Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • LeChiffre Ransomware Hits Three Indian Banks, Causes Millions in Damages

    An unknown hacker has breached the computer systems of three banks and a pharmaceutical company and infected most of their computers with crypto-ransomware.

    The incident took place at the start of January, all companies were located in India, and the hacker(s) used the LeChiffre ransomware family to encrypt files on the infected computers.

  • LeChiffre, Ransomware Ran Manually

    It encrypts files and appends to their names an extension “.LeChiffre”.

  • when preloads go sideways

    One solution would be to install an alternative operating system, like OpenBSD. Sorry, I meant to say ARCH LINUX.

    I note that a fair bit of the above foolishness revolves around adding some amount of pollution to the OS’s cabal store. Maybe we can use an OS that comes with a store we trust? For example, there’s several ways a user can install OpenBSD and verify that cert.pem has only the 4943 lines it’s supposed to have. That only pushes the question back a step, however. What lines are supposed to be in this file?

    [...]

    The trials and tribulations of bundleware mirror those of the government. For as long as most traffic was unencrypted, it was easy to inject value. But as sites started moving to full time https, the well of value started to dry up, requiring workarounds to stay in the game. Governments are facing much the same challenge, hence the large number of proposals to build a socialized, universal AV software, so that all citizens can enjoy its benefits on both desktop and mobile. How else will TrendMicro keep us safe from Let’s Encrypt?

    When asked to comment, Hillary Clinton responded with a statement. “I clearly specified that the problem was to be solved by Silicon Valley’s best and brightest, not bumbling mediocrity.” Donald Trump promised to build a wall around malware and make the neckbeards pay for it. Carly Fiorina simply tweeted, “Go Iowa!”

  • Microsoft putting users at risk by forcing Windows 10 upgrade

    Microsoft is forcing Windows users to upgrade to Windows 10 by quietly slipping in code through its regular updates. This has been confirmed by multiple sources.

    But what of those Windows users who want to stick with a known devil — in this case, their own versions of Windows, be they 7, 8 or 8.1 — until a little more is known by the public at large about the strengths and weaknesses of Windows 10?

  • Playing with Letsencrypt

    While I'm not convinced that encrypting everything by default is necessarily a good idea, it is certainly true that encryption has its uses. Unfortunately, for the longest time getting an SSL certificate from a CA was quite a hassle -- and then I'm not even mentioning the fact that it would cost money, too. In that light, the letsencrypt project is a useful alternative: rather than having to dabble with emails or webforms, letsencrypt does everything by way of a few scripts. Also, the letsencrypt CA is free to use, in contrast to many other certificate authorities.

