Language Selection

English French German Italian Portuguese Spanish

Security, Fear, Uncertainty, and Doubt

Filed under
Security

  • How IBM i Fits Into a Zero-Trust Security Framework [Ed: Authored by IBM shill funded by IBM]

    One of the hot new trends in cybersecurity these days is the zero-trust security model. Instead of implicitly trusting network traffic behind the firewall, zero-trust demands that traffic have explicit permission to be there. But how does that model work with the strange beast known as IBM i? IT Jungle recently sat down with PJ Kirner, the CTO and co-founder of zero-trust software provider Illumio, to find out.

    Illumio is an eight-year-old venture-backed startup based in Sunnyvale, California, that is working in the field of zero-trust security. It develops an offering, called Illumio Core, that allows companies to begin implementing the zero-trust security model in their own data centers.

    It’s a fairly radical shift in philosophy, Kirner says. “There’s a mentality change from ‘I trust everything’ to . . . ‘I need a policy enforcement point of some sort everywhere, not just in the one place at the boundary of two things,'” he says.

    When fully built out, an IT estate with an active zero-trust security model will resemble a party where only invited guests are allowed in. Building from a whitelist, or “allow list,” is starkly different than starting with a blacklist, or an “exclude list,” Kirner says. “If you start by saying just these two things are not allowed to talk, well, that’s a whole bunch of implicit trust around everything else,” he says.

    Illumio, which recently added support for IBM i systems, begins every zero-trust security engagement by making a map of network traffic behind the firewall. Illumio develops software that does this mapping, which can be quite illuminating in its own right.

  • New Windows 10 vulnerability allows anyone to get admin privileges
  • The virus rears its ugly head....

    There is a virus going around. We thought we were winning the battle against it, but powerful forces and events have allowed it to raise its ugly head and cause unforeseen additional hardship.
    People thought that it was not so bad, they did not listen to reason and take the precautionary measures necessary to protect themselves. In letting down their guard they were unprepared and unprotected.
    After months of machines being turned off, software licenses (with their expiration dates never “dormant”) are up for renewal.
    Many companies, educational institutions and public buildings (like libraries) are turning on their Wintel PCs for the first time in over a year and finding that they need to renew their licenses, not only for what is called an operating system on their computer, but also for many of the closed source, proprietary add-on software packages that owners purchased in a wild attempt to make their hardware somewhat useful.

    [...]

    This variant is called “Windows 11”, and the creator of it seems to be unable to tell you how much havoc it will create for you. Does it run on your otherwise great hardware? You have a decent processor, a lot of RAM, and you bought it just two or three years ago….but it might not run Windows 11.

  • UK.gov's Huawei watchdog says firm made 'no overall improvement' on firmware security but won't say why

    Huawei has made "no overall improvement" in software engineering processes for its UK telecoms equipment's firmware, its GCHQ overseers have warned.

    The Huawei Cyber Security Evaluation Cell (HCSEC) oversight board's annual report for 2020 was noticeably less critical than in previous years – but still says Huawei is dragging its feet in key areas.

  • Northern Train's ticketing system out to lunch as ransomware attack shuts down servers

    Publicly owned rail operator Northern Trains has an excuse somewhat more technical than "leaves on the line" for its latest service disruption: a ransomware attack that has left its self-service ticketing booths out for the count.

    "Last week we experienced technical difficulties with our self-service ticket machines, which meant all have had to be taken offline," a spokesperson for Northern Trains confirmed to the The Register.

  • Fortinet's security appliances hit by remote code execution vulnerability

    Security appliance slinger Fortinet has warned of a critical vulnerability in its products that can be exploited to allow unauthenticated attackers full control over the target system - providing a particular daemon is enabled.

    The vulnerability, discovered by Orange Group security researcher Cyrille Chatras and sent to Fortinet privately for responsible disclosure, lies in the FortiManager and FortiAnalyzer software running atop selected models in the company's FortiGate security appliance family. Should a particular daemon be enabled, the company admitted, a remote attacker can gain full control.

  • Romanian Linux Cryptojacking Cybercriminals Spotted [Ed: This is classic FUD as it's not a Linux issue but a weak password issue]

    Since at least 2020, an active threat organization based in Romania has been running a cryptojacking operation against Linux-based machines using the Golang-based SSH brute force, according to The Hacker News. The campaign's objective is to infect Linux systems with Monero mining applications.

