Language Selection

English French German Italian Portuguese Spanish

Security and Fear, Uncertainty, Doubt (FUD)

Filed under
Security
  • Cloud OSINT. Finding Interesting Resources

    I had a curiosity driven excursion into the public clouds of AWS and Azure to find what is publicly hosted and who by. As anticipated, the results were extremely broad and interesting as I found PII, various web applications, login portals, source code, and adult material.

    Please note that this blog will not include all steps of reconnaissance as that is a topic for another blog.

  • Security updates for Monday [LWN.net]

    Security updates have been issued by Debian (gnupg2 and kernel), Fedora (golang-github-apache-beam-2, golang-github-etcd-io-gofail, golang-github-intel-goresctrl, golang-github-spf13-cobra, golang-k8s-pod-security-admission, and vim), Oracle (.NET 6.0, compat-openssl10, compat-openssl11, cups, curl, expat, firefox, go-toolset:ol8, grub2,, gzip, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, libarchive, libgcrypt, libinput, libxml2, pcre2, postgresql, python, rsync, rsyslog, ruby:2.6, subversion, thunderbird, vim, xz, and zlib), Scientific Linux (firefox and thunderbird), SUSE (python-nltk and salt), and Ubuntu (linux, linux-aws, linux-hwe-5.13, and linux-oem-5.14).

  • Azure Service Fabric Vulnerability Can Lead to Cluster Takeover [Ed: This is a proprietary Microsoft issue, stop saying "Linux"]

More in Tux Machines

This week in KDE: Major accessibility improvements

Though KDE’s goal-setting process is still ongoing, contributors have started working on Plasma accessibility in a major way! As of Plasma 5.26, all Plasma widgets will be fully compatible and usable with a screen reader, thanks to Fushan Wen with assistance from Harald Sitter! Read on

Today in Techrights

Security Leftovers

  • Chinese hackers backdoor chat app with new Linux, macOS malware [Ed: Nowadays the Microsofters in the media are calling "backdoors" things that are simply malware and one has to actually install; of course they like to blame "Linux" (because the user can add malware on top of it). Saying Linux isn't secure because it doesn't prevent you installing malware is like saying bridges are dangerous because you may commit suicide by jumping off them.]

    Versions of a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' have been trojanized to deliver a new backdoor (dubbed rshell) that can be used to steal data from Linux and macOS systems.

  • Linux Threats: A Black Hat 2022 Hot Topic? (Video) [Ed: Aside from patent trolling, Blackberry reinvented itself as anti-Linux FUD source in recent years. They intentionally overlook back doors (e.g. Windows) and blame everything on "Linux".]

    There are usually a few cyberthreat trends that seem to emerge as important themes at each year’s Black Hat conference. And this year, the increase in Linux threats may be one of them.

  • #StopRansomware: Zeppelin Ransomware [Ed: Ransomware is predominantly a Microsoft Windows problem]

    CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: Zeppelin Ransomware, to provide information on Zeppelin Ransomware. Actors use Zeppelin Ransomware, a ransomware-as-a-service (RaaS), against a wide range of businesses and critical infrastructure organizations to encrypt victims’ files for financial gain.

  • CISA Adds Two Known Exploited Vulnerabilities to Catalog

    CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates. 

  • Cisco Releases Security Update for Multiple Products

    This vulnerability could allow a remote attacker to obtain sensitive information. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

today's leftovers

  • Portable Computer Pre-History: Portable Before Laptops

    Portability is relative. When former Texas Instruments employees Rod Canion, Jim Harris and Bill Murto created a portable version of the IBM PC in 1982, it was a hulking device that weight 28 pounds and was roughly the size of a sewing machine. If you sold a desktop computer that weighed 28 pounds in 2018, you’d be laughed off the block. But the device, called the Compaq Portable, was revolutionary for its time and thrust the company that made it into the mainstream. It wasn’t too long before then that a portable computer was so embarrassingly large that you would probably break your legs if you used it as a laptop. Tonight’s Tedium ponders a time when portable computing meant something just a little bit bigger.

  • Fedora Sway OSTree Spin name

    The Fedora Sway SIG is working to create an immutable version of the Sway Spin (also work in progress) using OSTree. Those immutable spins of Fedora are becoming more common following Silverblue and Kinoite’s success. As it often happens, one of the most challenging things to do in creating something is to come up with clever names. This task is made even more complex by the relatively small amount of people active in this conversation. For this reason, during the last SIG meeting, it was decided to socialize this decision so that more people could suggest their ideas.

  • Output requirements.txt packages pinned to latest version
  • How to install OpenSCAD on a Chromebook

    Today we are looking at how to install OpenSCAD on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  • Stupid SMP Tricks: A Review of Locking Engineering Principles and Hierarchy: paulmck — LiveJournal

    Daniel Vetter put together a pair of intriguing blog posts entitled Locking Engineering Principles and Locking Engineering Hierarchy. These appear to be an attempt to establish a set of GPU-wide or perhaps even driver-tree-wide concurrency coding conventions. Which would normally be none of my business. After all, to establish such conventions, Daniel needs to negotiate with the driver subsystem's developers and maintainers, and I am neither. Except that he did call me out on Twitter on this topic. So here I am, as promised, offering color commentary and the occasional suggestion for improvement, both of Daniel's proposal and of the kernel itself. The following sections review his two posts, and then summarize and amplify suggestions for improvement.

  • Ubuntu Unity 22.04 Quick overview #linux #UbuntuUnity - Invidious
  • FOSS Force Open Source News Quiz (8/12/22) - FOSS Force

    How closely did you follow the news about Linux and free and open source software this week? You can get an idea about how well informed you are (and have some fun in the process) by taking our Open Source News Quiz. Once you’re done, scroll down to the comments section and let us know how you did!