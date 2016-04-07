Security Leftovers
-
Investigators suggest [attackers] exploited weak password security to breach Florida water facility
“The unidentified actors accessed the water treatment plant’s SCADA controls via remote access software, TeamViewer, which was installed on one of several computers the water treatment plant personnel used to conduct system status checks and to respond to alarms or any other issues that arose during the water treatment process,” the department wrote. “All computers used by water plant personnel were connected to the SCADA system and used the 32-bit version of the Windows 7 operating system,” which Microsoft ended support for in January of last year.
“Further, all computers shared the same password for remote access and appeared to be connected directly to the Internet without any type of firewall protection installed,” the alert reads. A spokesperson for the Massachusetts department said the department received the details from the EPA.
-
I’m Controlling Your Cursor
In the years to come, there will most assuredly be books and oral histories written about what happened in Florida, the sheer folly of leaving remote access open with so little focus on security. But it should not be a knock on remote access, which was a super-novel concept back in the mid-’80s and is still pretty awesome today as it has improved along with GUIs and network access.
-
SolarWinds hackers studied Microsoft source code for authentication and email
The hackers behind the worst intrusion of U.S. government agencies in years won access to Microsoft’s secret source code for authenticating customers, potentially aiding one of their main attack methods.
[...]
Some of the code was downloaded, the company said, which would have allowed the hackers even more freedom to hunt for security vulnerabilities, create copies with new flaws, or examine the logic for ways to exploit customer installations.
Microsoft had said before that the hackers had accessed some source code, but had not said which parts, or that any had been copied.
U.S. authorities said Wednesday the breaches revealed in December extended to nine federal agencies and 100 private companies, including major technology providers and security firms. They said the Russian government is likely behind the spree, which Moscow has denied.
Initially discovered by security provider FireEye Inc, the hackers used advanced skills to insert software back doors for spying into widely used network-management programs distributed by Texas-based SolarWinds Corp.
-
Daniel Stenberg: “I will slaughter you”
You might know that I’ve posted funny emails I’ve received on my blog several times in the past. The kind of emails people send me when they experience problems with some device they own (like a car) and they contact me because my email address happens to be visible somewhere.
People sometimes say I should get a different email address or use another one in the curl license file, but I’ve truly never had a problem with these emails, as they mostly remind me about the tough challenges the modern technical life bring to people and it gives me insights about what things that run curl.
-
Reproducible Builds (diffoscope): diffoscope 167 released
The diffoscope maintainers are pleased to announce the release of diffoscope version 167. This version includes the following changes:
* Temporary directory handling: - Ensure we cleanup our temporary directory by avoiding confusion between the TemporaryDirectory instance and the underlying directory. (Closes: #981123) - Use a potentially-useful suffix to our temporary directory based on the command-line passed to diffoscope. - Fix some tempfile/weakref interaction in Python 3.7 (ie. Debian buster). (Closes: reproducible-builds/diffoscope#239) - If our temporary directory does not exist anymore (eg. it has been cleaned up in tests, signal handling or reference counting), make sure we recreate it. * Bug fixes: - Don't rely on magic.Magic(...) to have an identical API between file's magic.py and PyPI's "python-magic" library. (Closes: reproducible-builds/diffoscope#238) - Don't rely on dumpimage returning an appropriate exit code; check that the file actually exists after we call it. * Codebase changes: - Set a default Config.extended_filesystem_attributes. - Drop unused Config.acl and Config.xattr attributes. - Tidy imports in diffoscope/comparators/fit.py. * Tests: - Add u-boot-tools to test dependencies so that salsa.debian.org pipelines actually test the new FIT comparator. - Strip newlines when determining Black version to avoid "requires black >= 20.8b1 (18.9b0\n detected)" in test output (NB. embedded newline). - Gnumeric is back in testing so re-add to test dependencies. - Use assert_diff (over get_data, etc.) in the FIT and APK comparators. - Mark test_apk.py::test_android_manifest as being allowed to fail for now. - Fix the FIT tests in buster and unstable.
-
X.509 user certificate authentication with Red Hat’s single sign-on technology
This article illustrates how to configure a browser authentication flow using X.509 user-signed certificates. Once you have set up authentication using X.509 user-signed certificates, your users will not be required to enter a username and password when authenticating against Red Hat’s single sign-on technology (SSO). Instead, they will present an X.509 certificate to the SSO instance.
-
- Login or register to post comments
- Printer-friendly version
- 628 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
KDDockWidgets 1.3.0 released!
We’ve released KDDockWidgets 1.3.0! KDDockWidgets is a framework for custom-tailored docking systems in Qt. The main highlights for this release are PySide6 and experimental QtQuick support. The QtQuick backend isn’t production ready, but you can already build with -DKDDockWidgets_QTQUICK=ON, run the examples under examples/qtquick/dockwidgets/ and start reporting issues. More of KDE today: First Milestone
Unlock your Chromebook's hidden potential with Linux
Google Chromebooks run on Linux, but normally the Linux they run isn't particularly accessible to the user. Linux is used as a backend technology for an environment based on the open source Chromium OS, which Google then transforms into Chrome OS. The interface most users experience is a desktop that can run Chrome browser apps and the Chrome browser itself. And yet underneath all that, there's Linux to be found. If you know how, you can enable Linux on your Chromebook and turn a computer that was probably relatively cheap and basic into a serious laptop with access to hundreds of applications and all the power you need to make it an all-purpose computer. [...] Now that you're running in Developer Mode, you can activate the Linux Beta feature in Chrome OS. To do that, open Settings and click on Linux Beta in the left column. Activate Linux Beta and allot some hard drive space for your Linux system and applications. Linux is pretty lightweight at the worst of times, so you don't really need much space, but it obviously depends on how much you intend to do with Linux. 4 GB is enough for Linux plus a few hundred terminal commands and two dozen graphical applications. Because my Chromebook has a 64 GB memory chip, I gave 30 GB over to Linux because most of what I do on my Chromebook is in Linux. Once your Linux Beta environment is ready, you can launch a terminal by pressing the Search button on your keyboard and typing terminal. If you're new to Linux, you may not know what to install now that you have access. This, of course, depends on what you want to do with Linux. If you're interested in Linux for programming, then you might start with Bash (that's already installed and running in the terminal) and Python. If you're interested in Linux for all of its amazing open source applications, you might try applications like GIMP, MyPaint, LibreOffice, or Inkscape. The Linux Beta mode of Chrome OS lacks a graphical installer for software, but applications can be installed from the terminal. Install applications with the sudo apt install command. Also: Windows is losing to Linux... but not how you might think.
Red Hat/Fedora Leftovers
Starship: Open-Source Customizable Prompt for Any Shell
A cross-shell prompt that makes it easy to customize and configure the Linux terminal prompt, if you care too much about the looks of your terminal. [...] Starship is an open-source project that’s written in Rust to help you set up a minimal, fast, and customizable shell prompt. No matter whether you’re using bash, fish, PowerShell on Windows or any other shell, you can utilize Starship to customize the appearance. Do note that you do have to go through its official documentation to be able to perform advanced configuration for everything you like but here I will include a simple sample configuration to get a head start along with some key information about Startship.
Recent comments
1 hour 19 min ago
1 hour 37 min ago
2 hours 23 min ago
2 hours 26 min ago
7 hours 12 sec ago
14 hours 23 min ago
15 hours 42 min ago
23 hours 23 min ago
23 hours 39 min ago
23 hours 46 min ago