DOCSLIB.ORG

Linux Journal | July 2016 | Issue

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Linux Journal | July 2016 | Issue A PENGUIN-POWERED RADIO STATION IN DC ™ WATCH: ISSUE OVERVIEW V JULY 2016 | ISSUE 267 http://www.linuxjournal.com Since 1994: The Original Magazine of the Linux Community ANDROID BROWSER SECURITY What You Should Know + A Crash Course on Planning Security Exercises Delve Into Complex String Processing Turn an Old PC into a How to Set Up WordPress Virtual-Machine Host with nginx LJ267-July2016.indd 1 6/23/16 3:16 PM NEW! Machine NEW! Linux on Learning Power: with Python Why Open Architecture Practical books Author: Reuven M. Lerner Matters Sponsor: Author: for the most technical Intel Ted Schmidt Sponsor: people on the planet. IBM NEW! Hybrid Cloud NEW! LinuxONE: Security with the Ubuntu z Systems Monster Author: Author: GEEK GUIDES Petros Koutoupis John S. Tonello Sponsor: Sponsor: IBM IBM Ceph: Linux on Open-Source Power SDS Author: Author: Ted Schmidt Ted Schmidt Sponsor: Sponsor: HelpSystems SUSE Download books for free with a SSH: a Self-Audit: simple one-time registration. Modern Checking Lock for Assumptions http://geekguide.linuxjournal.com Your Server? at the Door Author: Author: Federico Kereki Greg Bledsoe Sponsor: Sponsor: Fox Technologies HelpSystems LJ267-July2016.indd 2 6/23/16 3:16 PM NEW! Machine NEW! Linux on Learning Power: with Python Why Open Architecture Practical books Author: Reuven M. Lerner Matters Sponsor: Author: for the most technical Intel Ted Schmidt Sponsor: people on the planet. IBM NEW! Hybrid Cloud NEW! LinuxONE: Security with the Ubuntu z Systems Monster Author: Author: GEEK GUIDES Petros Koutoupis John S. Tonello Sponsor: Sponsor: IBM IBM Ceph: Linux on Open-Source Power SDS Author: Author: Ted Schmidt Ted Schmidt Sponsor: Sponsor: HelpSystems SUSE Download books for free with a SSH: a Self-Audit: simple one-time registration. Modern Checking Lock for Assumptions http://geekguide.linuxjournal.com Your Server? at the Door Author: Author: Federico Kereki Greg Bledsoe Sponsor: Sponsor: Fox Technologies HelpSystems LJ267-July2016.indd 3 6/23/16 3:16 PM JULY 2016 CONTENTS ISSUE 267 FEATURES 68 Android 80 Radio 88 The Tiny Browser Free Internet Security— Linux Project, What You How Linux is Part II dependably Learning Linux Haven’t steering by doing: here’s programming Been Told Part II of building to a radio an internet An indepth look near you. in a box. at flaws in Alan Peterson Android’s stock John S. Tonello web libraries. Charles Fisher Cover Image: © Can Stock Photo Inc. / sdecoret 4 | July 2016 | http://www.linuxjournal.com LJ267-July2016.indd 4 6/23/16 3:16 PM CONTENTS COLUMNS 26 Reuven M. Lerner’s At the Forge nginx and WordPress 36 Dave Taylor’s 18 Work the Shell Spinning and Text Processing 42 Susan Sons’ Under the Sink Security Exercises 112 Doc Searls’ EOF Doing for User Space What We Did for Kernel Space 80 IN EVERY ISSUE 8 Current_Issue.tar.gz 10 UPFRONT 24 Editors’ Choice 88 60 New Products ON THE COVER (7LUN\PU7V^LYLK9HKPV:[H[PVUPU+*W 117 Advertisers Index (UKYVPK)YV^ZLY:LJ\YP[`·>OH[@V\:OV\SK2UV^W ;\YUHU6SK7*PU[VH=PY[\HS4HJOPUL/VZ[W (*YHZO*V\YZLVU7SHUUPUN:LJ\YP[`,_LYJPZLZW +LS]LPU[V*VTWSL_:[YPUN7YVJLZZPUNW /V^[V:L[<W>VYK7YLZZ^P[OUNPU_W LINUX JOURNAL (ISSN 1075-3583) is published monthly by Belltown Media, Inc., PO Box 980985, Houston, TX 77098 USA. Subscription rate is $29.50/year. Subscriptions start with the next issue. 