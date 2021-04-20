Language Selection

English French German Italian Portuguese Spanish

Proprietary Software and Security

Submitted by Roy Schestowitz on Tuesday 11th of May 2021 05:53:33 AM Filed under
Security

  • Pipeline [crackers] say they want money, not mayhem [iophk: Windows TCO]

    Reuters reports that the group, dubbed DarkSide, posted on its website that “our goal is to make money, and not creating problems for society." The group did not say how much money they were demanding. They added they were "apolitical," saying observers "do not need to tie us" to any particular government.

  • EnergyPipeline [crackers] say their aim is cash, not chaos

    The ransomware gang accused of crippling the leading U.S. fuel pipeline operator said on Monday that it never meant to create havoc, an unusual statement that experts saw as a sign the cybercriminals' scheme had gone awry.

  • Biden leading 'whole of government' response to Colonial Pipeline attack

    Biden’s remarks came days after Colonial Pipeline, which transports around 45 percent of oil used on the East Coast, announced it had been forced to shut down all operations after its IT systems were hit by a ransomware attack.

    The FBI said Monday that the company had been targeted by the “DarkSide” ransomware variant, and that cyber criminals were behind the incident, which is likely the largest successful cyberattack on a U.S. utility in history.

  • Colonial hack: How did cyber-attackers shut off pipeline? [iophk: Windows TCO]

    In the past, criminals have cause mayhem after finding their way into the software programs responsible for operational technology.

  • Ransomware Attack That Halted US Fuel Pipeline a 'Criminal Act,' Biden Says [iophk: Windows TCO]

    Biden, responding to a reporter’s question after he concluded his prepared statement about whether there is any evidence of involvement of Russia’s government, replied: “I’m going to be meeting with President (Vladimir) Putin. And so far, there is no evidence based on — from our intelligence people that Russia is involved.”

  • US pipeline attackers appear to have bitten off more than they can chew [iophk: Windows TCO]

    The affiliate of ransomware operator DarkSide, the Windows malware that was used to attack the US Colonial Pipeline Company, appears to have taken on a target that was outside the parameters set down by the operator, judging from a statement made by the operator on its site on the dark web.

  • The cybersecurity ‘pandemic’ that led to the Colonial Pipeline disaster [iophk: Windows TCO]

    The frequency and severity of attacks against utility systems is on the rise, according to the National Regulatory Research Institute. Fifty-six percent of utility professionals surveyed by Siemens in 2019 said they had experienced at least one attack over the previous year that led to an outage or a loss of private information. More than a third of the 796 “cyber incidents” reported to the Department of Homeland Security between 2013 and 2015 took place in the energy sector.

  • Online Cheating Charges Upend Dartmouth Medical School

    At the heart of the accusations is Dartmouth’s use of the Canvas system to retroactively track student activity during remote exams without their knowledge. In the process, the medical school may have overstepped by using certain online activity data to try to pinpoint cheating, leading to some erroneous accusations, according to independent technology experts, a review of the software code and school documents obtained by The New York Times.

    Dartmouth’s drive to root out cheating provides a sobering case study of how the coronavirus has accelerated colleges’ reliance on technology, normalizing student tracking in ways that are likely to endure after the pandemic.

    While universities have long used anti-plagiarism software and other anti-cheating apps, the pandemic has pushed hundreds of schools that switched to remote learning to embrace more invasive tools. Over the last year, many have required students to download software that can take over their computers during remote exams or use webcams to monitor their eye movements for possibly suspicious activity, even as technology experts have warned that such tools can be invasive, insecure, unfair and inaccurate.

  • Apple Faces U.K. Class Action for Overcharging 20 Million Users

    Apple’s 30% standard fee is “excessive” and “unlawful” the claimants said in a press release Tuesday. The claim, filed at London’s Competition Appeal Tribunal on Monday, calls for the U.S. firm to compensate U.K. iPhone and iPad users for years of alleged overcharging.

  • Epic and Apple are now fighting over a naked banana

    And despite Apple and Epic’s often very funny debate over the definition of a game, the case will probably hinge on drier-sounding questions like those discussed by Epic’s first expert witness, the economist David Evans.

    Evans argued that Apple is running an unfair single-brand monopoly: basically, it sells pricey devices that lock users into an ecosystem with no reasonable alternatives for getting certain apps, beyond tossing their phone or tablet and spending hundreds or thousands of dollars on a new one. Developers can offer cheaper in-app purchases on the web or a different platform, but Apple won’t let iOS apps direct users to these savings.

  • LFCA: Basic Security Tips to Protect Linux System – Part 17

    Now more than ever, we are living in a world where organizations are constantly bombarded by security breaches motivated by the acquisition of highly sensitive and confidential data which is highly valuable and makes for a huge financial reward.

    It’s rather surprising that despite being at a high risk of suffering from a potentially devastating cyberattack, most companies are not well prepared or simply overlook the red flags, often with devastating consequences.

    •      

  • Fintech Startup Offers $500 for Payroll Passwords

             

»

More in Tux Machines

IBM/Red Hat/Fedora: LinuxONE, Node, and Fedora Security

     
  • Elizabeth K. Joseph: The Big Iron Hippo

    It’s been about a year since I last wrote about an Ubuntu release on IBM Z (colloquially known as “mainframes” and nicknamed “Big Iron”). In my first year at IBM my focus really was Linux on Z, along with other open source software like KVM and how that provides support for common tools via libvirt to make management of VMs on IBM Z almost trivial for most Linux folks. Last year I was able to start digging a little into the more traditional systems for IBM Z: z/OS and z/VM. While I’m no expert, by far, I have obtained a glimpse into just how powerful these operating systems are, and it’s impressive. [...] Several updates to the kernel! A great, continued focus on virtualization and containers! I can already see that the next LTS, coming out in the spring of 2022, is going to be a really impressive one for Ubuntu on IBM Z and LinuxONE.

