Language Selection

English French German Italian Portuguese Spanish

Proprietary Software Insecurity

Filed under
Microsoft
Mac
  • Why recent hacks show Apple’s security strength, not its weakness [Ed: Spinning bug doors as a strength? Apple has its share of liars coming to the rescue of proprietary software (not the first such bug). Moving from Microsoft to Apple "for security" is like swapping vodka for rum to cure one's liver.]

    It might be tempting to follow that line of thinking in light of two recent stories of vulnerabilities affecting the Mac and the Apple Watch. In the first instance, the Zoom video-calling app could be abused to let someone spy on you through your webcam. In the second, a flaw in Apple’s Walkie Talkie app could let a hacker eavesdrop on your iPhone conversations. They’re both troubling security issues.

  • Eavesdropping Concerns Cause Apple Watch’s Walkie-Talkie App to Be Disabled

    Just like any other Internet of things device, it’s important to remember that smartwatches are still devices. And many cool features can also be used for unethical purposes. There is always another side of the coin.

    This is what Apple Watch users found this week when Apple disabled the Walkie-Talkie app when it was discovered that it allowed users to listen in on each other’s iPhone calls without the other person’s knowledge.

  • 250M Accounts Affected By ‘TrickBot’ Trojan’s New Cookie Stealing Ability

    Popular malware TrickBot is back and this time it has learned some new capabilities like stealing cookies. So far, it has infected around 250 million Gmail accounts.

    As per the research firm Deep Instinct, among the affected accounts, some belonging to the governments of the US, the UK, and Canada have also fallen victim to TrickBot.

  • TrickBooster – TrickBot’s Email-Based Infection Module - Deep Instinct

    Seeing a signed malware binary delivered to a customer environment prompted us to investigate further. We analyzed the malware sample and found swaths of PowerShell code in its memory. Analysis of this PowerShell code immediately led us to the conclusion that we are dealing with a mail-bot.

  • A better zip bomb

    This article shows how to construct a non-recursive zip bomb that achieves a high compression ratio by overlapping files inside the zip container. "Non-recursive" means that it does not rely on a decompressor's recursively unpacking zip files nested within zip files: it expands fully after a single round of decompression. The output size increases quadratically in the input size, reaching a compression ratio of over 28 million (10 MB → 281 TB) at the limits of the zip format. Even greater expansion is possible using 64-bit extensions. The construction uses only the most common compression algorithm, DEFLATE, and is compatible with most zip parsers.

More in Tux Machines

Audiocasts/Shows: Debian 10.5 KDE Plasma Run Through, Late Night Linux, Linux Headlines

  • Debian 10.5 KDE Plasma Run Through

    In this video, we are looking at Debian 10.5. Enjoy!

  • Late Night Linux – Episode 95

    A look back at the year in Linux so far, some speculation about what’s coming, Lineage OS on the Raspberry Pi, and KDE Korner.

  • 2020-08-03 | Linux Headlines

    Linux kernel 5.8 is out, BunsenLabs rebases to Debian 10 “Buster,” Mastodon releases version 3.2 with multimedia enhancements, and The Linux Foundation forms the Open Source Security Foundation.

today's howtos

Android Leftovers

today's leftovers

  • KDE NEON 20200723 overview | The latest and greatest of KDE community

    In this video, I am going to show an overview of KDE NEON 20200723 and some of the applications pre-installed.

  • Vulkan 1.2.149 Released With Another Extension For Helping The Likes Of DXVK

    Vulkan 1.2.149 is out today and its lone new extension is yet another addition to the Vulkan API for helping translation layers like DXVK map other graphics APIs on top. Vulkan has been quite welcoming of additions to help run graphics APIs like OpenGL and Direct3D on top of it. With today's release of Vulkan 1.2.149 there is another addition to help in that multi-project effort and it's VK_EXT_4444_formats.

  • Linux 5.9 Dropping The Unicore 32-bit RISC Architecture

    It's arguably long overdue but with the just-opened Linux 5.9 kernel cycle the Unicore32 CPU architecture is being removed. Unicore is a 32-bit RISC architecture developed at China's Peking University. Unicore is an ARM-like architecture. But with Unicore not being too popular and this code not seeing any maintenance for the mainline kernel paired with no upstream compiler support, it's time to gut the code out of the kernel.

