Language Selection

English French German Italian Portuguese Spanish

Security: Updates, Mirai and Singapore's Massive Breach

Filed under
Security
  • Security updates for Friday
  • Mirai botnet hackers [sic] avoid jail time by helping FBI

    The three men, Josiah White, 21, Dalton Norman, 22, and Paras Jha, 22, all from the US, managed to avoid the clink by providing "substantial assistance in other complex cybercrime investigations", according to the US Department of Justice. Who'd have thought young hacker [sic] types would roll over and show their bellies when faced with prison time....

  • A healthcare IT foundation built on gooey clay

    Today, there was a report from the Solicitor General of Singapore about the data breach of the SingHealth systems that happened in July.

    These systems have been in place for many years. They are almost exclusively running Microsoft Windows along with a mix of other proprietary software including Citrix and Allscript. The article referred to above failed to highlight that the compromised “end-user workstation” was a Windows machine. That is the very crucial information that always gets left out in all of these reports of breaches.

    I have had the privilege of being part of an IT advisory committee for a local hospital since about 2004 (that committee has disbanded a couple of years ago, btw).

    [...]

    Part of the reason is because decision makers (then and now) only have experience in dealing with proprietary vendor solutions. Some of it might be the only ones available and the open source world has not created equivalent or better offerings. But where there are possibly good enough or even superior open source offerings, they would never be considered – “Rather go with the devil I know, than the devil I don’t know. After all, this is only a job. When I leave, it is someone else’s problem.” (Yeah, I am paraphrasing many conversations and not only from the healthcare sector).

    I recall a project that I was involved with – before being a Red Hatter – to create a solution to create a “computer on wheels” solution to help with blood collection. As part of that solution, there was a need to check the particulars of the patient who the nurse was taking samples from. That patient info was stored on some admission system that did not provide a means for remote, API-based query. The vendor of that system wanted tens of thousands of dollars to just allow the query to happen. Daylight robbery. I worked around it – did screen scrapping to extract the relevant information.

    Healthcare IT providers look at healthcare systems as a cashcow and want to milk it to the fullest extent possible (the end consumer bears the cost in the end).

    Add that to the dearth of technical IT skills supporting the healthcare providers, you quickly fall into that vendor lock-in scenario where the healthcare systems are at the total mercy of the proprietary vendors.

More in Tux Machines

Software: Synapse, Qmmp and LibreOffice

  • How to install and use Synapse, the MacOS Spotlight alternative for Linux
    Mac OS is everybody’s favorite, and there are several reasons behind it. One of the most useful utilities you can find on Mac OS is Spotlight, which makes searching for things a piece of cake, all directly from the desktop. While most developers have already designed similar utilities for Windows, the open-source Linux based operating systems are no exception, as well. Most Linux operating systems like Ubuntu have its own search functionality, but it can sometimes be troublesome to reach there and isn’t as powerful as Spotlight. So with Synapse for Linux, you can do just that, and boost the power of the search functionality on your system. With Synapse for Ubuntu, you can even search for things on the web, which is cool, as well. Some Linux distros like Lubuntu, don’t offer decent search functionality, and Synapse can be a great solution in such cases. With Synapse, searching is easy with just the navigation buttons on your keyboard, and you are ready to go. Synapse can be downloaded and installed from the Linux official repository. Synapse can also be configured to run on startup so that too don’t need to search for, and open Synapse, each time you need to use it.
  • Qmmp 1.3.3 Released with Floating PulseAudio, ALSA, OSS4 Support
    Qmmp, Qt based audio player, released version 1.3.3 with improvements and bug fixes. Here’s how to install it in Ubuntu 16.04, Ubuntu 18.04, Ubuntu 18.10, Ubuntu 19.04.
  • Office Suites for Ubuntu 18.04
    Today we are looking at different office suites for Ubuntu 18.04. LibreOffice is the default LibreOffice suite for Ubuntu but it is by all means not the only one. In this article, we will look at different office suites for Ubuntu and all of its pros and cons. All these Office Suites are available for at least all Ubuntu based distros, and the installation method is the same for all the Ubuntu based distros.
  • Week 3 Report
    I continue working on Rewriting the logger messages with the new DSL grammar:

Lenovo ThinkPad P Laptops Are Available with Ubuntu

Dell may be the best-known Linux laptop vendor right now, but Lenovo is looking to muscle in on the pre-installed Linux machine market. All of Lenovo’s refreshed ThinkPad P series laptops will be available to buy with Ubuntu 18.04 LTS preinstalled when they go on sale in the US later this month. Oddly, Lenovo doesn’t mention Linux availability in their press release introducing the new ThinkPad P series laptops, but eagle-eyed Linux users spotted the additional OS option on when investigating the laptop’s ‘tech specs’ on the Lenovo website. The company says its refreshed P-series ‘portfolio’ is “…is designed to meet the ever-changing power and portability needs of modern professionals across industries – both in the office and beyond without sacrificing our legendary engineering know-how, reliability and security.” Read more Also: How to install Lubuntu Linux OS on PC via USB stick/drive

Move to pay Debian devs for project work rears its head again

The idea of paying developers to work on Debian GNU/Linux packages has reared its head again, with senior developer Raphael Hertzog proposing that project funds be used for the purpose. Hertzog made the suggestion in a reply to a post on one of the project's mailing lists which was part of a thread on the subject "Why do we take so long to realise good ideas?" "Use the $300,000 on our bank accounts?", he wrote, adding that he had heard of another US$300,000 donation made by Google to the project though he was unable to find any publicly accessible reference to it. The idea of paying developers for their work on what is a community project was raised 13 years ago by former project leader Anthony Towns, with the reason being the speeding up of development so that releases could take place sooner. The idea did not prove very popular as it was meant to be run outside the project proper and was meant to pay core members for their work. Read more

GNOME 3.34’s Sleek New Desktop Background

The upcoming GNOME 3.34 release is sure to ship with a stack of improvements, new features and core app updates — but it will also come with a brand new default wallpaper! GNOME designer Jakub Steiner is, once again, diligently designing a new desktop drape for the revered free desktop to use by default. And although the intended design is not final-final, it’s almost done! So here’s your first look at the brand new GNOME 3.34 wallpaper... Read more