Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
GNU
Linux
Security
  • Friday's security updates
  • ProtonMail Pays Crooks $6,000 In Bitcoin To Cease DDoS Bombardment

    ProtonMail is getting its first taste of life as an entity known to criminals looking for a quick, easy payday.

    Throughout most of yesterday and through to this morning, the encrypted email service, set up by CERN scientists in Geneva last year to fight snooping by the likes of the NSA, was offline. The company had to use a WordPress blog to disclose what was happening to customers.

    Its datacenter was effectively shut down by waves of traffic thanks to two separate Distributed Denial of Service (DDoS) attacks. One of the groups responsible for flooding the servers demanded ProtonMail cough up 15 Bitcoin (currently worth around $6,000), or the attack would continue.

  • Ransomware Found Targeting Linux Servers and Coding Repositories

    A newly discovered ransomware is attacking Linux Web servers, taking aim at Web development environments used to host websites or code repositories.

  • Linux Ransomware Is Now Attacking Webmasters

    A new bit of ransomware is now attacking Linux-based machines, specifically the folders associated with serving web pages. Called Linux.Encoder.1 the ransomware will encrypt your MySQL, Apache, and home/root folders. The system then asks for a single bitcoin to decrypt the files.

  • Auto-Hacking Class Action Likely to Die

    A federal judge Tuesday indicated he will dismiss with leave to amend a class action claiming Ford, Toyota and General Motors made their cars vulnerable to hackers.

  • Volkswagen and the Real Insider Threat

    Over the last several weeks, reporting has revealed a coordinated insider effort at Volkswagen to insert a malicious piece of software—a defeat device—into the car’s electronic control module. The device was able to sense when emission tests were being conducted by monitoring things like “speed, engine operation, air pressure and even the position of the steering wheel,” and triggered changes to the car’s operations to reduce emissions during the testing process so that those cars would pass the tests. When the malicious software remained dormant, the emission controls were disabled and the cars spewed up to 40 times the EPA-mandated emissions limits. Through the defeat device, Volkswagen was able to sell more than half a million diesel-fueled cars in the U.S. in violation of U.S. environmental laws.

  • Encrypted resistance: from digital security to dual power

    Digital technology is often seen as a curiosity in revolutionary politics, perhaps as a specialized skill set that is peripheral to the hard work of organizing. But the growing trend of “cyber-resistance” might hold more potential than we have given it credit for. Specifically, the popularized use of encryption gives us the ability to form a type of liberated space within the shifting maze of cables and servers that make up the Internet. The “web” is bound by the laws of math and physics before the laws of states, and in that cyberspace we may be able to birth a new revolutionary consciousness.

More in Tux Machines

Free Software Stigma and Upcoming Events

  • Why Do Companies Still Have a Fear of Open Source?

    Open Source Software, since its birth, has made people wonder about its effects. The debate is never-ending, and for the right reasons. Giants like Apple have often viewed Open Source skeptically because they are mostly unfounded. However, one cannot deny that these sources are functional and flexible. They are also partly responsible for bringing the technological world in the right direction. But are they worth it? In this article, we shall learn all about open source companies and why use open source software, and why open source software is still not greeted warmly by certain companies. Therefore, without further ado, let's start right away.

  • Samuel Iglesias: X.Org Developers Conference 2021

    Last week we had our most loved annual conference: X.Org Developers Conference 2021. As a reminder, due to COVID-19 situation in Europe (and its respective restrictions on travel and events), we kept it virtual again this year… which is a pity as the former venue was Gdańsk, a very beautiful city (see picture below if you don’t believe me!) in Poland. Let’s see if we can finally have an XDC there! [...] Big shout-out to the XDC 2021 organizers (Intel) represented by Radosław Szwichtenberg, Ryszard Knop and Maciej Ramotowski. They did an awesome job on having a very smooth conference. I can tell you that they promptly fixed any issue that happened, all of that behind the scenes so that the attendees not even noticed anything most of the times! That is what good conference organizers do!

