Language Selection

English French German Italian Portuguese Spanish

Security: MalwareTech, JavaScript, Vista 10, TPM2, Intel Back Door, Linux Bug, Pizza Hut Breach, Telcos Spying

Submitted by Roy Schestowitz on Monday 16th of October 2017 03:56:44 AM Filed under
Security
  • Let MalwareTech Surf! Status Report
  • 500 million PCs are being used for stealth cryptocurrency mining online

    A month or so ago, torrent search website The Pirate Bay raised concern among the community as visitors noticed their CPU usage surged whenever a page was opened.

  • Dutch slam Windows 10 for breaking privacy laws

    Dutch authorities claim Microsoft’s Windows 10 operating system is violating data protection and privacy laws, and warned they may impose fines on the US technology giant.

    “Microsoft breaches the Dutch data protection law by processing personal data of people that use the Windows 10 operating system on their computers,” the Dutch Data Protection Authority (DPA) said in a statement late Friday.

    The company fails to “clearly inform” users of Windows 10 that it “continuously collects personal data about the usage of apps and web surfing behavior through its web browser Edge, when the default settings are used,” the DPA said.

  • Using Elliptic Curve Cryptography with TPM2

    One of the most significant advances going from TPM1.2 to TPM2 was the addition of algorithm agility: The ability of TPM2 to work with arbitrary symmetric and asymmetric encryption schemes. In practice, in spite of this much vaunted agile encryption capability, most actual TPM2 chips I’ve seen only support a small number of asymmetric encryption schemes, usually RSA2048 and a couple of Elliptic Curves. However, the ability to support any Elliptic Curve at all is a step up from TPM1.2. This blog post will detail how elliptic curve schemes can be integrated into existing cryptographic systems using TPM2. However, before we start on the practice, we need at least a tiny swing through the theory of Elliptic Curves.

  • Sakaki's EFI Install Guide/Disabling the Intel Management Engine

    The Intel Management Engine ('IME' or 'ME') is an out-of-band co-processor integrated in all post-2006 Intel-CPU-based PCs. It has full network and memory access and runs proprietary, signed, closed-source software at ring -3,[1][2][3][4] independently of the BIOS, main CPU and platform operating system[5][6] — a fact which many regard as an unacceptable security risk (particularly given that at least one remotely exploitable security hole has already been reported[7][8]).

  • Linux vulnerable to privilege escalation

    An advisory from Cisco issued last Friday, October 13th, gave us the heads-up on a local privilege escalation vulnerability in the Advanced Linux Sound Architecture (ALSA).

    The bug is designated CVE-2017-15265, but its Mitre entry was still marked “reserved” at the time of writing. Cisco, however, had this to say about it before release:

  • Pizza Hut was hacked, company says

    According to a customer notice emailed from the pizza chain, those who placed an order on its website or mobile app between the morning of Oct. 1 and midday Oct. 2 might have had their information exposed.

    The “temporary security intrusion” lasted for about 28 hours, the notice said, and it’s believed that names, billing ZIP codes, delivery addresses, email addresses and payment card information — meaning account number, expiration date and CVV number — were compromised.

  • Want to see something crazy? Open this link on your phone with WiFi turned off

    These services are using your mobile phone’s IP address to look up your phone number, your billing information and possibly your phone’s current location as provided by cell phone towers (no GPS or phone location services required). These services are doing this with the assistance of the telco providers.

  • Telcos "selling realtime ability to associate web browsing with name & address"
»

More in Tux Machines

Linux Graphics: AMD and NVIDIA

  • Vega 20 Support Added To RadeonSI Gallium3D Driver
    With the upcoming Linux 4.18 kernel release due out in August there is the AMDGPU kernel driver support for Vega 20, the yet-to-be-released Vega GPU said to be the 7nm part launching later this year in Radeon Instinct products and featuring 32GB of HBM2 and adding some new deep learning instructions. Now the RadeonSI Gallium3D user-space driver for OpenGL within Mesa has Vega 20 support.
  • NVIDIA 396.24.10 Linux Driver Brings Vulkan 8-Bit / Renderpass2 / Conditional Render
    NVIDIA developers today released the 396.24.10 driver, their latest beta driver for Linux focused on the latest Vulkan innovations and improvements and is joined by the Windows 398.58 driver. The NVIDIA 396.24.10 Linux driver (and 398.58 beta for Windows) are focused on delivering the functionality added with the recent Vulkan 1.1.80 specification update.

96-core NanoPi Fire3 cluster computer blows past RPi rigs in benchmarks

Cluster computer projects are increasingly looking beyond the Raspberry Pi to build devices with faster cluster-friendly SBCs. Here’s a 96-core monster that taps the octa-core NanoPi Fire3. Cluster computers constructed of Raspberry Pi SBCs have been around for years, ranging from supercomputer-like behemoths to simple hobbyist rigs. More recently, we’ve seen cluster designs that use other open-spec hacker boards, many of which offer higher computer power and faster networking at the same or lower price. Farther below, we’ll examine one recent open source design from Paul Smith at Climbers.net that combines 12 octa-core NanoPi-Fire3 SBCs for a 96-core cluster. Read more Also: Low-profile Apollo Lake Mini-ITX board runs Linux

Software: gksu Alternatives, bootiso and Yay

  • Opening Graphical Application with Root Permission – gksu Alternatives in Ubuntu 18.04
    Recently, Ubuntu 18.04 removed gksu from its repositories, causing panic in anyone who relied on the utility on a regular basis. What many people didn’t realize, though, was gksu hadn’t been maintained in a long time. It was already a dead program. Ubuntu finally just made the move to cut ties with it.
  • bootiso: Easy ISO To Bootable USB Drive From The Command Line
    If you're looking for a command line tool that is able to create a bootable USB drive from both hybrid and non-hybrid ISO images (it should work with any Linux distribution ISO as well as Microsoft Windows ISO files), with some safety checks in place, you may want to give Bootiso a try.
  • Yay – Yet Another Reliable AUR Helper Written In Go
    Howdy Arch Users! I’ve got a good news for you. Today, I stumbled upon yet another reliable AUR helper called “Yay”. Yep! the name of this AUR helper is Yay. In the past, I was using Pacaur for installing AUR packages. It did a great job and I really liked it. I have also used some other AUR helpers such as Packer and Yaourt as well. But, they are all now discontinued and not recommended to use anymore. After reading about Yay features, I thought to give “Yay” a try and see how things works. So, here we go!

Security: Defective Processors, Malicious Proprietary Software and Cost of Bad Software

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6