Language Selection

English French German Italian Portuguese Spanish

Security FUD

Filed under
Security
  • New Python-based Ransomware Encrypts Virtual Machines Quickly [Ed: This make it sound like a Python issue, but it is a proprietary software issue completely irrelevant to the programming language]

    VMware ESXi datastores rarely have endpoint protection, the researchers noted, and they host virtual machines (VMs) that likely run critical services for the business, making them a very attractive target for hackers. In the threat landscape, it’s like winning the jackpot.

  • Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

    On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the “hackers” and anyone who aided the publication in its “attempt to embarrass the state and sell headlines for their news outlet.”

  • Missouri governor threatens criminal prosecution of reporter who found security flaw in state site

    Hancock reports, "The Post-Dispatch discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials. The Department removed the affected pages from its website Tuesday after being notified of the problem by the Post-Dispatch. Based on state pay records and other data, more than 100,000 Social Security numbers were vulnerable. The newspaper delayed publishing this report to give the Department time to take steps to protect teachers' private information, and to allow the state to ensure no other agencies' web applications contained similar vulnerabilities."

  • Missouri goes after man who looked at source code on state site

    A newspaper in St Louis, Missouri, which discovered that the social security numbers of school teachers, administrators and counsellors across the state were publicly exposed and informed the authorities, has been threatened with unspecified action by the state's governor.

  • Missouri Governor Is Extremely Confused About What Constitutes ‘Hacking’

    Reporter Josh Renaud was browsing a Department of Elementary and Secondary Education web application that lets users search for teachers’ certifications and credentials when he looked at the site’s HTML source code (something that usually requires zero hacking skills, only the use of a right-click). In the source code, he found sensitive data belonging to the state’s teachers, including Social Security numbers and other private information.

  • No it isn’t: Missouri governor says viewing HTML source code containing private data the state published on every page, is a crime

    Republican Gov. Mike Parson on Thursday condemned one of Missouri’s largest newspapers for exposing a flaw in a state database that allowed public access to thousands of teachers’ Social Security numbers, even though the paper held off from reporting about the flaw until after the state could fix it.

  • Gov. Parson threatens legal action against reporter who exposed flaw on state education department’s website

    The reporter found hundreds of thousands of Missouri educators' social security numbers were accessible to the public in the HTML code for the Missouri Department of Elementary and Secondary Education's website.

    Parson said the Cole County prosecutor and the Missouri State Highway Patrol Digital Investigations Unit are now investigating the incident and it could cost taxpayers up to $50 million.

  • Missouri Governor Says HTML Source Code ‘Decoded’ by ‘Hacker’ Reporter

    Gov. Mike Parson of Missouri announced that an individual stole Social Security numbers after they “decoded the HTML source code.” However, a local media publication is disputing this claim and saying the individual was their own reporter who warned Parson’s administration about the security flaw and let them fix it before reporting about it. The word “SSNs” began trending on Twitter after Parson’s announcement, as people pointed out that if the Social Security numbers were in the source code, that meant they were easily viewable by just hitting F12.

More in Tux Machines

Programming Leftovers

  • [Older] Report: Software engineers have only 10 hours per week for ‘deep work’

    What are software engineers spending their time on? With talent shortages at an all-time high, and epic shifts in where and how we work, everybody wants to know how happy engineers are with their jobs. A new report conducted by Retool and Wakefield uncovered insights into how engineers save time, increase productivity, where they lose time and their preferences around how that time is spent. Engineers are splitting time between core coding responsibilities, communication processes, complex testing, and even assisting with hiring, leaving them with only around 10 hours of “deep work” time per week. To save time, engineers are turning to open source code more than ever. Almost 90% of the engineers surveyed view open source code as at least somewhat essential to their day to day. More than 80% of developers are actively pulling open source code into their work (via StackOverflow or otherwise) at least once per month, and almost 50% are doing it at least once per week.

  • How Software Engineers Spend Their Time

    Almost 90% of the engineers surveyed view open source code as at least somewhat essential to their day to day.

  • hm-panelizer - A KiCad companion GUI tool for panelizing PCBs - CNX Software

    Gerard (aka halfmarble) has released hm-panelizer open-source software allowing for a panelization of PCBs via a simple GUI interface and doubling as a Gerber file viewer. He’s mostly tested it with PCBs designed in KiCad 6.x, but it should also work with design files from other tools.

  • 3 practical tips for agile transformation

    Agile transformation happens at three levels: team agile, product agile, and organization agile. Helping your team convert to agile is the first and fundamental step in agile transformation, and with good reason. Until you get your people on board with agile, the product of all their hard work can't be agile.

  • Calculating the ROI of Commercial Qt Subscriptions

    Calculating the financial value of software is not trivial, but it's not rocket science. Have you ever been in the position to justify your software purchase to your CFO or the procurement team? I've been doing this many times throughout my career in different product management and R&D leadership roles. The MAKE or BUY decision is often on the table. We at the Qt Company want to help current and future customers turn the benefits of using Qt's commercial software into financial outcomes. Therefore, we developed a tool that calculates the ROI of using the different parts of our portfolio and helps to surface current challenges and their business impact. In the past, I’ve been using Microsoft Excel to do the math of how much money we can save and how much additional money we can make by using a particular software. Using Excel in a world of cloud-based solutions felt a bit outdated, and we decided to build the new Qt Value Assessment Tool on an interactive web-based platform.

