Friday, 12 October 2012

Pinkie Pie Wins $60K In Pwnium2

The teenage hacker who goes by the handle "Pinkie Pie" once again successfully exploited the google chrome browser in the Pwnium 2 event held in HITB2012 conference in Kuala Luampur. With the goal to reward the exceptional vulnerability researchers, Google Chromium team had started Pwnium earlier this year and this is the second installment of Pwnium.

Google software engineer Chris Evans writes in a blog post:

" We’re happy to confirm that we received a valid exploit from returning pwner, Pinkie Pie. This pwn relies on a WebKit Scalable Vector Graphics (SVG) compromise to exploit the renderer process and a second bug in the IPC layer to escape the Chrome sandbox. Since this exploit depends entirely on bugs within Chrome to achieve code execution, it qualifies for our highest award level as a “full Chrome exploit,” a $60,000 prize and free Chromebook. "

Chromium team has already released the patched and updated google chrome in less than 10 hours after the exploit was confirmed. The Stable channel has been updated to 22.0.1229.94 for Windows, Mac, and Linux which contains the fix for the security exploit discovered by Pinkie Pie


Read more...

Wednesday, 3 October 2012

Keccak Wins The SHA-3 Competition

After five years of competition, National Institute of Standards and Technology (NIST) has announced the winner of SHA-3 competition. The Keccak has been selected as the standard for SHA-3 algorithm among the 64 entries made for SHA-3 cryptographic algorithm announced by NIST back in November 2, 2007.

After three rounds of competitions, the finalists were five hash algorithms. On December 9, 2010, NIST announced five third-round candidates – BLAKE, Grøstl, JH, Keccak and Skein, to enter the final round of the competition. And, the winner is Keccak.

Keccak was designed by a team of cryptographers from Belgium and Italy, they are:

  • Guido Bertoni (Italy) of STMicroelectronics,
  • Joan Daemen (Belgium) of STMicroelectronics,
  • Michaël Peeters (Belgium) of NXP Semiconductors,
  • Gilles Van Assche (Belgium) of STMicroelectronics.


The NIST team praised the Keccak algorithm for its many admirable qualities, including its elegant design and its ability to run well on many different computing devices. The clarity of Keccak’s construction lends itself to easy analysis, and Keccak has higher performance in hardware implementations than SHA-2 or any of the other finalists.

Keccak has the added advantage of not being vulnerable in the same ways SHA-2 might be,” says NIST computer security expert Tim Polk. “An attack that could work on SHA-2 most likely would not work on Keccak because the two algorithms are designed so differently.

Though SHA-2 is still considered to be still secure enough for general usage, SHA-3 is thought to provide a new security tool for system and protocol designers, and that may create opportunities for security in networks that did not exist before.

If you are interested in quick summary about the pseudocode of Keccak, you can read the summary of Keccak.


Read more...

Tuesday, 2 October 2012

Binary, Hex, Octal and Decimal Conversion Under Linux

Base conversions are easy with linux CLI. No need of fancy GUI-based calculator to perform base conversions when there is our favorite linux terminal.

We will be using bc, a calculator language that supports arbitrary precision numbers with interactive execution of statements. We will exploit the pipelining feature of shell and will let the bc process our query to convert the numbers from one base to other.

From binary to decimal

The syntax is obvious and we will follow the similar syntax for all the conversions. In this first example, we are converting the binary number 1101101 from input base binary to decimal(obase defaults to decimal unless specified).

samar@samar-Techgaun:~$ echo "ibase=2;1101101" | bc
109


From octal to decimal

samar@samar-Techgaun:~$ echo "ibase=8;1101101" | bc
295489


From Hexadecimal to decimal

samar@samar-Techgaun:~$ echo "ibase=16;A1F3DF" | bc
10613727


From N-base to decimal

All you need to do is provide the appropriate ibase value (eg. ibase=4 for 4-base to decimal conversion).

samar@samar-Techgaun:~$ echo "ibase=16;A1F3DF" | bc
10613727


As seen in all the examples above, the conversion to decimal numbers does not require you to specify the obase as obase defaults to decimal. The same thing applies for ibase i.e. ibase defaults to decimal base by default as seen in the examples below.

Now lets try some conversion with decimal numbers as the input base.

