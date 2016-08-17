Language Selection

Security and Proprietary Software

Friday 11th of June 2021 09:16:10 AM
Security
         
  • Germany: Trojans for all

           

             

    The German Bundestag passed new wiretapping laws for secret services and the Federal Police

  • Seven-year-old make-me-root bug in Linux kernel patched

                 

                   

    In a blog post on Thursday, GitHub security researcher Kevin Backhouse recounted how he found the bug (CVE-2021-3560) in a service called polkit that is used in systemd, a common Linux system and service manager component.

  • CISA Addresses the Rise in Ransomware Targeting Operational Technology Assets [Ed: Funny how they fail to mention a particular OS]

  • Mysterious Custom [Windows] Malware Collects Billions of Stolen Data Points

    Researchers have uncovered a 1.2-terabyte database of stolen data, lifted from 3.2 million Windows-based computers over the course of two years by an unknown, custom malware. The heisted info includes 6.6 million files and 26 million credentials, and 2 billion web login cookies – with 400 million of the latter still valid at the time of the database’s discovery.

  • Billions of Compromised Records and Counting: Why the Application Layer is Still the Front Door for Data Breaches

    Each year, the number of data breaches grows by 30% while the number of records compromised increases by an average of 224%. 2021 is far from over, but we’re already on pace for another record-setting year. In fact, Imperva research finds that more records were compromised in January alone than in all of 2017.

  • Microsoft: Big Cryptomining Attacks Hit Kubeflow

    Misconfigured dashboards are yet again at the heart of a widespread, ongoing cryptocurrency campaign squeezing Monero and Ethereum from Kubernetes clusters.

    Microsoft has spotted a new, widespread, ongoing attack targeting Kubernetes clusters running Kubeflow instances, in order to plant malicious TensorFlow pods that are used to mine for cryptocurrency.

    The Kubeflow open-source project is a popular framework for running machine learning (ML) tasks in Kubernetes, while TensorFlow is an end-to-end, open-source ML platform.

    Given that the attack is still active, any new Kubernetes clusters that run Kubeflow could be compromised, according to Microsoft.

  • The Trump administration forced Apple to secretly reveal at least two Democrats’ data

    By now, you may have heard that Trump’s Department of Justice secretly seized the phone records of journalists working for The New York Times, CNN, and The Washington Post, in the hopes of revealing their sources and stopping leaks to the press. But the NYT is now reporting that Trump didn’t stop at journalists — in 2017 and 2018, it forced Apple to cough up metadata on at least two Democratic members of the House Intelligence Committee, including current chairman Adam Schiff and representative Eric Swalwell, and as many as a dozen people tied to that committee in total, including family members and at least one child.

    Like the media outlets, Apple was under a gag order and unable to tell anyone until it expired this year — the only reason we’re learning about this now is because the new administration’s Justice Department decided to reveal the subpoenas and gag orders to the press.

  • Kaspersky trio spots Vista-era zero-days exploited through Chrome

    Global security firm Kaspersky has revealed that targeted attacks against a number of companies, which it noticed in April, initially used a vulnerability in Google's Chrome browser and then linked this to two zero-days in the Microsoft Windows 10 kernel.

  • EA got hit by a data breach, and hackers are selling source code

    Source code is a big deal in programing, so it’s a big deal when companies lose control over it, and the gaming industry has seen some huge thefts recently: hackers stole CD Projekt Red’s source code for Cyberpunk 2077 and The Witcher 3 in February and in July of 2020, Nintendo saw the source code for many SNES and Nintendo 64 games, including Super Mario Kart and an unreleased Zelda game, released into the wild in what’s been dubbed the “Nintendo Gigaleak.”