5 | July 2016 | http://www.linuxjournal.com LJ267-July2016.indd 5 6/23/16 3:16 PM Executive Editor Jill Franklin [email protected] Senior Editor Doc Searls [email protected] Associate Editor Shawn Powers [email protected] Art Director Garrick Antikajian [email protected] Products Editor James Gray [email protected] Editor Emeritus Don Marti [email protected] Technical Editor Michael Baxter [email protected] Senior Columnist Reuven Lerner [email protected] Security Editor Mick Bauer [email protected] Hack Editor Kyle Rankin lj@greenfly.net Virtual Editor Bill Childers [email protected] Contributing Editors )BRAHIM (ADDAD s 2OBERT ,OVE s :ACK "ROWN s $AVE 0HILLIPS s -ARCO &IORETTI s ,UDOVIC -ARCOTTE 0AUL "ARRY s 0AUL -C+ENNEY s $AVE 4AYLOR s $IRK %LMENDORF s *USTIN 2YAN s !DAM -ONSEN President Carlie Fairchild [email protected] Publisher Mark Irgang [email protected] Associate Publisher John Grogan [email protected] Director of Digital Experience Katherine Druckman [email protected] Accountant Candy Beauchamp [email protected] Linux Journal is published by, and is a registered trade name of, Belltown Media, Inc. PO Box 980985, Houston, TX 77098 USA Editorial Advisory Panel Nick Baronian Kalyana Krishna Chadalavada "RIAN #ONNER s +EIR $AVIS -ICHAEL %AGER s 6ICTOR 'REGORIO $AVID ! ,ANE s 3TEVE -ARQUEZ $AVE -C!LLISTER s 4HOMAS 1UINLAN #HRIS $ 3TARK s 0ATRICK 3WARTZ Advertising E-MAIL: [email protected] URL: www.linuxjournal.com/advertising PHONE: +1 713-344-1956 ext. 2 Subscriptions E-MAIL: [email protected] URL: www.linuxjournal.com/subscribe MAIL: PO Box 980985, Houston, TX 77098 USA LINUX is a registered trademark of Linus Torvalds. LJ267-July2016.indd 6 6/23/16 3:16 PM ADCb16_Linux Journal_Layout 1 4/8/16 1:32 PM Page 1 Sharpen your Android skills at World’s Largest BOSTON August 1-4, 2016 Sheraton Boston Get the best Android “Simply the best Android developer conference out there! A must-go if you developer training anywhere! do Android development.” • Choose from more than 75 classes and in-depth tutorials —Florian Krauthan, Software Developer, Hyperwallet • Meet Google and Google Development Experts • Network with speakers and other Android developers • Check out more than 50 third-party vendors • Women in Android Luncheon • Panels and keynotes • Receptions, ice cream, prizes and more! www.AnDevCon.com A BZ Media Event AnDevCon™ is a trademark of BZ Media LLC. Android™ is a trademark of Google Inc. Google’s Android Robot is used under terms of the Creative Commons 3.0 Attribution License. LJ267-July2016.indd 7 6/23/16 3:16 PM Current_Issue.tar.gz Better Than We Found It SHAWN echnology is supposed to make our lives POWERS easier. It’s supposed to automate those things that take our valuable time, and it promises Shawn Powers is the T Associate Editor for to make those things we still do faster and more Linux Journal. He’s efficient. Unfortunately though, it hasn’t given us also the Gadget Guy more free time, it’s just allowed us to cram even for LinuxJournal.com, and he has an more activities into our already busy schedules. interesting collection Thankfully, some technology really does make our of vintage Garfield lives better. If we’re willing to learn and change, coffee mugs. Don’t let his silly hairdo technology really can be that invaluable aid in our fool you, he’s a lives. The trick is to make technology work for us, pretty ordinary guy and not the other way around. and can be reached via e-mail at For example, in last month’s issue I wrote about [email protected]. the Raspberry Pi IP camera I created in order to Or, swing by the live-stream my bird feeder. Since then, I’ve learned #linuxjournal IRC channel on ABOUT A NEW TOOL CALLED 56, THAT MAKES MY Freenode.net. Raspberry Pi an even better camera. Learning about new technology and new ways to use existing technology is the secret to getting the most out of V our increasingly digital world. Reuven M. Lerner describes a better way to host VIDEO: WordPress installs using nginx. Building on last Shawn month’s introduction to nginx, Reuven shows how Powers runs scalable it can be in a real-world scenario. Dave Taylor through follows with a fascinating look at how to automate the latest issue. the creation of content. Using “spinning”, Dave shows how to create content that can be used for evil, but is 8 | July 2016 | http://www.linuxjournal.com LJ267-July2016.indd 8 6/23/16 