From decimal to binary

samar@samar-Techgaun:~$ echo "obase=2;109" | bc
1101101


From decimal to octal

samar@samar-Techgaun:~$ echo "obase=8;295489" | bc
1101101


From decimal to hexadecimal

samar@samar-Techgaun:~$ echo "obase=16;10613727" | bc
A1F3DF


From decimal to N-base

All you need to do is provide the appropriate obase value (eg. obase=4 for decimal to 4-base conversion).

samar@samar-Techgaun:~$ echo "obase=4;121" | bc
1321


Below are few more examples of base conversions to clarify the use of the command.

From binary to octal

samar@samar-Techgaun:~$ echo "ibase=2;obase=8;1111" | bc
17


From hexadecimal to binary

samar@samar-Techgaun:~$ echo "ibase=16;obase=2;AFBE" | bc
1010111110111110


I hope this is helpful ;-)


Read more...

Friday, 28 September 2012

Mozilla Announces First Beta Release Of Persona

Persona is finally ready for use. Today, Mozilla is going to announce the first public beta release of Persona, a login management system that eliminates per-site passwords in websites while being safe, secure and easy to use. Mozilla Persona is a completely decentralized and secure authentication system for the web based on the open BrowserID protocol. To get started with Mozilla Persona, you'll have to signup here. FYI, Persona was first introduced as BrowserID.

Persona is now ready to use for authentication and will be available from today to the public as the first beta release. It works in all major smartphone, tablet, and desktop browsers and the user experience has been thoroughly reviewed and polished.

Available in more than 25 languages, Persona does not need any API keys and it will always remain free. Persona is an open source project and you can easily use persona with your site. Persona is safe, secure, and built on top of public key cryptography. Instead of a password, the user's browser generates a cryptographic "identity assertion" that expires after a few minutes and is only valid on a single site. Because there are no site-specific passwords, websites using Persona don't have to worry about securely storing or potentially losing a password database.

The sites such as OpenPhoto and Times Crossword are already using Mozilla Persona in their websites.



Persona is built upon BrowserID protocol. Once popular browser vendors implement BrowserID, they will no longer need to rely on Mozilla to log in. You can easily integrate Persona in few minutes. Persona is already getting integrated in different applications.

Lets see how successful will be Mozilla Persona, its success depends upon the adoption by websites and applications and then the subsequent use by the users.

Want to read more?

Announcing the Beta release of Persona

Mozilla Persona Documentation

New API for Persona


Read more...

Ubuntu 12.10 Beta 2 Released

The ubuntu developers have just released the Beta 2 of Ubuntu 12.10 Quantal Quetzal which gives the preview of the next version of ubuntu. The final ubuntu 12.10 release is scheduled for 18th October this year. The Beta 2 release is intended to give the preview of how the final release of Quantal Quetzal will be like. The previous beta 1 release was released on 6th September.



As always, Ubuntu has chosen the Quetzal as codename for Ubuntu 12.10. According to Wikipedia, Quetzals are strikingly colored birds in the trogon family. They are found in forests and woodlands, especially in humid highlands, with the five species from the genus Pharomachrus being exclusively Neotropical, while the single Euptilotis species is almost entirely restricted to western Mexico.

Like we heard earlier, Ubuntu 12.10 releases are no longer available as Live CD.

Download Quantal Quetzal 12.10 Beta 2 Release


Read more...

Thursday, 27 September 2012

GNOME 3.6 Released

The GNOME project has released its third update v. 3.6 to its 3.X series. This latest version of GNOME 3 includes a number of new features and enhancements, as well as many bug fixes and minor improvements. Together, they represent a significant upgrade to the GNOME 3 user experience.

Andreas Nilsson, President of the GNOME Foundation, said: “The GNOME Foundation is proud to present this latest GNOME release, and I would like to congratulate the GNOME community on its achievement.” He described the release as “an important milestone in our mission to bring a free and open computing environment to everyone.

Highlights for this release include:
  • Big improvements to notifications, including a redesigned Message Tray, smarter notifications, and other tweaks and refinements.
  • An enhanced Activities Overview with an improved layout.
  • A greatly enhanced Files application, with functional file search, a new Recent location, redesigned interface and lots of bug fixes and handy new features.
  • Integrated Input Sources, which makes inputting different character sets (eg. Japanese or Chinese) fast and easy.
  • Accessibility on demand, meaning that universal access features like the Orca screen reader can be enabled with the push of a button.
  • A new Lock Screen. This provides an attractive view when the device is locked, plus handy functionality like media controls and notifications.
Wanna read more?

GNOME 3.6 Released: Evolution in the making

GNOME 3.6 Release Notes

Getting GNOME


Read more...