More in Tux Machines

Programming Leftovers

  • Run your own CI pipeline with GStreamer's new monorepo

    Recently, the GStreamer project merged all its git repositories into a single, unified repository, often called monorepo. You can read more about this change here. One benefit is it greatly simplifies maintaining custom, project specific, GStreamer patches. Previously, projects that needed to develop, or backport, some patches had to go through multiple steps to complete the task. Projects had to fork various git repositories (e.g. gst-plugins-good, gst-plugins-bad, etc), each repository would then have a new branch with the extra commits, and often, gst-build was used to pull all of these repositories together (and gst-build itself had to be patched beforehand to download forked repositories). Thankfully, all that will be a thing of the past.

  • GitOps: Best practices for the real world

    There is a common misunderstanding about how GitOps should be applied in real-world environments. Developers equate Infrastructure as Code (IaC) with GitOps in concept or believe that GitOps can only work with container-based applications — which is not true. In this blog, you will learn what GitOps is and how to apply its principles to real-world development and operations.

  • 5 Open Source tools for Documenting your React Component - DEV Community

    Documenting our code is of course not the easiest part of the development process and at times developers even avoid it saying that it's really boring. In this article, we will take an overview of 5 tools whose purpose is to help us in documenting our React Components with bare minimum efforts thus, which have made documenting our React Components a piece of cake.

  • Meson version bumped to 0.59.2

    Meson is a source package build system. EasyOS has version 0.53.0, however, I wanted to compile the latest 'pipewire' package and it requires meson version 0.54.0 or later. So, have recompiled meson in OpenEmbedded, now version 0.59.2.

  • Reviving Net::Pcap

    ... in which I look at how existing patches floating on the internet can be integrated into Net::Pcap to make it compile again. Net::Pcap is dear to me, as I have a module implementing an HTTP sniffer using its network capture. So I like it when the module compiles without too much manual work.

  • Smart Flower Pot Build Is All About That Base | Hackaday

    This attractive beginner build is a Python-powered project that runs on a PyPortal Titano and has a speaker that anthropomorphizes the thing so it can berate you politely ask for water in English. But the real magic of this build is in the enclosure itself.

  • Best Plugins for PyCharm

    Plugins are add-ons that enable you to optimize your applications. For instance, if you want to live-stream a soccer match on a website, you may need to install a plugin because your browser doesn’t come with preinstalled streaming tools. You might want to think of plugins as an integral part of your computing and web browsing, making sure each activity you do is running smoothly, even if it is just about viewing a document or surfing a blog.

  • Duplicate records differing only in unique identifiers

    There's a big data table with lots of fields and lots of records. Each record has one or more unique identifier field entries. How to check for records that are exactly the same, apart from those unique identifiers? I've been tinkering with this problem for years, and you can read my last, fairly clumsy effort in this BASHing data blog post from 2020. Here I present a much-improved solution, which has also gone into A Data Cleaner's Cookbook as an update. In 2020, the fastest and most reliable method I used to extract these partial duplicates was with an AWK array and two passes through the table. In the first pass, an array "a" is built with the non-unique-identifier field entries as index string and the tally of each different entry as the value string. In the second pass through the table, AWK looks for records where the value string for the same index string is greater than one, and by default prints the record.

  • Excellent Free Tutorials to Learn Bash - LinuxLinks

    Bash (acronym for the ‘Bourne-Again-SHell’) is the GNU Project’s shell and programming language. It’s an sh-compatible shell that incorporates useful features from the Korn shell (ksh) and C shell (csh). Bash has become a de facto standard for shell scripting. It runs on almost all versions of Unix and a few other operating systems including Windows platforms. A Unix shell is both a command interpreter and a programming language. As a command interpreter, the shell provides the user interface to various utilities. The programming language features of Bash allow these utilities to be combined. Files containing commands can be developed, and become commands themselves. A shell script is therefore a quick way of prototyping a complex application. Shell scripting follows the classic Unix philosophy of breaking complex projects into simpler subtasks, of chaining together components and utilities. Like all Unix shells, Bash supports filename globbing (wildcard matching), piping, here documents, command substitution, variables and control structures for condition-testing and iteration. The keywords, syntax and other basic features of the language were all copied from sh. Here’s our recommended free tutorials to learn Bash.

