 and since 2006, it is observed on the 3rd saturday of september. Software Freedom International acts as the central legal body for organizing software freedom day and each local team is responsible for organizing the local chapters of Software Freedom Day.
Software Freedom Day is not just about attending an event that is organized locally in your area. Rather, you can do anything that hits your mind to celebrate software freedom day. Below are some of the ideas in my mind.
- Attend local SFD events You can attend the local SFD events being organized today. You can find the local events through SFD 2012 events map. Locate the nearby event and attend it. Maybe you will find someone to discuss with :)
- Listen to the SFD and other FOSS songs Download the SFD song or FSF song on your favorite music gadget and listen to them the whole day. You can also listen the musics at MUSOpen.org.
- Listen to the free audio and video speeches from FSF and GNU You can listen to several audio and video speeches related to the free software foundation and GNU movements which are available at audio-video.gnu.org. Quite a good way to pass the time while getting to know about FSF, GNU and related events.
- Watch some open source movies and documentaries You can download and watch the open-source or free-content films for time pass. You can also watch the movies and documentaries. Some of them are Revolution OS, Freedom Fry, The Codebreakers, Code Rush, Still This 1, Still This 2, The Code, Arduino documentary and few others you can find on net. If you got any suggestions, do drop them as comments.
- Run an install fest anywhere possible You could run the installation fest and help your friends and relatives install different linux distros. It can be anywhere. I mean anywhere. You can do it in your own home, in your school, and in your office. After all, its fun to motivate your friends and relatives to use open source softwares if they are not already using them. Literate the people who are around you. Believe me its fun.
- Try finding bug on some open source softwares Grab some open source softwares; it can be desktop app or web app. Try finding bugs or errors in them and report them. You have just helped to improve one of the open source softwares and your contribution will be counted for sure :). If you are geek enough, try finding some critical bugs and vulnerabilities. It can be kind of tough and challenging task but its always fun to do so.
- Do some blogging about software freedom and free and open source softwares If you got your own blog or website, make some entries related to software freedom. You could include the event you just visited or you could discuss about the free and open source softwares available in the market. If you don't have blog already, start today. Its a good day itself to start blogging on open source softwares.
- Write some code snippets and useful little softwares If you are a good programmer, why not write and distribute the small software projects by today itself. You could do small stuffs like command line file transfer app, nepali calendar or anything you can think of. Try to develop some local software that will be useful for you and your community.
- Join any beginner IRC channel and help the beginners Search for some IRC channels in freenode or other networks and try helping the beginners. You can preferably choose the IRC channels related to linux, programming, hacking, and open source softwares and then dedicate some hours of your day to help other people.
- Donate some amount to your favorite open source softwares Got some bucks to spare? Why not donate some amount to your favorite open source software. This can be very motivating to the developers of open source softwares.
Any other idea that hits your mind? Share as the comment :)
And at last, happy software freedom day to all the freedom lovers :)
Read more...
Things To Do On The Ocassion Of Software Freedom Day
2012-09-15T15:02:00+05:45
Cool Samar
news|software freedom day|
Comments
Labels:
news,
software freedom day
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Friday, 14 September 2012
How To Find The Location Of Command In Linux
Sometimes you need to find the pathnames or locations of commands you use frequently. In this post, I am going to discuss two useful commands that are useful for locating Linux commands.
The first command to locate the Linux commands is which. This command returns the pathnames of the files or links. However, it does not follow the symbolic links.
You can also find the pathnames of multiple commands at once using which command.
The other command is type command which is useful to determine if a command is an alias, a built-in command or an independent command.
You can play more with the type command. I hope this helps :)
Read more...
The first command to locate the Linux commands is which. This command returns the pathnames of the files or links. However, it does not follow the symbolic links.
samar@Techgaun:~$ which bash
/bin/bash
/bin/bash
You can also find the pathnames of multiple commands at once using which command.
samar@Techgaun:~$ which -a bash cat ls iftop
/bin/bash
/bin/cat
/bin/ls
/usr/sbin/iftop
/bin/bash
/bin/cat
/bin/ls
/usr/sbin/iftop
The other command is type command which is useful to determine if a command is an alias, a built-in command or an independent command.
samar@Techgaun:~$ type gedit
gedit is /usr/bin/gedit
samar@Techgaun:~$ type grep
grep is aliased to `grep --color=auto'
samar@Techgaun:~$ type -t iftop
file
gedit is /usr/bin/gedit
samar@Techgaun:~$ type grep
grep is aliased to `grep --color=auto'
samar@Techgaun:~$ type -t iftop
file
You can play more with the type command. I hope this helps :)
Read more...
How To Find The Location Of Command In Linux
2012-09-14T01:05:00+05:45
Cool Samar
command line|linux|ubuntu|
Comments
Labels:
command line,
linux,
ubuntu
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Subscribe to:
Posts (Atom)