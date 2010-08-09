Language Selection

Submitted by Roy Schestowitz on Saturday 26th of March 2022 09:27:47 AM
HowTos

  • Full Circle Magazine: Full Circle Magazine #179
  • How To Install Mirage on Ubuntu 20.04 LTS - idroot

    In this tutorial, we will show you how to install Mirage on Ubuntu 20.04 LTS. For those of you who didn’t know, Mirage is an open-source application that is used to view photos on Linux systems. The graphical user interface enables the users to view the images easily. The Mirage, you have many options. Includes the ability to crop the image, resize it or change the color saturation. Furthermore, it automatically detects all the images found in the directory and displays them in the side panel.

    This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Mirage image viewer on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

  • How to Install Chatwoot Messaging Platform on Debian 11

    Chatwoot is a free, open-source, and real-time messaging platform. It provides a simple and live chat for your website and integrates it with other apps. It helps your businesses to provide good customer support to their clients via social media channels. It can be easily integrated with social media apps including, Facebook, WhatsApp, and Twitter. It is a very good alternate solution to other commercial software like Intercom, Zendesk, etc.

  • Finally

    I gave up on WordPress for my personal blog, because after all of that effort and time spent yesterday, I have nothing to show for it. The site still was not rendering correctly. On the upshot, I discovered something called Hugo which generates a static site and I found the perfect theme for me called beautiful hugo. It is exactly the minimalist approach I am looking for an does not require a whole lot of resources to run. This is just a first post to put something up. There will be more to come soon.

  • ZFS Compatibility

    The best free filesystem on Earth – ZFS – also often named OpenZFS recently – has also become very portable in recent years of its development. The OpenZFS Distributions page lists 6 (six) operating systems already.

    [...]

    … but if you would like to create a ZFS pool compatible with all of them … which options and ZFS features should you choose? There is OpenZFS Feature Flags page dedicated exactly to that topic.

  • Heap Overflow in OpenBSD's slaacd via Router Advertisement

    In this blog post we analyze a heap overflow vulnerability we discovered in the IPv6 stack of OpenBSD, more specifically in its slaacd daemon. This issue, whose root cause can be found in the mishandling of Router Advertisement messages containing a DNSSL option with a malformed domain label, was patched by OpenBSD on March 21, 2022. A proof-of-concept to reproduce the vulnerability is provided.

Proprietary Sofwtare Leftovers

  • Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison [iophk: Windows TCO]

    Maksim Berezan, 37, is an Estonian national who was arrested nearly two years ago in Latvia. U.S. authorities alleged Berezan was a longtime member of DirectConnection, a closely-guarded Russian cybercriminal forum that existed until 2015. Berezan’s indictment (PDF) says he used his status at DirectConnection to secure cashout jobs from other vetted crooks on the exclusive crime forum.

    Berezan specialized in cashouts and “drops.” Cashouts refer to using stolen payment card data to make fraudulent purchases or to withdraw money from bank accounts without authorization. A drop is a location or individual able to securely receive and forward funds or goods obtained through cashouts or other types of fraud. Drops typically are used to make it harder for law enforcement to trace fraudulent transactions and to circumvent fraud detection measures used by banks and credit card companies.

  • Apple plots hardware subscription service for iPhone and other devices

    According to Mark Gurman at Bloomberg, Apple has been working on a new subscription service for the iPhone and other hardware products that will let customers subscribe to Apple hardware with a monthly recurring payment. According to Gurman’s sources, Apple has been working on the subscription program for several months and is expected to launch it at the end of 2022.

    Unfortunately, that’s all the detail we have right now. We don’t know anything about pricing, bundles, which Apple hardware would be offered (other than the iPhone), or terms for trade-ins and upgrades. Apple already offers the iPhone Upgrade Program in the U.S., U.K., and China, which lets users pay for a new iPhone with AppleCare+ over 24 monthly payments with the option to upgrade after 12 months.

