Language Selection

English French German Italian Portuguese Spanish

Security: Capsule8, iNSYNQ and Voting Systems

Filed under
Security
  • Intel Invests $6.5M in Enterprise Linux Security Startup Capsule8

    Used by Lyft, among others, Capsule8's platform automates a lot of tedious manual work involved in securing enterprise infrastructure.

  • iNSYNQ Ransom Attack Began With Phishing Email

    A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. It also looks like the intruders spent roughly ten days rooting around iNSYNQ’s internal network to properly stage things before unleashing the ransomware. iNSYNQ ultimately declined to pay the ransom demand, and it is still working to completely restore customer access to files.

    [...]

    But Alex Holden, founder of Milwaukee-based cyber intelligence firm Hold Security, showed KrebsOnSecurity information obtained from monitoring dark web communications which suggested the problem started on July 6, after an employee in iNSYNQ’s sales division fell for a targeted phishing email.

    “This shows that even after the initial infection, if companies act promptly they can still detect and stop the ransomware,” Holden said. “For these infections hackers take sometimes days, weeks, or even months to encrypt your data.”

  • You can easily secure America's e-voting systems tomorrow. Use paper – Bruce Schneier

    While various high-tech solutions to secure electronic voting systems are being touted this week to election officials across the United States, according to infosec guru Bruce Schneier there is only one tried-and-tested approach that should be considered: pen and paper.

    It's the only way to be sure hackers and spies haven't delved in from across the web to screw with your vote.

    “Paper ballots are almost 100 per cent reliable and provide a voter-verifiable paper trail,” he told your humble Reg vulture and other hacks at Black Hat in Las Vegas on Thursday. “This isn’t hard or controversial. We use then all the time in Minnesota, and you make your vote and it’s easily tabulated.”

    The integrity of the election process depends on three key areas: the security of the voter databases that list who can vote; the electronic ballot boxes themselves, which Schneier opined were the hardest things to hack successfully; and the computers that tabulate votes and distribute this information.

More in Tux Machines

Debian: Salsa, Promoting Debian LTS and Debian Patch Porting System

  • salsa.debian.org: Postmortem of failed Docker registry move

    The Salsa admin team provides the following report about the failed migration of the Docker container registry. The Docker container registry stores Docker images, which are for example used in the Salsa CI toolset. This migration would have moved all data off to Google Cloud Storage (GCS) and would have lowered the used file system space on Debian systems significantly. [...] On 2019-08-06 the migration process was started. The migration itself went fine, although it took a bit longer than anticipated. However, as not all parts of the migration had been properly tested, a test of the garbage collection triggered a bug in the software. On 2019-08-10 the Salsa admins started to see problems with garbage collection. The job running it timed out after one hour. Within this timeframe it not even managed to collect information about all used layers to see what it can cleanup. A source code analysis showed that this design flaw can't be fixed. On 2019-08-13 the change was rolled back to storing data on the file system.

  • Raphaël Hertzog: Promoting Debian LTS with stickers, flyers and a video

    With the agreement of the Debian LTS contributors funded by Freexian, earlier this year I decided to spend some Freexian money on marketing: we sponsored DebConf 19 as a bronze sponsor and we prepared some stickers and flyers to give out during the event. The stickers only promote the Debian LTS project with the semi-official logo we have been using and a link to the wiki page. You can see them on the back of a laptop in the picture below.

  • Raphaël Hertzog: Freexian’s report about Debian Long Term Support, July 2019

    Like each month, here comes a report about the work of paid contributors to Debian LTS.

  • Jaskaran Singh: GSoC Final Report

    The Debian Patch Porting System aims to systematize and partially automate the security patch porting process. In this Google Summer of Code (2019), I wrote a webcrawler to extract security patches for a given security vulnerability identifier. This webcrawler or patch-finder serves as the first step of the Debian Patch Porting System. The Patch-finder should recognize numerous vulnerability identifiers. These identifiers can be security advisories (DSA, GLSA, RHSA), vulnerability identifiers (OVAL, CVE), etc. So far, it can identify CVE, DSA (Debian Security Advisory), GLSA (Gentoo Linux Security Advisory) and RHSA (Red Hat Security Advisory). Each vulnerability identifier has a list of entrypoint URLs associated with it. These URLs are used to initiate the patch finding.

Android Leftovers

Marek’s Take: Why open source communities are critical to operators

Open source locks down standards in code and makes sure it is interoperable, Rice said. “That’s why it’s symbiotic. Standards are options but they come together because they are built on one another.”

And, similar to standards bodies, where delegates work side-by-side with competitors to develop global specifications, the same occurs in open source groups.

Read more

The infrastructure is code: A story of COBOL and Go

But what about today? With the decline of mainframes and the rise of newer and more innovative languages designed for the web and cloud, where does COBOL sit? As last week's episode of Command Line Heroes mentioned, in the late 1990s, Perl (as well as JavaScript and C++) was outpacing COBOL. And, as Perl's creator, Larry Wall stated then: "COBOL is no big deal these days since demand for COBOL seems to be trailing off, for some strange reason." Read more