Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • LeChiffre Ransomware Hits Three Indian Banks, Causes Millions in Damages

    An unknown hacker has breached the computer systems of three banks and a pharmaceutical company and infected most of their computers with crypto-ransomware.

    The incident took place at the start of January, all companies were located in India, and the hacker(s) used the LeChiffre ransomware family to encrypt files on the infected computers.

  • LeChiffre, Ransomware Ran Manually

    It encrypts files and appends to their names an extension “.LeChiffre”.

  • when preloads go sideways

    One solution would be to install an alternative operating system, like OpenBSD. Sorry, I meant to say ARCH LINUX.

    I note that a fair bit of the above foolishness revolves around adding some amount of pollution to the OS’s cabal store. Maybe we can use an OS that comes with a store we trust? For example, there’s several ways a user can install OpenBSD and verify that cert.pem has only the 4943 lines it’s supposed to have. That only pushes the question back a step, however. What lines are supposed to be in this file?

    [...]

    The trials and tribulations of bundleware mirror those of the government. For as long as most traffic was unencrypted, it was easy to inject value. But as sites started moving to full time https, the well of value started to dry up, requiring workarounds to stay in the game. Governments are facing much the same challenge, hence the large number of proposals to build a socialized, universal AV software, so that all citizens can enjoy its benefits on both desktop and mobile. How else will TrendMicro keep us safe from Let’s Encrypt?

    When asked to comment, Hillary Clinton responded with a statement. “I clearly specified that the problem was to be solved by Silicon Valley’s best and brightest, not bumbling mediocrity.” Donald Trump promised to build a wall around malware and make the neckbeards pay for it. Carly Fiorina simply tweeted, “Go Iowa!”

  • Microsoft putting users at risk by forcing Windows 10 upgrade

    Microsoft is forcing Windows users to upgrade to Windows 10 by quietly slipping in code through its regular updates. This has been confirmed by multiple sources.

    But what of those Windows users who want to stick with a known devil — in this case, their own versions of Windows, be they 7, 8 or 8.1 — until a little more is known by the public at large about the strengths and weaknesses of Windows 10?

  • Playing with Letsencrypt

    While I'm not convinced that encrypting everything by default is necessarily a good idea, it is certainly true that encryption has its uses. Unfortunately, for the longest time getting an SSL certificate from a CA was quite a hassle -- and then I'm not even mentioning the fact that it would cost money, too. In that light, the letsencrypt project is a useful alternative: rather than having to dabble with emails or webforms, letsencrypt does everything by way of a few scripts. Also, the letsencrypt CA is free to use, in contrast to many other certificate authorities.

More in Tux Machines

Today in Techrights

Android Leftovers

GNU/Linux on Desktop/Phone: System76, DeX, Librem

  • Pop!_OS Is Finally Here — System76’s Ubuntu-based Operating System For Developers
    The first ever stable release of Pop!_OS is finally here. You can go ahead and download it from this link. Don’t forget to share your feedback. Earlier this year in June, we reported that System76 is creating its own Linux distro called Pop!_OS.
  • Samsung DeX Promises to Bring the Linux PC Experience to Your Mobile Device
    After unveiling its next-generation Bixby 2.0 intelligent assistant, Samsung today announced that it plans to bring the Linux PC experience to the Samsung DeX ecosystem.
  • Steps toward a privacy-preserving phone
    What kind of cell phone would emerge from a concerted effort to design privacy in from the beginning, using free software as much as possible? Some answers are provided by a crowdfunding campaign launched in August by Purism SPC, which has used two such campaigns successfully in the past to build a business around secure laptops. The Librem 5, with a five-inch screen and radio chip for communicating with cell phone companies, represents Purism's hope to bring the same privacy-enhancing vision to the mobile space, which is much more demanding in its threats, technology components, and user experience. The abuse of mobile phone data has become a matter of worldwide concern. The capture and sale of personal data by apps is so notorious that it has been covered in USA Today; concerns over snooping contribute to the appeal of WhatsApp (which has topped 1.3 billion users) and other encrypted and privacy-conscious apps. But apps are only one attack vector. I got in touch with Todd Weaver, founder and CEO of Purism, to find out what the company is doing to plug the leaks in mobile devices.

Servers: DockerCon Coverage, MongoDB IPO

  • DockerCon EU 17 Panel Debates Docker Container Security
    There are many different security capabilities that are part of the Docker container platform, and there are a number of vendors providing container security offerings. At the DockerCon EU 17 conference in Copenhagen, Denmark, eWEEK moderated a panel of leading vendors—Docker, Hewlett Packard Enterprise, Aqua Security, Twistlock and StackRox—to discuss the state of the market. To date, there have been no publicly disclosed data breaches attributed to container usage or flaws. However, that doesn't mean that organizations using containers have not been attacked. In fact, Wei Lien Dang, product manager at StackRox, said one of his firm's financial services customers did have a container-related security incident.
  • DockerCon EU: Tips and Tools for Running Container Workloads on AWS
    Amazon Web Services wants to be a welcome home for developers and organizations looking to deploy containers. At the DockerCon EU conference here, a pair of AWS technical evangelists shared their wisdom on the best ways to benefit from container deployments. The terms microservices and containers are often used interchangeably by people. Abby Fuller, technical evangelist at AWS, provided the definition of microservices coined by Adrian Crockford, VP of Cloud Architecture at AWS and formerly the cloud architect at Netflix.
  • Docker CEO: Embracing Kubernetes Removes Conflict
    Steve Singh has ambitious plans for Docker Inc. that are nothing less than transforming the world of legacy applications into a modern cloud-native approach. Singh was named CEO of Docker on May 2 and hosted his first DockerCon event here Oct. 16-19. The highlight of DockerCon EU was the surprise announcement that Docker is going to support the rival open-source Kubernetes container orchestration system. In a video interview with eWEEK, Singh explained the rationale behind the Kubernetes support and provided insight into his vision for the company he now leads.
  • MongoDB's IPO Beats the Market Out of the Gate
    The folks at MongoDB raised a whole lot of money today in their debut on NASDAQ. Yesterday the open source company announced it was going to be asking $24 a share for the 8 million Class A shares it was letting loose in its IPO, which had some Wall Street investors scratching their heads and wondering if the brains at Mongo were suffering from some kind of undiagnosed damage. Analysts had been estimating an opening price of between $20-22 per share, and on October 6 the company had estimated an opening price in the range of $18-20.