Saturday, 15 September 2012

Things To Do On The Ocassion Of Software Freedom Day

If you are FOSS enthusiast then you are possibly seeking for some ideas to celebrate Software Freedom Day in different way. I have come up with some ideas I could think of doing on the ocassion of software freedom day today.

Software Freedom Day (SFD) is annually celebrated on the third saturday of September with the aim of increasing awareness of Free Software and its virtues, and encouraging its use. SFD was first observed in 28th of August back in 2004 and since 2006, it is observed on the 3rd saturday of september. Software Freedom International acts as the central legal body for organizing software freedom day and each local team is responsible for organizing the local chapters of Software Freedom Day.

Software Freedom Day is not just about attending an event that is organized locally in your area. Rather, you can do anything that hits your mind to celebrate software freedom day. Below are some of the ideas in my mind.

  • Attend local SFD events
  • You can attend the local SFD events being organized today. You can find the local events through SFD 2012 events map. Locate the nearby event and attend it. Maybe you will find someone to discuss with :)

  • Listen to the SFD and other FOSS songs
  • Download the SFD song or FSF song on your favorite music gadget and listen to them the whole day. You can also listen the musics at MUSOpen.org.

  • Listen to the free audio and video speeches from FSF and GNU
  • You can listen to several audio and video speeches related to the free software foundation and GNU movements which are available at audio-video.gnu.org. Quite a good way to pass the time while getting to know about FSF, GNU and related events.

  • Watch some open source movies and documentaries
  • You can download and watch the open-source or free-content films for time pass. You can also watch the movies and documentaries. Some of them are Revolution OS, Freedom Fry, The Codebreakers, Code Rush, Still This 1, Still This 2, The Code, Arduino documentary and few others you can find on net. If you got any suggestions, do drop them as comments.

  • Run an install fest anywhere possible
  • You could run the installation fest and help your friends and relatives install different linux distros. It can be anywhere. I mean anywhere. You can do it in your own home, in your school, and in your office. After all, its fun to motivate your friends and relatives to use open source softwares if they are not already using them. Literate the people who are around you. Believe me its fun.

  • Try finding bug on some open source softwares
  • Grab some open source softwares; it can be desktop app or web app. Try finding bugs or errors in them and report them. You have just helped to improve one of the open source softwares and your contribution will be counted for sure :). If you are geek enough, try finding some critical bugs and vulnerabilities. It can be kind of tough and challenging task but its always fun to do so.

  • Do some blogging about software freedom and free and open source softwares
  • If you got your own blog or website, make some entries related to software freedom. You could include the event you just visited or you could discuss about the free and open source softwares available in the market. If you don't have blog already, start today. Its a good day itself to start blogging on open source softwares.

  • Write some code snippets and useful little softwares
  • If you are a good programmer, why not write and distribute the small software projects by today itself. You could do small stuffs like command line file transfer app, nepali calendar or anything you can think of. Try to develop some local software that will be useful for you and your community.

  • Join any beginner IRC channel and help the beginners
  • Search for some IRC channels in freenode or other networks and try helping the beginners. You can preferably choose the IRC channels related to linux, programming, hacking, and open source softwares and then dedicate some hours of your day to help other people.

  • Donate some amount to your favorite open source softwares
  • Got some bucks to spare? Why not donate some amount to your favorite open source software. This can be very motivating to the developers of open source softwares.

Any other idea that hits your mind? Share as the comment :)

And at last, happy software freedom day to all the freedom lovers :)


Read more...

Friday, 14 September 2012

How To Find The Location Of Command In Linux

Sometimes you need to find the pathnames or locations of commands you use frequently. In this post, I am going to discuss two useful commands that are useful for locating Linux commands.

The first command to locate the Linux commands is which. This command returns the pathnames of the files or links. However, it does not follow the symbolic links.

samar@Techgaun:~$ which bash
/bin/bash

You can also find the pathnames of multiple commands at once using which command.

samar@Techgaun:~$ which -a bash cat ls iftop
/bin/bash
/bin/cat
/bin/ls
/usr/sbin/iftop

The other command is type command which is useful to determine if a command is an alias, a built-in command or an independent command.

samar@Techgaun:~$ type gedit
gedit is /usr/bin/gedit
samar@Techgaun:~$ type grep
grep is aliased to `grep --color=auto'
samar@Techgaun:~$ type -t iftop
file

You can play more with the type command. I hope this helps :)


Read more...