Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • LeChiffre Ransomware Hits Three Indian Banks, Causes Millions in Damages

    An unknown hacker has breached the computer systems of three banks and a pharmaceutical company and infected most of their computers with crypto-ransomware.

    The incident took place at the start of January, all companies were located in India, and the hacker(s) used the LeChiffre ransomware family to encrypt files on the infected computers.

  • LeChiffre, Ransomware Ran Manually

    It encrypts files and appends to their names an extension “.LeChiffre”.

  • when preloads go sideways

    One solution would be to install an alternative operating system, like OpenBSD. Sorry, I meant to say ARCH LINUX.

    I note that a fair bit of the above foolishness revolves around adding some amount of pollution to the OS’s cabal store. Maybe we can use an OS that comes with a store we trust? For example, there’s several ways a user can install OpenBSD and verify that cert.pem has only the 4943 lines it’s supposed to have. That only pushes the question back a step, however. What lines are supposed to be in this file?

    [...]

    The trials and tribulations of bundleware mirror those of the government. For as long as most traffic was unencrypted, it was easy to inject value. But as sites started moving to full time https, the well of value started to dry up, requiring workarounds to stay in the game. Governments are facing much the same challenge, hence the large number of proposals to build a socialized, universal AV software, so that all citizens can enjoy its benefits on both desktop and mobile. How else will TrendMicro keep us safe from Let’s Encrypt?

    When asked to comment, Hillary Clinton responded with a statement. “I clearly specified that the problem was to be solved by Silicon Valley’s best and brightest, not bumbling mediocrity.” Donald Trump promised to build a wall around malware and make the neckbeards pay for it. Carly Fiorina simply tweeted, “Go Iowa!”

  • Microsoft putting users at risk by forcing Windows 10 upgrade

    Microsoft is forcing Windows users to upgrade to Windows 10 by quietly slipping in code through its regular updates. This has been confirmed by multiple sources.

    But what of those Windows users who want to stick with a known devil — in this case, their own versions of Windows, be they 7, 8 or 8.1 — until a little more is known by the public at large about the strengths and weaknesses of Windows 10?

  • Playing with Letsencrypt

    While I'm not convinced that encrypting everything by default is necessarily a good idea, it is certainly true that encryption has its uses. Unfortunately, for the longest time getting an SSL certificate from a CA was quite a hassle -- and then I'm not even mentioning the fact that it would cost money, too. In that light, the letsencrypt project is a useful alternative: rather than having to dabble with emails or webforms, letsencrypt does everything by way of a few scripts. Also, the letsencrypt CA is free to use, in contrast to many other certificate authorities.

More in Tux Machines

Canonical/Ubuntu Watching You

  • Two-thirds of Ubuntu users are happy to give up data on their PC
    As announced back at the start of the year, Canonical made the decision that Ubuntu would collect data on its user base – and now the initial results of those statistics have been published by the firm, including the headline fact that 67% of users were happy to provide details of their PC (and other bits and pieces). So, this scheme that has been unfavorably compared to Microsoft’s collection of telemetry data in Windows 10, which has long been a point of controversy. However, it appears that the majority of folks are happy to give up their data to the company providing their Linux distribution, and don’t seem perturbed by this prospect.
  • Ubuntu reports 67% of users opt in to on-by-default PC specs slurp [Ed: 33% of Ubuntu users say to Canonical "don't spy on me" and Canonical then counts them, which means that Canonical collects data on them, too]
    However just 33 per cent of the undisclosed number of users Canonical’s analysed didn’t opt in to the slurpage. Which is where things get a little bit weird, because Canonical’s post reports an “Opt In rate”. Yet the data slurpage is selected by default: there’s an active opt out but a passive opt in.
  • The Average Ubuntu Install Takes 18 Minutes (And Other Stats)
    Did you know that the average Ubuntu install takes just 18 minutes? That’s one of several nuggets of information Canonical has collected (and now revealed) thanks to the new “Ubuntu Report” tool included in Ubuntu 18.04 LTS. This tool, when given permission to, collects non-identifiable system data about new Ubuntu installs and upgrades and ferries it back to Canonical for analysis.

