Language Selection

English French German Italian Portuguese Spanish

Security FUD

Filed under
Security
  • New Python-based Ransomware Encrypts Virtual Machines Quickly [Ed: This make it sound like a Python issue, but it is a proprietary software issue completely irrelevant to the programming language]

    VMware ESXi datastores rarely have endpoint protection, the researchers noted, and they host virtual machines (VMs) that likely run critical services for the business, making them a very attractive target for hackers. In the threat landscape, it’s like winning the jackpot.

  • Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

    On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the “hackers” and anyone who aided the publication in its “attempt to embarrass the state and sell headlines for their news outlet.”

  • Missouri governor threatens criminal prosecution of reporter who found security flaw in state site

    Hancock reports, "The Post-Dispatch discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials. The Department removed the affected pages from its website Tuesday after being notified of the problem by the Post-Dispatch. Based on state pay records and other data, more than 100,000 Social Security numbers were vulnerable. The newspaper delayed publishing this report to give the Department time to take steps to protect teachers' private information, and to allow the state to ensure no other agencies' web applications contained similar vulnerabilities."

  • Missouri goes after man who looked at source code on state site

    A newspaper in St Louis, Missouri, which discovered that the social security numbers of school teachers, administrators and counsellors across the state were publicly exposed and informed the authorities, has been threatened with unspecified action by the state's governor.

  • Missouri Governor Is Extremely Confused About What Constitutes ‘Hacking’

    Reporter Josh Renaud was browsing a Department of Elementary and Secondary Education web application that lets users search for teachers’ certifications and credentials when he looked at the site’s HTML source code (something that usually requires zero hacking skills, only the use of a right-click). In the source code, he found sensitive data belonging to the state’s teachers, including Social Security numbers and other private information.

  • No it isn’t: Missouri governor says viewing HTML source code containing private data the state published on every page, is a crime

    Republican Gov. Mike Parson on Thursday condemned one of Missouri’s largest newspapers for exposing a flaw in a state database that allowed public access to thousands of teachers’ Social Security numbers, even though the paper held off from reporting about the flaw until after the state could fix it.

  • Gov. Parson threatens legal action against reporter who exposed flaw on state education department’s website

    The reporter found hundreds of thousands of Missouri educators' social security numbers were accessible to the public in the HTML code for the Missouri Department of Elementary and Secondary Education's website.

    Parson said the Cole County prosecutor and the Missouri State Highway Patrol Digital Investigations Unit are now investigating the incident and it could cost taxpayers up to $50 million.

  • Missouri Governor Says HTML Source Code ‘Decoded’ by ‘Hacker’ Reporter

    Gov. Mike Parson of Missouri announced that an individual stole Social Security numbers after they “decoded the HTML source code.” However, a local media publication is disputing this claim and saying the individual was their own reporter who warned Parson’s administration about the security flaw and let them fix it before reporting about it. The word “SSNs” began trending on Twitter after Parson’s announcement, as people pointed out that if the Social Security numbers were in the source code, that meant they were easily viewable by just hitting F12.

More in Tux Machines

Audiocasts/Shows: Late Night Linux, Destination Linux, and More

Kernel: Slowdown, CephFS, and FS-Cache / CacheFiles

  • How a performance boost in Linux kernel for one family of Intel chips slowed its latest Alder Lake processors

    The mixture of performance and efficiency CPUs in Intel’s 12th-gen Core processors, code-named Alder Lake, hasn’t just been causing problems for some Windows gamers – it almost led to complications for Linux. Phoronix’s Michael Larabel noticed a performance hit in the kernel a fortnight ago – in a work-in-progress release candidate, we should stress – and a fix for the scheduling code landed a little later. It turned out the kernel suffered on Alder Lake chips due to a performance-enhancing tweak for another Intel processor family: the multiple-Atom-core-based Jacobsville. This year, Intel officially canned its Lakefield chips. These consisted of a performance core called Sunny Cove as well as Atom-class efficiency cores dubbed Tremont. Crucially, there are still multi-Tremont-core embedded processors out there, such as Snow Ridge. These are server and infrastructure-oriented components with up to 24 cores. The first proposed cut of kernel 5.16, specifically 5.16-rc1, contained a revision to the scheduler that makes it aware that some clusters of cores share a block of L2 cache – as seen in Snow Ridge and Jacobsville.

  • Testing the Linux Kernel CephFS Client with xfstests

    I do a lot of testing with the kernel cephfs client these days, and have had a number of people ask about how I test it. For now, I’ll gloss over the cluster setup since there are other tutorials for that.

  • Major Rewrite Of Linux's FS-Cache / CacheFiles So It's Smaller & Simpler - Phoronix

    As part of David Howells of Red Hat long-term work on improving the caching code used by network file-systems, he today posted a big patch series rewriting the fscache and cachefiles code as the latest significant step on that adventure. Howells posted a set of 64 patches for rewriting the kernel's fscache and cachefiles code. Linux's fsache is a general purpose cache used by network file-systems while cachefiles is for providing a caching back-end for mounted local file-systems. The Red Hat engineer has been working on this rewrite for more than the past year.

Ubuntu Weekly Newsletter and Ubuntu Desktop on Google Clown

  • Ubuntu Weekly Newsletter Issue 711

    Welcome to the Ubuntu Weekly Newsletter, Issue 711 for the week of November 21 – 27, 2021. The full version of this issue is available here.

  • Launch Ubuntu Desktop on Google Cloud

    This tutorial shows you how to set up a Ubuntu Desktop on Google Cloud. If you need a graphic interface to your virtual desktop on the cloud, this tutorial will teach you how to set up a desktop environment just like what you can get on your own computer.

Open Hardware/Modding: ESP32, 3-D Printing, Raspberry Pi Pico, PocketBeagle

  • Wireless thermal printer kit features M5Stack ATOM Lite controller - CNX Software

    This is certainly not the first ESP32 thermal printer solution, as there are various implementations including bitbank2 thermal printer Arduino connecting ESP32 and nRF52 boards to the printer over Bluetotoh LE, or a Arduino sketches to print bitmaps over serial or MQTT.

  • Generate Fully Parametric, 3D-Printable Speaker Enclosures | Hackaday

    Having the right speaker enclosure can make a big difference to sound quality, so it’s no surprise that customizable ones are a common project for those who treat sound seriously. In that vein, [zx82net]’s Universal Speaker Box aims to give one everything they need to craft the perfect enclosure.

  • Z80 Video Output Via The Raspberry Pi Pico | Hackaday

    Building basic computers from the ground up is a popular pastime in the hacker community. [Kevin] is one such enthusiast, and decided to whip up a video interface for his retro Z80 machine.

  • The Calculator Charm: Calculatorium Leviosa! | Hackaday

    Have you ever tried waving your hand around like a magic wand and summoning a calculator? We would guess not since you’d probably look a little silly doing so. That is unless you had [Andrei’s] cool gesture-controlled calculator. [Andrei] thought it would be helpful to use a calculator in his research lab without having to take his gloves off and the results are pretty cool. His hardware consists of a PocketBeagle, an OLED, and an MPU6050 inertial measurement unit for capturing his hand motions using an accelerometer and gyroscope. The hardware is pretty straightforward, so the beauty of this project lies in its machine learning implementation.