3:16 PM Current_Issue.tar.gz also brilliant in its execution. If you’ve ever wanted to peer into the mind of a spammer, Dave will introduce you to the robotic version of one. We can never get “good enough” at security to be fully secure, but with the help of Susan Sons, we can do our best to be security-focused and prepared. Much like a school has fire drills, Susan explains the concept (and plan for realization) of running security exercises. Having a staff that is not only aware, but also practiced at dealing with security can be invaluable. Susan gives us a very practical plan for making that happen. Charles Fisher provides a depressing, but very important look at Android browser security—or more specifically, the lack of security in the Android WebKit browsers. There are so many programs utilizing the Android WebKit libraries that a vulnerability at that level can have security ramifications far beyond the default stock browser. Charles not only explains the problem, but also gives some concrete information on how to deal with the potential security nightmare still in many Android systems. Alan Peterson explores a better way to do radio. Linux isn’t the default for most radio stations, but in Washington, DC, that’s changing. Thanks to the power of open-source software and the flexibility of coding on Linux, several radio stations are finding Linux is the answer for secure, scalable management of radio, especially in this increasingly internet- centric world. If you’re interested in how radio stations are automating using Linux as their core, you won’t want to miss his article! Finally, John S. Tonello continues his three-part series on making the internet—or more specifically, on creating a tiny virtualized environment FOR TESTING INTERNET TOOLS EFFICIENTLY AND EFFECTIVELY 5SING 6IRTUAL"OX and Proxmox, John demonstrates how easy and powerful a virtualized environment truly can be.
Load more

Recommended publications
  • Android Euskaraz Windows Euskaraz Android Erderaz Windows Erderaz GNU/LINUX Sistema Eragilea Euskeraz Ubuntu Euskaraz We
    Oharra: Android euskaraz Windows euskaraz Android erderaz Windows erderaz GNU/LINUX Sistema Eragilea euskeraz Ubuntu euskaraz Web euskaraz Ubuntu erderaz Web erderaz GNU/LINUX Sistema Eragilea erderaz APLIKAZIOA Bulegotika Adimen-mapak 1 c maps tools 2 free mind 3 mindmeister free 4 mindomo 5 plan 6 xmind Aurkezpenak 7 google slides 8 pow toon 9 prezi 10 sway Bulegotika-aplikazioak 11 andropen office 12 google docs 13 google drawing 14 google forms 15 google sheets 16 libreoffice 17 lyx 18 office online 19 office 2003 LIP 20 office 2007 LIP 21 office 2010 LIP 22 office 2013 LIP 23 office 2016 LIP 24 officesuite 25 wps office 26 writer plus 1/20 Harrobi Plaza, 4 Bilbo 48003 CAD 27 draftsight 28 librecad 29 qcad 30 sweet home 31 timkercad Datu-baseak 32 appserv 33 dbdesigner 34 emma 35 firebird 36 grubba 37 kexi 38 mysql server 39 mysql workbench 40 postgresql 41 tora Diagramak 42 dia 43 smartdraw Galdetegiak 44 kahoot Maketazioa 45 scribus PDF editoreak 46 master pdf editor 47 pdfedit pdf escape 48 xournal PDF irakurgailuak 49 adobe reader 50 evince 51 foxit reader 52 sumatraPDF 2/20 Harrobi Plaza, 4 Bilbo 48003 Hezkuntza Aditzak lantzeko 53 aditzariketak.wordpress 54 aditz laguntzailea 55 aditzak 56 aditzak.com 57 aditzapp 58 adizkitegia 59 deklinabidea 60 euskaljakintza 61 euskera! 62 hitano 63 ikusi eta ikasi 64 ikusi eta ikasi bi! Apunteak partekatu 65 flashcard machine 66 goconqr 67 quizlet 68 rincon del vago Diktaketak 69 dictation Entziklopediak 70 auñamendi eusko entziklopedia 71 elhuyar zth hiztegi entziklopedikoa 72 harluxet 73 lur entziklopedia tematikoa 74 lur hiztegi entziklopedikoa 75 wikipedia Esamoldeak 76 AEK euskara praktikoa 77 esamoldeapp 78 Ikapp-zaharrak berri Estatistikak 79 pspp 80 r 3/20 Harrobi Plaza, 4 Bilbo 48003 Euskara azterketak 81 ega app 82 egabai 83 euskal jakintza 84 euskara ikasiz 1.