  • Classic 80s Text-To-Speech On Classic 80s Hardware | Hackaday

    Those of us who were around in the late 70s and into the 80s might remember the Speak & Spell, a children’s toy with a remarkable text-to-speech synthesizer. While it sounds dated by today’s standards, it was revolutionary for the time and was riding a wave of text-to-speech functionality that was starting to arrive to various computers of the era. While a lot of them used dedicated hardware to perform the speech synthesis, some computers were powerful enough to do this in software, but others were not quite able. The VIC-20 was one of the latter, but thanks to an ESP8266 it has been retroactively given this function. This project comes to us from [Jan Derogee], a connoisseur of this retrocomputer, and builds on the work by [Earle F. Philhower] who ported the retro speech synthesis software known as SAM from assembly to C which made it possible to run on the ESP8266. Audio playback is handled on the I2S port, but some work needed to be done to get this to work smoothly since this port also handles the communication with the VIC-20. Once this was sorted out, a patch was made to be able to hear the computer’s audio as well as the speech synthesizer’s. Finally, a serial command interface was designed by [Jan] which allows for control of the module.

Openwashing and Proprietary Software

  • When leading openly means leading with vulnerability

    In the second part of my interview with Sam Knuth, a fellow Open Organization Ambassador, we discussed how leaders can identify areas for coaching open management practices within their organization to ensure the managers they lead are letting open values guide their work teams and associates. It takes emotional intelligence—and effort. To wrap our time together, Sam and I discussed understanding and showing vulnerability with others in the workplace. Sam has authored articles on this important topic for Opensource.com, and his stories about life as an open leader showcase a passion for those (and other) open values. In this interview, we discuss the benefits of leaders showing vulnerability.

  • Intel hopes to burn newly open-sourced AI debug tech into chips [Ed: Shoddy openwashing by Intel with "hey hi" thrown into the mix for hype or good measure]

    Intel Labs has big plans for a software tool called ControlFlag that uses artificial intelligence to scan through code and pick out errors. One of those goals, perhaps way out in the future, is to bake it into chip packages as a last line of defense against faulty code. This could make the information flow on communications channels safer and efficient.

  • SuperSlicer Reviewed: Another 3DP Slicer? | Hackaday

    When you think of slicers for FDM 3D printing — especially free slicers — you probably think of Cura, Slic3r, or PrusaSlicer. There are fans of MatterControl and many people pay for Simplify3D. However, there are quite a few other slicers out there including the one [TeachingTech] has switched to: SuperSlicer. You can see his video review, below. Of course, just as PrusaSlicer is a fork of Slic3r, SuperSlicer is a fork of the Prusa software. According to the project’s home page, the slicer does everything Prusa does but adds custom calibration tests, ironing, better thin wall support, and several other features related to infill and top surfaces. The software runs on Windows, Linux, or Mac.

  • Axle.ai Launches Connectr 2021 Software For Windows, Mac and Linux
  • Axle.ai Launches Connectr 2021 software for Windows, Mac and Linux

    Axle.ai, the leader in bringing radical simplicity to video search and collaboration, is announcing availability of Connectr 2021, its revolutionary NoCode software for automating media workflows, for Windows, MacOS and Linux. The company is a Silver sponsor at the Adobe MAX virtual conference, starting today.

Linux Foundation and Security Leftovers

  • Linux Foundation Offers New DevOps Bootcamp

    The Linux Foundation and Continuous Delivery Foundation are offering a new self-paced DevOps Bootcamp.

  • Open Source Community Shifts Left With OpenSSF, Google SLSA [Ed: Disclosure missing; LF pays them to write these puff pieces]

    Security is becoming an increasingly key piece of the open source puzzle amid industry-wide pushes to shift left and integrate security during early stages of application development. The Linux Foundation’s Open Source Security Foundation (OpenSSF) is one example of how the open source community is working to improve software security through an ecosystem approach, vying for proactive handling of security by default.

