Language Selection

English French German Italian Portuguese Spanish

Security, Fear, Uncertainty, and Doubt

Filed under
Security

  • How IBM i Fits Into a Zero-Trust Security Framework [Ed: Authored by IBM shill funded by IBM]

    One of the hot new trends in cybersecurity these days is the zero-trust security model. Instead of implicitly trusting network traffic behind the firewall, zero-trust demands that traffic have explicit permission to be there. But how does that model work with the strange beast known as IBM i? IT Jungle recently sat down with PJ Kirner, the CTO and co-founder of zero-trust software provider Illumio, to find out.

    Illumio is an eight-year-old venture-backed startup based in Sunnyvale, California, that is working in the field of zero-trust security. It develops an offering, called Illumio Core, that allows companies to begin implementing the zero-trust security model in their own data centers.

    It’s a fairly radical shift in philosophy, Kirner says. “There’s a mentality change from ‘I trust everything’ to . . . ‘I need a policy enforcement point of some sort everywhere, not just in the one place at the boundary of two things,'” he says.

    When fully built out, an IT estate with an active zero-trust security model will resemble a party where only invited guests are allowed in. Building from a whitelist, or “allow list,” is starkly different than starting with a blacklist, or an “exclude list,” Kirner says. “If you start by saying just these two things are not allowed to talk, well, that’s a whole bunch of implicit trust around everything else,” he says.

    Illumio, which recently added support for IBM i systems, begins every zero-trust security engagement by making a map of network traffic behind the firewall. Illumio develops software that does this mapping, which can be quite illuminating in its own right.

  • New Windows 10 vulnerability allows anyone to get admin privileges
  • The virus rears its ugly head....

    There is a virus going around. We thought we were winning the battle against it, but powerful forces and events have allowed it to raise its ugly head and cause unforeseen additional hardship.
    People thought that it was not so bad, they did not listen to reason and take the precautionary measures necessary to protect themselves. In letting down their guard they were unprepared and unprotected.
    After months of machines being turned off, software licenses (with their expiration dates never “dormant”) are up for renewal.
    Many companies, educational institutions and public buildings (like libraries) are turning on their Wintel PCs for the first time in over a year and finding that they need to renew their licenses, not only for what is called an operating system on their computer, but also for many of the closed source, proprietary add-on software packages that owners purchased in a wild attempt to make their hardware somewhat useful.

    [...]

    This variant is called “Windows 11”, and the creator of it seems to be unable to tell you how much havoc it will create for you. Does it run on your otherwise great hardware? You have a decent processor, a lot of RAM, and you bought it just two or three years ago….but it might not run Windows 11.

  • UK.gov's Huawei watchdog says firm made 'no overall improvement' on firmware security but won't say why

    Huawei has made "no overall improvement" in software engineering processes for its UK telecoms equipment's firmware, its GCHQ overseers have warned.

    The Huawei Cyber Security Evaluation Cell (HCSEC) oversight board's annual report for 2020 was noticeably less critical than in previous years – but still says Huawei is dragging its feet in key areas.

  • Northern Train's ticketing system out to lunch as ransomware attack shuts down servers

    Publicly owned rail operator Northern Trains has an excuse somewhat more technical than "leaves on the line" for its latest service disruption: a ransomware attack that has left its self-service ticketing booths out for the count.

    "Last week we experienced technical difficulties with our self-service ticket machines, which meant all have had to be taken offline," a spokesperson for Northern Trains confirmed to the The Register.

  • Fortinet's security appliances hit by remote code execution vulnerability

    Security appliance slinger Fortinet has warned of a critical vulnerability in its products that can be exploited to allow unauthenticated attackers full control over the target system - providing a particular daemon is enabled.

    The vulnerability, discovered by Orange Group security researcher Cyrille Chatras and sent to Fortinet privately for responsible disclosure, lies in the FortiManager and FortiAnalyzer software running atop selected models in the company's FortiGate security appliance family. Should a particular daemon be enabled, the company admitted, a remote attacker can gain full control.

  • Romanian Linux Cryptojacking Cybercriminals Spotted [Ed: This is classic FUD as it's not a Linux issue but a weak password issue]

    Since at least 2020, an active threat organization based in Romania has been running a cryptojacking operation against Linux-based machines using the Golang-based SSH brute force, according to The Hacker News. The campaign's objective is to infect Linux systems with Monero mining applications.

More in Tux Machines

Top 5 Programming Languages for Developing Linux Desktop Applications

The IT industry is the quickest developing industry. It is befuddling to choose the one appropriate and useful choice as it has bunches of language choices. It could be a troublesome inquiry for an entrepreneur who needs to foster a work area application or somebody new to writing computer programs is which language ought to be your inclination. Linux on work area, Linux developers and programming engineers are investing more energy and difficult work in creating work area applications that will coordinate with applications on Windows and Mac OS X work areas. This is valid, particularly with an endless number of Linux dispersions that are centered on making it simple for new Linux clients to handily adjust to the working framework. Read more

Fedora 35 Cleared For Release Next Week

After dealing with blocker bugs the past two weeks, Fedora 35 is now confirmed for releasing next week. The latest Fedora 35 RC compose has been declared a "GO" at today's Fedora meeting for releasing next week. Fedora 35 will be shipping on 2 November after missing its original final target date of 19 October and follow-up of 26 October due to unresolved issues. It's not as bad like Fedora's notorious release delays from many years ago and at least they side with quality rather than timeliness. Confirmation of Fedora 35 being ready to ship next week was announced today. Read more

Interview of Nicolas Lécureuil, chair of the Mageia Board, on Linuxfr.org

Nicolas Lécureuil, alias NeoClust, is a long time user of LinuxFr.org. He has an account on the website dedicated to Linux since 2005. Nicolas became the president of the Board of Mageia early in 2021. Nicolas has been, and still is, very active everywhere in the Mageia forums, discussion lists and the cauldron development, where new versions of the distribution are being cooked. In this interview, we will see that he is an early Mageian. Also, we will discover his ambitions and projects for this distribution, which is one of the most accessible to the general public. Read more

deepin OS: The Artistic, Unique Features Computer Users Would Love

This is an overview of deepin OS for everyone who looks for the best alternative operating systems for their computing. It is a GNU/Linux distribution that is well made, artistic and beautiful, practically easy to use, and at the same time unique no other Free Software Desktop Systems could ever thought to be. We made this review based on version 20.2.4 and hopefully this can give you pictures of deepin OS. Lastly, we still hope that deepin OS will soon be mass produced so people can just purchase a deepin laptop or deepin PC they want to start their software freedom. We think deepin OS is artistic and unique for user's computing with aforementioned features explained in the whole article. We, once again, wish deepin OS to be mass produced, as we believe it is ready and deserves mass production more than either Windows or macOS so millions of people could start their software freedom computing. We strongly appreciate one shop, The Linux Laptop, who sell laptops with deepin OS preinstalled and international shipping, as that would help many people who can only work with, not take care of nor install the hardware or software in their computers. Is it not good if Wuhan Deepin Technology as the organization behind deepin OS, does the same? All in all, the unique traits of deepin OS can be a good study for everybody including other Free Software Desktop Systems developers. Read more