    [Show full text]
  • Technical Intelligence ISSUE: 19.04.21
    Technical Intelligence ISSUE: 19.04.21 The CyberScotland Technical Threat Intelligence Bulletin is designed to provide you with information about updates, exploits and countermeasures. We hope that you benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Jump To TECHNICAL THREAT AWARENESS AND HUNTING Microsoft Patch Tuesday (April 2021) Adobe Patches Slew of Critical Security Bugs Patch Chrome to Remediated In-The-Wild 0-Day Exploits F5 urges customers to patch critical BIG-IP pre-auth RCE bug Wordpress Privilege-Escalation and Authentication Bypass Apple rushes to patch zero‑day flaw in iOS, iPadOS Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers Threat Intelligence Bulletin Technical Threat Awareness and Hunting Microsoft Patch Tuesday (April 2021) Microsoft released its monthly security update Tuesday 13th April 2021, disclosing 114 vulnerabilities across its suite of products1. Four new remote code execution vulnerabilities in Microsoft Exchange Server are included, beyond those that were release out-of-band last month. The detection of the vulnerabilities which led to these patches has been attributed to the US’s National Security Agency (NSA)2. Given the recent focus on Microsoft Exchange by varying threat actors, NCSC has produced an alert encouraging organisations to install the critical updates immediately3. More patches are likely to follow for Microsoft’s Exchange servers as, at a recent hacking contest called pwn2own a team called DEVCORE combined an authentication bypass and a local privilege escalation to complete take over the Exchange server. As a result they won $200,000.4 In all, there are 20 critical vulnerabilities as part of this release and one considered of “moderate” severity.
    [Show full text]
  • HTTP Cookie - Wikipedia, the Free Encyclopedia 14/05/2014
    HTTP cookie - Wikipedia, the free encyclopedia 14/05/2014 Create account Log in Article Talk Read Edit View history Search HTTP cookie From Wikipedia, the free encyclopedia Navigation A cookie, also known as an HTTP cookie, web cookie, or browser HTTP Main page cookie, is a small piece of data sent from a website and stored in a Persistence · Compression · HTTPS · Contents user's web browser while the user is browsing that website. Every time Request methods Featured content the user loads the website, the browser sends the cookie back to the OPTIONS · GET · HEAD · POST · PUT · Current events server to notify the website of the user's previous activity.[1] Cookies DELETE · TRACE · CONNECT · PATCH · Random article Donate to Wikipedia were designed to be a reliable mechanism for websites to remember Header fields Wikimedia Shop stateful information (such as items in a shopping cart) or to record the Cookie · ETag · Location · HTTP referer · DNT user's browsing activity (including clicking particular buttons, logging in, · X-Forwarded-For · Interaction or recording which pages were visited by the user as far back as months Status codes or years ago). 301 Moved Permanently · 302 Found · Help 303 See Other · 403 Forbidden · About Wikipedia Although cookies cannot carry viruses, and cannot install malware on 404 Not Found · [2] Community portal the host computer, tracking cookies and especially third-party v · t · e · Recent changes tracking cookies are commonly used as ways to compile long-term Contact page records of individuals' browsing histories—a potential privacy concern that prompted European[3] and U.S.
