Language Selection

English French German Italian Portuguese Spanish

Security: DNS Typosquatting, Encryption and Firewalls, Vista 10 Compromised, Stack Clash, CherryBlossom, Russia and Epyc

Filed under
Security
  • Practical waterholing through DNS typosquatting

    Typosquatting has been known and abused since the 90’s, mostly for phishing, but is it still profitable for water-hole kind of attacks?

  • Encryption and Firewalls – Unleaded Hangout
  • Windows 10 S security brought down by, of course, Word macros [Ed: By Microsoft Peter (damage control)]

    But if that protection is flawed—if the bad guys can somehow circumvent it—then the value of Windows 10 S is substantially undermined. The downside for typical users will remain, as there still won't be any easy and straightforward way to install and run arbitrary Windows software. But the upside, the protection against malware, will evaporate.

  • Microsoft claims on Windows 10 S security blown away

    Microsoft's claims that no known ransomware can run on Windows 10 S have been blown sky high by a researcher – in just three hours.

  • A Stack Clash disclosure post-mortem
  • Hardened/Gentoo Hardened and Stack Clash
  • [Older] If your home wifi router is on this list, it might be vulnerable to CIA hacking tools

    For the past four months, WikiLeaks has been slowly publishing a series of documents that describe a plethora of hacking tools, which the anti-secrecy organization says belong to the US Central Intelligence Agency. The latest release, published June 15, is a batch of documents describing tools that can be used to hack home wifi routers.

    The collection of tools, which the documents refer to as “CherryBlossom,” can be used to monitor internet activity on networks that use the routers it infects. CherryBlossom infects routers by identifying their make and model and injecting malicious firmware into them. This kind of hack, when successful, is nearly impossible to detect because it infects the hardware itself and is not something anti-virus software is capable of checking.

  • Under pressure, Western tech firms bow to Russian demands to share cyber secrets

    Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found.

    Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country. The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any "backdoors" that would allow them to burrow into Russian systems.

  • AMD’s Epyc is a major advance in security

    AMD’s Zen core has been revealed in detail but with Epyc the company added a few juicy details. SemiAccurate is particularly interested in the security aspects on the new CPU line which is what we will discuss here.

More in Tux Machines

EasyPup 2.2.14 released

Hot on the heals of EasyOS 2.2.14, EasyPup is released, for those who want a more traditional puppy. The apps and user interface is pretty much the same as EasyOS, but the underlying infrastructure is different. Read more

BSD: End of TrueOS, OpenBSD and FreeBSD at FOSDEM

  • It's Official But Sad: TrueOS Is Over As Once The Best Desktop BSD OS

    It's been on life support for a while but to much sadness, TrueOS indeed is no longer being maintained as the once very promising downstream of FreeBSD that for a while offered arguably the best out-of-the-box BSD desktop experience. TrueOS, formerly known as PC-BSD, is dead. Kris Moore, the VP of Engineering at iXsystems, confirmed earlier this month on their forums that work has ceased on the operating system.

  • OpenBSD -current - Frequent asked questions

    Hello, as there are so many questions about OpenBSD -current on IRC, Mastodon or reddit I’m writing this FAQ in hope it will help people.

    The official FAQ already contains answers about -current like Following -current and using snapshots and Building the system from sources.

  • OpenBSD's 'spinning' CPU time category

    Unix systems have long had a basic breakdown of what your CPU (or CPUs) was spending its time doing. The traditional division is user time, system time, idle time, and 'nice' time (which is user time for tasks that have their scheduling priority lowered through nice(1) or the equivalent), and then often 'interrupt' time, for how much time the system spent in interrupt handling. Some Unixes have added 'iowait', which is traditionally defined as 'the system was idle but one or more processes were waiting for IO to complete'. OpenBSD doesn't have iowait, but current versions have a new time category, 'spinning'.

  • FOSDEM 2020 Conference Recap

    For the third year in a row, I attended FOSDEM, an amazing open source conference in Brussels, Belgium. Taking place, February 1-2, the event is a totally volunteer run conference geared towards promoting the widespread use of free and open source software. The Foundation has sponsored and organized a FreeBSD table there for a few years now.

today's howtos

Debian To Take On COVID-19 With A Biohackathon

Debian developers are wanting to do their part to take on the global coronavirus pandemic by hosting a COVID-19 Biohackathon. This virtual event organized by Debian developers is taking place from 5 to 11 April. Their hope with this biohackathon is to "improve biomedical FOSS and the tools/libraries that support those projects." Among the work they hope to see realized from this hackathon are addressing various bugs, contributing to upstream biomedical open-source software, and related work. Read more