Android-x86 6.0 R3 Release – Porting Android to x86

Android-x86 is an unofficial initiative to port Google’s Android mobile operating system to run on devices powered by AMD and Intel x86 processors, rather than RISC-based ARM chips.

The project began as a series of patches to the Android source code to enable Android to run on various netbooks, tablets and ultra-mobile PC.

Chih-Wei Huang and Yi Sun originated the project in 2009. Yi Sun then quit due to personal affairs. Chih-Wei Huang is the current project maintainer, that has collaborated with Jide technology (that makes Remix OS), prior to joining that company.

Android-x86 6.0 R3 has been released with the updates:

CD/DVD auto-mount.

Fix VMware broken since 6.0-r2.

A qemu-android script to launch Android-x86 in QEMU. (only available in RPM installation)

Update to latest Android Marshmallow-MR2 release (6.0.1_r79).

Update kernel to 4.4.62 with more patches from AOSP.

Update Mesa to 17.0.4.

More updates from upstream projects (libdrm, ntfs-3g, exfat, bluez).

Download

The post Android-x86 6.0 R3 Release – Porting Android to x86 appeared first on Penetration Testing in Linux. http://ift.tt/2pdsHh8 http://ift.tt/2aM8QhC

cryptoid.com.br

What’s the Difference Between Advanced and Qualified Signatures in eIDAS? Regina Tupinambá

In our last two blogs, we gave a brief overview of the regulation (EU) No 910/2014, better known as eIDAS, we then spoke about eSignatures (outside of a compliance context) and looked at how to choose the right one for you.

Nadim Farah

By Nadim Farah

Artigos em outros idiomas são publicados em International News | Articles in other languages are published in the International News

In this blog, I would like to dive a little deeper into how eIDAS classifies electronic signatures by the level of assurance they offer. If you are looking to become compliant, this blog will help you decide which level of assurance you need.

What are the eSignatures Assurance Levels Under eIDAS?

Regulations such as eIDAS have developed their own eSignature classifications based on trust and assurance. These terms signify the level of assurance provided by different types of signatures as specified by the goals of the regulation.

The following classifications are the terms presented by eIDAS with the goal of creating a common foundation and framework for secure electronic signatures to enhance trust and facilitate interoperability and cross-border usage and acceptance.

eIDAS have also created an accreditation for delivering eSignatures with the highest level of assurance (qualified electronic signatures) and in doing so, they have changed the market for eSignatures in Europe. Let’s look into how they have done this.

Basic Level Electronic Signatures

According to eIDAS, at the basic level, an electronic signature can be defined as:

Data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.

We would interpret this to mean you can sign a document simply by scanning your signature or digitally ticking a box in a document. Technically, the data is in electronic form and attached to a file, but there are problems with this model which eIDAS is trying to address with this regulation.

Firstly, there is no way to tell, with utter certainty, that the file/document hasn’t been tampered with and secondly, there is no way of knowing the true identity of the person who has signed the document. These concerns are where the next classifications come in.

Advanced Electronic Signatures

Under eIDAS, an advanced electronic signature must meet the following requirements:

Be uniquely linked to the signatory

Capable of identifying the signatory

Created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control.

Linked to the data signed in such a way that any subsequent change in the data is detectable

In order to satisfy all of the above, you can use digital signatures based on PKI. Digital signatures are applied with a Digital Certificate, which is like an electronic version of a passport or driver’s license that is only issued after thorough verification of your identity by a trusted third party (called a Certificate Authority or CA). Digital Certificates and their resulting signatures, are unique to the individual and virtually impossible to spoof, achieving the first two requirements above.

Because the signatory is the sole holder of the private key which is used to apply the signature (see our article on Public Key Infrastructure to get an understanding of how public and private keypairs work), you can be assured that the signer is the person who they say they are. Finally, part of the signature verification process, which automatically occurs when a recipient opens the document, includes checking if any changes have been made to the document since it was signed.

Qualified Electronic Signatures

A qualified electronic signature is:

An advanced electronic signature that is created by a qualified signature creation device and which is based on a qualified certificate for electronic signatures.

First, let’s look at what a ‘qualified signature creation device’ is. According to eIDAS requirements,

The device must ensure:

The confidentiality of the electronic signature creation data

The electronic signature creation data used for electronic signature creation can practically only occur once

The electronic signature creation data used for signature creation cannot be derived and the signature is protected against forgery using current available technology

The electronic signature creation data used for signature creation can be reliably protected by the legitimate signatory against use by others

The device shall not alter the data to be signed or prevent such data from being presented to the signatory prior to signing

Generating or managing signatory data on behalf of the signatory may only be done by a qualified trust service provider

Without prejudice to point (d) of point 1, qualified trust service providers managing electronic signature creation data on behalf of the signatory may duplicate the electronic signature creation data only for back-up purposes provided the following requirements are met:

The security of the duplicated datasets must be at the same level as for the original datasets

The number of duplicated datasets shall not exceed the minimum needed to ensure continuity of the service

It might seem a bit vague (probably because they are covering themselves so as to stay in line with technological standards in the future), but what the regulation is saying is that if you are using a qualified electronic signature, you must be storing the creation and signature data on a highly reliable and assured device.

