Just before the year starts to wrap up, we are getting the final 2024 release out! This contains a wide range of updates and changes, which are in already in effect, ready for immediate download, or updating.
The summary of the changelog since the 2024.3 release from September is:
Python 3.12 - New default Python version (Au revoir pip, hello pipx)
The end of the i386 kernel and images - Farewell x86 (images), but not goodbye (packages)
Deprecations in the SSH client: DSA keys - Reminder about using ssh1 if required
Raspberry Pi Imager Customizations Support - Able to alter settings at write time
GNOME 47 - Now able to synchronize your favorite colors
Kali Forums Refresh - New heart of the community home
Kali NetHunter - Updates to the app, kernels, installer, store and website !
New Tools - 14 new shiny toys added (and countless updated!)
A new Python version: 3.12
Python 3.12 is now the default Python interpreter. While it was released upstream a year ago, it took a bit of time to become the default in Debian, and then even more time to make it to Kali Linux, but finally it’s here. Every new version of Python brings along some deprecations or subtle changes of behavior, which in turn breaks some Python packages, and we have to investigate and fix all the issues reported by our QA system. Hence the delay.
Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.
What do you mean secure by design? What part of it is secure. Compare it to actually security focused Linux operating systems like QubesOS, Kicksecure, or Secureblue. Literally any OS that supports the Brace tool (made by the creator of DivestOS) is much more secure than Kali Linux. Kali is purpose built for red team work, not being secure (aka reducing attack surface or designing around a threat model).
Kali is secure as in once it’s configured, it cannot be accessed without creds, keys etc.
That meets the definition of ‘secure’. It’s just Linux with a bunch of pre installed packages.
Of course something can always be more secure. But saying Kali isn’t secure is like me saying your PC isn’t secure because it isn’t air gapped like my most secure PC.
PCs aren’t secure. Linux default isnt secure. Kali has so many apps/tools installed by default that it isnt comparable to default Linux. It has massive attack surface and no security design, therefore calling it secure isn’t accurate.
If no effort was put into the security design of an OS, why call it secure?
Okay if I turned off password auth, just used keys, disabled the Kali user and root login, how are you breaking in?
Where’s the vulnerability? Which cve or cwe are you able to exploit?
A large attack surface doesn’t mean insecure. It just means less secure.
Source: I literally pentest for a living.
No, I don’t even use Kali on a regular basis.
Except it is secure by design.
But you’re right about it not being meant as a daily driver.
it’s not secure by design, since it’s not made to be secure, and also uses unstable versions of a lot of packages to make certain exploits work
What do you mean secure by design? What part of it is secure. Compare it to actually security focused Linux operating systems like QubesOS, Kicksecure, or Secureblue. Literally any OS that supports the Brace tool (made by the creator of DivestOS) is much more secure than Kali Linux. Kali is purpose built for red team work, not being secure (aka reducing attack surface or designing around a threat model).
Kali is secure as in once it’s configured, it cannot be accessed without creds, keys etc. That meets the definition of ‘secure’. It’s just Linux with a bunch of pre installed packages.
Of course something can always be more secure. But saying Kali isn’t secure is like me saying your PC isn’t secure because it isn’t air gapped like my most secure PC.
PCs aren’t secure. Linux default isnt secure. Kali has so many apps/tools installed by default that it isnt comparable to default Linux. It has massive attack surface and no security design, therefore calling it secure isn’t accurate.
If no effort was put into the security design of an OS, why call it secure?
Okay if I turned off password auth, just used keys, disabled the Kali user and root login, how are you breaking in? Where’s the vulnerability? Which cve or cwe are you able to exploit?
A large attack surface doesn’t mean insecure. It just means less secure.
Source: I literally pentest for a living. No, I don’t even use Kali on a regular basis.