Language Selection

English French German Italian Portuguese Spanish

Security and Proprietary Software

  • Complete Guide to Installing Security Updates in Debian & Ubuntu

    Whether you are a DevSecOps engineer responsible for managing your organization’s application infrastructure or you have your own personal Linux server that you use at home, the importance of keeping your systems safe and secure against malicious attacks by bad actors cannot be over emphasized.

    While there are many aspects with regards to securing systems, one fundamental best practice is to continuously patch your systems and applications as soon as they are made available. The infamous WannaCry ransomware attack from the summer of 2017, that caused much grief to millions of users is a case in point. While the patch was made available much ahead of the actual attack, it was due to a sheer lack of security discipline that the attack was successful.

  • SolarWinds issues software update – one it wrote for a change – to patch hole exploited in the wild

    SolarWinds has issued an emergency patch after a critical security hole in its Serv-U Managed File Transfer and Serv-U Secure FTP was spotted being exploited in the wild.

    The vulnerability, discovered by Microsoft's Threat Intelligence Center (MSTIC) and Offensive Security Research teams, can be exploited by an attacker to achieve remote code execution, and is present in Serv-U version 15.2.3 HF1 and all prior builds. The Redmond crew also said a "single threat actor" was abusing the programming blunder (CVE-2021-35211) though it's not known how many customers are affected.

    "This attack is a Return Oriented Programming (ROP) attack," said SolarWinds in an advisory. "When exploited, the vulnerability causes the Serv-U product to throw an exception and then intercepts the exception handling code to run commands. Please note, several reasons exist for exceptions to be thrown, so an exception itself is not necessarily an indicator of attack."

  • With a straight face, Putin agrees to do something about ransomware coming out of Russia, apparently [Ed: Distraction and deflection from Microsoft back doors and insecurity by design]

    ate last week, President Biden said he brought up the epidemic of ransomware hitting American businesses in a phone call with his Russian counterpart, and hinted America may start hitting back.

    Biden said he and Vladimir Putin not only discussed the matter, their two countries are apparently going to try to coordinate some action to tackle the waves of extortionware infections, which seem to be mainly orchestrated by miscreants in Russia and typically avoid compromising computers configured to use the Russian language.

    IT management software made by Kaseya was lately exploited to install REvil ransomware on as many as 1,500 businesses. The crew behind that software nasty is said to avoid targeting Russian organizations.

  • Ransomware Attacks Hit Closer To Home

    Fifteen hundred organizations around the world had their data locked up in the latest ransomware, including grocery store chains and schools. It’s unclear if any IBM i shops were included in the attack, which a Russian hacking group claimed credit for. But it’s clear that ransomware is a growing threat to all organizations, including IBM i shops.

  • Don’t get tricked by this crashtastic iPhone Wi-Fi hack!

    About a month ago, a security researcher revealed what turned out to be zero-day bug in Apple’s Wi-Fi software, apparently without meaning to...

  • Microsoft broke British and European competition laws, UK reseller tells High Court

    Microsoft's attempts to kill off resellable perpetual software licences infringe the EU constitution and UK competition law alike, according to the legal filings of a reseller suing Redmond for £270m in London's High Court.

    Details of ValueLicensing's lawsuit against Microsoft are now in the public domain after the US-based software megalith filed an acknowledgement of service earlier this month.

  • New FinOps for Engineering Training Now Available [Ed: Linux Foundation (LF) trying to reinvent itself as buzzwords mill now that it has sold out fully and cannot profit from events]

More in Tux Machines

Software: Matrix, Ktube, and Monero P2Pool

  • Chat Bubbles on Element and Several Matrix Apps

    This simple comparison wants to help everyone adopt alternative messaging technology, Matrix, with suitable user interface to them. We call Matrix Apps to instant messengers like Element, Fluffy, Nheko, Schildi and Spectral as they are created based upon the said technology. We will start by setting up criteria first that includes chat bubbles, then going through these messengers one by one, and you will see their pictures here along with a little comments from me. I hope you can pick up the messenger with UI you love the most from here.

  • Ktube Media Downloader lets you download YouTube videos easily on Linux

    I always like to tell people about how I have been using Linux as my primary operating system for over ten years. I love Linux, I understand it, it’s free and above all, it fits my workflow in a way Microsoft’s Windows (with all its goodness) probably never will. That also means I love and am a command-line ninja but I also know one thing, a lot of people out there fear and hate the command line.

  • Monero P2Pool V1.0 Is Released

    The latest version of P2Pool, a decentralized Monero mining pool has released. This is the first official release, signaling an invitation for more users to try out the new software.

Better Support & Performance For OpenACC Kernels Is Coming To GCC

While the GNU Compiler Collection has supported OpenACC for a few years now as this parallel programming standard popular with GPUs/accelerators, the current implementation has been found to be inadequate for many real-world HPC workloads leveraging OpenACC. Fortunately, Siemens has been working to improve GCC's OpenACC kernels support. GCC's existing OpenACC kernels construct has been found to be "unable to cope with many language constructs found in real HPC codes which generally leads to very bad performance." Fortunately, improvements are on the way and could potentially be mainlined in time for next year's GCC 12 stable release. Read more

Security Leftovers

  • Database containing 106m Thailand travelers' details leaked • The Register

    A database containing personal information on 106 million international travelers to Thailand was exposed to the public internet this year, a Brit biz claimed this week. Bob Diachenko, head of cybersecurity research at product-comparison website Comparitech, said the Elasticsearch data store contained visitors' full names, passport numbers, arrival dates, visa types, residency status, and more. It was indexed by search engine Censys on August 20, and spotted by Diachenko two days later. There were no credentials in the database, which is said to have held records dating back a decade. “There are many people who would prefer their travel history and residency status not be publicized, so for them there are obvious privacy issues,” wrote Comparitech editor Paul Bischoff on the company’s blog.

  • Break out your emergency change process and patch this ransomware-friendly bug ASAP, says VMware

    VMware has disclosed a critical bug in its flagship vSphere and vCenter products and urged users to drop everything and patch it. The virtualization giant also offered a workaround.

  • Reproducible Builds (diffoscope): diffoscope 185 released

    The diffoscope maintainers are pleased to announce the release of diffoscope version 185. This version includes the following changes:

    [ Mattia Rizzolo ]
    * Fix the autopkgtest in order to fix testing migration: the androguard
      Python module is not in the python3-androguard Debian package
    * Ignore a warning in the tests from the h5py package that doesn't concern
      diffoscope.
    
    [ Chris Lamb ]
    * Bump Standards-Version to 4.6.0.
    

GNOME 41 Released. This is What's New.

GNOME team announced the release of GNOME 41 with some exceptional changes and updates. We wrap up the release in this post. Read more