Language Selection

English French German Italian Portuguese Spanish

today's howtos

More in Tux Machines

Security: More Xbash Scare (Relies on Already-Compromised Systems), CCTV Weakness, and Red Hat's 'DevSecOps' Buzzwording

  • Windows, Linux Servers Beware: New Malware Encrypts Files Even After Ransom Is Paid
    Ransomware skyrocketed from obscurity to infamy in no time flat. Headline-grabbing campaigns like WannaCry, Petya and NotPetya preceded a substantial increase in the number of small attacks using similar techniques to extort unwary internet users. Now, researchers at Palo Alto Networks have revealed new malware that carries on NotPetya's legacy while combining various types of threats into a single package. The researchers, dubbed Unit 42, named this new malware Xbash. It's said to combines a bot net, ransomware and cryptocurrency mining software in a single worm and targets servers running Linux or Windows. The researchers blame an entity called the Iron Group for Xbash's creation, which has been linked to other ransomware attacks. The malware is thought to have first seen use in May 2018.
  • Xbash Malware Deletes Databases on Linux, Mines for Coins on Windows
  • CCTV Cameras Are Susceptible To Hacks; Hackers Can Modify Video Footage
    A vulnerability has been discovered in video surveillance camera software that could allow hackers to view, delete or modify video footage. A research paper published by Tenable, a security firm, has revealed a vulnerability named Peekaboo in the video surveillance systems of NUUO. By exploiting the software flaw, hackers can acquire the admin privileges and can monitor, tamper and disable the footage.
  • Tenable Research Discovers “Peekaboo” Zero-Day Vulnerability in Global Video Surveillance Software
    Tenable®, Inc., the Cyber Exposure company, today announced that its research team has discovered a zero-day vulnerability which would allow cybercriminals to view and tamper with video surveillance recordings via a remote code execution vulnerability in NUUO software — one of the leading global video surveillance solution providers. The vulnerability, dubbed Peekaboo by Tenable Research, would allow cybercriminals to remotely view video surveillance feeds and tamper with recordings using administrator privileges. For example, they could replace the live feed with a static image of the surveilled area, allowing criminals to enter the premises undetected by the cameras.
  • 5 ways DevSecOps changes security
    There’s been an ongoing kerfuffle over whether we need to expand DevOps to explicitly bring in security. After all, the thinking goes, DevOps has always been something of a shorthand for a broad set of new practices, using new tools (often open source) and built on more collaborative cultures. Why not DevBizOps for better aligning with business needs? Or DevChatOps to emphasize better and faster communications? However, as John Willis wrote earlier this year on his coming around to the DevSecOps terminology, “Hopefully, someday we will have a world where we no longer have to use the word DevSecOps and security will be an inherent part of all service delivery discussions. Until that day, and at this point, my general conclusion is that it’s just three new characters. More importantly, the name really differentiates the problem statement in a world where we as an industry are not doing a great job on information security.”

What is the relationship between FSF and FSFE?

Ever since I started blogging about my role in FSFE as Fellowship representative, I've been receiving communications and queries from various people, both in public and in private, about the relationship between FSF and FSFE. I've written this post to try and document my own experiences of the issue, maybe some people will find this helpful. These comments have also been shared on the LibrePlanet mailing list for discussion (subscribe here) Being the elected Fellowship representative means I am both a member of FSFE e.V. and also possess a mandate to look out for the interests of the community of volunteers and donors (they are not members of FSFE e.V). In both capacities, I feel uncomfortable about the current situation due to the confusion it creates in the community and the risk that volunteers or donors may be confused. The FSF has a well known name associated with a distinctive philosophy. Whether people agree with that philosophy or not, they usually know what FSF believes in. That is the power of a brand. When people see the name FSFE, they often believe it is a subsidiary or group working within the FSF. The way that brands work, people associate the philosophy with the name, just as somebody buying a Ferrari in Berlin expects it to do the same things that a Ferrari does in Boston. To give an example, when I refer to "our president" in any conversation, people not knowledgeable about the politics believe I am referring to RMS. More specifically, if I say to somebody "would you like me to see if our president can speak at your event?", some people think it is a reference to RMS. In fact, FSFE was set up as a completely independent organization with distinct membership and management and therefore a different president. When I try to explain this to people, they sometimes lose interest and the conversation can go cold very quickly. Read more

Android Leftovers

Things Gateway - Rules Rule

A smart home is a lot more than just lights, switches and thermostats that you can control remotely from your phone. To truly make a Smart Home, the devices must be reactive and work together. This is generally done with a Rule System: a set of maxims that automate actions based on conditions. It is automation that makes a home smart. There are a couple options for a rule system with the Things Gateway from Mozilla. First, there is a rule system built into the Web GUI, accessed via the Rules option in the drop down menu. Second, there is the Web Things API that allows programs external to the Things Gateway to automate the devices that make up a smart home. Most people will gravitate to the former built-in system, as it is the most accessible to those without predilection to writing software. This blog post is going to focus on the this rules system native to the Things Gateway. Read more