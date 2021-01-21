Proprietary Microsoft Stuff and Security Issues
-
What deserves firing? Asking for Excel, or ignoring the alternatives?
The Idaho Statesman (IS) is a USA local newspaper, that is owned by a company called McClatchy. A few years ago, McClatchy decided to cut costs by, among other things, “doing away with subscriptions to Microsoft Office for new employees”. Consequentely, in late January 2021 McClatchy denied a request by a new IS reporter to have “access to Microsoft Excel”. Faced with resistance to get a software program as basic as a spreadsheet for a member of her staff, the IS top editor, Mrs Christina Lords, complained about this on Twitter.
Eventually, it seems, the reporter was “granted access to Excel on her company laptop”. But Lords was fired, for violating McClatchy’s social media policy.
[...]
As far as I am concerned, I find nothing wrong in McClatchy’s decision to not pay anymore for Microsoft Office. What I find hard to accept is just their refusal to buy the most expensive variety of a software essential for daily tasks… without concretely encouraging all of their staff to use license-free alternatives, or at least allowing them. It is almost like saying “we won’t buy gold-plated Mont Blanc pens for new employees anymore, but even those employees must write only with gold-plated Mont Blanc pens”. Please tell me that there is more to this story.
-
Report: Microsoft recently sought to acquire Pinterest
Microsoft Corp. at one point considered acquiring the social network Pinterest Inc., according to a report today in the Financial Times.
Pinterest had a market capitalization of about $51 billion prior to the publication of the report. The company’s stock price jumped more than 5% following the Financial Times’ scoop, after previously rising more than 600% since the start of the coronavirus pandemic.
The paper, citing people familiar with the matter, said that Microsoft had approached Pinterest about an acquisition “in recent months.” One of the tipsters was citing as saying that the negotiations are currently not active. It’s unclear whether the talks were shelved completely or simply paused.
-
Arrests in Ukraine hit Windows Egregor ransomware gang
Law enforcement authorities in France and Ukraine have joined forces to arrest a number of people in Ukraine who were using the Windows Egregor ransomware to make money.
-
NVD - CVE-2020-24074
-
CVE - CVE-2020-24074
-
Singtel affected by cyber attack on Accellion file-sharing software
Singapore's multinational telecommunications conglomerate Singtel has been breached by an attack on a file-sharing system from Accellion that is nearing its end-of-life, with the breach ocurring on 20 January, the telco says.
-
Open-Source Kernel Security Technologies
Lockdown is a relatively new security feature designed specifically for the Linux kernel. Part of the Linux kernel 5.4 branch, it is a feature that must be activated. Its default mode is off, simply because it can negatively affect existing systems. However, the primary function of lockdown is to prevent root account interactions with kernel code. By strengthening this divide, Lockdown counters potentially dangerous interactions that have been possible since the launch of the Linux OS. Once lockdown has been activated, there will be limitations on kernel functionality, but these will make it significantly more difficult for root accounts that have been compromised to affect the rest of the OS.
-
Here’s why you should be wary of installing anything that sets SELinux to permissive
In the world of Android modding, people tend to regard root access as the cornerstone of all things. It allows users to take complete control of their devices and add features that aren’t always available in the stock configuration. But as they say — “with great power comes great responsibility” — it’s not wise to bypass Android’s security model unless you know what you’re getting into. For veteran Android enthusiasts on our forums, you are probably aware of the potential for backdoors to exist on your device, and you are more likely to be running a trusted root-enabled mod on top of the latest Android version with the latest security patches. Having said that, you might know a few people who don’t really care about what root tweaks they install so long as they seemingly work for them. This is why you can still find a truckload of mods that only work when SELinux is set to permissive, which, in turn, leave their users extremely susceptible to security threats.
[...]
For a user to get full root access on their own device running Android 10 (or higher) with SELinux set to permissive is shockingly easy to do: All you have to do is press install, and “Magica” will automatically gain root access in a service and install Magisk to the boot image. This is something far wider in scope than just tweaking your device. According to XDA Senior Recognized Developer and Magisk maintainer topjohnwu, any arbitrary app, including malware, can permanently root your device without your consent and permission by utilizing the PoC.
-
- Login or register to post comments
- Printer-friendly version
- 752 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Android Leftovers
Latte Dock v0.10~ | Templates, templates...
Hello everyone, let's improve our layout and view templates in order to make distros and users life easier when they share their Latte layouts and views. View in Latte stands for a Dock or Panel.
PinePhone Devs Finally Decide on a Default Distro
PINE64 has announced Manjaro ARM running Plasma Mobile will be the default software preloaded on the PinePhone. This news isn’t too much of a surprise given the popularity and polish of Plasma Mobile, and Manjaro’s rapidly-improving ARM foundations. “We are very pleased to announce that the PinePhone will ship with Plasma Mobile on a Manjaro ARM base from this point on. We have a long-standing relationship with Manjaro and KDE Community, and both projects have supported us and our efforts since the dawn of PINE64,” writes Pine64’s Lukasz Erecinski in a February update.
Microsoft Azure and Canonical Ubuntu Linux have a user privacy problem
It was just another day for Luca Bongiorni, a security advisor for Bentley Systems. He'd just spun up an Ubuntu Linux 18.04 instance on the Microsoft Azure cloud using a corporate sandbox for testing purposes. Three hours later, on Bongiorni's LinkedIn account he received a message from a Canonical sales representative saying, "I saw that you spun up an Ubuntu image in Azure," and telling him he'd be his "point of contact for anything Ubuntu-related in the enterprise." Say what?? Actually, Bongiorni was a little more "frank" about his annoyance and surprise that a Canonical salesperson had tracked him down on an entirely different service and knew that he had just used Ubuntu on Microsoft Azure. "What the f*** is happening here? WHY [did] MICROSOFT FORWARDED TO UBUNTU THAT I SPUN A NEW VM!?!" Customer privacy, what's that?
Recent comments
1 min ago
3 hours 17 min ago
3 hours 33 min ago
4 hours 2 min ago
4 hours 6 min ago
4 hours 13 min ago
4 hours 36 min ago
6 hours 53 min ago
6 hours 55 min ago
6 hours 56 min ago