Language Selection

English French German Italian Portuguese Spanish

Security: Reproducible Builds, Windows Phones, Debian, Mageia Identity Security Breach and More

Filed under
Security
  • Reproducible Builds: Weekly report #147
  • Windows Phones Get Cumulative Update KB4074592, PDF Support Now Broken

    Just when you thought Windows 10 Mobile is dead, here’s Microsoft rolling out a new cumulative update for the platform as part of its February patching cycle.

    Windows 10 cumulative update KB4074592, which is also released on PCs running the Creators Update (version 1703) – phones have never received the Fall Creators Update, comes with little changes for mobile devices, though it does something that many users might notice.

    Microsoft doesn’t provide a separate change log for mobile and PC, so the release notes that you can find at the end of the article include all the improvements and security fixes that Microsoft included in KB4074592 for both platforms.

  • Time to Join Extended Long Term Support for Debian 7 Wheezy

    Debian 7 Wheezy LTS period ends on May 31st and some companies asked Freexian if they could get security support past this date. Since about half of the current team of paid LTS contributors is willing to continue to provide security updates for Wheezy, I have started to work on making this possible.

  • Hackers Infiltrated Tesla to Mine Cryptocurrency

    While Elon Musk was busy planning how to launch his Tesla Roadster into the depths of space last month, a hacker was silently using Tesla’s computing power to mine an unknown amount of cryptocurrency.

    The unidentified attackers found their way in through cracks in Tesla’s cloud environment, according to a report issued by RedLock security on February 20. The miners were able to gain access via an unprotected Tesla Kubernete console—an open source system that manages applications. Included on this console were the access credentials to Tesla’s Amazon Web Service. Once they obtained access to the console, the attackers were able to run scripts that allowed them to stealthily mine cryptocurrency.

  • Hacking at EPFL Toastmasters, Lausanne, tonight

    ...remember to turn off your mobile device or leave it at home, you never know when it might ring or become part of a demonstration.

  • Mageia Identity Security Breach

    A user was able to gain access to our LDAP database and has published the email addresses and names, as well as apparent password hashes, of anyone who has signed up to identity.mageia.org. However, the published hashes do not match those on record, and all capitalisation has been removed, so it is not clear that the actual passwords have been compromised. All of the passwords have since been reset as a security precaution. New rules have been added to prevent access to the LDAP server. The sysadmins are investigating how the fields were read, as the configuration should have specifically prevented this.

    The passwords stored by the Mageia LDAP server are hashed and salted, meaning that the full decryption of the password, if they have actually been leaked, into a human-usable format would require significant computing power for safe and complex passwords.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.