Language Selection

English French German Italian Portuguese Spanish

Proprietary Software and Security Issues

Filed under
Misc
  • Running a recent Apache web server version? You probably need to patch it. Now

    The Apache Software Foundation has hurried out a patch to address a pair of HTTP Web Server vulnerabilities, at least one of which is already being actively exploited.

    Apache's HTTP Server is widely used, and the vulnerabilities, CVE-2021-41524 and CVE-2021-41773, aren't great. The latter, a path traversal and file disclosure flaw, is particularly problematic.

    The former was reported to Apache's security team on 17 September and can be exploited by an external source to DoS a server with a specially crafted request. It turned up in version 2.4.49, which was released on September 15, and the Apache crew is not aware of any exploit.

  • VoIP Unlimited hit by outage in wake of DDoS claims • The Register

    A British VoIP firm has staggered back to its feet after being smacked with a series of apparent DDoSes a month after suffering a series of sustained attacks it said were delivered by the REvil ransomware gang.

    In an update at 11:56 UK time, it said it was "continuing to suffer from large scale DDoS attacks. VoIP Unlimited engineers are continuing to mitigate the impact on services."

  • Source Tags & Codes

    The saga of the Missouri governor reflects a failure by the powerful to embrace curiosity—curiosity encouraged by the HTML language he fails to understand.

  • blog.ipfire.org - Feature Spotlight: Weaponising IPFire Location to proactively detect Fast Flux setups

    Thanks to libloc, the free & open source location database, IPFire comes with an accurate, trustworthy database for mapping IP addresses to countries and Autonomous Systems, and vice versa. This allows us to introduce a new feature: Proactive detection of Fast Flux setups, which are commonly used by ne'er-do-wells for hosting questionable and malicious content on compromised machines around the world, switching from one infected PC, IoT device, or router to another within minutes.

    To the best of our knowledge, this is a unique feature. Contrary to other security mechanisms such as AV scanners, which are often lagging behind, it detects malware, phishing, C&C servers and other nefarious things proactively - before any threat intelligence source in the world even knows about them. Even better, measurements done so far indicate it comes with a near-zero false positive rate in productive environments.1

  • A class of its own, CNCF & Linux Foundation Kubernetes exam [Ed: Adrian Bridgwater publishing spam for Zemlin now over in ComputerWeekly… real journalism is dead. It’s all sponsored.]
  • KubeCon 2021: New Kubernetes Certificate and the future of Kubernetes - Market Research Telecast

    The CNCF, the foundation under the umbrella of the Linux Foundation, which is responsible for the administration of the Kubernetes source code, has the KubeCon North America opened and welcomed visitors again after two years. In autumn 2019, users and developers of Kubernetes and cloud native technologies from their environment met for the last time on site at KubeCon & CloudNativeCon in the USA. The following European edition 2020 at the end of March took place via live streams from living rooms.

  • Citrix has built a browser, and lost a CEO

    According to a regulatory filing, in early October, the company's board appointed Robert M. Calderoni as interim CEO, after David Henshall stepped down from the role.

  • User locked out of Microsoft account by MFA bug, complains of customer-hostile support • The Register [Ed: By Microsoft Tim]

    Konstantin Gizdov, an IT professional, was locked out of his Microsoft account by a bug in the company's Multi-Factor Authentication (MFA), but says support refused to acknowledge the bug or recover his account.

    Gizdov is founder of KGE Consultancy Ltd in Edinburgh and an Arch Linux Trusted User.

    His problems began when he received an email informing him that his Microsoft account had been renamed. "I immediately clicked on the 'That was not me' button," he said in a post, after which he managed to contact support.

  • Apple patches 'actively exploited' iPhone zero-day with iOS 15.0.2 update

    If you're using an iPhone, install the iOS 15.0.2 update immediately: Apple has warned that the latest OS upgrade patches an "actively exploited" zero-day.

    Described as a "memory corruption issue" by Apple, the vuln is present within the IOMobileFrameBuffer kernel extension, used for managing display memory. Malicious applications are said to be capable of triggering an integer overflow in the framebuffer, permitting execution of arbitrary code with kernel privileges.

    The bug, publicly tracked as CVE-2021-30883, has not yet been published in full although technical descriptions and proofs of concept are already circulating on security-focused areas of the web.

  • Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once [iophk: Windows TCO]

    According to Fortinet’s Global State of Ransomware Report 2021 (PDF), released last week, most organizations report that ransomware is their top most concerning cyber-threat. That’s particularly true for respondents in Latin America, Asia-Pacific and Europe-Middle East-Africa, who report that they’re more likely to be victims than their peers in the U.S. or Canada.