Security Leftovers

I'm back in the boat

In mid-2014 I first heard about Jolla and Sailfish OS and immediately bought a Jolla 1; wrote apps; participated in the IGG campaign for Jolla Tablet; bought the TOHKBD2; applied for (and got) Jolla C. Sounds like the beginning of a good story doesn’t it? Well, by the beginning of 2017 I had sold everything (except the tablet, we all know what happened to that one). So what happened?? I was a happy Sailfish user, but Jolla’s false promises disappointed me. Yet, despite all that, I still think about Sailfish OS to this day. I think it’s because, despite some proprietary components, the ecosystem around Sailfish OS is ultimately open source. And that’s what interests me. It also got a fresh update which solves some of the problems that where there 5 years ago. Nowadays, thanks to the community, Sailfish OS can be installed on many devices, even if with some less components, but I’m looking for that complete experience and so I asked on the forum if there was someone willing to sell his Xperia device with or without the license… and I got one for free. Better still, in exchange for some apps! Read more

today's howtos

  • Ansible tutorial for beginners on Linux

    A system administrator, in the vast majority of cases, has to take care of more than one server, so he often has to perform repetitive tasks on all of them. In these cases automation is a must. Ansible is an open source software owned by Red Hat; it is written in the Python programming lanaguage, and it is a provisioning and configuration management software which help us in the aforementioned cases. In this tutorial we will see how to install it and the basic concepts behind its usage.

  • Using proper FreeIPA certificates on Cockpit

    A couple of years ago, I did a video on Youtube on using FreeIPA / IdM certificates in Cockpit. According to some comments (that I only saw way after the fact…), for some people, my way of doing that didn’t work. Therefore, I redid the video for RHEL7 and RHEL8, connected to IdM from RHEL8. This should work with recent Fedora as well, since I’m using that at home :)

  • Support for chdir(2) in posix_spawn(3)

    Processes are the bread and butter of your operating system. The moment you double click an icon, that particular program gets loaded in your Random Access Memory (RAM) and your operating system starts to run it. At this moment the program becomes a process. Though you can only see the execution of your process, the operating system (the Kernel) is always running a lot of processes in the background to facilitate you. From the moment you hit that power button, everything that happens on the screen is the result of some or the other process. In this post we are going to talk about one such interface which helps in creation of your programs.

  • How To Use Command Line Newsboat RSS Feed Reader On Linux?

    Do you use a news aggregator (also termed as RSS feed reader) app? Is it still your go-to place for all the latest updates from different sources? If so, Newsboat is a lightweight, keyboard-driven, and command-line feed reader that you should check out right now. Suppose you’re already familiar with the existing feed reader Newsbeuter, which isn’t maintained consistently. I guess Newsboat would be the right replacement with regular maintenance.

  • Download and install Blender 2.93 LTS on Linux - Linux Shout

    Lately, the Blender Foundation has announced the latest 2.93 LTS version of their Blende software, a 3D graphics creation and rendering solution to provide a new stable framework for production. Blender 2.93 LTS comes with interesting features, it offers a total of 22 new nodes added to the geometry node editor to expand the attribute system, texture sampling, and support for volume data, as well as incorporating improved usability, mesh primitives, Cycles support for the attributes and much more. Also, it is now possible to create mesh circles, cones, cubes, cylinders, grids, lines, and other shapes without having to leave the geometry node editor. Using the geometry nodes themselves is now easier and the spreadsheet editor is in charge of assisting the user in inspecting meshes, instances, and point clouds.

elementary OS 6 beta promises great things in the same beautiful package

Every so often I'm reminded of the Rush song, "Circumstances." Back in my days of high school, I remember first hearing the line, "plus ça change, plus c'est la même chose," ("the more things change, the more they stay the same"), and being absolutely floored by its paradoxical statement. Since then, I've run into so many instances where the idiom applied. Within the realm of open-source, elementary OS is living proof that the saying can have perfect relevance. [...] I was not surprised when I fired it up and instantly thought of that Rush song, because elementary 6 looks very, very familiar. If you used elementary OS 5, you might think you've mistakenly installed that release, instead of the beta for 6—that's a good thing. You see, so often a group of developers and designers get something so right that their best path forward is one of refinement, not change. That's what Cassidy James Blaede and the gang have done. Instead of making change for change's sake, they simply improve on what they already know works. elementary OS has worked to perfection for a while. It should come as little surprise that the Pantheon desktop, which elementary OS uses as its default, remains (on the surface) the same (Figure A). That doesn't mean the developers haven't brought some serious goodness to bear on what lies beneath the surface. Read more

