Language Selection

English French German Italian Portuguese Spanish

Security: Windows, Salon, Fraud. Skype and More

Filed under
Security
  • Critical Telegram flaw under attack disguised malware as benign images [Ed: Windows]

    The flaw, which resided in the Windows version of the messaging app, allowed attackers to disguise the names of attached files, researchers from security firm Kaspersky Lab said in a blog post. By using the text-formatting standard known as Unicode, attackers were able to cause characters in file names to appear from right to left, instead of the left-to-right order that's normal for most Western languages.

  • Salon to ad blockers: Can we use your browser to mine cryptocurrency?

    Salon explains what's going on in a new FAQ. "How does Salon make money by using my processing power?" the FAQ says. "We intend to use a small percentage of your spare processing power to contribute to the advancement of technological discovery, evolution, and innovation. For our beta program, we'll start by applying your processing power to help support the evolution and growth of blockchain technology and cryptocurrencies."

  • Why children are now prime targets for identity theft [sic] [iophk: "the real name for this is "fraud" and there are already existing laws on it"]

    SSA believed this change would make it more difficult for thieves to “guess” someone’s SSN by looking at other public information available for that person. However, now that an SSN is not tied to additional data points, such as a location or year of birth, it becomes harder for financial institutions, health care providers, and others to verify that the person using the SSN is in fact the person to whom it was issued.

    In other words: Thieves now target SSNs issued after this change as they know your 6-year-old niece or your 4-year-old son will not have an established credit file.

  • Microsoft won't plug a huge zero-day in Skype because it'd be too much work

    The bug in the automatic updater (turd polisher) for the Windows desktop app has a ruddy great hole in it that will let dodgy DLLs through.

  • ‘I Lived a Nightmare:’ SIM Hijacking Victims Share Their Stories

    The bug itself didn’t expose anything too sensitive. No passwords, social security numbers, or credit card data was exposed. But it did expose customers’ email addresses, their billing account numbers, and the phone’s IMSI numbers, standardized unique number that identifies subscribers. Just by knowing (or guessing) customer’s phone numbers, hackers could get their target’s data.

    Once they had that, they could impersonate them with T-Mobile’s customer support staff and steal their phone numbers. This is how it works: a criminal calls T-Mobile, pretends to be you, convinces the customer rep to issue a new SIM card for your number, the criminal activates it, and they take control of your number.

More in Tux Machines

Finally: Historic Eudora email code goes open source

The source code to the Eudora email client is being released by the Computer History Museum, after five years of discussion with the IP owner, Qualcomm. The Mac software was well loved by early internet adopters and power users, with versions appearing for Palm, Newton and Windows. At one time, the brand was so synonymous with email that Lycos used Eudora to brand its own webmail service. As the Mountain View, California museum has noted, "It’s hard to overstate Eudora’s popularity in the mid-1990s." Read more Also: The Computer History Museum Just Made Eudora Open Source

Android Leftovers

Security Leftovers, Mostly 'Spectre' and 'Meltdown' Related

  • More Meltdown/Spectre Variants
  • Spectre V2 & Meltdown Linux Fixes Might Get Disabled For Atom N270 & Other In-Order CPUs
    There's a suggestion/proposal to disable the Spectre Variant Two and Meltdown mitigation by default with the Linux kernel for in-order CPUs. If you have an old netbook still in use or the other once popular devices powered by the Intel Atom N270 or other in-order processors, there may be some reprieve when upgrading kernels in the future to get the Spectre/Meltdown mitigation disabled by default since these CPUs aren't vulnerable to attack but having the mitigation in place can be costly performance-wise.
  • Linux 4.17 Lands Initial Spectre V4 "Speculative Store Bypass" For POWER CPUs
    Following yesterday's public disclosure of Spectre Variant Four, a.k.a. Speculative Store Bypass, the Intel/AMD mitigation work immediately landed while overnight the POWER CPU patch landed.
  • New Variant Of Spectre And Meltdown CPU Flaw Found; Fix Affects Performance
  • Ubuntu 18.04 LTS Gets First Kernel Update with Patch for Spectre Variant 4 Flaw
    Canonical released the first kernel security update for its Ubuntu 18.04 LTS (Bionic Beaver) operating system to fix a security issue that affects this release of Ubuntu and its derivatives. As you can imagine, the kernel security update patches the Ubuntu 18.04 LTS (Bionic Beaver) operating system against the recently disclosed Speculative Store Buffer Bypass (SSBB) side-channel vulnerability, also known as Spectre Variant 4 or CVE-2018-3639, which could let a local attacker expose sensitive information in vulnerable systems.
  • RHEL and CentOS Linux 7 Receive Mitigations for Spectre Variant 4 Vulnerability
    As promised earlier this week, Red Hat released software mitigations for all of its affected products against the recently disclosed Spectre Variant 4 security vulnerability that also affects its derivatives, including CentOS Linux. On May 21, 2018, security researchers from Google Project Zero and Microsoft Security Response Center have publicly disclosed two new variants of the industry-wide issue known as Spectre, variants 3a and 4. The latter, Spectre Variant 4, is identified as CVE-2018-3639 and appears to have an important security impact on any Linux-based operating system, including all of its Red Hat's products and its derivatives, such as CentOS Linux.

LXQt 0.13 Desktop Environment Officially Released, It's Coming to Lubuntu 18.10

For starters, all of LXQt's components are now ready to be built against the recently released Qt 5.11 application framework, and out-of-source-builds are now mandatory. LXQt 0.13.0 also disabled the menu-cached functionality, making it optional from now on in both the panel and runner, thus preventing memory leaks and avoiding any issues that may occur when shutting down or restarting LXQt. Read more