“I just set up a lot of Onion Services for many of Debian’s static websites,” announced Debian sys-admin Peter “weasel” Palfrader on Friday. “You can find the entire list of services on onion.debian.org. More might come in the future.” Longtime Slashdot reader alfino writes:
Yay for privacy. We don’t care about where you come from, and now you don’t even have to tell anyone that you’re using Debian. The archive at ftp.debian.org is already in the list. Support for more redundant Debian archive access is expected to come When It’s Ready.

Read more of this story at Slashdot.

Source: Slashdot – Onion Debian Services Are Now Available

A new crowdfunding campaign by Rhombus Tech “introduces the world’s first devices built around the EOMA68 standard,” which separates a “modular” CPU board from the rest of the system so that it can be easily used in multiple devices and upgraded more simply. Rhombus Tech is now offering a 15.6-inch laptop, a laser-cut wooden Micro-Desktop housing, and two types of computer cards, both using A20 dual-core ARM Cortex A7 processors.
The cards are available with four flavors of the GNU/Linux operating system, and they’re hoping to receive RYF certification from the Free Software Foundation.

“No proprietary software,” explains their campaign’s video. “No backdoors. No spyware. No NDAs.” They envision a world where users upgrade their computers by simply popping in a new card — reducing electronic waste — or print new laptop casings to repair defects or swap in different colors. (And they also hope to eventually see the cards also working with cameras, phones, tablets, and gaming consoles.) Rhombus Tech CTO Luke Leighton did a Slashdot interview in 2012, and contacted Slashdot this weekend to announce:
A live-streamed video from Hope2016 explains what it’s about, and there is a huge range of discussions and articles online. The real burning question is: if a single Software Libre Engineer can teach themselves PCB design and bring modular computing to people on the budget available from a single company, why are there not already a huge number of companies doing modular upgradeable hardware?

Read more of this story at Slashdot.

Source: Slashdot – New Crowdfunding Campaign Offers Modular EOMA68 Computing Devices

When the Republican presidential nominee Donald Trump asked Russia — wittingly or otherwise — to launch hack attacks to find Hillary Clinton’s missing emails, it caused a stir of commotion. Russia is allegedly behind DNC’s leaked emails. But The Washington Post is reminding us that U.S.’s efforts in the cyber-security world aren’t much different. (could be paywalled; same article syndicated elsewhere From the report: The U.S. approach to this digital battleground is pretty advanced. For example: Did you know that the military uses its submarines as underwater hacking platforms? In fact, subs represent an important component of America’s cyber strategy. They act defensively to protect themselves and the country from digital attack, but — more interestingly — they also have a role to play in carrying out cyberattacks, according to two U.S. Navy officials at a recent Washington conference. “There is a — an offensive capability that we are, that we prize very highly,” said Rear Adm. Michael Jabaley, the U.S. Navy’s program executive officer for submarines. “And this is where I really can’t talk about much, but suffice to say we have submarines out there on the front lines that are very involved, at the highest technical level, doing exactly the kind of things that you would want them to do.” The so-called “silent service” has a long history of using information technology to gain an edge on America’s rivals. In the 1970s, the U.S. government instructed its submarines to tap undersea communications cables off the Russian coast, recording the messages being relayed back and forth between Soviet forces. (The National Security Agency has continued that tradition, monitoring underwater fiber cables as part of its globe-spanning intelligence-gathering apparatus. In some cases, the government has struck closed-door deals with the cable operators ensuring that U.S. spies can gain secure access to the information traveling over those pipes.) These days, some U.S. subs come equipped with sophisticated antennas that can be used to intercept and manipulate other people’s communications traffic, particularly on weak or unencrypted networks. “We’ve gone where our targets have gone” — that is to say, online, said Stewart Baker, the National Security Agency’s former general counsel, in an interview. “Only the most security-conscious now are completely cut off from the Internet.” Cyberattacks are also much easier to carry out than to defend against, he said.

Read more of this story at Slashdot.

Source: Slashdot – America Uses Stealthy Submarines To Hack Other Countries’ Systems

Peiter “Mudge” Zatko and his wife, Sarah, a former NSA mathematician, have started a nonprofit in the basement of their home “for testing and scoring the security of software… He says vendors are going to hate it.” Slashdot reader mspohr shares an article from The Intercept:

“Things like address space layout randomization [ASLR] and having a nonexecutable stack and heap and stuff like that, those are all determined by how you compiled [the source code],” says Sarah. “Those are the technologies that are really the equivalent of airbags or anti-lock brakes [in cars]…” The lab’s initial research has found that Microsoft’s Office suite for OS X, for example, is missing fundamental security settings because the company is using a decade-old development environment to build it, despite using a modern and secure one to build its own operating system, Mudge says. Industrial control system software, used in critical infrastructure environments like power plants and water treatment facilities, is also primarily compiled on “ancient compilers” that either don’t have modern protective measures or don’t have them turned on by default…

The process they use to evaluate software allows them to easily compare and contrast similar programs. Looking at three browsers, for example — Chrome, Safari, and Firefox — Chrome came out on top, with Firefox on the bottom. Google’s Chrome developers not only used a modern build environment and enabled all the default security settings they could, Mudge says, they went “above and beyond in making things even more robust.” Firefox, by contrast, “had turned off [ASLR], one of the fundamental safety features in their compilation.”
The nonprofit was funded with $600,000 in funding from DARPA, the Ford Foundation, and Consumers Union, and also looks at the number of external libraries called, the number of branches in a program and the presence of high-complexity algorithms.

Read more of this story at Slashdot.

Source: Slashdot – Famed Security Researcher ‘Mudge’ Creates New Algorithm For Measuring Code Security