Proprietary Software and Security Aspects US passes emergency waiver over fuel pipeline cyber-attack [iophk: Windows TCO] Multiple sources have confirmed that the ransomware attack was caused by a cyber-criminal gang called DarkSide, who infiltrated Colonial's network on Thursday and took almost 100GB of data hostage. After seizing the data, the [crackers] locked the data on some computers and servers, demanding a ransom on Friday. If it is not paid, they are threatening to leak it onto the [Internet]. Colonial said it is working with law enforcement, cyber-security experts and the Department of Energy to restore service. On Sunday evening it said that although its four mainlines remain offline, some smaller lateral lines between terminals and delivery points are now operational.

Insurer AXA halts ransomware crime reimbursement in France [iophk: Windows TCO] In an apparent industry first, the global insurance company AXA said Thursday it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals. AXA, among Europe’s top five insurers, said it was suspending the option in response to concerns aired by French justice and cybersecurity officials during a Senate roundtable in Paris last month about the devastating global epidemic of ransomware.

Biggest petrol pipeline in US hit by Windows DarkSide ransomware The company is believed to have been hit by the DarkSide ransomware, a recent addition to the swarms of ransomware that attack Microsoft's Windows operating system. Colonial is the biggest American refined products pipeline system and can carry more than three million barrels of petrol, diesel and jet fuel between the US Gulf Coast and the New York Harbour area, according to Wikipedia.

Reproducible Builds: Reproducible Builds in April 2021 In these reports we try to the most important things that we have been up to over the past month. As a quick recap, whilst anyone may inspect the source code of free software for malicious flaws, almost all software is distributed to end users as pre-compiled binaries. If you are interested in contributing to the project, please visit our Contribute page on our website. [...] Closer to home, Jeremiah Orians wrote to our mailing list reporting that it is now possible to bootstrap the GCC compiler without using the pre-generated Bison grammar files, part of a broader attempt to provide a “reproducible, automatic [and] complete end-to-end bootstrap from a minimal number of binary seeds to a supported fully functioning operating system” […]. In addition, Richard Clobus started a thread on potential problems the -Wl,--build-id=sha1 linker flag which can later be used when analysing core dumps and tracebacks.

NAME:WRECK DNS Bugs: What You Need to Know For most internet users, there’s not much of a perceivable difference between the domain name they want to visit and the server that the domain queries. That’s because the Domain Name System (DNS) protocol does a good job of seamlessly routing users to different IP addresses that are all associated with a single domain name. The bad news is that this level of seamlessness makes it easier for threat actors and criminals to steal sensitive information and compromise computer hardware and networks with malware. The latest news on DNS vulnerabilities shines the spotlight on nine newly discovered vulnerabilities that put more than 100 million IoT devices in jeopardy. These DNS vulnerabilities, dubbed “NAME:WRECK DNS,” threaten IoT users with Denial of Service (DoS) and Remote Code Execution attacks that let cybercriminals assume control over targeted IoT systems. Once attackers take these devices offline, there’s nothing left to stop them from targeting and assaulting other IoT attack surfaces.

Review: JingOS 0.8 and Tribblix One of the most recent additions to the DistroWatch database is JingOS, an Ubuntu-based Linux distribution for tablet computers. The project aims to run both GNU/Linux and Android applications via a graphical user interface which is designed to work in a familiar way on touch screens. While early versions of JingOS were developed for ARM-based devices, JingOS 0.8 is the project's first version to run on x86 processors. The JingOS project requires that people register their e-mail address to obtain the project's free download. A download link is then sent to our e-mail address. When I downloaded an earlier version of JingOS (version 0.6) the download link was for the distribution's ISO file directly. When I downloaded version 0.8 I was given a link to the project's torrent file. At first my torrent download only had two seeders with an average download speed of 20kB/s. This eventually rose to eight seeders at 400kB/s, which is unusually slow compared to most free mirrors available these days. The ISO file's total size is 2.4GB so the download took over two hours. Booting from the distribution's install media causes the system to start with a self-check of the media. This check can be skipped by pressing Ctrl+C. The screen then goes entirely black for a while. After a few minutes I started testing keyboard input without any response. The only thing I could do was to switch between terminals using the Ctrl+Alt+Function keys. I found the first terminal remained blank, the second terminal showed a colourful background and a clock displaying UTC time. Terminals three through six all displayed a console login prompt. The login prompts identify the distribution as KDE neon's Unstable Edition.