  • Apple will reportedly sell the iPhone as a subscription service

    According to Bloomberg’s report, the monthly charge wouldn’t simply be the price of the device divided by 12 or 24 months, but rather be a still-undecided monthly cost, potentially with the option to upgrade to new hardware as its released. And like Apple’s other subscriptions, it would be tied to a user’s existing Apple ID account, with the possibility of bundling in AppleCare or Apple One services as well.

  • Apple Developing Hardware Subscription Service for iPhones and Other Devices

    Compared to the iPhone Upgrade Program, it would differ because Apple would charge a yet-to-be-determined monthly fee rather than splitting the cost of a device across a 12 or 24 month period. It would also cover other products while the iPhone Upgrade Program is limited to the iPhone.

  • Apple is working on a subscription service for iPhones and other products

    Adopting hardware subscriptions, akin to an auto-leasing program, would be a major strategy shift for a company that has generally sold devices at full cost outright, sometimes through installments or with carrier subsidies. It could help Apple generate more revenue and make it easier for consumers to stomach spending thousands of dollars on new devices.

  • Apple is working on a hardware subscription service for iPhones

    Apple Inc. is working on a subscription service for the iPhone and other hardware products, a move that could make device ownership similar to paying a monthly app fee, according to people with knowledge of the matter.

  • Australia ranks number one in Asia Pacific for most ransomware attacks [iophk: Windows TCO]

    The research released from Unit 42 by global cybersecurity leader. Palo Alto Networks also found that ransomware payments hit new records in 2021 as cybercriminals increasingly turned to Dark Web “leak sites” where they pressured victims to pay up by threatening to release sensitive data.

    In Australia the research also found that 2021 saw a 642% increase in dark web leaks on the prior year and 38% of all attacks targeted organisations in NSW; ACT the least targeted geography.

  • Towards Practical Security Optimizations for Binaries

    This example is one of several well-documented instances of a compiler optimization inadvertently introducing a security weakness into a program. Recently, my colleagues at Georgia Tech and I published an extensive study of how compiler design choices impact another security property of binaries: malicious code reusability. We discovered that compiler code generation and optimization behaviors generally do not consider malicious reusability. As a result, they produce binaries that are generally more reusable by an attacker than is necessary.

  • US charges four Russians over [cracking] campaign on energy sector [iophk: Windows TCO]

    They are accused of targeting hundreds of companies and organisations in around 135 countries between 2012-2018.

    Their activities are said to have caused two separate emergency shutdowns at one facility in Saudi Arabia.

    The conspiracy then allegedly attempted to [break into] the computers of a company that managed similar critical infrastructure entities in the US.

Enable/Disable Auto Update & Upgrade in Unattended Upgrades on Ubuntu

Unattended Upgrades software helps us auto-update and upgrade system packages in the background without user interaction to keep up to date with the latest features and security patches. This feature can be a handful to secure your system with the latest security issues, even ubuntu providing it out of the box with its latest iso. Unexpected background updates can be irritating for regular Linux users. Read more

Android Leftovers

WD My Clown OS (Severity 9.8/10)

  • Western Digital My Cloud OS update fixes critical vulnerability

    The vulnerability, which has a CVSS v3 severity score of 9.8, allows remote attackers to execute arbitrary code on the target device, in this case, WD PR4100 NAS, without requiring authentication.

  • Western Digital customers urged to update to latest version of My Cloud OS

    Western Digital has pushed a new firmware update for its My Cloud OS, fixing a high- severity vulnerability that was discovered during a recent hacking contest. As reported by BleepingComputer, cybersecurity experts from the NCC Group exploited a flaw in Netatalk Service, an open-source implementation of the Apple Filing Protocol (AFP) that allows for Unix-like operating systems to serve as file servers for macOS clients. The flaw, now tracked as CVE-2022-23121, carries a severity score of 9.8/10, as it allows threat actors to run any code on the target endpoint, without authentication.

  • WD My Cloud Users Should Update to Avoid a Dangerous Vulnerability – Review Geek [Ed: My Cloud? My clown? Whose clown? Everyone gets access...]

    Western Digital just rolled out a My Cloud OS update that resolves a dangerous remote access vulnerability. All My Cloud users should install the firmware update (version 5.19.117) to defend themselves from remote hacking attempts.

