Security Leftovers
-
Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail
Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets’ level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targets’ accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password.
-
Ships are just giant floating computers, filled with ransomware, BadUSB, and worms
The document recounts incidents in which infected ships were stranded because malware caused their computerized navigation to fail, and there were no paper charts to fall back on; incidents where fleet owners paid off ransomware demands to keep ships at sea safe, and where the entire digital infrastructure of a ship at sea failed due to malware that spread thanks to weak passwords.
-
Are Chinese spying fears just paranoia?
The arrest of Meng Wanzhou, the chief financial officer of Chinese telecoms giant Huawei, and the daughter of its founder, Ren Zhengfei, has highlighted growing fears in the West about China’s ascendancy in advanced technology sectors that will increasingly underpin the global economy. Meng’s arrest (in Vancouver, on a US arrest warrant) is not related to corporate espionage, let alone state espionage.
Rather, she is accused of using a Huawei subsidiary called Skycom to evade US sanctions on Iran between 2009 and 2014. US prosecutors allege she publicly misrepresented Skycom as being a separate company from Huawei, and deceived banks about the true relationship between the two companies. But although the Meng case is not about spying, it reflects a growing unease among Western policymakers that has been brewing for years. Should the West trust a Chinese telecoms giant to supply us with critical infrastructure?
-
Notes on Build Hardening
Modern languages (Java, C#, Go, Rust, JavaScript, Python, etc.) are inherently "safe", meaning they don't have "buffer-overflows" or related problems.
However, C/C++ is "unsafe", and is the most popular language for building stuff that interacts with the network. In other cases, while the language itself may be safe, it'll use underlying infrastructure ("libraries") written in C/C++. When we are talking about hardening builds, making them safe or security, we are talking about C/C++.
In the last two decades, we've improved both hardware and operating-systems around C/C++ in order to impose safety on it from the outside. We do this with options when the software is built (compiled and linked), and then when the software is run.
-
Survey Results: Open-Source Repo Managers Should Get Paid
We asked, you answered: Yes, developers should be paid for open-source repositories they maintain.
Last week, we asked you whether open-source repository maintainers should be compensated for their time. The catalyst for our survey was an instance where an overworked maintainer for a very popular JavaScript framework decided to bring others in to help them manage the repo. In doing so, one of the managers surreptitiously linked to an outside repo that was pinching cryptocurrency data.
All indications are the new manager knew what they were doing. The library’s main manager claims they were simply unprepared to continue managing a burdensome repository for free, so they sought help. Open source, after all, is the exchange of data without being compensated.
-
- Login or register to post comments
- Printer-friendly version
- 612 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Schedule a visit with the Emacs psychiatrist
Welcome to another day of the 24-day-long Linux command-line toys advent calendar. If this is your first visit to the series, you might be asking yourself what a command-line toy even is. We’re figuring that out as we go, but generally, it could be a game, or any simple diversion that helps you have fun at the terminal. Some of you will have seen various selections from our calendar before, but we hope there’s at least one new thing for everyone. Today's selection is a hidden gem inside of Emacs: Eliza, the Rogerian psychotherapist, a terminal toy ready to listen to everything you have to say.
Download User Guide Books of All Ubuntu Flavors
This is a compilation of download information of user guide books of Ubuntu and the 5 Official Flavors (Kubuntu, Xubuntu, Lubuntu, Ubuntu MATE, and Ubuntu Studio). You can find either complete user guides (even for server edition), installation guide, or tutorials compilation; either in PDF or HTML format; plus where to purchase two official ebooks of Ubuntu MATE. On the end of this tutorial, I included how to download the HTML-only documentation so you can read it completely offline. I hope you will find all of books useful and you can print them out yourself. Get the books, print them, share with your friends, read and learn Ubuntu All Flavors.
Games: Desert Child, KKnD, Twice Circled
Debian Installer Buster Alpha 4 release
The Debian Installer team[1] is pleased to announce the fourth alpha release of the installer for Debian 10 "Buster". Foreword ======== I'd like to start by thanking Christian Perrier, who spent many years working on Debian Installer, especially on internationalization (i18n) and localization (l10n) topics. One might remember graphs and blog posts on Planet Debian with statistics; keeping track of those numbers could look like a pure mathematical topic, but having uptodate translations is a key part of having a Debian Installer that is accessible for most users. Thank you so much, Christian! Also: Debian Installer Buster Alpha 4 Released
Recent comments
4 min 4 sec ago
57 min 5 sec ago
4 hours 50 min ago
5 hours 1 min ago
5 hours 22 min ago
5 hours 22 min ago
5 hours 30 min ago
5 hours 35 min ago
6 hours 12 min ago
6 hours 29 min ago