    [Show full text]
  • 24 Bringing Order to Chaos: Barrier-Enabled I/O Stack for Flash Storage
    Bringing Order to Chaos: Barrier-Enabled I/O Stack for Flash Storage YOUJIP WON and JOONTAEK OH, Hanyang University, Korea JAEMIN JUNG, Texas A&M University, USA GYEONGYEOL CHOI and SEONGBAE SON, Hanyang University, Korea JOOYOUNG HWANG and SANGYEUN CHO, Samsung Electronics, Korea This work is dedicated to eliminating the overhead required for guaranteeing the storage order in the modern IO stack. The existing block device adopts a prohibitively expensive approach in ensuring the storage order among write requests: interleaving the write requests with Transfer-and-Flush. For exploiting the cache bar- rier command for flash storage, we overhaul the IO scheduler, the dispatch module, and the filesystem sothat these layers are orchestrated to preserve the ordering condition imposed by the application with which the associated data blocks are made durable. The key ingredients of Barrier-Enabled IO stack are Epoch-based IO scheduling, Order-Preserving Dispatch,andDual-Mode Journaling. Barrier-enabled IO stack can control the storage order without Transfer-and-Flush overhead. We implement the barrier-enabled IO stack in server as well as in mobile platforms. SQLite performance increases by 270% and 75%, in server and in smartphone, respectively. In a server storage, BarrierFS brings as much as by 43× andby73× performance gain in MySQL and SQLite, respectively, against EXT4 via relaxing the durability of a transaction. CCS Concepts: • Software and its engineering → File systems management; Additional Key Words and Phrases: Filesystem, storage, block device, linux ACM Reference format: Youjip Won, Joontaek Oh, Jaemin Jung, Gyeongyeol Choi, Seongbae Son, Jooyoung Hwang, and Sangyeun Cho. 2018. Bringing Order to Chaos: Barrier-Enabled I/O Stack for Flash Storage.
    [Show full text]
  • Ein Wilder Ritt Distributionen
    09/2016 Besichtigungstour zu den skurrilsten Linux-Distributionen Titelthema Ein wilder Ritt Distributionen 28 Seit den frühen 90ern schießen die Linux-Distributionen wie Pilze aus dem Boden. Das Linux-Magazin blickt zurück auf ein paar besonders erstaunliche oder schräge Exemplare. Kristian Kißling www.linux-magazin.de © Antonio Oquias, 123RF Oquias, © Antonio Auch wenn die Syntax anderes vermu- samer Linux-Distributionen aufzustellen, Basis für Evil Entity denkt (Grün!), liegt ten lässt, steht der Name des klassischen denn in den zweieinhalb Jahrzehnten falsch. Tatsächlich basierte Evil Entity auf Linux-Tools »awk« nicht für Awkward kreuzte eine Menge von ihnen unseren Slackware und setzte auf einen eher düs- (zu Deutsch etwa „tolpatschig“), sondern Weg. Während einige davon noch putz- ter anmutenden Enlightenment-Desktop für die Namen seiner Autoren, nämlich munter in die Zukunft blicken, ist bei an- (Abbildung 3). Alfred Aho, Peter Weinberger und Brian deren nicht recht klar, welche Zielgruppe Als näher am Leben erwies sich der Fo- Kernighan. Kryptische Namen zu geben sie anpeilen oder ob sie überhaupt noch kus der Distribution, der auf dem Ab- sei eine lange etablierte Unix-Tradition, am Leben sind. spielen von Multimedia-Dateien lag – sie heißt es auf einer Seite des Debian-Wiki wollten doch nur Filme schauen. [1], die sich mit den Namen traditioneller Linux für Zombies Linux-Tools beschäftigt. Je kaputter, desto besser Denn, steht dort weiter, häufig halten Apropos untot: Die passende Linux- Entwickler die Namen ihrer Tools für Distribution für Zombies ließ sich recht Auch Void Linux [4], der Name steht selbsterklärend oder sie glauben, dass einfach ermitteln. Sie heißt Undead Linux je nach Übersetzung für „gleichgültig“ sie die User ohnehin nicht interessieren.
    [Show full text]
  • $Hell on Earth: from Browser to System Compromise
    $hell on Earth: From Browser to System Compromise Matt Molinyawe, Abdul-Aziz Hariri, and Jasiel Spelman A Zero Day Initiative Research Paper TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information Contents and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable to all situations and may not reflect the most current situation. 3 Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing Introduction herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without prior notice. Translations of any material into other languages are 4 intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to Mitigation Evolution the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes. 6 Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro History and Anatomy makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree of Pwn2Own Remote that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro Browser to Super-User disclaims all warranties of any kind, express or implied.
