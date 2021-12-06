Security Leftovers
-
Securing the Open-Source Software Supply Chain [Ed: Brian Fox never talks about actual back doors in proprietary software; his company is basing its existence on spreading fear of Free software]
Recent findings by security researchers at SonarSource showed multiple security vulnerabilities in popular package managers, including Pip, Yarn, Composer, and others. Package managers, though, are not the only weak link in the open source security chain. InfoQ has spoken with Sonatype CTO Brian Fox.
-
Career in Ethical Hacking - The Hindu
When we hear the term “hacking”, the first thing that comes to mind is that it is criminal. However, ethical or white hat hackers employ their expertise to discover and fix vulnerabilities and security hazards in a computer system. Today, it is critical to safeguard vital data held on electronic devices such as computers, smartphones, tablets, and so on. Ethical hacking may be an effective tool against cyber attackers in this regard. Ethical hacking is defined as hacking done with the authorisation of the network's owners.
-
Cyberattack on Israel! Government websites crash [Ed: The article mentions Shadow Brokers; it's the cost of using Microsoft Windows]
-
NASA in 'serious jeopardy' due to big black hole in security • The Register
And that's a worry, because in 2021 NASA's auditor found "incidents of improper use of NASA IT systems had increased from 249 in 2017 to 1,103 in 2020 – a 343 per cent growth; the most prevalent error was failing to protect Sensitive but unclassified (SBU) information."
-
China thrilled it captured already-leaked NSA cyber-weapon [Ed: NSA and its partners, like Microsoft, are the world's biggest threat to security because they actively undermine it]
China claims it has obtained malware used by the NSA to steal files, monitor and redirect network traffic, and remotely control computers to spy on foreign targets.
The software nasty, dubbed NOPEN, is built to commandeer selected Unix and Linux systems, according to Chinese Communist Party tabloid Global Times, which today cited a report it got exclusively from China's National Computer Virus Emergency Response Center.
Trouble is, NOPEN was among the files publicly leaked in 2016 by the Shadow Brokers. If you can recall back that far, the Shadow Brokers stole and dumped online malware developed by the NSA's Equation Group.
-
Exclusive: China captures powerful US NSA cyberspy tool [Ed: By undermining the security of everything the US has weaponised all of technology and other countries can take advantage]
China captured a spy tool deployed by the US National Security Agency, which is capable of lurking in a victim's computer to access sensitive information and was found to have controlled global internet equipment and stole large amounts of users' information, according to a report the Global Times obtained from the National Computer Virus Emergency Response Center exclusively on Monday.
According to the report, the Trojan horse, "NOPEN," is a remote control tool for Unix/Linux computer systems. It is mainly used for stealing files, accessing systems, redirecting network communication, and viewing a target device's information.
-
A first look at threat intelligence and threat hunting tools | WeLiveSecurity
An overview of some of the most popular open-source tools for threat intelligence and threat hunting
-
- Login or register to post comments
- Printer-friendly version
- 622 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Snap vs. AppImage vs. Flatpak: What Is the Difference and Which Is Best for You?
Linux systems are popular for many reasons, but installing applications is not one of them. Apps in Linux are delivered as packages and come in all sorts of flavors. Packaging systems differ in terms of installation, usability, and update mechanisms. Below, we'll look at and compare three prominent package formats: Snap, AppImage, and Flatpak, all distro independent.
Best Free and Open Source Alternative to Apple Bonjour
Apple, Microsoft, Alphabet (Google’s parent), Amazon and Facebook dominate the tech landscape. Their dominance is so broad they account for more than 20% of the S&P 500. There are many things to admire about Apple’s hardware and software. Apple make great looking (albeit expensive) hardware. Over the years key successes include the iPhone, iPad, iPod, and the MacBook Air. The company designs its own hardware and software. This gives them the power to make an operating system and suite of apps that are tailor-made and optimized for their hardware. Apple also operates the Apple Music and Apple TV media distribution platforms. Mac OS X is Apple’s proprietary operating system for its line of Macintosh computers. Its interface, known as Aqua, is highly polished and built on top of a BSD derivative (Darwin). There’s a whole raft of proprietary applications that are developed by Apple for their operating software. This software is not available for Linux and there’s no prospect of that position changing. In 2020, Apple began the Apple silicon transition, using self-designed, 64-bit ARM-based Apple M1 processors on new Mac computers. Maybe it’s the perfect time to move away from the proprietary world of Apple, and embrace the open source Linux scene.
What the new PowerVR driver means for mobile
The PowerVR GPUs are in quite a lot of mobile devices. It's one of the larger GPU vendor for ARM hardware and even some x86 platforms. These GPUs have been long renowned for being a problem on Linux. From the PowerVR smartphones to the early Intel Atom CPUs. For the other GPUs like ARM Mali, Qualcomm Adreno and Vivante, there are already well established open source drivers which is why the current Linux phones have selected hardware that use these GPUs like the Mali GPU in the PinePhone and the Vivante GPU in the Librem 5. The lack of open drivers for PowerVR has been a huge problem for Linux phone projects dating back to the Nokia N900. The hardware for the N900 is pretty outdated for today's standards, but its GPU can still provide a smooth user experience. There are some projects to use the closed, user space PowerVR driver from Imagination on this hardware, with some shims which give distributions like Maemo Leste GPU acceleration on PowerVR phones, but this is not an ideal situation.
Security Leftovers
Ads disguised as articles?
Why Enterprise Threat Mitigation Requires Automated, Single-Purpose Tools