  • Treasury: $590M paid out by victims of ransomware attacks in first half of 2021 [iophk: Windows TCO]

    Just over 450 ransomware payments were reported to FinCEN from the beginning of January through end of June, with the amount of suspicious activity reports increasing by 30 percent from last year. The amount paid by victims also massively increased compared to 2020, when $416 million was paid out over the entire year.

  • Ransomware? No fear, Scott Morrison has a plan. An action plan

    Hence the Ransomware Action Plan. It's just like the numerous other plans which Morrison and his ministers have put forth, meaningless jumbles of words, all aimed at that one Saturday before next May when the election will have to be held.

    When something that should necessarily have some gravitas starts out like this: "The world has never been more interconnected and our reliance on the internet to fuel Australia’s prosperity and maintain our way of life has never been greater", you just know that it's weapons-grade BS.

  • Apple to make 10 million fewer iPhones due to microchip shortage

    Chip suppliers such as Broadcom and Texas Instruments have reportedly told the smartphone maker that they won't be able to deliver as many units as they said they could.

  • New Windows 10 KB5006670 update breaks network printing
  • Short URLs come in handy for cybercrooks

    However, there are downsides too. URL shorteners are often used by online fraudsters to trick users into following a link to compromise their systems, swindle money from their bank accounts or even trick them into mine cryptocurrency without the intervention of the user. Recipients could be clicking a malware link (short links) or be directed to a spoofing page where the victim’s sensitive information could be recorded and later used for stealing sensitive data or money.

More in Tux Machines

How new Linux users can increase their odds of success

The Linus Tech Tips YouTube channel has been putting out a series of videos called the Switching to Linux Challenge that has been causing a bit of a stir in the Linux community. I’ve been keeping an eye on these developments, and thought it was a good time to weigh in with my thoughts. This article focuses on how new Linux users can increase their odds for success — I have also written a companion article, “What desktop Linux needs to succeed in the mainstream”, which looks at the other side of the problem. Linux is, strictly speaking, an operating system kernel, which is a small component of a larger system. However, in the common usage, Linux refers to a family of operating systems which are based on this kernel, such as Ubuntu, Fedora, Arch Linux, Alpine Linux, and so on, which are referred to as distributions. Linux is used in other contexts, such as Android, but the common usage is generally limited to this family of Linux “distros”. Several of these distros have positioned themselves for various types of users, such as office workers or gamers. However, the most common Linux user is much different. What do they look like? The key distinction which sets Linux apart from more common operating systems like Windows and macOS is that Linux is open source. This means that the general public has access to the source code which makes it tick, and that anyone can modify it or improve it to suit their needs. However, to make meaningful modifications to Linux requires programming skills, so, consequentially, the needs which Linux best suits are the needs of programmers. Linux is the preeminent operating system for programmers and other highly technical computer users, for whom it can be suitably molded to purpose in a manner which is not possible using other operating systems. As such, it has been a resounding success on programmer’s workstations, on servers in the cloud, for data analysis and science, in embedded workloads like internet-of-things, and other highly technical domains where engineering talent is available and a profound level of customization is required. The Linux community has also developed Linux as a solution for desktop users, such as the mainstream audience of Windows and macOS. However, this work is mostly done by enthusiasts, rather than commercial entities, so it can vary in quality and generally any support which is available is offered on a community-run, best-effort basis. Even so, there have always been a lot of volunteers interested in this work — programmers want a working desktop, too. Programmers also want to play games, so there has been interest in getting a good gaming setup working on Linux. In the past several years, there has also been a commercial interest with the budget to move things forward: Valve Software. Valve has been instrumental in developing more sophisticated gaming support on Linux, and uses Linux as the basis of a commercial product, the Steam Deck Read more

today's leftovers

  • x86 Straight-Line Speculation Mitigation Patches Updated For Linux - Phoronix

    A year after Arm processors began mitigating straight-line speculation, Linux developers have been working on similar straight-line speculation mitigations for x86/x86_64 processors. The past few months we have been seeing Linux kernel and GCC and LLVM/Clang patches around straight-line speculation mitigation for Intel / AMD processors. The issue at hand is over processors speculatively executing instructions linearly in memory past an unconditional change in control flow.