    •  
  • Node.js Reference Architecture: Logging in Node.js

    Understanding what tools to use for logging in your Node.js applications and deployments is a critical step to ensuring they run well in production. This article discusses why the Node.js Reference Architecture recommends Pino as a great tool for logging in your Node.js application. The article concludes by walking you through an example of logging in a Node.js application in production. Because the Node.js ecosystem offers so many packages in the npm registry, the Node contributors at Red Hat and IBM collaborated to create a reference architecture for Node.js where we highlight our recommendations based on our use. Read our intro Welcome to the Node.js Reference Architecture. It’s important that we stress that this recommendation is only meant to be a starting point for teams who want an opinion. There are other good logging options, and we don’t think teams need to change what they are already using in production and understand there can be good reasons to use something else.

    •   
  • Fedora Has Too Many Security Bugs 2

    A year (and change) later, this is a followup to my previous post on how Feodra has too many security bugs. The code and methodology I'm using are unchanged from that post - this is just new numbers and some thoughts on the delta. Right now, there are 2,089 open CVE bugs against Fedora. This is a decrease of 247 from last year - so that's good news. My gratitude toward maintainers who have been reducing their backlog.

Beelink GK Mini is a compact desktop for about $200

Beelink’s newest little computer is a 4.5″ x 4″ x 1.7″ PC with a quad-core Intel Celeron J4125 Gemini Lake Refresh processor, 8GB of RAM, and a 128GB SSD. The Beelink GK Mini also has two HDMI ports and an Ethernet jack. And while the system ships with Windows 10, it should support other operating systems – Beelink is an official partner of the Manjaro Linux team, and developer say they’re already working to ensure that Manjaro runs smoothly on the GK Mini. Read more

Mozilla: mozregression, Security, SUMO, Spidermonkey, and WebAssembly

  • William Lachance: mozregression update May 2021

    One of the persistent issues with mozregression is that it seems to be persistently detected as a virus by many popular anti-virus scanners. The causes for this are somewhat complex, but at root the problem is that mozregression requires fairly broad permissions to do the things it needs to do (install and run copies of Firefox) and thus its behavior is hard to distinguish from a piece of software doing something malicious.

  • Mozilla Security Blog: Beware of Applications Misusing Root Stores

    We have been alerted about applications that use the root store provided by Mozilla for purposes other than what Mozilla’s root store is curated for. We provide a root store to be used for server authentication (TLS) and for digitally signed and encrypted email (S/MIME). Applications that use Mozilla’s root store for a purpose other than that have a critical security vulnerability. With the goal of improving the security ecosystem on the internet, below we clarify the correct and incorrect use of Mozilla’s root store, and provide tools for correct use.

  • Support.Mozilla.Org: What’s up with SUMO – May 2021

    The second quarter of 2021 is underway and we can’t be more excited about lots of stuff that we’ve been working on in this quarter.

  • Spidermonkey Development Blog: TC39 meeting, April 19-21 2021

    In this TC39 meeting, the updates to JavaScript Classes around private state have moved to stage 4. Other proposals of note this meeting were proposals related to ArrayBuffers, notably resizable ArrayBuffers and a new proposal, introducing read-only ArrayBuffers and fixed views into ArrayBuffers. Read-only ArrayBuffers are not a new ArrayBuffer, but rather a way to freeze existing ArrayBuffers so that they are not modified accidentally. Fixed views into ArrayBuffers would have the goal of not exposing more than the intended view of an ArrayBuffer to a third party.

  • Nick Fitzgerald: Hit the Ground Running: Wasm Snapshots for Fast Start Up

    I gave a (virtual) talk at the WebAssembly Summit this year titled “Hit the Ground Running: Wasm Snapshots for Fast Start Up”.

Is Slackware the Right Linux Distribution for You? What You Need to Know

Debian might be the oldest popular distribution but it's tied with Slackware as the oldest one still in existence. The Slackware project started in 1992, a year after Linux was initially released, as a way to install a Linux system that already included some core packages: the kernel, the X Window System, and other utilities. Since then, the distribution honestly hasn't changed much. Its maintainers seem to have an "If it ain't broke, don't fix it" mentality in their design decisions. Patrick Volkerding created Slackware out of his frustrations with what was the most popular early Linux distro, Softland Linux System (SLS). SLS was widely used among the early Linux community, but it was buggy. Volkerding, a computer science student at Minnesota State University Moorhead, decided to start his own distribution. Debian and OpenSUSE have similar roots in their founders becoming frustrated with SLS, so SLS in some way may be a common ancestor to most modern Linux distros. Volkerding was a member of the parody religion, Church of the SubGenius, and decided to name his new distro "Slackware" in reference to the SubGenius concept of "slack," and the rest is history. The SubGenius connection furthered with the logo of Tux with SubGenius mascot J.R. "Bobb" Dobbs' iconic pipe. Volkerding still exerts a lot of influence over the project to this day as its BDFL or Benevolent Dictator For Life. The pace of releases slowed down in the 2000s owing to Volkerding's health issues. The current LTS release as of this writing is 14.2, released in 2016. Read more

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6