  • Open Source Summit + Embedded Linux Conference 2021

    This month has been nothing short of hectic, with back to back to back conferences filling up the calendar. Following Linaro Virual Connect, XDC, and Linux Plumbers (which ends today), Collaborans will be attending (virtually) next week's Open Source Summit + Embedded Linux Conference 2021. Connecting the open source ecosystem under one roof, the conference is "a unique environment for cross-collaboration between developers, sysadmins, devops, architects and others who are driving technology forward". Taking place from September 27-30, the event will be held in a hybrid format for the first time, with both in-person and virtual offerings, to ensure that everyone who wants to participate is able to do so.

Programming/Development Leftovers

  • New tool: an nginx playground

    On Wednesday I was talking to a friend about how it would be cool to have an nginx playground website where you can just paste in an nginx config and test it out. And then I realized it might actually be pretty easy to build, so got excited and started coding and I built it.

  • Pandas to check cell value is NaN

    The main documentation of the pandas is saying null values are missing values. We can denote the missing or null values as NaN in the pandas as most developers do. The NaN and None keywords are both used by developers to show the missing values in the dataframe. The best thing in the pandas is that it treats both NaN and None similarly. To check the missing value of a cell, pandas.notnull will return False in both cases of NaN and None if the cell has NaN or None. So, in this article, we will explore different methods to check whether a particular cell value is null or not (NaN or None).

  • gfldex: Convolution

    Flavio wrote a straightforward solution to PWC-131-1 and wondered if there is a idiomatic way. Assuming, that “idiomatic” means to use language features which lesser languages refuse to require, I’m happy to deliver convoluted code.

  • Perl Weekly Challenge 131: Consecutive Arrays

    These are some answers to task 1 of the Week 131 of the Perl Weekly Challenge organized by Mohammad S. Anwar. Spoiler Alert: This weekly challenge deadline is due in a few days from now (on September 26, 2021 at 24:00). This blog post offers some solutions to this challenge, please don’t read on if you intend to complete the challenge on your own.

  • My Favorite Modules: if | Tom Wyant [blogs.perl.org]

    My blog post My Favorite Warnings: redundant and missing touched on the use of the if module. Comments on that post made me think it deserved a top-level treatment, expanding on (though not necessarily improving on) Aristotle's comment.

CutefishOS: Unix-y development model? Check. macOS aesthetic? Check (if you like that sort of thing)

One of the reasons Linux has never caught on as a desktop operating system, as Linux fans know, is that Linux isn't a desktop operating system, it's a kernel. And assembling it into a coherent package users can install is the job of a distribution. This is a very different distribution model than the one Apple or Microsoft uses, and it confuses newcomers. Windows and macOS are easier to understand, they are single things made by single companies. Canonical and Red Hat notwithstanding, Linux is not packaged and presented this way at all. I've long believed that this difference is one of the key stumbling blocks to wider Linux adoption. Apple has macOS, Microsoft has Windows, Linux has... hundreds of awkward, confusingly named options. This is both Linux's greatest strength, and its greatest weakness. For those who already understand and use it the options are welcome. I've been a Linux user for over a decade and I've used several dozen distros, some of them so different from one another it's difficult to believe they're built from the same base. This wealth of options is great, but it's both confusing and overwhelming for new users. Distributions like elementary OS are popular with people switching from macOS and Windows because elementary OS offers that same highly polished, all-in-one package that makes the transition from proprietary operating systems smoother. But this is Linux, so you can't just have elementary OS. The latest distro to catch my eye is CutefishOS, which owes considerable design debt to both elementaryOS and the operating system made by that fruit company. Read more

BattlEye confirms Linux support for Steam Deck

  • BattlEye confirms Linux support for Steam Deck, will be opt-in like Easy Anti-Cheat

    Just recently we had Epic Games announce that Easy Anti-Cheat now offers proper native Linux support and in addition support for Wine and Steam Play Proton - now we have BattlEye also confirming the same readying up for the Steam Deck.

  • BattlEye To Support Valve's Steam Deck / Proton

    Yesterday it was Epic Games confirming Easy Anti-Cheat for Linux and Wine/Proton ahead of the Steam Deck launch and today it's BattlEye confirming Proton / Steam Deck support. BattlEye has already provided native Linux support albeit not widely used. Today they tweeted that they will also be supporting the upcoming Steam Deck or more specifically the use of BattlEye within Proton. BattlEye is making this opt-in for game developers who wish to support its usage under Wine / Proton.