Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • White House ransomware summit calls for virtual asset crackdown, without mentioning cryptocurrency [Ed: They need to crack down on Microsoft Windows, instead; they use their NSA back doors as a ruse to protect big banks. Microsoft has infiltrated think tanks about ransomware, so now instead of tackling the security breaches themselves (which can lead to sabotage or worse) they treat it like a financial transaction issue.]

    The 30-nation gabfest convened under the auspices of the US National Security Council’s Counter-Ransomware Initiative has ended with agreement that increased regulation of virtual assets is required to curb the digital coins' allure to criminals.

    A joint statement issued after the event's conclusion opens with anodyne observations about the need for good infosec, international collaboration, and the benefits of private sector engagement.

    The first mention of concrete action comes in a section of the statement entitled "Countering Illicit Finance" – and while the document never mentions cryptocurrencies, it's plain they're a target.

    "Taking action to disrupt the ransomware business model requires concerted efforts to address illicit finance risks posed by all value transfer systems, including virtual assets, the primary instrument criminals use for ransomware payments and subsequent money laundering."

  • Thingiverse suffers breach of 228,000 email addresses • The Register

    Thingiverse, a site that hosts free-to-use 3D printer designs, has suffered a data breach – and at least 228,000 unlucky users' email addresses have been circulating on black-hat crime forums.

    News of the breach came from Have I Been Pwned (HIBP), whose maintainer Troy Hunt uploaded the 228,000 breached email addresses to the site after being tipped off to their circulation on the forums.

    Hunt claimed on Twitter that in excess of two million addresses were in the breach. He qualified that by saying the majority were email addresses that appeared to be generated by Thingiverse itself, judging from their format: webdev+$username@makerbot[.]com.

    HIBP's maintainer also claimed that some of the data included poorly encrypted passwords: one he highlighted was an unsalted SHA-1 hash which resolved to the password "test123".

  • Thingiverse Data Leaked — Check Your Passwords | Hackaday

    Every week seems to bring another set of high-profile data leaks, and this time it’s the turn of a service that should be of concern to many in our community. A database backup from the popular 3D model sharing website Thingiverse has leaked online, containing 228,000 email addresses, full names, addresses, and passwords stored as unsalted SHA-1 or bcrypt hashes. If you have an account with Thingiverse it is probably worth your while to head over to Have I Been Pwned to search on your email address, and just to be sure you should also change your password on the site. Our informal testing suggests that not all accounts appear to be contained in the leak, which appears to relate to comments left on the site.

  • New PureBoot Feature: Scanning Root for Tampering – Purism

    With the latest PureBoot R19 pre-release we have added a number of new changes including improved GUI workflows and new security features and published a ROM image so the wider community can test it before it turns into the next stable release. To test it, existing PureBoot users can download the R19-pre1 .rom file that corresponds to their Librem computer and flash it like any other PureBoot release.

    In this post I want to highlight a new experimental security feature we added in this release that will extend the tamper detection PureBoot already does with the boot firmware and the /boot directory into the main root file system. This will allow you to detect attacks that modify system binaries (like /bin/bash) with backdoored versions. I also want to give some background on this feature and my thought process behind it so people understand where I’m coming from and why I made the design decisions I did.

More in Tux Machines

See Carla Schroder Talk Linux Online - and Maybe Win a Book or Other Cool Swag

Carla Schroder, Linux enthusiast and advocate, and the author several well known books on Linux and open source software (including her latest, Linux Cookbook Second Edition), has teamed up with the folks who produce the annual All Things Open conference in Raleigh. The result is a live online webinar — What’s New in Linux: the Most Significant Changes in the Past Ten Years — that’s scheduled to take place at noon Eastern Time/9 am Pacific Time on December 14. The event is completely free (actually better than free, since they’ll be giving away a number of copies of her new Linux cookbook, as well as some cool All Things Open t-shirts and stickers, all shipped postage paid), but you’ll need to register to attend. Read more

4 Stat Commands in Linux with Example for Beginner Users

A stat command displays information about a file or a file system. With the stat command, you can get information like the file size, its permissions, the IDs of the group and user that have access, and the date and time that the file was created. Another feature of the stat command is that it can also provide information about the file system. When we want to know the information about a file, we should use this tool. So in this blog, you will get to know about the Stat command in Linux with appropriate examples. Read more

Best Free and Open Source Alternatives to Corel AfterShot Pro

Corel Corporation is a Canadian software company specializing in graphics processing. They are best known for developing CorelDRAW, a vector graphics editor. They are also notable for purchasing and developing AfterShot Pro, PaintShop Pro, Painter, Video Studio, MindManager, and WordPerfect. Corel has dabbled with Linux over the years. For example they produced Corel Linux, a Debian-based distribution which bundled Corel WordPerfect Office for Linux. While Corel effectively abandoned its Linux business in 2001 they are not completely Linux-phobic. Read more

KDDockWidgets 1.5.0 Released

KDDockWidgets is a development framework for custom-tailored docking systems in Qt, to use when you need advanced docking that is not supported by QDockWidgets. It was created by Sergio Martins as a time-saving alternative to QDockWidgets. The ease-of-use of KDDockWidgets can save you lots of frustration as well, in that you won’t have to deal with the myriad bugs and the difficulties and complexities faced when working with QDockWidgets. Read more