Language Selection

English French German Italian Portuguese Spanish

Security

Security, Fear, Uncertainty, Doubt

Filed under
Security

Security Leftovers

Filed under
Security
  • How a Fake WordPress Plugin Can Kill Your Site

    A nulled plugin is a copy of a premium WordPress plugin that’s distributed illegally online. People who do this argue it’s OK to do so because WordPress and its derivative works (like plugins) are licensed under a General Public License (GPL). According to them, that makes it OK to copy and distribute plugins how they like.

    While that’s technically true, pirating premium plugins comes with a cost. Legitimate WordPress plugin developers lose money and, more importantly, it compromises the security and integrity of WordPress websites using these nulled plugins. When you hear of a WordPress site being hacked, it’s often because they’re using a nulled plugin.

  • Security updates for Friday

    Security updates have been issued by CentOS (firefox, java-1.8.0-openjdk, java-11-openjdk, libvncserver, postgresql-jdbc, and thunderbird), Debian (firejail and gupnp), Fedora (cutter-re, postgresql-jdbc, radare2, and webkit2gtk3), openSUSE (chromium, firefox, kernel, and python-rtslib-fb), Oracle (container-tools:ol8, kernel, and nss and nspr), Scientific Linux (thunderbird), and SUSE (firefox, kernel, postgresql10 and postgresql12, python-ipaddress, and xen).

  • Reproducible Builds (diffoscope): diffoscope 155 released

    The diffoscope maintainers are pleased to announce the release of diffoscope version 155. This version includes the following changes:

    [ Chris Lamb ]
    * Bump Python requirement from 3.6 to 3.7 - most distributions are either
      shipping3.5 or 3.7, so supporting 3.6 is not somewhat unnecessary and also
      more difficult to test locally.
    * Improvements to setup.py:
      - Apply the Black source code reformatter.
      - Add some URLs for the site of PyPI.org.
      - Update "author" and author email.
    * Explicitly support Python 3.8.
    
    [ Frazer Clews ]
    * Move away from the deprecated logger.warn method logger.warning.
    
    [ Mattia Rizzolo ]
    * Document ("classify") on PyPI that this project works with Python 3.8.
    

  • Open source tool Infection Monkey allows security pros to test their network like never before

    Guardicore unveiled new capabilities for Infection Monkey, its free, open source breach and attack simulation (BAS) tool that maps to the MITRE ATT&CK knowledge base and tests network adherence to the Forrester Zero Trust framework.

Security: Patches, L1TF/Foreshadow, PE Tree, IPFire and BootHole

Filed under
Security

  • Security updates for Thursday

    Security updates have been issued by Debian (clamav and json-c), Fedora (python2, python36, and python37), Red Hat (thunderbird), Scientific Linux (thunderbird), SUSE (java-11-openjdk, kernel, rubygem-actionview-4_2, wireshark, xen, and xrdp), and Ubuntu (openjdk-8 and ppp). 

  •        

  • Researchers Make More Discoveries Around L1TF/Foreshadow - It's Not Good

    Security researchers from Graz University of Technology and CISPA Helmholtz are out with their latest findings on CPU speculative execution vulnerabilities, namely taking another look at L1TF/Foreshadow. Their findings are bad news not only for Intel but potentially other CPU vendors as well.

    [...]

    The new vulnerability outlined in the paper is "Dereference Trap" for leaking registers from an SGX enclave in the presence of only a speculative register dereference. 

    The discovery of speculative dereferencing of a user-space register in the kernel as opposed to the prefetcher not only means that some mitigations may be inadequate, but they can improve the performance of the original attack and reportedly produce similar behavior on non-Intel CPUs. 

  • PE Tree: Free open source tool for reverse-engineering PE files

    PE Tree allows malware analysts to view Portable Executable (PE) files in a tree-view using pefile – a multi-platform Python module that parses and works with PE files – and PyQt5, a module that can be used to create graphical user interfaces.

