Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Securing The Nation With Insecure Databases: CBP Vendor Hacked, Exposing Thousands Of License Plate, Car Passenger Photos

    US Customs and Border Protection has suffered an inevitability in the data collection business. The breach was first reported by the Washington Post. It first appeared to affect the DHS's airport facial recognition system, but further details revealed it was actually a border crossing database that was compromised.

    The breach involved photos of travelers and their vehicles, which shows the CPB is linking people to vehicles with this database, most likely to make it easier to tie the two together with the billions of records ICE has access to through Vigilant's ALPR database.

    The breach involved a contractor not following the rules of its agreement with the CBP. According to the vendor agreement, all harvested data was supposed to remain on the government's servers. This breach targeted the vendor, which means the contractor had exfiltrated photos and plate images it was specifically forbidden from moving to its own servers.

  • PHP version 7.2.20RC1 and 7.3.7RC1
  • The GoldBrute botnet is trying to crack open 1.5 million RDP servers

    The latest round of bad news emerged last week when Morphus Labs’ researcher Renato Marinho announced the discovery of an aggressive brute force campaign against 1.5 million RDP servers by a botnet called ‘GoldBrute’.

  • New Brute-Force Botnet Targeting Over 1.5 Million RDP Servers Worldwide

    The campaign, discovered by Renato Marinho at Morphus Labs, works as shown in the illustrated image, and its modus operandi has been explained in the following steps: [...]

  • 32 bit is dead - Long live 32 bit

    This is another follow-up post on the Intel processor vulnerabilities. Yay. With more bad news. Yay!

    Instead of a long build-up, I will just give you the point: 32 bit is broken

    Well, is that really news? Not really. The real news is that Intel processors are broken - but you already know that. You also know that there are fixes around. Patches for the kernel. Disabling Intel(R) Hyper-Threading.

More in Tux Machines

today's howtos

The Linux kernel: Top 5 innovations

The word innovation gets bandied about in the tech industry almost as much as revolution, so it can be difficult to differentiate hyperbole from something that’s actually exciting. The Linux kernel has been called innovative, but then again it’s also been called the biggest hack in modern computing, a monolith in a micro world. Setting aside marketing and modeling, Linux is arguably the most popular kernel of the open source world, and it’s introduced some real game-changers over its nearly 30-year life span. Read more

Android Leftovers

Removing Qt 4 from Ubuntu before the 20.04 release

I would like to completely remove Qt 4 from the Ubuntu archive before the 20.04 release. This includes all of KDE 4 and dependencies. The Debian Qt/KDE Team (which I am a part of) is raising the status of the Qt 4 removal bugs to RC[1], and since the Qt 6 work is starting upstream in the dev branch in the coming months, now is the time for Qt 4 to go. My timeline for this is to change all of the bugs filed to ask people to port[2] to removal bugs, and go over the list of Qt 4 reverse dependencies one last time, so the removal can be done at the beginning of the 20.04 cycle before the archive opens. This would make 19.10 the last release with Qt 4. Read more Also: Ubuntu Planning To Drop Qt4 & Its Dependencies Ahead Of 20.04 LTS