What hardware is reliable enough to do this? Our advice is to store this information in a HSM (Hardware Service Module) which can be stored in your organization in a secure place. For it to have all the security features mentioned above, you would need the HSM to be in line with FIPS 140-2 Level 3 at minimum, which is a security standard created for cryptographic modules like a HSM.

The next part of the definition for qualified electronic signatures says that data on the device must be based on a ‘qualified certificate for electronic signatures’. As opposed to advanced electronic signatures, which do not outright say you have to use a Digital Certificate, the definition for qualified says that a certificate is a must. A qualified certificate can only be purchased from a Certificate Authority who is also ISO 15408 accredited as per the regulation.

EU Member states are required to recognize the validity of a qualified electronic signature that has been created using a qualified certificate from another member state.

eSeals

Electronic seals are similar to an electronic signature, but the difference is in the identity behind the signature. An eSeal will guarantee its origin and integrity in just the same way as an electronic signature would, but instead of signing a document as a person, you sign as an organization or entity.

eIDAS has mentioned them as used by EU member states, but you can also use them in any institution or organization. The question to ask in whether or not you need one is do you need to sign as an individual or entity and what volume do you think you will be signing at, as eSeals are more appropriate for automated or high volume signing needs.

Which Assurance Level do I Need to Comply With?

According to eIDAS Article 25:

An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is an electronic form or that it does not meet the requirements for qualified electronic signature.

You can interpret this to mean that if you want to prove the validity of your document in a legal setting, you need an advanced level or higher.

According to eIDAS, companies who require a high level of trust and assurance should be using advanced or qualified electronic signatures. For organizations in the finance industry, government bodies and EU member states, this is highly recommended.

If you are planning on using the document workflows for customer transactions, legal transactions or third party company transactions, be aware that the data/information in your documents is only as trustworthy as the procedures you take to secure them.

Finally, it is worth remembering that while eIDAS does not specify the use of Digital Certificates for advanced signatures, we recommend using them and purchasing them from a publicly trusted Certificate Authority. Public trust is essential if you want your signatures to be automatically verified and trusted in popular document software, such as Adobe or Microsoft. This way when you sign documents you will not only have compliance, but also a seamless user experience for the document recipient.

If you would like to discuss an electronic signature solution for compliance with eIDAS, you can get in touch with me via LinkedIn or contact GlobalSign for more information.

Artigos em outros idiomas são publicados em International News | Articles in other languages are published in the International News

O post What’s the Difference Between Advanced and Qualified Signatures in eIDAS? apareceu primeiro em CRYPTOID. http://ift.tt/2p9s8Tq http://ift.tt/2aM8QhC

IT Engineer Hacked His Own Wall Street Company And Stole Source Code, Arrested By FBI

IT Engineer Hacked His Own Wall Street Company And Stole Source Code, Arrested By FBI

Short Bytes: FBI has arrested a DevOps Engineer Zhengquan Zhang for stealing proprietary source code and accessing employee accounts at KCG Holdings where he worked as a supervisor. Zhang deployed malware on company’s servers to get employee login details. He later told that he was afraid of losing his job due to an acquisition. It […]

The post IT Engineer Hacked His Own Wall Street Company And Stole Source Code, Arrested By FBI appeared first on Fossbytes. http://ift.tt/2q6Ic7P http://ift.tt/2aM8QhC

Fappening 2.0 Hack: Private Pictures Of Alison Brie And Samara Weaving Leaked Online

Fappening 2.0 Hack: Private Pictures Of Alison Brie And Samara Weaving Leaked Online

Short Bytes: The Fappening 2.0 leak has hit more female celebrities. According to media reports, the private pictures of actresses Alison Brie and Samara Weaving have been leaked. With this leak, the list of targetted celebrities has grown longer. While the exact forces behind the hack remain unknown, it won’t be wrong to assume that the […]

The post Fappening 2.0 Hack: Private Pictures Of Alison Brie And Samara Weaving Leaked Online appeared first on Fossbytes. http://ift.tt/2pVH33w http://ift.tt/2aM8QhC

Aadhaar Details Of 1.4 Millions People Leaked Due To Programming Error On Govt Website

Aadhaar Details Of 1.4 Millions People Leaked Due To Programming Error On Govt Website

Short Bytes: In a shocking development, the Aadhaar details of 1.4 millions Indian citizens have leaked. This incident took place due to some programming error in a website run by the Jharkhand Directorate of Social Security. The Section 29 (4) of the Aadhaar Act prohibits making the details of citizens public. The website was later blocked […]

The post Aadhaar Details Of 1.4 Millions People Leaked Due To Programming Error On Govt Website appeared first on Fossbytes. http://ift.tt/2prLfv8 http://ift.tt/2aM8QhC