  • Lead Cloud-Native Security Analytics Engineer Shares Top Tips for Securing the Enterprise

    Cloud and container adoption is on the rise, as organizations are increasingly recognizing the potential for rapid growth and evolution that cloud-based infrastructure offers. That being said, along with these advantages comes significant security challenges. The modern cloud-native attack surface is complex and difficult to secure with many “moving pieces” including endpoints, servers, containers and cloud providers. This makes integrating Threat Intelligence data gathered from all of these surfaces and evaluating potential security and compliance risks and active threats no easy task. Not only is risk harder to identify and evaluate in cloud and container environments, security vulnerabilities, malware and other threats that are also easier to inadvertently inherit from common layers and shared components frequently used in container builds.

  • Released: MITRE ATT&CK v10 - Help Net Security

    MITRE Corporation has released the tenth version of ATT&CK, its globally accessible (and free!) knowledge base of cyber adversary tactics and techniques based on real-world observations. Version ten comes with new Data Source objects, new and changed techniques in its various matrices, key changes to facilitate hunting in ICS environments, and more.

Open Hardware/Modding: AVA 'Big Computing' on ARM, Miniature Computing, and Raspberry Pi

  • AVA Developer Platform offers 32 64-bit Arm cores, 32GB RAM, 10GbE for $5,450 - CNX Software

    The AVA Developer Platform was announced together with ADLink COM-HPC Ampera Altra server module for embedded applications with up to 80 64-bit Arm cores, up to 768GB DDR4, 4x 10GbE, and 64x PCIe Gen4 lanes. The AVA Developer Platform is not fitted with the top-end COM-HPC module, but still, with a 32-core COM-HPC Ampere Altra module fitted with 32 GB DDR4 memory, plus a 128 GB NVMe M.2 SSD, and an Intel Quad X710 10GbE LAN card, it still makes an impressive workstation for native Arm development. We did not know the price the last time, but now we do as the workstation is available for pre-order for $5,450.

  • USB board emulates CR2032 or CR2016 coin cell battery - CNX Software

    You can now develop CR2032 or CR2016 powered devices without having to use an actual coin cell thanks to Peter Misenko’s (Bobricius) “coin cell battery emulator CR2016/CR2032”. The USB board contains a rounded part that is compatible with CR2016 or CR2032 coin cell batteries and allows you to power your target board via USB. The board also includes holes for alligator clips to measure the current, and by extension the power consumption.

  • RPi CM4 based local storage server launches on Kickstarter

    KubeSail has launched a compact, $250 “PiBox” NAS and local clouding hosting server powered by a RPi CM4 with dual native SATA SSD bays for up to 16TB plus GbE, HDMI, 2x USB, 40-pin, and KubeSail software for private clouds. Self-hosting cloud startup KubeSail has gone to Kickstarter to successfully fund its compact network-attached storage (NAS) and storage server called the PiBox. Built around the Raspberry Pi Compute Module 4 (RPi CM4), the system offers dual, PCIe-driven native SATA bays for 2.5-inch SSDs.

  • Raspberry Pi CM4 based PiBox 2 Mini serves as NAS, private Cloud storage (Crowdfunding) - CNX Software

    The PiBox 2 Mini is a networked storage solution based on a Raspberry Pi CM4 module and equipped with two slots for 2.5-inch SATA drivers be it HDD’s or SSD’s. It also exposes USB ports and an HDMI port, so I could also be used as a computer. Designed by KubeSail “self hosting company”, the PiBox does not only serve as a standard NAS, but aims to provide a home-based private cloud hosting solution that can replace services such as Google Photos or Dropbox with easily installable templates that are hosted in the box.

  • Surf Sensor Adds Depth To Finding The Ultimate Wave

    o say that the ocean is a dynamic environment would be a gross understatement, especially when coastlines are involved. Waves crash, tides go in and out, and countless variables make even the usual conditions a guessing game. When [foobarbecue] goes surfing, he tries to take into account all of these things. The best waves at his local beach are directly over an ever-moving sand bar, and their dynamics are affected by depth, another constant variable. [foobarbecue]’s brilliant solution to understanding current conditions? Build a depth finder directly into his surf board! At the heart of the “surfsonar” is the Ping Sonar Echosounder, a sonar transducer designed for AUV’s and ROV’s. [foobarbecue] embedded the transducer directly into the board. Data is fed to a Raspberry Pi 4b, which displays depth and confidence (a percentage of how sure it is of the measurement) on a 2.13 inch e-Paper Display Hat.