Posts tagged deskcon
The DeskCon Project makes use of the OpenSSL Libraries on Linux and Android. That means that a Heartsbleed Attack is possible, at least at the Desktop side.
Most Android Versions do not have the “Heartbeat” Feature enabled (only Android 4.1.1) so most are save, but to be sure you can use this App to test your Device.
This has been fixed in OpenSSL 1.0.1g. Please update your OpenSSL Package!
I created a Launchpad PPA Repository for the Desktop Packages of DeskCon. This Repo is for usage with Ubuntu Quantal, Saucy and Trusty.
To add the PPA, run these in your Terminal
sudo add-apt-repository ppa:screenfreeze/deskcon
sudo apt-get update
sudo apt-get install deskcon-server
sudo apt-get install gnome-shell-extension-deskcon
sudo apt-get install deskcon-indicator
DeskCon Connection Security2
First of all, I’m not a Security Expert, I just use the well known Encryption and Security standards. So if you find any flaws in how I implemented that stuff, please tell me.
Basically I use self-signed Certificates with a TLSv1.2 SSL Connection. During the “pair”-Process, Desktop and mobile Device exchange their X509v3 Certificate and print out the Fingerprints (sha256), so that the User can verify their Identity. If the User says they match, the Certificates will be stored.
The Certificates are generated from a 2048-bit RSA Key-pair and signed with SHA256 Algorithm.
The SSL Connection is actually over TLSv1,TLSv1.1 or TLSv1.2 depending on your Android Version (TLSv1.2 is supported in Android 4.1 and up) and the OpenSSL Library Version. Server and Client have to authenticate each other with the mentioned Certificates.
So the whole data Transfer is encrypted and the Devices (Desktop and MID) can be sure they talk with the right Machine.