More in Tux Machines

EEE, Entryism and Openwashing

  • New Linux distro specifically designed for Windows comes to the Microsoft Store [Ed: WLinux or Whitewater Foundry not the first time people exploit Microsoft to put a price tag on FOSS such as LibreOffice. Microsoft is doing a fine job sabotaging the GNU/Linux 'ecosystem'.]
    WLinux is based on Debian, and the developer, Whitewater Foundry, claims their custom distro will also allow faster patching of security and compatibility issues that appear from time to time between upstream distros and WSL. [...] In return for saving developers time Whitewater Foundry is charging $19.99 (though the app is currently 50% off and the distribution can be downloaded from Github for free).
  • Open source dev gets Win32 apps running on Xbox One [Ed: Running blobs on two DRM platforms does not make you "Open source dev"]
  • Building Blocks of Secure Development: How to Make Open Source Work for You [Ed: Veracode self-promotion in "webinar" form, badmouthing FOSS to push their proprietary things. They work with Microsoft.]
  • SD Times open source project of the week: TonY [Ed: Openwashing of a surveillance operation at Microsoft]
    Unsatisfied with the available solutions for connecting the analytics-generating power of their TensorFlow machine learning implementations with the scalable data computation and storage capabilities of their Apache Hadoop clusters, developers at LinkedIn decided that they’d take matters into their own hands with the development of this week’s highlighted project, TonY.
  • Open Source: Automating Release Notes in Github [Ed: The New York Times is still propping up Microsoft hosting]
  • Opendesk launches augmented-reality shopping for its open-source furniture [Ed: Calling furniture "open"]
    Opendesk customers can now use augmented reality to see how the furniture brand's pieces look in their homes before ordering them from local makers. The augmented-reality (AR) experience launched with the arrival of Apple's iOS 12 operating system this week. It enables customers to use their smartphones to view some of Opendesk's furniture superimposed on the room in front of them.
  • Open Source Testing Startup Cypress Leaves Beta With Thousands of Users, Launches Paid Plans [Ed: This is not Open Source; they misuse the label and even put dashes ("open-source") because they know they're faking it.]
    Cypress.io‘s CEO Drew Lanham explains that the startup’s tool is software created by developers, for developers. The company was founded in 2014 by technologist Brian Mann, after observing that while computing and application development had changed drastically over the past decade, software testing had not. Large companies now release thousands of software updates a year, often on a daily basis across their organization. Technology teams aim to move rapidly, iterating on an agile basis and working in parallel so they can sync their code together even faster. But, as Lanham explains, the testing software out there was far outdated for these agile processes.
  • Kindred Introduces SenseAct, the First Reinforcement Learning Open-Source Toolkit for Physical Robots [Ed: Kindred or SenseAct not actually FOSS; but they sure try to make it seem that way, by focusing on a toolkit.]

Top Linux Distros for Software Developers

A major factor in the choice of Linux distro is your personal preference. You may try one of the most popular Linux distros but find that you prefer one that’s less often used. Your experience with Linux will also factor into which distro is suited to you. With the benefits Linux can offer — including flexibility, stability, and support — it’s worth evaluating your options. Read more

Source Code From Deutsche Telekom

  • Edge compute platform is open source
    Deutsche Telekom and Aricent have partnered for the creation of an Open Source, low latency Edge compute platform available to operators, to enable them to develop and launch 5G mobile applications and services faster.
  • Deutsche Telekom and Aricent Create Open Source Edge Software Framework
    Deutsche Telekom and Aricent today announced the creation of an Open Source, Low Latency Edge Compute Platform available to operators, to enable them to develop and launch 5G mobile applications and services faster. The cost-effective Edge platform is built for software-defined data centers (SDDC) and is decentralized, to accelerate the deployment of ultra-low latency applications. The joint solution will include a software framework with key capabilities for developers, delivered as a platform-as-a-service (PaaS) and will incorporate cloud-native Multi-access edge computing (MEC) technologies.
  • DT and Aricent announce telco Open Source Edge framework for 5G
    Deutsche Telekom and Aricent have announced the creation of an Open Source Edge software framework, designed especially for developers, platform-as-a-service and cloud-native multi-access edge computing technologies and on-track to intersect with the deployment of 5G enabled network edge facilities to tackle ultra-low latency network applications. The Edge platform has been built for software-defined data centers (SDDC) and will include a software framework with key capabilities for developers, delivered as a platform-as-a-service (PaaS) and will incorporate cloud-native Multi-access edge computing (MEC) technologies.
  • Deutsche Telekom, Aricent brew up edge compute platform for 5G apps and services
    In order to speed up the rollout of 5G applications and services, Duetsche Telekom and Aricent have teamed up to build an edge compute platform. The open source, edge software framework was built for use in software-defined data centers in decentralized locations. It also uses cloud-native multiaccess edge computing (MEC) technologies.
  • Deutsche Telekom, Aricent Bridge Cloud Native, Telco MEC Gap
    German telecom giant Deutsche Telekom and Aricent threw their collective weight behind an open source edge computing platform targeted at software-defined data centers (SDDC). The initiative gamely joins a growing list of open source multi-access edge computing (MEC) initiatives. The DT-Aricent collaboration is at its core a decentralized platform designed to help telecom operators develop and launch low-latency 5G mobile applications and services. It includes a software framework with features delivered through a platform-as-a-service (PaaS) model.

Android Leftovers