  • IO_uring Has Many Improvements Set To Go Into Linux 5.9

    Facebook's Jens Axboe who oversees the Linux storage/block code and leads the IO_uring efforts summed up the changes for Linux 5.9 as "hardening the code and/or making it easier to read and fixing [bits]." There is though a big change and that is proper async buffered reads support. That work was previously covered but didn't end up getting pulled into Linux 5.8 due to a branching difference but is now ready to go with Linux 5.9. The async buffered reads support for IO_uring has some nice performance advantages and lower CPU usage while also working its way off KThreads for the fast code path once the async buffered write support is in place.

  • New Helix by OnLogic brings GPU computing to the Edge

    Both systems can be configured with a range of Windows operating systems or Ubuntu Linux, and OnLogic plans to add imaging options for many of their software partners in the future, including Ignition by Inductive Automation, ThinManager, EdgeIQ, IGEL and AWS Greengrass.

  • Looks like the recent upwards trend of the Linux market share has calmed down [Ed: As if a Microsoft partner which pretends Android and ChromeOS etc. don't exist was ever painting an accurate picture...]

    For NetMarketShare, something pretty big happened over the last few months. Back in March the Linux share they recorded was only 1.36%, and then it quickly rocketed upwards to 3.61% in June after multiple months of rising. The kind of rise you can't easily just write-off since it continued happening. No one really knows what caused it, possibly a ton more people working from home and not attached to their corporate Windows workstation. Now though, it seems to be levelling out as July's figure now shows it as 3.57%. Considering more people are being told to go back to work, perhaps it was as a result of COVID19. Across that whole time though, it's worth noting StatCounter which also tracks it has hardly moved this whole time. So you may want to press X to doubt on it.

  • Librem 5 June 2020 Software Development Update

    This is another incarnation of the software development progress for the Librem 5. This time for June 2020 (weeks 23-26). Some items are covered in more detail in separate blog posts at https://puri.sm/news. The idea of this summary is to have a closer look at the coding and design side of things. It also shows how much we’re standing on the shoulders of giants reusing existing software and how contributions are flowing back and forth between upstream and downstream projects. This quickly gets interesting since we’re upstream for some projects (e.g. calls, phosh, chatty) and downstream for others (e.g Debian, Linux kernel, GNOME). So these reports are usually rather link heavy pointing to individual merge requests on https://source.puri.sm/ or to the upstream side (like e.g. GNOME’s gitlab).

  • Red Hat certification remote exams now available

    It’s not a new idea that organizations worldwide need and seek qualified IT professionals with the skills and knowledge needed to use Red Hat products successfully. And for the last two decades, Red Hat Training and Certification has provided a way for them to assess, train and validate skills. Last year, we launched preliminary exams as a way to provide experience with our hands-on approach to testing to a broader audience and to explore making this approach more widely available as online exams. This year, the COVID-19 pandemic has meant temporary site closures, lockdowns and social distancing. Going to a test center to take an exam is not an option in many places. Even if it is, candidates for certification might be understandably reluctant to visit a center to take an exam. With that in mind, Red Hat has accelerated our efforts, and I am very pleased to announce that several of our certification exams are now available remotely.

  • Red Hat Customer Success Stories: digital transformation through people, process and technology

    Condis Supermarcats is a family-owned supermarket chain that is a household name in central and northern Spain. The company operates more than 400 physical storefronts, ranging from hypermarkets to local convenience stores, and a growing digital business. In 2017, Condis began several high-profile projects as part of its digital transformation efforts, including launch of a new customer resource management (CRM) system and a customer-facing mobile application. To support these projects, Condis’s IT team sought to better integrate the company’s IT infrastructure with microservices. "Our architecture was not cloud-integrated or suited for the agile approach we needed to develop our digital business," said Sergio Murillo, Technology Development and IT Operations Manager at Condis. "For example, each Condis store has access to a customer database, centralized using a cloud-based tool. However, we needed this data exchange to be integrated seamlessly with our CRM."

  • 10 Years of OpenStack – Gary Kevorkian at Cisco

    Storytelling is one of the most powerful means to influence, teach, and inspire the people around us. To celebrate OpenStack’s 10th anniversary, we are spotlighting stories from the individuals in various roles from the community who have helped to make OpenStack and the global Open Infrastructure community successful.

  • The Month in WordPress: July 2020

    July was an action-packed month for the WordPress project. The month saw a lot of updates on one of the most anticipated releases – WordPress 5.5! WordCamp US 2020 was canceled and the WordPress community team started experimenting with different formats for engaging online events, in July. Read on to catch up with all the updates from the WordPress world.