Review of ROSA Fresh Desktop 4

ROSA Linux has no less than seven variants:

  • ROSA Enterprise Desktop X 1 is recommended for use in a corporate environment and is designed to equip the workstations and servers without special requirements for information security;
  • ROSA Enterprise Linux Server is, in fact, yet another clone of RHEL with some additions from the corporate variant of Mandriva;
  • ROSA Desktop Fresh is the most recent distribution that contains the latest improvements from the developer;
  • ROSA CHROME is a distribution certified by the Russian Federal Service for Technical and Export Control (FSTEC of Russia) and is designed for work with the state secrets;
  • ROSA NICKEL has the similar purpose as the previous variant, but it is certified by the Russian Defense Ministry;
  • ROSA COBALT is certified by FSTEC of Russia, including for the work with personal data.

Unfortunately, the last three distributions are not publicly available, and there is no point to talk about ROSA Enterprise Desktop and Server, so this article will focus on the recently released ROSA Desktop Fresh R5.

Read full article →

Building weather station with STM32F3DISCOVERY and WizFi220 Wi-Fi module

Key to start

First goes the list of the components I used:

  1. Debug board STM32F3DISCOVERY.
  2. KS0108 controller based screen (in my case, it is Russian MT-12864A).
  3. WizFi220 Wi-Fi module.

Firmware may be developed at least in two IDEs: Keil Embedded Development Tools for ARM and IAR Embedded Workbench. I use the first one, but if you are interested in the other one, you will need IAR Embedded Workbench for ARM due to peculiarities of IAR.

Read full article →

Mobile backend for mobile hacker

Currently, the backends focused on certain needs of application developers are actively “built” upon “low-level” cloud systems (bare virtual servers and virtual file storages). The so-called backend as a service (BaaS) are in really good demand with mobile software developers, due to which now the differences between BaaS and Mobile BaaS (MBaaS) are almost blurred out. MBaaS-services are very popular with online-games developers and start-up projects, because they help spare an ocean of resources and time for development and maintenance of server infrastructure. Today it’s possible both to connect client side to cloud storage, user maintenance service, social services, etc., and to bring the working prototype to operation within several hours and free of charge.

Read full article →

Let’s learn the basics of build automation with the help of Rake

Any software development project is always associated with the automation of related routine tasks. Initially, IDE and a pair of manual operations will be enough for you. Then, the number of body movements begins to grow: you need to perform multiple sets of tests, embed various certificates, execute scripts in the database, generate documentation on the code, and so on. You also need to perform these and other operations on the Continuous Integration server. In addition, you may need to deploy applications on production servers (if we’re talking about a client-server solution). To automate such tasks, programmers sometimes create sets of batch or shell scripts, but more often, the team of developers comes to some consolidated decision.

Read full article →

TOP–10 ways to boost your privileges in Windows systems

Well, how could we ‘boost’ privileges on Windows? First of all, we should say that there were found, lately, a lot of vulnerabilities regarding fonts parsing which make the process of privileges elevation rather simple as long as we have a proper exploit. If you use the Metasploit then you need only one command to get the system shell. However, it will only work if the system is not fully patched. In case if the machine has all the updates installed, despite the Linux, we will not be able to find SUID-binaries in here, furthermore the environmental variables usually do not transmitted to services or processes with higher privileges. So, what we can do then?

Read full article →


I guess you have heard about Evilgrade framework that allows to “fix” the update mechanism of the most popular programs (Windows update, Apple update and so on and so forth) by replacing valid files with malicious ones. You probably think that only the application’s updates are vulnerable? Well, you are wrong. I shall be honest with you, it is not that secure to download files from the web as it might be seemed from the first sight. Don’t believe me? Then look, or better say, read.

Read full article →