Planet HantsLUG

Syndicate content
Planet HantsLUG - http://hantslug.org.uk/planet/
Updated: 1 hour 12 min ago

Steve Kemp: If line-noise is a program, all fuzzers are developers

Mon, 29/02/2016 - 12:59

Recently I had a conversation with a programmer who repeated the adage that programming in perl consists of writing line-noise. This isn't true but it reminded me of my love of fuzzers. Fuzzers are often used to generate random input files which are fed to tools, looking for security problems, segfaults, and similar hilarity.

To the untrained eye the output of most fuzzers is essentially line-noise, since you often start with a valid input file and start flipping bits, swapping bytes, and appending garbage.

Anyway this made me wonder what happens if you fed random garbage into a perl interpreter? I wasn't brave enough to try it, because knowing my luck the fuzzer would write a program like so:

system( "rm -rf /home/steve" );

But I figured it was still an interesting idea, and I could have a go at fuzzing something else. I picked gawk, the GNU implementation of awk because the codebase is pretty small, and I understand it reasonably well.

Almost immediately my fuzzer found some interesting segfaults and problems. Here's a nice simple example:

$ gawk 'for (i = ) in steve kemp rocks' .. gawk: cmd. line:1: fatal error: internal error: segfault Aborted

I look forward to seeing what happens when other people fuzz perl..

Categories: LUG Community Blogs

Debian Bits: I love Free Software Day 2016: Show your love for Free Software

Sun, 14/02/2016 - 01:10

Today February 14th, the Free Software Foundation Europe (FSFE) celebrates the "I Love Free Software" day. I Love Free Software day is a day for Free Software users to appreciate and thank the contributors of their favourite software applications, projects and organisations.

We take this opportunity to say "thank you" to all the Debian upstreams and downstreams, and all the Debian developers and contributors. Thanks for your work and dedication to free software!

There are many ways to participate in this ILoveFS day and we encourage everybody to join in and celebrate. Show your love to Debian developers, contributors and teams virtually on social networks using the #ilovefs hashtag and spreading the word in your own social media circles, or by visiting the ILoveFS campaign website to find and use some of the promotional materials available such as postcards and banners.

To learn more about the FSFE, you can read their announcement of this campaign or visit their general website.

Categories: LUG Community Blogs

Debian Bits: Tails installer is now in Debian

Thu, 11/02/2016 - 14:30

Tails (The amnesic incognito live system) is a live OS based on Debian GNU/Linux which aims at preserving the user's privacy and anonymity by using the Internet anonymously and circumventing censorship. Installed on a USB device, it is configured to leave no trace on the computer you are using unless asked explicitly.

As of today, the people the most needy for digital security are not computer experts. Being able to get started easily with a new tool is critical to its adoption, and even more in high-risk and stressful environments. That's why we wanted to make it faster, simpler, and more secure to install Tails for new users.

One of the components of Tails, the Tails Installer is now in Debian thanks to the Debian Privacy Tools Maintainers Team.

Tails Installer is a graphical tool to install or upgrade Tails on a USB stick from an ISO image. It aims at making it easier and faster to get Tails up and running.

The previous process for getting started with Tails was very complex and was problematic for less tech-savvy users. It required starting Tails three times, and copying the full ISO image onto a USB stick twice before having a fully functional Tails USB stick with persistence enabled.

This can now be done simply by installing Tails Installer in your existing Debian system, using sid, stretch or jessie-backports, plugging a USB stick and choosing if one wants to update the USB stick or to install Tails using a previously downloaded ISO image.

Tails Installer also helps Tails users to create an encrypted persistent storage for personal files and settings in the rest of the available space.

Categories: LUG Community Blogs