Published on July 17th, 2019 📆 | 4950 Views ⚑0
Malicious Python Libraries Discovered on PyPI, Offensive Security Launches the Kali NetHunter App Store, IBM Livestreaming a Panel with Original Apollo 11 Technicians Today, Azul Systems Announces OpenJSSE and Krita 4.2.3 Released
News briefs for July 17, 2019.
Malicious Python libraries have been found on the official Python
Package Index (PyPI), which contain a hidden backdoor that would
activate when installed on Linux systems. According to ZDNet,
the three packages are named libpeshnx, libpesh and libari, and they
“were authored by the same user (named ruri12) and had been available
for download from PyPI for almost 20 months, since November 2017,
before the packages were discovered earlier this month by security
researchers from ReversingLabs.
The PyPI team removed the packages on July 9, the same day
ReversingLabs notified the PyPI repo maintainers about their findings.”
In addition, “None of the three packages ever listed a description, so
it’s impossible to tell what was their purpose. However, PyPI stats
showed that the packages were being regularly downloaded, with tens of
monthly installations for each.”
the creators of open-source Kali Linux,
has launched the Kali NetHunter App Store, “a new one stop shop
for security relevant Android applications. Designed as an alternative
to the Google Play store for Android devices, the NetHunter store is an
installable catalogue of Android apps for pentesting and forensics”.
The press release also notes that the NetHunter store is a slightly
modified version of F-Droid: “While F-Droid installs its clients with
telemetry disabled and asks for consent before submitting crash
reports, the NetHunter store goes a step further by removing the entire
code to ensure that privacy cannot be accidentally compromised”. See
blog post for more details.
IBM to reunite original Apollo 11 mission technicians today for a
live panel discussion celebrating the 50th anniversary of the Apollo 11
moon landing. The panel will be available via livestream starting at
2:30pm EDT. From the press release: “Moderated by Dr. John E. Kelly,
IBM Executive Vice President, from the Johnson Space Center in Houston,
Texas, the panel will reunite veterans of the Apollo 11 mission to
share behind-the-scenes details of what it was like to be right in the
middle of the action in the lead-up to and during this historic moment
in time. The panelists will also look ahead to how the future of
artificial intelligence, quantum computing, and other technologies
could help us reach new frontiers.” The livestream will be available here.
Azul Systems announces it has created OpenJSSE, an open-source
implementation of TLS 1.3 for Java SE 8, which is now included in the
latest releases of its Zulu Community and Zulu Enterprise products. You
can find source code, example use cases and documentation on GitHub.
was released this morning. This release is mainly a bug fix
release, but it does include one new feature: “it is now possible to
rotate the canvas with a two-finger touch gesture. This feature was
implemented by Sharaf Zaman for his 2019 Google Summer of Code work of
porting Krita to Android. The feature also works on other platforms, of
Jill Franklin is an editorial professional with more than 17 years experience in technical and scientific publishing, both print and digital. As Executive Editor of Linux Journal, she wrangles writers, develops content, manages projects, meets deadlines and makes sentences sparkle. She also was Managing Editor for TUX and Embedded Linux Journal, and the book Linux in the Workplace. Before entering the Linux and open-source realm, she was Managing Editor of several scientific and scholarly journals, including Veterinary Pathology, The Journal of Mammalogy, Toxicologic Pathology and The Journal of Scientific Exploration. In a previous life, she taught English literature and composition, managed a bookstore and tended bar. When she’s not bugging writers about deadlines or editing copy, she throws pots, gardens and reads. You can contact Jill via e-mail, firstname.lastname@example.org.