  • EPEL 9 Ready To Provide Extra Packages For RHEL 9, CentOS Stream 9 - Phoronix

    launched and that effectively serving as the bleeding-edge of the RHEL9 upstream, EPEL 9 has already launched. Extra Packages for Enterprise Linux "EPEL" continues to provide a vast assortment of packages to complement the official packages in the RHEL/CentOS repository. EPEL packages continue to be derived from their Fedora counterpart and simply augment what is available to RHEL / CentOS (and Oracle Linux, et al) users.

  • Raku Advent Calendar: Day 5 – Santa Claus is Rakuing Along
  • There is a surge in Linux gamers with the release of Windows 11

    The surge can also be due to the Steam Deck effect.

  • XWayland Adds Support For Touchpad Gestures - Phoronix

    XWayland is increasingly great shape especially when it comes to fulfilling the needs of gamers with simply running games lacking native Wayland support with great speed. But when it comes to other use-cases there are occasionally gaps and areas not yet fulfilled by XWayland versus the conventional X.Org Server. One of the latest examples of a feature now correctly wired up is touchpad gesture handling. Should you be a fan of touchpad gestures, they should now be working under XWayland. Developer Povilas Kanapickas implemented support for touchpad gestures within the XWayland code that is now in the xserver Git tree. Povilas noted, "The implementation is relatively straightforward because both wayland and Xorg use libinput semantics for touchpad gestures."

  • 178: Blender 3.0, EndeavourOS, CentOS Stream 9, Steam Deck, NixOS, CrossOver | This Week in Linux

    On this episode of This Week in Linux, a brief note about Linus Tech Tips reaction videos, Blender 3.0, EndeavourOS, CentOS Stream 9, NixOS 21.11, Open 3D Engine, Heroic Games Launcher, Steam Deck, Fedora, Fedora Linux, Red Hat, RHEL, Ventoy 1.0.62, CrossOver 21.1, SDL 2.0.18, Xen Project 4.16, Tesseract 5.0, and Neovim 0.6.0. All that and much more on Your Weekly Source for Linux GNews!

Give your Terminal a Retro Look Using this Neat Application

Want to give your Terminal a retro look? This guide contains instructions to help you to install Cool Retro Terminal application in all Linux distributions. Read more

today's howtos

  • How To Install Apache Hadoop on Debian 11 - idroot

    In this tutorial, we will show you how to install Apache Hadoop on Debian 11. For those of you who didn’t know, Apache Hadoop is an open-source, Java-based software platform that manages data processing and storage for big data applications. It is designed to scale up from single servers to thousands of machines, each offering local computation and storage. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the Apache Hadoop on a Debian 11 (Bullseye).

  • What To Do After Installing Parabola KDE and GNOME System

    This is our recommended stuffs for you after finished Parabola GNU/Linux installation with either GNOME or KDE Desktop. Let's start it!

  • Install opensource CyberPanel on Almalinux | Rocky linux 8

    Looking for a free and open-source web hosting control panel? Then try out CyberPanel on AlmaLinux or Rocky Linux 8. It is a free alternative to the popular WHM Cpanel that comes with an OpenLiteSpeed Web server to provide the best possible performance. CyberPanel has a web-based, graphical, and user interactive Dashboard, from where we can access Users, Vhost Templates; multiple PHP Versions; MySQL Database, and more. It also offers a CLI tool that commands can be used on the Server terminal to perform various useful operations such as creating users, resetting permissions, and other tasks.

  • How to set up an SFTP server on Debian 11 Server – Citizix

    In this guide we are going to set up an sftp server on an Debian 11. We will also set up a form of chroot where users can only access sftp with the shared credentials. The File Transfer Protocol is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP isn’t popular today because it Lacks Security. When a file is sent using this protocol, the data, username, and password are all shared in plain text, which means a hacker can access this information with little to no effort. For data to be secure, you need to use an upgraded version of FTP like SFTP.

  • How to work with SFTP client in Linux – 10 sftp commands

    In this guide, we will learn how to do basic operations on an sftp server. The File Transfer Protocol is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP isn’t popular today because it Lacks Security. When a file is sent using this protocol, the data, username, and password are all shared in plain text, which means a hacker can access this information with little to no effort. For data to be secure, you need to use an upgraded version of FTP like SFTP.

  • Raspberry PI Pico Ethernet Port: adding the WIZNET Ethernet HAT

    Raspberry PI Pico works greatly to keep sensors measurements, combining/analyzing them and delivering data to external world. Adding an Etherneth port to Raspberry PI Pico with the WIZnet Ethernet HAT (based on W5100S chip) add a networking layer to improve communications