Security Leftovers
-
Foreign Hackers Stole Information From Defense Contractors, Researchers Say [Ed: Copied, not stole. They left the originals in tact, unless this is ransomware.]
Foreign hackers are suspected of breaching several organizations, including defense contractors, and accessing sensitive information, according to a report by cybersecurity researchers.
-
How Secure Is Your Data While You're Using Public Transportation?
Going through airport security can be a stressful experience—yes, even for people with nothing to hide. That’s especially true given the tighter rules after the 9/11 terrorist attacks.
Representatives from the Transportation Security Administration (TSA) should only search a phone that looks suspicious, such as if inspections showed a possible explosive device inside.
On the other hand, border patrol agents can and do take people’s devices to determine if they contain content that could indicate someone’s a national security risk. That means most individuals don’t need to worry about having their devices scrutinized during a border crossing. However, things don’t always turn out that way.
-
Millions of Routers, IoT Devices at Risk from New Open-Source Malware [Ed: Proprietary software company is trying to blame "Open Source" because people can write malware using freely available code]
BotenaGo, written in Google’s Golang programming language, can exploit more than 30 different vulnerabilities.
Newly surfaced malware that is difficult to detect and written in Google’s open-source programming language has the potential to exploit millions of routers and IoT devices, researchers have found.
-
MediaMarkt hit by Hive ransomware, initial $240 million ransom [Ed: Microsoft Windows TCO, but Microsoft booster Lawrence Abrams is trying to twist it as something that it is not]
Electronics retail giant MediaMarkt has suffered a Hive ransomware with an initial ransom demand of $240 million, causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany.
MediaMarkt is Europe's largest consumer electronics retailer, with over 1,000 stores in 13 countries. MediaMarkt employs approximately 53,000 employees and has a total sales of €20.8 billion.
-
Keyless signatures with Github Actions
As Arch Linux package maintainer I heavily rely on a secure upstream and a secure source code distribution process. I have spent days or maybe even weeks discussing with maintainers why I rely on a secure upstream and how important signatures on tags, commits or source tarballs are. Many maintainers have started signing their source tarballs after such a discussion, others mentioned problems with their PGP keys and a minority saw signing their source tarballs as waste of time.
This article is for every maintainer out there that has trouble with setting up PGP. We all know that setting up PGP is painful and incredibly difficult to do right, especially when aiming for automated build pipelines instead of a manual release process with human interaction. Several times, maintainers forgot the password for their PGP key, lost their PGP key or just changed it, very often without knowing the implications of these incidents for their downstream. After these incidents, many maintainers stopped signing their source tarballs at all, because they estimated the process as too difficult and toilsome to maintain. Altogether, PGP (especially GnuPG) is a horrific software we rely on and it is surprising that nobody tried to fix this over the last years. Until now…
-
Georges Basile Stavracas Neto: Adventures with portals
This week (November 8th – 12th) is the Endless Orange Week, a program where the entire Endless team engages in projects designed to grow our collective learning related to our skills, work and mission. My project for this program was improving XDG portals. [...] This process is repeated every time an application wants to screencast. It’s a robust series of steps, and has served us well so far, but having to select a monitor or window every time can be a frustrating experience. For some use cases, this process is problematic. Take Steam’s recent introduction of PipeWire-based Remote Play: the whole purpose of this feature is to allow playing remotely, potentially without physical access to your computer. Evidently, in this case, showing a dialog to select a monitor is not going to work if the person is probably not in front of the machine. This is where my new proposal to the ScreenCast portal comes in. The mechanism proposed there is composed of two new properties: (i) a persist mode, where applications can tell the portal that they want to restore this screencast session later; and (ii) a restore token to restore a previous screencast session. In summary, when configuring (step 2) a screencast session, applications can tell the portal “hey, I’d like to restore this session later”; in this case, after you select a monitor or window and start the stream (step 3), the portal will give the app what I called a restore token. Applications should store this token however they want (ideally using the platform’s preferred preferences systems, such as GSettings for GNOME). Applications that have a restore token should use them when configuring the screencast session (step 2). The portal will receive this token, and try to restore the previous session’s windows and monitors. If that fails, e.g. when you changed monitors or the windows is not open, the selection dialog is presented again. From the application’s perpective, it doesn’t know (nor does it matter) if the previous session is restored or not, as the application will receive a list of streams and PipeWire nodes regardless of what it happens.
This MKR WiFi 1010-based weather station sends readings to the Arduino Cloud
Constructing your very own IoT weather monitoring station can be a complicated ordeal, as getting values from the embedded device to some kind of web server in a secure manner takes a lot of effort and time to complete. For his system, Clem Mayer from element14 Presents was able to use a MKR WiFi 1010 that sends relevant weather information at a set interval, which can then be viewed from anywhere in the world with an Internet connection. Aside from the Arduino as the main control board, Mayer went with a DHT11 temperature and humidity sensor for collecting weather data and a LiPo battery cell that lets this device sit outside for extended periods of time. In the future, Mayer speculated that he might add light or gas sensors for even more in-depth readings. All of the electronics were placed into a watertight enclosure, which has a clear acrylic top for viewing the status RGB LED.
Audiocasts/Shows: LHS, Gnome, and Chatterin
Lakka 3.6 release
New version of Lakka has been released! We are happy to announce the new and updated version of Lakka.