Linux Foundation's TODO and New Chinese Ties

  • The Linux Foundation and TODO Group Release Chinese Versions of Open Source Guides for the Enterprise
    -The Linux Foundation, the nonprofit organization enabling mass innovation through open source, has released Chinese translations of 10 Open Source Guides for the Enterprise, created to help executives, open source program managers, developers, attorneys and decision makers learn how to best leverage open source.
  • Tencent joins the Linux Foundation as a platinum member
    Chinese tech giant Tencent has announced it’s joined the Linux Foundation as a platinum member. Tencent is one of a few companies to offer the highest level of support to the Linux Foundation. Other tech companies in this stable include IBM, Microsoft, and Intel, as well as fellow Chinese titan Huawei. As part of the deal, Tencent will take a chair on the Foundation’s board of directors. It has also promised to offer “further support and resources” to the Foundation’s efforts. So far, this has taken the form of Tencent donating several pieces of its software.
  • Tencent becomes a Linux Foundation platinum member to increase its focus on open source
    Tencent, the $500-billion Chinese internet giant, is increasing its focus on open source after it became a platinum member of the Linux Foundation. The company has long been associated with the foundation and Linux generally, it is a founding member of the Linux Foundation’s deep learning program that launched earlier this year, and now as a platinum member (the highest tier) it will take a board of directors seat and work more closely with the organization. That works two ways, with Tencent pledging to offer “further support and resources” to foundation projects and communities, while the Chinese firm itself will also tap into the foundation’s expertise and experience.
  • Tencent Supports Open Source Community With Linux Foundation Platinum Membership
    LinuxCon China -- The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announces Tencent has become the latest Platinum member of the foundation. Tencent is a leading provider of Internet value added services in China, offering some of China's most popular websites, apps and services including QQ, Qzone, Tencent Cloud and Weixin/WeChat.
  • TARS and TSeer Form Open Source Project Communities Under The Linux Foundation to Expand Adoption and Pace of Development
    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced at LinuxCon + ContainerCon + CloudOpen China in Beijing that TARS, a remote procedure call (RPC) framework, and TSeer, a high availability service discovery, registration and fault tolerance framework, have become Linux Foundation projects. Both projects were initially developed by leading Chinese technology company, Tencent, which open sourced the projects last year. This follows the announcement of Tencent becoming a Platinum member of The Linux Foundation, and reflects the foundation’s growing collaboration with the Chinese open source community.
  • Tencent Becomes Latest Platinum Member of Linux Foundation
    Chinese behemoth looking to cultivate open source ties The Linux Foundation has announced that Tencent has become the latest member to obtain platinum membership. The non-profit American tech company, which is funded by membership payments, uses the funding for sustainable open source projects. Within the foundation, there are three membership tiers, starting from silver to gold, all the way up to platinum where members have to pay $500,000 a year (approx. £377,643) for that category.
  • Tencent Joins The Linux Foundation, Open-Sources Projects
    China's Tencent holding conglomerate that backs a variety of Internet services/products is the latest platinum member of the Linux Foundation.

Events: DebCamp, openSUSE Conference, OSSummit Japan 2018

  • Yes! I am going to...
    Of course, DebCamp is not a vacation, so we expect people that take part of DebCamp to have at least a rough sketch of activities. There are many, many things I want to tackle, and experience shows there's only time for a fraction of what's planned.
  • Dates, Location set for openSUSE Conference 2019
    The openSUSE Project is pleased to announce the location and dates for the 2019 openSUSE Conference. The openSUSE Conference 2019 will return to the Z-Bau in Nuremberg, Germany, and be Friday, May 24, through Sunday, May 26. Planning for the 2019 conference will begin this summer and community members are encouraged to take part in the planning of the conference through the organizing team. The openSUSE Board proposed the idea of having organizing team for openSUSE Conferences last month at oSC18. An email about the organizing team was sent out to the openSUSE-Project mailing list.
  • OSSummit Japan 2018
    Some Debian developers (Jose from Microsoft and Michael from credativ) gave a talk during this event.

Games: Warhammer, Steam, OpenSAGE and Wine