FUD, Security and Microsoft Spin
-
Commercial vs open source software [Ed: Falsehoods all along. FOSS is also "commercial"; they deceive to make proprietary software seem like the only option for commerce]
Every business owner that needs a personalized software needs to make a choice between two options. Choosing a commercial software or open-source software. If you are not familiar with these two terms, worry not, we’ll explain everything.
-
The need for open source audits in cybersecurity M&As [Ed: Microsoft-connected Black Duck is smearing FOSS again... to sell its proprietary software snakeoil]
-
Software Security Witching Hour is Upon us [Ed: Microsoft-connected Black Duck continues to attack FOSS with FUD. Microsoft hates FOSS. It just uses Synopsys et al as proxies for the badmouthing.]
-
Let’s Talk Open Source Trends (A 2020 Early Look) [Ed: Well, Flexera views "open source" as little more than opportunity for "compliance" job (money), much like Black Duck]
There are two emerging trends to take note of now. First, there’s an increased importance around open source compliance and security due to specific industry regulatory changes and requirements. For example, this year the PCI Security Standards Council introduced a new standard of making electronic payments more secure. The standard requires software companies to continuously identify and assess weaknesses in software applications, including the entire software supply chain; key word here being “continuously.” Prior to the implementation of this standard, companies were advised to monitor their use of open source software with no emphasis on ongoing scanning and management.
-
The First BlueKeep Mass Hacking Is Finally Here—but Don't Panic [Ed: NSA collusion with Microsoft gives us this and much more]
When Microsoft revealed last May that millions of Windows devices had a serious hackable flaw known as BlueKeep—one that could enable an automated worm to spread malware from computer to computer—it seemed only a matter of time before someone unleashed a global attack. As predicted, a BlueKeep campaign has finally struck. But so far it's fallen short of the worst case scenario.
Security researchers have spotted evidence that their so-called honeypots—bait machines designed to help detect and analyze malware outbreaks—are being compromised en masse using the BlueKeep vulnerability. The bug in Microsoft's Remote Desktop Protocol allows a hacker to gain full remote code execution on unpatched machines; while it had previously only been exploited in proofs of concept, it has potentially devastating consequences. Another worm that targeted Windows machines in 2017, the NotPetya ransomware attack, caused more than 10 billion dollars in damage worldwide.
But so far, the widespread BlueKeep hacking merely installs a cryptocurrency miner, leeching a victim's processing power to generate cryptocurrency. And rather than a worm that jumps unassisted from one computer to the next, these attackers appear to have scanned the internet for vulnerable machines to exploit. That makes this current wave unlikely to result in an epidemic.
-
Hackers can steal the contents of Horde webmail inboxes with one click [Ed: Microsoft Zack ('former' employee) not covering Microsoft NSA back doors that cause billions in damage, instead trying to damage the name of FOSS because sending people a malicious link and a trick can cause problems?
A security researcher has found several vulnerabilities in the popular open-source Horde web email software that allow hackers to near-invisibly steal the contents of a victim’s inbox.
Horde is one of the most popular free and open-source web email systems available. It’s built and maintained by a core team of developers, with contributions from the wider open-source community. It’s used by universities, libraries and many web hosting providers as the default email client.
Numan Ozdemir disclosed his vulnerabilities to Horde in May. An attacker can scrape and download a victim’s entire inbox by tricking them into clicking a malicious link in an email.
-
New Tool Will Find Secrets – Including Crypto Keys – in Your Public Code
The app, which is open source, scans code repository GitHub for dangerous files and data. As a beginning coder, you may have left your password data or private keys inside public repository without realizing. When this happens, hackers and other nasties can easily access your stuff.
-
Briefing: Microsoft's GitHub Employees Still Pushing Back On ICE Contract
Employees from Microsoft’s GitHub subsidiary are continuing to voice their concerns over the recent decision to renew a software contract with U.S. Immigration and Customs Enforcement (ICE), and least one GitHub employee has resigned in protest, the Los Angeles Times reported.
The situation illustrates the difficulties large software companies sometimes experience when integrating acquisitions of smaller companies.
GitHub, which has built a more diverse and inclusive corporate culture in the years following a gender harassment scandal in 2014, is one of several open source companies where employees pay close attention to how their products are used, said Josh McKenty, an executive who has worked at companies that sell open source software.
“The open source ethos represents a fundamental attitude of being able to control what happens to your work product,” he said.
- Login or register to post comments
- Printer-friendly version
- 2459 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago