Language Selection

English French German Italian Portuguese Spanish

Security: Updates, Reproducible Builds and Windows 'Fun'

Filed under
Security
  • Security updates for Tuesday
  • Reproducible Builds: Weekly report #164
  • PyRoMineIoT cryptojacker uses NSA exploit to spread

    Larry Trowell, principal consultant with Synopsys Software Integrity Group, said the government shares some of the blame for the NSA exploit.

    "It's in every country's interest to develop systems enabling offensive and defensive strategies to protect individuals and national services," Trowell wrote via email. "There is no fault in that. If the NSA does have some blame to share in this situation, it is for allowing secrets to be exfiltrated -- not in developing them."

    Jett said although the NSA exploit was stolen, "they didn't create the vulnerabilities that allow for the malware to exploit devices."

    "As such, you can't hold them responsible for the malware that has emerged from the EternalRomance exploit. Vendors whose products are vulnerable to EternalRomance are responsible for resolving the exploit problem," Jett wrote. "Additionally, it has been more than a year since the NSA exploits were released, and vendors have created patches. It becomes incumbent on the users to make sure they are properly patching their software and reducing the threat surface for these exploits."

  • Can Hackers Crack the Ivory Towers?

    While both researchers agreed that their colleagues would gain from incorporating hackers' discoveries into their own work, they diverged when diagnosing the source of the gulf between the two camps and, to a degree, even on the extent of the rift.

  • 6-Year-Old Malware Injects Ads, Takes Screenshots On Windows 10

    A sneaky and persistent malware has surfaced which spams Windows 10 PCs with ads and takes screenshots to eventually send it to the attackers.

    Security researchers at Bitdefender found this malware named Zacinlo which first appeared in 2012. About 90% of Zacinlo’s victims are from the US running Microsoft Windows 10. There are other victims too from Western Europe, China, and India with a small fraction running Windows 7 or 8.

More in Tux Machines

Mozilla: Privacy, R.I.P., and Consent Management at Mozfest 2018

  • Firefox collects data on you through hidden add-ons

    Mozilla, the organisation that produces the Firefox browser and makes a loud noise about its open source credentials, is quietly collecting telemetry data on its users by the use of hidden add-ons, even though publicly visible telemetry controls are not selected.

  • R.I.P., Charles W. Moore, a fine man who liked fine Macs
    A farewell and au revoir to a great gentleman in making the most of your old Mac, Charles W. Moore, who passed away at his home in rural Canada on September 16 after a long illness. Mr Moore was an early fan of TenFourFox, even back in the old bad Firefox 4 beta days, and he really made his famous Pismo PowerBook G3 systems work hard for it.
  • Consent management at Mozfest 2018
    Good news. It looks like we're having a consent management mini-conference as part of Mozfest next month. (I'm one of the organizers for the Global Consent Manager session, and plan to attend the others.)

Android Leftovers

LibreOffice: A history of document freedom

My reminiscing led me to reach out to the Document Foundation, which governs LibreOffice, to learn more about the history of this open source productivity software. The Document Foundation's team told me that "StarWriter, the ancestor of the LibreOffice suite, was developed as proprietary software by Marco Börries, a German student, to write his high school final thesis." He formed a company called Star Division to develop the software. In 1999, Sun Microsystems bought Star Division for $73.5 million, changed the software's name to OpenOffice.org, and released the code as open source. Anyone could download the office suite at no charge for personal use. The Document Foundation told me, "For almost 10 years, the software was developed under Sun stewardship, from version 1.0 to version 3.2. It started with a dual license—LGPL and the proprietary SISSL (Sun Industry Standard Software License)—but it evolved to pure LGPL from version 2.0." Read more

Learn the 37 most frequently used shortcuts in GIMP

GIMP is a fantastic artist's tool for editing digital images, especially with the bevy of impressive features in the recent release of version 2.10. Of course, like all creative applications, you can get working more quickly if you can make yourself familiar with the various keyboard shortcuts and hotkeys available. GIMP, of course, gives you the ability to customize these shortcuts to match what you're personally comfortable with. However, the default shortcuts that GIMP ships with are impressive and generally easy to get used to. This cheat sheet is not an exhaustive list of all of the defaults GIMP has available. Instead, it covers the most frequently used shortcuts so you can get to work as fast as possible. Plus, there should be a few in here that make you aware of a few features that maybe you weren't aware of. Read more