    “PE Tree is developed in Python and supports the Windows, Linux and Mac operating systems. It can be installed and run as either a standalone application or an IDAPython plugin,” Tom Bonner, a threat researcher at BlackBerry, explained.

  •        

  • IPFire: A new location database for the Internet

    In the last couple of months, we, the IPFire development team, have launched a small side project: A new location database for the Internet. In this article, I would like to give you a brief background story on why and how it come to this...

    [...]

    Other applications would be threat prevention like we use it in IPFire. Connection attempts from certain countries can simply be blocked, or port forwardings can be limited to certain countries only.

    That is, however, not an exact science. The Internet changes constantly. IP address ranges are re-assigned from one party to another one, and often it can take some time until those location databases are all updated. Up to that point, you will see wrong information like the Google front page being shown in a wrong language. This might only be a bit of an inconvenience, but for a firewall, we need more recent and reliable data.

  •        

  • What to do about the BootHole vulnerability

    Late last month, security researchers discovered a major vulnerability in the software that controls how PCs boot their operating systems. This is one of those issues that sounds scarier than it is. Fixing it will be a major process, especially for Linux system administrators and corporate IT organizations with a mixture of different PC vintages and manufacturers. The problem has been named BootHole, and it could affect up to a billion computers.

Security: Zoom Holes, New Patches and etcd Project Security Committee

Filed under
Security
  • Zoombomber crashes court hearing on Twitter hack with Pornhub video
  • Security updates for Wednesday

    Security updates have been issued by Debian (net-snmp), Fedora (mingw-curl), openSUSE (firefox, ghostscript, and opera), Oracle (libvncserver and postgresql-jdbc), Scientific Linux (postgresql-jdbc), SUSE (firefox, kernel, libX11, xen, and xorg-x11-libX11), and Ubuntu (apport, grub2, grub2-signed, libssh, libvirt, mysql-8.0, ppp, tomcat8, and whoopsie).

  • The CNCF etcd project reaches a significant milestone with completion of security audit

    This week, a third-party security audit was published on etcd, the open source distributed key-value store that plays a crucial role in scaling Kubernetes in the cloud. For etcd, this audit was important in multiple ways. The audit validates the project’s maturity and sheds light on some areas where the project can improve. This sort of audit is required criteria for any project in the Cloud Native Computing Foundation (CNCF) to qualify for graduation from the CNCF.

    Read the CNCF blog post that I co-authored to learn more about the audit and what it uncovered. As one of the project maintainers and one of two members of the etcd Project Security Committee, I’d love to share a few reasons I’m hopeful for etcd’s future and why now is a great time to contribute to etcd’s open source community.

Security: Back Doors, EFF, Trump/Microsoft Blackmail and 1Password on GNU/Linux

Filed under
Security

  • Bill Barr Applauds FOSTA Sponsor's Clone Of Senate's Encryption-Breaking 'Lawful Access' Bill

    I guess those "rule of law" folks don't care if a law is any good or will do what it intends to do without causing significant collateral damage. All they care about is that it's a law and, as a law, everyone should just subject themselves to it with a minimum of complaining.

  • Supporting Digital Freedom at the (Virtual) Summer Security Conferences

    During a typical year, EFF staff members would be headed to Las Vegas to present our latest work to the world and ensure legal support for computer security researchers at the long-running hacker events BSidesLV, Black Hat, and DEF CON. These summer security conferences are a natural opportunity for the curious and the professional to geek out on tech. Hackers, tinkerers, and reverse engineers were among the first to embrace the excitement and potential of their own imaginations in digital space. They have been a core part of EFF and the online freedom community since the beginning, and we relish thanking them face to face.

    But this year, as we each grapple with a sobering pandemic, these conferences have had to undergo big changes and are all happening in virtual space. DEF CON is even free to attend. This pandemic, as well as far-reaching protests, have forced us to rethink much of our daily lives—and these questions can feel overwhelming.

