Language Selection

English French German Italian Portuguese Spanish

DistroWatch Weekly, Issue 501

Filed under
Linux

Welcome to this year's 13th issue of DistroWatch Weekly! We'll start with first look reviews of the recently-released KANOTIX 2013, a Debian-based distribution with excellent hardware support and a large number of applications on its live DVD, and GhostBSD 3.0, a FreeBSD-based operating system for desktop computing with multiple desktops and window managers to suit several tastes.

In the news section, openSUSE offers a new rescue CD variant for its 12.3 version, Debian Project Leader candidates present their visions of the world's largest Linux distribution, Haiku starts work on improving its package management system, and Oracle Linux lures new customers by providing advantages over other enterprise Linux systems. Also in this issue, links to resources offering help in the domain of computer forensics and related tasks and news about a much-needed update of the DistroWatch distribution database. Finally, we are happy to announce that the recipient of the March 2013 DistroWatch.com donation is the GhostBSD project. Happy reading!

rest here




More in Tux Machines

today's howtos

Today in Techrights

Security Leftovers

  • One-stop counterfeit certificate shops for all your malware-signing needs

    The Stuxnet worm that targeted Iran's nuclear program almost a decade ago was a watershed piece of malware for a variety of reasons. Chief among them, its use of cryptographic certificates belonging to legitimate companies to falsely vouch for the trustworthiness of the malware. Last year, we learned that fraudulently signed malware was more widespread than previously believed. On Thursday, researchers unveiled one possible reason: underground services that since 2011 have sold counterfeit signing credentials that are unique to each buyer.

  • How did OurMine hackers use DNS poisoning to attack WikiLeaks? [Ed: False. They did not attack Wikileaks; they attacked the DNS servers/framework. The corporate media misreported this at the time.
    The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from expert Nick Lewis.
  • Intel didn't give government advance notice on chip flaws

    Google researchers informed Intel of flaws in its chips in June. The company explained in its own letter to lawmakers that it left up to Intel informing the government of the flaws.

    Intel said that it did not notify the government at the time because it had “no indication of any exploitation by malicious actors,” and wanted to keep knowledge of the breach limited while it and other companies worked to patch the issue.

    The company let some Chinese technology companies know about the vulnerabilities, which government officials fear may mean the information was passed along to the Chinese government, according to The Wall Street Journal.

  • Intel hid CPU bugs info from govt 'until public disclosure'

    As iTWire reported recently, Intel faces a total of 33 lawsuits over the two flaws. Additionally, the Boston law firm of Block & Leviton is preparing a class action lawsuit against Intel chief executive Brian Krzanich for allegedly selling a vast majority of his Intel stock after the company was notified of the two security flaws and before they became public.

  • Intel did not tell U.S. cyber officials about chip flaws until made public [iophk: "yeah right"]

    Current and former U.S. government officials have raised concerns that the government was not informed of the flaws before they became public because the flaws potentially held national security implications. Intel said it did not think the flaws needed to be shared with U.S. authorities as hackers [sic] had not exploited the vulnerabilities.

  • LA Times serving cryptocurrency mining script [iophk: "JS"]

    The S3 bucket used by the LA Times is apparently world-writable and an ethical hacker [sic] appears to have left a warning in the repository, warning of possible misuse and asking the owner to secure the bucket.

  • Facebook's Mandatory Malware Scan Is an Intrusive Mess

    When an Oregon science fiction writer named Charity tried to log onto Facebook on February 11, she found herself completely locked out of her account. A message appeared saying she needed to download Facebook’s malware scanner if she wanted to get back in. Charity couldn’t use Facebook until she completed the scan, but the file the company provided was for a Windows device—Charity uses a Mac.

  • Tinder plugs flaw that enabled account takeover using just a phone number

    As Tinder uses Facebook profile pics for its users to lure in a mate or several, the 'dating' app is somewhat tied to the social network. When a swipe-hungry Tinder user comes to login to their account they can either do so via Facebook or use their mobile number.

  • `

Android Leftovers