Language Selection

English French German Italian Portuguese Spanish

Security FUD

Filed under
Security
  • New Python-based Ransomware Encrypts Virtual Machines Quickly [Ed: This make it sound like a Python issue, but it is a proprietary software issue completely irrelevant to the programming language]

    VMware ESXi datastores rarely have endpoint protection, the researchers noted, and they host virtual machines (VMs) that likely run critical services for the business, making them a very attractive target for hackers. In the threat landscape, it’s like winning the jackpot.

  • Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

    On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the “hackers” and anyone who aided the publication in its “attempt to embarrass the state and sell headlines for their news outlet.”

  • Missouri governor threatens criminal prosecution of reporter who found security flaw in state site

    Hancock reports, "The Post-Dispatch discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials. The Department removed the affected pages from its website Tuesday after being notified of the problem by the Post-Dispatch. Based on state pay records and other data, more than 100,000 Social Security numbers were vulnerable. The newspaper delayed publishing this report to give the Department time to take steps to protect teachers' private information, and to allow the state to ensure no other agencies' web applications contained similar vulnerabilities."

  • Missouri goes after man who looked at source code on state site

    A newspaper in St Louis, Missouri, which discovered that the social security numbers of school teachers, administrators and counsellors across the state were publicly exposed and informed the authorities, has been threatened with unspecified action by the state's governor.

  • Missouri Governor Is Extremely Confused About What Constitutes ‘Hacking’

    Reporter Josh Renaud was browsing a Department of Elementary and Secondary Education web application that lets users search for teachers’ certifications and credentials when he looked at the site’s HTML source code (something that usually requires zero hacking skills, only the use of a right-click). In the source code, he found sensitive data belonging to the state’s teachers, including Social Security numbers and other private information.

  • No it isn’t: Missouri governor says viewing HTML source code containing private data the state published on every page, is a crime

    Republican Gov. Mike Parson on Thursday condemned one of Missouri’s largest newspapers for exposing a flaw in a state database that allowed public access to thousands of teachers’ Social Security numbers, even though the paper held off from reporting about the flaw until after the state could fix it.

  • Gov. Parson threatens legal action against reporter who exposed flaw on state education department’s website

    The reporter found hundreds of thousands of Missouri educators' social security numbers were accessible to the public in the HTML code for the Missouri Department of Elementary and Secondary Education's website.

    Parson said the Cole County prosecutor and the Missouri State Highway Patrol Digital Investigations Unit are now investigating the incident and it could cost taxpayers up to $50 million.

  • Missouri Governor Says HTML Source Code ‘Decoded’ by ‘Hacker’ Reporter

    Gov. Mike Parson of Missouri announced that an individual stole Social Security numbers after they “decoded the HTML source code.” However, a local media publication is disputing this claim and saying the individual was their own reporter who warned Parson’s administration about the security flaw and let them fix it before reporting about it. The word “SSNs” began trending on Twitter after Parson’s announcement, as people pointed out that if the Social Security numbers were in the source code, that meant they were easily viewable by just hitting F12.

More in Tux Machines

today's howtos

  • Comprehensive Guide to Using FFmpeg to Convert Media Files

    FFmpeg is one of those modern marvels of open source software. It is a suite of libraries and smaller programs to handle video and audio files primarily. It works with images and other multimedia files such as video streaming formats. It has lots of uses like video transcoding, video editing, video scaling, video cropping or other video manipulation work. At its heart FFmpeg is a command line tool used with the ffmpeg command. It has a basic simple video player and ability to probe video media information for analysis. FFmpeg is also included in the workflow of other software like the popular video player VLC. Enterprise companies like YouTube use it in their core processing when ingesting video uploads. Overall FFmpeg can play, record, convert, and stream audio and video. It includes libavcodec – the leading audio/video codec library. In this tutorial we’ll install FFmpeg and learn how to use some its most popular features through practical examples and detailed explanations.

  • Extracting substrings on Linux [Ed: This should say "GNU", not "Linux"]

    There are many ways to extract substrings from lines of text using Linux and doing so can be extremely useful when preparing scripts that may be used to process large amounts of data. This post describes ways you can take advantage of the commands that make extracting substrings easy.

  • How to Install WordPress with Apache and Let's Encrypt SSL on Ubuntu 22.04
  • How to install Godot Mono 3.4.4 on a Chromebook
  • How to install Steam Link on Debian 11 - Invidious

    In this video, we are looking at how to install Steam Link on Debian 11.

Hackers getting married

We had several of our old-time friends from the GNU Project, and some guests with young children still unused to such an international context who soon enough learned to enjoy the sound of different languages and the happy chaos of people meeting for the first time, some more traditional if not formal, others fun and weird. Read more

Fedora Releases and Red Hat/IBM Puff Pieces

  • Ben Williams: F36-20220516 updated Live isos released

    The Fedora Respins SIG is pleased to announce the latest release of Updated F36-20220516-Live ISOs, carrying the 5.17.6-300 kernel. This set of updated isos will save considerable amounts of updates after install. ((for new installs.)(New installs of Workstation have about 1GB of updates savings )).

  • Red Hat Enterprise Linux 8.6: Better security, more options

    Do you want a solid Linux distribution that also delivers the latest languages and solid security? Yes? Then consider getting Red Hat Enterprise Linux 8.6. Red Hat announced this new release at the Red Hat Summit. It has numerous new features, but the ones that caught my eye were the security improvements.

  • OS consistency solves Linux talent issues, says RHEL executive

    The new Red Hat Enterprise Linux, released during the recent Red Hat Summit, caters to rapidly escalating hardware development occurring throughout tech, along with a growing Linux admin skills shortage. RHEL 9 performs the combo double act, in part, by more efficiently optimizing the operating system, according to Gunnar Hellekson (pictured), general manager of the Enterprise Linux Business Unit at Red Hat Inc. Upgrading to the new OS means enterprises can get by with fewer admins. A skills shortage is caused, in part, by a lack of U.S. visas.

These two Linux desktops are the simplest picks for new users

Let's face it, any time you come across articles that offer advice on choosing the right Linux distribution, they tend to get bogged down in a lot of technical advice that rarely (if ever) applies to those who've never experienced Linux. They'll speak of things like rolling releases, package managers, kernels, open-source licensing, and other features and ideologies that not only have little bearing on those new to Linux and open-source technology but mire the decision in unnecessary complications. I want to take a very different approach, one that should make the process quite simple for anyone looking to dive into the world of desktop Linux for the first time. I'm going to shrug off the usual advice and aim straight for the heart of the matter. What exactly is that matter? Read more