    [Show full text]
  • Enabling Virtualization Technologies for Enhanced Cloud Computing
    New Jersey Institute of Technology Digital Commons @ NJIT Dissertations Electronic Theses and Dissertations Fall 1-31-2015 Enabling virtualization technologies for enhanced cloud computing Kashifuddin Qazi New Jersey Institute of Technology Follow this and additional works at: https://digitalcommons.njit.edu/dissertations Part of the Computer Sciences Commons Recommended Citation Qazi, Kashifuddin, "Enabling virtualization technologies for enhanced cloud computing" (2015). Dissertations. 106. https://digitalcommons.njit.edu/dissertations/106 This Dissertation is brought to you for free and open access by the Electronic Theses and Dissertations at Digital Commons @ NJIT. It has been accepted for inclusion in Dissertations by an authorized administrator of Digital Commons @ NJIT. For more information, please contact [email protected]. Copyright Warning & Restrictions The copyright law of the United States (Title 17, United States Code) governs the making of photocopies or other reproductions of copyrighted material. Under certain conditions specified in the law, libraries and archives are authorized to furnish a photocopy or other reproduction. One of these specified conditions is that the photocopy or reproduction is not to be “used for any purpose other than private study, scholarship, or research.” If a, user makes a request for, or later uses, a photocopy or reproduction for purposes in excess of “fair use” that user may be liable for copyright infringement, This institution reserves the right to refuse to accept a copying order
    [Show full text]
  • Heterogeneous Clusters.Pdf
    HowTo Heterogeneous Clusters Running ClusterKnoppix as a master node to a CHAOS drone army HowTo Heterogeneous Clusters Running ClusterKnoppix as a master node to a CHAOS drone army CONTROL PAGE Document Approvals Approved for Publication: Author Name: Ian Latter 12 December 2003 Document Control Document Name: Heterogeneous Clusters; Running ClusterKnoppix as a master node to a CHAOS drone army Document ID: howto - heterogenous clusters.doc-Release-1.1(467) Distribution: Unrestricted Distribution Status: Release Disk File: C:\Documents and Settings\_.NULL\Desktop\whitepaper\HowTo - Heterogenous Clusters.doc Copyright: Copyright 2003, Macquarie University Version Date Release Information Author/s 1.1 12-Dec-03 Release / Unrestricted Distribution Ian Latter 1.0 11-Dec-03 Draft / Uncontrolled Ian Latter Distribution Version Release to 1.1 Public Release 1.0 Macquarie University, Moshe Bar, Bruce Knox, Wim Vandersmissen Unrestricted Distribution Copyright 2003, Macquarie University Page 2 of 13 HowTo Heterogeneous Clusters Running ClusterKnoppix as a master node to a CHAOS drone army Table of Contents 1 OVERVIEW..................................................................................................................................4 2 WHY YOU WANT A HETEROGENEOUS CLUSTER ..........................................................5 2.1 WHERE APPLICATIONS LIVE ...................................................................................................5 2.2 OPTIMIZING CLUSTER ADMINISTRATION ................................................................................5
    [Show full text]
  • Apple Safari – PWN2OWN Desktop Exploit
    Apple Safari – PWN2OWN Desktop Exploit 2018-10-29 (Fabian Beterke, Georgi Geshev, Alex Plaskett) Contents Contents ........................................................................................................ 1 1. Introduction ............................................................................................... 2 2. Browser Vulnerability Details ...................................................................... 3 3. Browser Exploitation ................................................................................ 11 3.1 Memory Layout and Trigger Objects ................................................................... 11 3.2 Heap RefPtr Information Leak ............................................................................. 12 3.3 Arbitrary Decrement Primitive ............................................................................. 13 3.4 Read Primitive ..................................................................................................... 13 3.5 JIT Page Location ................................................................................................ 17 3.6 Shell Code Execution .......................................................................................... 18 4. Dock Vulnerability Details ........................................................................ 20 5. Dock Exploitation ..................................................................................... 25 6. Appendix ................................................................................................
