So Kail Linux 2.0 is finally here, pen tester rejoice and don’t forget the script kiddies. One thing that anyone has used Kail for a long time and even going back to the day when it was called BackTrack Linux is its use of Gnome 2 for BackTrack then Gnome 2 Fail Back in Kail. It seems that Kail has gone for a full Gnome 3 expenses with some tweaks. The tweak that everyone will notes is the new menu, as you can see in the image below.
It took a little while to re-learn where all the tools where but once I got uses to the menu, I loved it.
So apart from the tweaks, its the Kail Linux we know and love. But with a updated GUI.
So if you find your self needing a good environment to pen-test in or a good computer forensics environment, I can’t recommend Kail Linux 2.0 enough
Final thoughts just because you can install Kail Linux, it doesn’t make you an automatic hacker. With tools like Kail comes great responsibility.
If you have been living under an rock for the last few days, you may have missed the news that Chrysler have recalled 1.4 million cars due to a software volubility that allows a person to crack into your cars on boarded computer and take control every system that is inside.
Read I don’t want to say this isn’t an problem because, really it is an huge problem but not as bad as the mainstream news is wanting us to believe. For one attack that is effecting Chrysler verticals an attack needs access the main USB port. I personally haven’t seen much more information about the attack in this point in time of how the attack works, but I had to bet on anything they would be using a buffer overflow attack and then injecting code into the cars on board computer, but sadly it could be even more simpler than that.
I think it is time that devices such as cars, source code should be available. I do understand intellectual property, but it is time we had access to this type of information. Because if more eyeballs are looking at the code we might not have these problems may become fewer. But sadly, I don’t see any company that has code that is part of a intellectual property allowing it to happen. The future we approach more and more we will see this type of attack, we need to come up with a way to deal with these problem responsibly.
Remember the news want us to be afraid, but as everyone should a bit of research even if you have no idea about the topic in the begin will always come out understanding more than you did.
And remember the news wants you to believe that everyone and everything is out to get you. But really that isn’t true.
The last few years network security has been an big factor for enterprises, that have technology in there company that connects to an network. But what is often forgotten in this world is physical protection ageist attacks. The last few years have seen the creation of tools like the USB Rubber Ducky, that is able to provide information or inject code into an target computer in an matter of seconds. In the last few years I lost count the number of enterprises that have computer or laptops sitting untended, where the anyone could simply work in, inject there payload and leave before anyone was aware that anyone was anywhere near that target devices. Something to think about, Yes one could look down the USB ports, and server monitor ports, but easily that can be spoofed. So what can be done, to stop an attack access to an USB port, for one don’t leave PC or Laptops in places where there not attended at all time, make sure there is an pare of eyes on them at all times. So what if you don’t have that option well, simple answer is get an hot glue gun and put glue in all the ports. Extreme yes, but effective.