  • TikTok Ban: A Seed of Genuine Security Concern Wrapped in a Thick Layer of Censorship

    It is ironic that, while purporting to protect America from China’s authoritarian government, President Trump is threatening to ban the TikTok app. Censorship of both speech and social media applications, after all, is one of the hallmarks of the Chinese Internet strategy.  While there is significant cause for concern with TikTok’s security, privacy, and its relationship with the Chinese government, we should resist a governmental power to ban a popular means of communication and expression.  

    As is too often the case with government pronouncements, the Trump administration has proposed a ban without specifying what the ban would actually be or what authority allows for it. Rather, the President has said broadly, “we’re banning them from the United States,” or most recently, “it's going to be out of business in the United States.” This could mean a ban on using the app, or perhaps a ban on distributing TikTok in app stores, or maybe something else. Any way you slice it, an effective ban of the scope suggested cannot be squared with the Constitution. 

  • ‘1Password’ App Coming To Linux, Initial Release Available For Download

    The user-friendly and cross-platform password manager app, 1Password, is finally coming for all Linux platforms with full-feature and native support. Currently, a development preview for Linux has been unveiled.

    This is the initial release for testing and validation purposes only. Hence, you should not use its Linux development preview for production or business environments.

    As planned, an official release with long-term support will be announced later this year after including new updates, features, and changes over the next few months. However, if you want a stable version of 1Password for Linux, you can use 1Password X in your browser.

    1Password is available for all devices, browsers, and operating systems such as Windows, macOS, iOS, Android, Chrome OS, Google Chrome, Brave, Edge, and Firefox. And now it is also going to be available for Linux desktop as well.

Security: Ransom, Patches and Back Doors

Filed under
Security

           

  • Dozens of NGOs hit by hack on US fundraising database

    A major ransomware attack has affected dozens of international NGOs and their records of private donations, but details of the hit on a US fundraising platform are scarce, and two weeks after being warned some aid groups are yet to notify their donors or the public.

    International aid groups – and their private donors – are among those whose data was hacked in a security breach at online service provider Blackbaud. Names, addresses, and records of individual donations were compromised by hackers, who were paid an undisclosed ransom to return the data and delete any copies. 

    World Vision, Save the Children, and Human Rights Watch are among the large nonprofits impacted by the breach, and media reports suggest at least 200 customers of US-based Blackbaud were involved, although the company has not provided a list of affected clients.

    Alan Bryce, an official at the Charity Commission – the legal regulator in England and Wales – told The New Humanitarian that, as of 4 August, 63 UK-based charities had notified them after being affected by the ransomware attack.

    Bryce suggested NGOs were likely to tighten up procedures following the incident, in which hackers gained control of client data on Blackbaud’s systems and locked the company out until payment was made. “Charities who have suffered cybercrime go on to revise their IT security, their training programmes, or their website security,” he said. “Do not wait until it is too late for your charity.”

  • The fixes to the Linux BootHole fixes are in

    The first release of patches to the Linux BootHole came with a show-stopping problem. The fixed machines wouldn't boot. For the most part, that problem has been solved.

  • GRUB2 Boot Failure Issues Fixed in Debian and Ubuntu, Update Now

    The recent GRUB2 updates that patched some serious security vulnerabilities also caused boot failure issues for some users, so fixes for these regressions have started appearing for some distros, including Debian and Ubuntu.

    Last week, I was reporting on the BootHole vulnerability (and some other seven flaws) found in the GRUB2 bootloader, which is used by almost all GNU/Linux distributions out there. The issues opened up systems using Secure Boot to attacks, allowing local attackers to bypass UEFI Secure Boot restrictions and execute arbitrary code.

    Due to a highly coordinated effort between the security researchers who discovered the vulnerability and Linux OS maintainers, most GNU/Linux distributions were able to provide patches for their users. However, for some, these patches broke the Secure Boot implementation and left people with unbootable systems.

  •        

  • IoT Security Vulnerabilities are Ubiquitous: How To Secure Your Router and Your Linux System Now

    Luckily, there are various measures that Linux users can take to secure their wireless routers and protect their systems - most notably, conducting a Linux firmware replacement. This article will explore the benefits of “flashing” your wireless router with alternative open-source firmware, and will introduce some great alternative firmwares and single-purpose OSes that you may wish to look into.