    [Show full text]
  • Evaluating Effectiveness of Mobile Browser Security Warnings
    ISSN: 2229-6948(ONLINE) ICTACT JOURNAL ON COMMUNICATION TECHNOLOGY, SEPTEMBER 2016, VOLUME: 07, ISSUE: 03 DOI: 10.21917/ijct.2016.0203 EVALUATING EFFECTIVENESS OF MOBILE BROWSER SECURITY WARNINGS Ronak Shah1 and Kailas Patil2 1,2Department of Computer Engineering, Vishwakarma Institute of Information Technology, India E-mail: [email protected], [email protected] Abstract utmost goal of this paper is to investigate whether modern mobile This work precisely evaluates whether browser security warnings are browser security warnings protect users in practice. as ineffective as proposed by popular sentiments and past writings. This According to previous study, more than 50% users click research used different kinds of Android mobile browsers as well as through SSL warnings and simply ignore security measures [1]. desktop browsers to evaluate security warnings. Security experts and There are many reasons why user ignores security warnings, SSL developers should give emphasis on making a user aware of security warnings and should not neglect aim of communicating this to users. warnings and other security related warnings. Lot of work has Security experts and system architects should emphasis the goal of done on desktop browsers but still there is no effective work has communicating security information to end users. In most of the been done in case of mobile browsers. browsers, security warnings are not emphasized, and browsers simply Unfortunately, most of the mobile browsers did not show any do not show warnings, or there are a number of ways to hide those security warnings while assessing through site which has a weak warnings of malicious sites. This work precisely finds that how encryption key, a site with an invalid certificate, a site with inconsistent browsers really are in prompting security warnings.
    [Show full text]
  • What Is the Best Download Browser for Android How to Set a Default Browser on Android
    what is the best download browser for android How to Set a Default Browser on Android. This article was written by Nicole Levine, MFA. Nicole Levine is a Technology Writer and Editor for wikiHow. She has more than 20 years of experience creating technical documentation and leading support teams at major web hosting and software companies. Nicole also holds an MFA in Creative Writing from Portland State University and teaches composition, fiction-writing, and zine-making at various institutions. The wikiHow Tech Team also followed the article's instructions and verified that they work. This article has been viewed 4,187 times. This wikiHow teaches you how to change your Android’s default web browser to another app you’ve installed. Best Fastest Android Browser Available On Play Store 2021. Anyone know, what’s powering the Smartphone? Battery! No. Well, that’s the solution first involves your mind right. But the solution is the INTERNET. Yes without the internet what’s the purpose of using a smartphone. So to interact with the internet, we’d like some kinda tool, that features an interface. Here comes the BROWSER. Its main job is to attach us to the web . Fastest Android Browser. So why not we just look for Browser and install any random browser from play store and begin interacting with the internet. And why there are numerous Browsers to settle on from, confused right? Yeah, there are many Browsers with its unique features aside from just surfing the web. And now we’re only getting to mention Speed here because everyone loves Fast browsing experience.
    [Show full text]
  • Linux Installation and Getting Started
    Linux Installation and Getting Started Copyright c 1992–1996 Matt Welsh Version 2.3, 22 February 1996. This book is an installation and new-user guide for the Linux system, meant for UNIX novices and gurus alike. Contained herein is information on how to obtain Linux, installation of the software, a beginning tutorial for new UNIX users, and an introduction to system administration. It is meant to be general enough to be applicable to any distribution of the Linux software. This book is freely distributable; you may copy and redistribute it under certain conditions. Please see the copyright and distribution statement on page xiii. Contents Preface ix Audience ............................................... ix Organization.............................................. x Acknowledgments . x CreditsandLegalese ......................................... xii Documentation Conventions . xiv 1 Introduction to Linux 1 1.1 About This Book ........................................ 1 1.2 A Brief History of Linux .................................... 2 1.3 System Features ......................................... 4 1.4 Software Features ........................................ 5 1.4.1 Basic commands and utilities ............................. 6 1.4.2 Text processing and word processing ......................... 7 1.4.3 Programming languages and utilities .......................... 9 1.4.4 The X Window System ................................. 10 1.4.5 Networking ....................................... 11 1.4.6 Telecommunications and BBS software .......................
    [Show full text]