Language Selection

English French German Italian Portuguese Spanish

Security: Windows, Microsoft Malware, GPS Bug, and Some Exaggeration/FUD

Filed under
Security
  • Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs - blackMORE Ops

    The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are engaged in addressing a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental organizations (NGOs). A sophisticated cyber threat actor leveraged a compromised end-user account from Constant Contact, a legitimate email marketing software company, to spoof a U.S.-based government organization and distribute links to malicious URLs.[1] CISA and FBI have not determined that any individual accounts have been specifically targeted by this campaign.

  • Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices [Ed: Lousy anti-journalist sites try to blame the victims for having received malware from Microsoft itself]

    Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems.

  • GPS Daemon (GPSD) Rollover Bug

    Critical Infrastructure (CI) owners and operators, and other users who obtain Coordinated Universal Time (UTC) from Global Positioning System (GPS) devices, should be aware of a GPS Daemon (GPSD) bug in GPSD versions 3.20 (released December 31, 2019) through 3.22 (released January 8, 2021).

  • New Linux kernel memory corruption bug causes full system compromise [Ed: This is "local privilege escalation", i.e. vastly less severe than all those back doors in Windows, but so-called 'security' firms aren't meant to talk about state-mandated holes]

    Researchers dubbed it a “straightforward Linux kernel locking bug” that they exploited against Debian Buster’s 4.19.0.13-amd64 kernel.

GPS not reliable, due to bugs

  • Global Displacement System, A Gpsd Bug Will Hit Unpatched Systems This Sunday - PC Perspective

    You might not remember what Gpsd is but it is in the news every 19.6 years, or more specifically every 1024 weeks, thanks to lazy timekeeping implementation for GPS satellites, which keep track of the number of weeks since January 5, 1980 as an unsigned 10-bit integer. That means when it hits 1023, the next week it rolls over to 0 and many systems which interface with GPS using timestamps will suddenly have corrupted location data.

    Gpsd is an example of this, it is a a service daemon that translates data from Global Positioning System (GPS), Global Navigation Satellite System (GNSS), and Automatic Identification System (AIS) and is used in a huge variety of applications. Some applications such as Kismet, GpsDrive, and roadmap will be affected but are not necessarily mission critical but more an annoyance when they stop functioning properly. However Gpsd is also used in things driverless cars, marine navigation, and military IFF; small errors in those systems can have large real world effects.

  • CISA: GPS software bug may cause unexpected behavior this Sunday

    The Cybersecurity and Infrastructure Security Agency (CISA) warned that GPS deices might experience issues over the weekend because of a timing bug impacting Network Time Protocol (NTP) servers running the GPS Daemon (GPSD) software.

  • Disable Time Sync NOW—Ugly GPSd Bug Brings Sunday FAILs

    On Sunday, you might find some equipment thinks it’s 2002. That’s because of a weird bug in gpsd—the code on which a bunch of Network Time Protocol servers rely.

  • A GPS-Based Bug Could Roll Back Your Devices to 2002 [Ed: Put another way, GPS (US) basically broken. There are alternatives to it.]
  • If your apps or gadgets break down on Sunday, this may be why: Gpsd bug to roll back clocks to 2002

    Come Sunday, October 24, 2021, those using applications that rely on gpsd for handling time data may find that they're living 1,024 weeks – 19.6 years – in the past.

    A bug in gpsd that rolls clocks back to March, 2002, is set to strike this coming weekend.

    The programming blunder was identified on July 24, 2021, and the errant code commit, written two years ago, has since been fixed. Now it's just a matter of making sure that every application and device deploying gpsd has applied the patch.

    The Network Time Protocol (NTP) provides a way for devices and services to keep accurate time using a hierarchical set of servers rated in terms of precision, with "stratum 0" representing the most accurate time sources.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Open hardware smartphone PinePhone Pro starts to ship

Open-source-hardware vendor Pine64 has started shipping versions of its upgraded smartphone and new e-ink tablet – but so far, only to developers. There's more to affordable Arm hardware than the bare single-board computers (SBCs) from, for example, the Raspberry Pi Foundation, or TI's BeagleBone. Hong Kong vendor Pine64 started out with the crowd-funded $32 A64 SBC, but then started building this core design into laptops, smartphones, tablets, even smartwatches – with open designs that support multiple operating systems. Read more

Tender to optimize text layout performance for print and PDF export (#202112-01)

The Document Foundation (TDF) is the charitable entity behind the world’s leading free/libre open source (FLOSS) office suite LibreOffice. We are looking for an individual or company to optimize text layout performance for print and PDF export. The text layout performance as currently implemented in LibreOffice has lots of issues. All over the codebase text shaping is done over and over again, although it consumes quite some compute cycles. Text shaping is done each time for measuring the text, measuring parts of text, finding line breaks, drawing text on screen. Especially for more involved scripts than Latin, this is problematic. The above issues are especially problematic for printing or PDF export. The time to export a PDF or print a Latin text has doubled since the Harfbuzz implementation. Read more

Best Free and Open Source Alternatives to Apple Final Cut Pro

In 2020, Apple began the Apple silicon transition, using self-designed, 64-bit ARM-based Apple M1 processors on new Mac computers. Maybe it’s the perfect time to move away from the proprietary world of Apple, and embrace the open source Linux scene. Final Cut Pro is a commercial proprietary video editing application which lets users log and transfer video, edit, process the video, and output to a wide variety of formats. What are the best free and open source alternatives? Read more

Open source photo processing with Darktable

It's hard to say how good photographs happen. You have to be in the right place at just the right moment. You have to have a camera at the ready and an eye for composition. And that's just the part that happens in the camera. There's a whole other stage to great photography that many people don't think about. It used to happen with lights and chemicals in a darkroom, but with today's digital tools, post-production happens in darkroom software. One of the best photo processors is Darktable, and I wrote an intro to Darktable article back in 2016. It's been five years since that article, so I thought I'd revisit the application to write about one of its advanced features: masks. Darktable hasn't changed much since I originally wrote about it, which to my mind, is one of the hallmarks of a truly great application. A consistent interface and continued great performance is all one can ask of software, and Darktable remains familiar and powerful. If you're new to Darktable, read my introductory article to learn the basics. Read more