Language Selection

English French German Italian Portuguese Spanish

Security: Updates, RDS, FBI, Microsoft, Google and Ransom

Filed under
Security
  • Security updates for Thursday
  • Severe Linux kernel flaw found in RDS
  • FBI Tells The Governor Of Florida About Election Hacking, But Says He Can't Tell Anyone Else

    I thought this was America, but whatever. Secrecy in all things government, despite the (often misheld) presumption that our public servants will be open and honest about issues that affect us.

    It's no secret voting systems and databases are not secure. These are problems that date back 15 years, but have shown little improvement since. Election interference is just another tool in the nation-state hacking kit, and the US is far from immune from these attacks.

    Federal agencies investigating election interference are at least speaking to officials in states affected by these efforts. But those officials are apparently not allowed to pass on this information to those affected the most: voters.

  • Microsoft’s First Windows XP Patch in Years Is a Very Bad Sign

    THIS WEEK, MICROSOFT issued patches for 79 flaws across its platforms and products. One of them merits particular attention: a bug so bad that Microsoft released a fix for it on Windows XP, an operating system it officially abandoned five years ago.

  • Google Says Titan Security Keys Could Be Hacked; Offers Free Replacement

    Today Google has announced a security flaw in its Bluetooth Titan Security Key that is used for 2-factor authentication. The security flaw could allow hackers in close proximity to bypass the security mechanism and connect their own devices.

  • Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers

    FROM 2015 TO 2018, a strain of ransomware known as SamSam paralyzed computer networks across North America and the U.K. It caused more than $30 million in damage to at least 200 entities, including the cities of Atlanta and Newark, New Jersey, the Port of San Diego and Hollywood Presbyterian Medical Center in Los Angeles. It knocked out Atlanta’s online water service requests and billing systems, prompted the Colorado Department of Transportation to call in the National Guard, and delayed medical appointments and treatments for patients nationwide whose electronic records couldn’t be retrieved. In return for restoring access to the files, the cyberattackers collected at least $6 million in ransom.

    “You just have 7 days to send us the BitCoin,” read the ransom demand to Newark. “After 7 days we will remove your private keys and it’s impossible to recover your files.”
    At a press conference last November, then-Deputy Attorney General Rod Rosenstein announced that the U.S. Department of Justice had indicted two Iranian men on fraud charges for allegedly developing the strain and orchestrating the extortion. Many SamSam targets were “public agencies with missions that involve saving lives,” and the attackers impaired their ability to “provide health care to sick and injured people,” Rosenstein said. The hackers “knew that shutting down those computer systems could cause significant harm to innocent victims.”

More in Tux Machines

Ubuntu MATE 19.10 Alpha Arrives, But Only for the GPD MicroPC

Did you know that Ubuntu MATE is besties with the GPD Pocket & Pocket 2? Well it is; the pair of pocket-sized PCs, which were made possible through various crowdfunding efforts, got their own, customised, and 100% official Ubuntu MATE 18.10 install image last year, and a follow-up with the 19.04 release this year. I guess making a custom-spun ISO is the distro equivalent of weaving a friendship bracelet! Accordingly, it’s no major surprise to learn Ubuntu MATE 19.10 will also come tailored for use on China-based GPD’s latest mini-marvel, the GPD MicroPC. Interestingly, the device is sold with Ubuntu MATE 18.10 pre-loaded. Read more

Android Leftovers

IBM and Red Hat Leftovers

  • Big Blue’s Red Hat Brings A Big Change Of Heart

    Perhaps, many years hence, we will call the company that, more than any other, created the enterprise computing environment Big Purple now that it has acquired the company that made open source software in the enterprise safe, sane, and affordable. Twenty years ago next month, Red Hat went public and everything about enterprise software changed. A company with some tens of millions of dollars in revenues, providing subscription support for a commercial Linux distribution for systems within a few months had a ridiculous market capitalization in excess of $20 billion and the mad dash for open source projects to be commercialized was on. Fast forward two decades, and Red Hat is the touchstone for how to work with upstream open source software projects related to datacenter infrastructure and to bring them downstream to harden them to be enterprise grade, package them up, and then sell support for them. Red Hat is by far and away the most successful provider of commercial support for open source code, and has moved well beyond its foundational Enterprise Linux distribution, mostly through key acquisitions including the companies behind the GNU compilers, JBoss application server, the KVM hypervisor, the Gluster parallel file system, the Ceph object storage, the innovative CoreOS Linux distribution, and the Ansible software provisioning tools as well as the OpenShift container controller (a mix of in-house and Kubernetes code these days), the OpenStack cloud controller, and the CloudForms hybrid cloud management system (also largely done in-house). Red Hat, we think, still needs to have a heavy duty open source database management system distribution – perhaps several different ones with different architectural tenets – but it was also perhaps prescient in that it stayed out of the Hadoop storage and data analytics racket, which has not panned out as planned.

  • Splunk Connect for OpenShift: All About Objects

    This is the second post of our blog series on Red Hat OpenShift and Splunk Integration. In the first post, we showed how to send application and system logs to Splunk. The second part is focused on how to use Splunk Kubernetes Objects.

  • Command Line Heroes season 3 episode 2: Learning the BASICs

    Command Line Heroes explores how beginner languages bring people into the world of programming. BASIC lowered the barrier to entry. Now, the next generation is getting their start modifying games, like Minecraft. Listen to the episode.

  • Introducing Red Hat Smart Management for Red Hat Enterprise Linux

    How do you want to manage your systems? That probably depends a lot on the type of environment you have -- whether your systems are primarily on-prem, or if they reside in the cloud. Or a mixture of both. Either way, Red Hat is looking to meet you where you're at and provide management tools to suit your needs with Red Hat Smart Management. We introduced Red Hat Smart Management at Red Hat Summit earlier this year in Boston as a layered add on for Red Hat Enterprise Linux (RHEL), as well as including Red Hat Insights with RHEL subscriptions.

Librem One Design Principles: Services You Can Trust

Our hardware and software puts users back in control of computing–but, you may be wondering, can we do the same with our services? With Librem One, the answer is yes. We have big, no, huge dreams about what we can achieve with your support and the wealth of free software that already exists. But we need to keep our feet firmly on the ground. In this post we will outline the touchstones we have used to do just that–engineer trustworthy services that everyone can use–with a design process called user-centered software engineering. We hope it will facilitate communication with friends and colleagues as we hack towards a common goal… and also show all non-technical readers that human beings are at the center of our bits and bytes. So, how did we do it? Read more Also: joining social media at DebConf19