Tor trouble: Anonymizing service faces vulnerability claims
An interesting article by Devin Coldewey, a contributing writer for NBC News.
Tor, a service that helps cautious Internet users stay anonymous online, is facing increased scrutiny and potentially new attacks as the global debate on surveillance and privacy escalates. A recent paper raises new concerns: Is Tor vulnerable to the likes of the National Security Agency?
A highly publicized NSA-level hack aimed at Tor users turned out, in the end, to not breach the service at all but rather the browser its users employed. Tor, which obscures Internet traffic by bouncing it between several nodes before letting it into the open, was not implicated in that hack, but that doesn’t mean it’s invulnerable.
Earlier this year, a paper describing a potential vulnerability in the service (PDF) was posted quietly to the Internet by its author, Aaron Johnson. He explained how a combination of secretly controlled Tor nodes and access to Internet service provider infrastructure could potentially reveal the identity of many users of the service. The FBI and NSA are always looking for a way to break Tor, and have the weight to lean on ISPs, so the threat is not necessarily just hypothetical.
The specifics of the hack are quite technical, but essentially, while it’s not enough to eavesdrop either from within Tor or via the Internet infrastructure, putting them together could let an “adversary” identify users or at least draw connections between IP addresses of interest.
Read more here.
WordPress 3.7 Released
WordPress 3.7, “Basie”, has just been released. It’s been named in honor of Count Basie. The WordPress 3.7 development cycle is the quickest turnaround between major versions with just 86 days from the time it launched WordPress 3.6 back in August 1. It has been stated version 3.8 is due out in December as it will continue this plugin-led development cycle.
Some of the new features include:
- Updates: With this new version, now you need not to worry about updating the things at your end as now more sites are able to automatically apply these updates in the background, along with bringing more reliable and secure structure in hand, with dozens other new checks and safeguards.
- Stronger password recommendations: In WordPress 3.7 to avoid mistakes led by users over password selection, the content management system now better will recognize common mistakes which will lead to weaken password i.e. dates, names, keyboard patterns (123456789), and even pop culture references.
- Better global support: WordPress 3.7 adds support for automatically installing the right language files and keeping them up to date, a thing which lots of users are looking for all the time.
Other interesting features include:
Improved (more relevant) search
WordPress search has sucked for a long time. It’s not been based on relevance, but on dates. According to the primary ticket for this feature, Andrew Nacin cites the following for the new order for choosing what to return in WordPress search:
- Full sentence matches in post titles.
- All search terms in post titles.
- Any search terms in post titles.
- Full sentence matches in post content.
This enhancement solves a major pain point that nearly every WordPress user with any significant amount of content has been facing for many years.
Better global support with language packs
The new “language packs” feature in WordPress 3.7 will allow for, “faster and more complete translations.” To get started making your themes and plugins be able to use these tools, check out Samuel “Otto” Wood’s guide. Language packs will be separated from WordPress core and maintained independently from core, themes, and plugins.
Language packs are also going to be updated silently along with minor updates, so that better support for more languages can be supported quicker. Translating WordPress to more languages is a clear way for the platform to continue staggering growth. As I noted in my primer on l10n and i18n, nearly a third of all WordPress installs are non-English. But even beyond that, only about 750 million people count English as a first or second language, so most of the world that could be using WordPress would struggle mightily without a translated version.
Accessibility
Accessibility has been improved in a few locations, including keyboard accessibility improvements on list table rows and color contrasts in the default themes.
If you are interested in accessibility, there is an entire Make WordPress blog devoted to it.
Multisite
Multisite got a bit of love in 3.7. wp_get_sites is a very handy function introduced to replaced the get_blog_list function, which has long been deprecated.
Inline Docs
Inline documentation has gotten serious attention in WordPress 3.7. There is never a better place to go than to the source code, and the team behind inline docs has been knocking out tons of undocumented or poorly documented code.
New functions, classes, actions and filters
Based on the release page, six new classes have been introduced, as well as ten new methods of existing classes. Twenty two new functions are in core, two new actions (including the very nice save_post_{$post_type}), and twenty three new filters are available for your convenience.
New build tools
One of the features that will never be noticed by users, but is great for core developers, is the new slate of build tools available.
The best description of these new tools available is this post by Daryl Koopersmith, though some of those items may not be totally accurate as plenty could have changed since then. But the point is that the build tools for WordPress are better than ever, and going forward will make it easier for developers.
Bug gardening
At last count, 437 tickets were closed and counted as “fixed” in WordPress 3.7. But countless more tickets have been touched this cycle. As a prominent goal of this release was housecleaning, it was a huge success.
I don’t have the exact number of tickets touched in 3.7, but that thankless effort deserves some major kudos. By the way, if you ever want to just go hack away at some open bugs, this is the URL you want to bookmark.
The future of WordPress core development
This was the first iteration of synchronous major release development. WordPress 3.7 and WordPress 3.8 have been developed on side by side, as Matt Mullenweg noted would be done during this year’s State of the Word.