  • Embedded Linux development on Ubuntu – Part II | Ubuntu

    Welcome to Part II of this three-part mini-series on embedded Linux development on Ubuntu. In Part I, we set the stage for the remainder of the series and gave an overview of snaps, the packaging format at the heart of embedded devices running Ubuntu. Snaps are a secure, confined, dependency-free, cross-platform Linux packaging format. Software publishers often want to manage their application components using containers. Whereas one can achieve this with various runtimes, the Snap ecosystem provides a security-focused approach to containerisation with strict privilege and capability separation between containers. If you missed it, head over to Part I to review the role of snaps in embedded Linux development. If you are already familiar with snaps and do not wish to refresh your memory, keep reading.

  • Translating Jenkins with Perl | Alceu Rodrigues de Freitas Junior [blogs.perl.org]

    This is my first post here and I hope it is more positive than a rant to the readers eyes... It was 2017 when I had installed Jenkins locally in my notebook for a series of experiments. The notebook was running Ubuntu configured in Brazilian Portuguese and Jenkins automatically presented me with a translation to my native language. After 15 minutes trying, I changed Ubuntu settings to English and never went back. It took me a while to jump into the project repository and start translating the missing parts, about four years... and the translation hasn't improved since. You might be asking yourself what this has to do with Perl and why I'm blogging about it here... well, Jenkins project uses (at least) since 2010 a Perl script to help with the translation work.

Security Leftovers

  • Reproducible Builds (diffoscope): diffoscope 214 released
    The diffoscope maintainers are pleased to announce the release of diffoscope version 214. This version includes the following changes:
    [ Chris Lamb ]
    * Support both python-argcomplete 1.x and 2.x.
    
    [ Vagrant Cascadian ]
    * Add external tool on GNU Guix for xb-tool.
    
  • Security updates for Friday [LWN.net]

    Security updates have been issued by Debian (atftp, cups, neutron, and zipios++), Fedora (clash, moodle, python-jwt, and thunderbird), Red Hat (thunderbird), Slackware (cups), SUSE (go1.17, libredwg, opera, seamonkey, and varnish), and Ubuntu (libxv, ncurses, openssl, and subversion).

Mozilla Firefox Languishing, Chrome amd Chromium Latest

Fedora Family / IBM Leftovers

  • Red Hat CEO: We're going SaaS-first with OpenShift

    Red Hat President and CEO Paul Cormier offers a glimpse into the OpenShift roadmap as IT reckons with the effects of the COVID-19 pandemic and hybrid work.

  • Red Hat and Samsung agree to landmark software deal to develop next-gen storage

    The partnership is a first for Samsung as the companies commit to developing memory software designs that can keep up with emerging tech

  • API Management (3scale): The service provider use case

    As part of digital transformation, and in anticipation of the 5G evolution, service providers have found it necessary to redesign portions of the network’s layers and components, using cloudification and containerization. This approach enables the introduction of new technologies and operation modes to the network — such as microservices, automation, artificial intelligence/machine learning (AI/ML), horizontal, open architectures, and more. However, the delivery of new and expanded capability to customers needs to be integrated with legacy systems, and with a perspective of looking forward.

  • Fedora Community Blog: CPE Weekly Update – Week 21 2022
  • Fedora Community Blog: Friday’s Fedora Facts: 2022-21

    Here’s your weekly Fedora report. Read what happened this week and what’s coming up. Your contributions are welcome (see the end of the post)!

  • Radical collaboration: 6 key concepts to get started [Ed: IBM/Red Hat still perpetuates the "Great Resignation" myth/lie while sacking a huge number of its workers (later blaming it on them?)]

    If the Great Resignation has taught us anything, it’s that people are fed up with bosses and bureaucracy. But is there a viable alternative to the traditional corporate hierarchy that we’ve all come to know and hate? Here’s the good news: the fastest-growing and most financially competitive organizational archetype on the planet is known as “radically collaborative.” Radically collaborative organizations unburden themselves of inertial bureaucracies by supercharging innovation through high levels of trust and autonomy.

  • How the Kaizen mindset fosters smart contrarians on your IT team

    This is perhaps the most dangerous phrase in IT. Just because a particular process has worked well in the past doesn’t mean your team should be locked in for the long term. Most successful organizations today cultivate smart contrarians – employees who think differently, create freely, and bring alternative ideas to the table. Smart leaders know that conventional thinking leads to conventional ideas, while unconventional thinking leads to innovation. They also know that cultivating specific attitudes and behaviors will almost always attract better talent, lead to improved team output, and move a company beyond what was thought possible. Company culture plays a significant role in how employees think about their work. If their ideas are constantly put down, they will leave or begrudgingly learn to comply in an environment where their best work will likely never be seen. If innovation is important to your company’s growth, nothing will help you more than creating a culture that encourages out-of-the-box thinking and embraces new ideas.