By all means, it appears to have been an extremely effective effort. Even as 3.7 goes live, WordPress 3.8 is chugging along. And 3.8 also introduces a core shift to “features as plugins first” mentality. Proposals for MP6, a new dashboard, a new themes page, and Omnisearch have already been pitched to be blessed for the anticipated December release.
Digital Attack Map
Check out the Digital Attack Map. It was produced in a collaborative effort by Google Ideas and Arbor Networks to raise awareness about distributed denial of service attacks.
In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
Google’s new service will show Animated map of DDoS attacks
An interesting article from our content partners at HackersNewsBulletin.com:
Yesterday, Google announced it has built a new kind of service name “Project Shield” which will help websites to stay online at the time of DDoS (Distributed Denial of Service) strikes.
Google also launched a Digital Attack Map service created with a partnership with Arbor Networks—It will update website every hour with Anonymous attacks on the website from 270 Internet service providers. The ISPs will be counted as customers.
Google says:
Many websites face targeted digital attacks by people who aim to silence their speech. This tool and visualization specifically surfaces anonymous traffic data related to these attacks, letting people explore historic trends and see related news reports of outages happening on a given day.
Right now, Google seeking new websites to test this service as trusted testers. It is currently serving its services as “invite only,” but if you run a website related to news, human rights, or elections-related content, you can apply to participate in Project Shield.
“Once a website has been sent an invite to become a ‘trusted tester’, they will receive an invite to join the Page Speed Service trusted tester program and configuration instructions on how to use the service for DDoS mitigation,” Google said.
Why use Google Shield:
- It will automatically speed up your website performance as it serves web pages to end users via Google server across the globe.
Some points to remember before using this service:
- Service will be free during testing preiod and Google might charge for this in Future.
- Google don’t take guarantee-This service will safe your website from DDoS everytime
BarCamp Charlotte 8
JOIN US ATCPCC Central Campus for BCC8 |
|
||
|
New, new, newness We are excited to announce, not only a new partnership with CPCC and The Geek Fest but a new website too. With the new face lift we are hoping to provide you with a more informative and interactive website. If there is something you’d like to see on our website, contact us at barcampcharlotte@gmail.com.
Everyone is invited! Be sure to spread the word about BarCampCLT 8 and forward this email to your friends! With the new venue we can seat even more people. So help us get them there by sharing your plans to attend with your friends.
Eat anything you want! This time we are doing something different with lunch. Since we are centrally located with lots of great restaurants around us, we are setting you free for lunch. To help this along, we have extended the lunch break to a full 90 minutes. You can go to a restaurant or pack a lunch and eat on the lawn outside. If you opt for a restaurant, we have compiled a list of some of the nearby restaurants. It is isn’t an all-inclusive list but it should get you started thinking. Here’s our list: http://barcampclt.org/nearby-
T-shirt collection… As you all know, we work very hard to bring you a free event. In the past, we have been fortunate enough to have enough sponsors to provide attendees with free t-shirts. We had the shirts designed (see below) but unfortunately we didn’t get a sponsor to cover the cost. So, at the time of writing this, we don’t have t-shirts ordered. If you are like us, you have a collection of past BarCampCLT shirts and would hate to be missing one we have come up with a few options. First, we can make the design available on BarCamp Charlotte’s Spreadshirt store. Second, if we get enough pre-orders or donations for t-shirts we can have them printed. They would be approximately $10 each. There is a minimum order of 20 shirts. If you are interested in that option, you can PayPal the money directly to barcampcharlotte@gmail.com. If we don’t get enough we will refund the money through PayPal.
So it never ends, almost… We are almost as excited for the after party as we are for the main event. After all the fun of the day, it is great to unwind with new and old friends. Queue Kickstand Charlotte. They will be allowing us to invade their bar area for the night. We will be meeting up there at 5:30p (or earlier if you want to go straight over to the after party). So don’t forget your wallets and conversation because you will definitely want to join the after party.
Give us the details… We are finishing up the details of parking and directions to the event. We will get those to you next week. So stay tuned!
You just love working for free? So do we! If you are interested in volunteering at BarCampCLT 8, just drop us an email at barcampcharlotte@gmail.com. We will be happy to put you to work. It will be a light workload that day. Which means you will still have time to pitch and attend sessions. That little bit of extra helps makes for much less frazzled organizers. If you have questions, please feel free to contact us barcampcharlotte@gmail.com or reach out to us on social media. |
|||
Kali Linux Default Username and Password
Kali Linux Default root Password is toor
Default root Password
During installation, Kali Linux allows users to configure a password for the root user. However, should you decide to boot the live image instead, the i386, amd64, VMWare and ARM images are configured with the default root password – “toor“, without the quotes. So the username = root and password = toor.
In Kali Linux 2020.1, both the default user and password will be “kali”
username: kali
password: kali
Kali Linux invalid password root toor for version 2020.1
More information here.
Hope this helps.