    [...]

    Recent security research has made it clear that router manufacturers are dropping the ball on security - a discouraging trend in the industry that needs to change. However, given this unfortunate reality, it is imperative that users assume responsibility for securing their wireless routers.

Security Leftovers

Filed under
Security

           

  • DNS configuration recommendations for IPFire users

    If you are familiar with IPFire, you might have noticed DNSSEC validation is mandatory, since it defeats entire classes of attacks. We receive questions like "where is the switch to turn off DNSSEC" on a regular basis, and to say it once and for all: There is none, and there will never be one. If you are running IPFire, you will be validating DNSSEC. Period.

    Another question frequently asked is why IPFire does not support filtering DNS replies for certain FQDNs, commonly referred to as a Response Policy Zone (RPZ). This is because an RPZ does what DNSSEC attempts to secure users against: Tamper with DNS responses. From the perspective of a DNSSEC-validating system, a RPZ will just look like an attacker (if the queried FQDN is DNSSEC-signed, which is what we strive for as much of them as possible), thus creating a considerable amount of background noise. Obviously, this makes detecting ongoing attacks very hard, most times even impossible - the haystack to search just becomes too big.

    Further, it does not cover direct connections to hardcoded IP addresses, which is what some devices and attackers usually do, as it does not rely on DNS to be operational and does not leave any traces. Using an RPZ will not make your network more secure, it just attempts to cover up the fact that certain devices within it cannot be trusted.

    Back to DNSSEC: In case the queried FQDNs are signed, forged DNS replies are detected since they do not match the RRSIG records retrieved for that domain. Instead of being transparently redirected to a fradulent web server, the client will only display a error message to its user, indicating a DNS lookup failure. Large-scale attacks by returning forged DNS replies are frequently observed in the wild (the DNSChanger trojan is a well-known example), which is why you want to benefit from validating DNSSEC and more and more domains being signed with it.

  • Security updates for Tuesday

    Security updates have been issued by Debian (libx11, webkit2gtk, and zabbix), Fedora (webkit2gtk3), openSUSE (claws-mail, ghostscript, and targetcli-fb), Red Hat (dbus, kpatch-patch, postgresql-jdbc, and python-pillow), Scientific Linux (libvncserver and postgresql-jdbc), SUSE (kernel and python-rtslib-fb), and Ubuntu (ghostscript, sqlite3, squid3, and webkit2gtk). 

  •        

  • Official 1Password Linux App is Available for Testing

    An official 1Password Linux app is on the way, and brave testers are invited to try an early development preview.

    1Password is a user-friendly (and rather popular) cross-platform password manager. It provides mobile apps and browser extensions for Windows, macOS, Android, iOS, Google Chrome, Edge, Firefox — and now a dedicated desktop app for Linux, too.

  •        

  • FBI Warns of Increased DDoS Attacks

    The Federal Bureau of Investigation warned in a “private industry notification” last week that attackers are increasingly using amplification techniques in distributed denial-of-service attacks. There has been an uptick in attack attempts since February, the agency’s Cyber Division said in the alert.
    An amplification attack occurs when attackers send a small number of requests to a server and the server responds with numerous responses. The attackers spoof the IP address to make it look like the requests are coming from a specific victim, and the resulting responses overwhelms the victim’s network.

    “Cyber actors have exploited built-in network protocols, designed to reduce computation overhead of day-to-day system and operational functions to conduct larger and more destructive distributed denial-of-service amplification attacks against US networks,” the FBI alert said. Copies of the alert were posted online by several recipients, including threat intelligence company Bad Packets.

  • NSA issues BootHole mitigation guidance

    Following the disclosure of a widespread buffer-flow vulnerability that could affect potentially billions of Linux and Windows-based devices, the National Security Agency issued a follow-up cybersecurity advisory highlighting the bug and offering steps for mitigation.

    The vulnerability -- dubbed BootHole -- impacts devices and operating systems that use signed versions of the open-source GRUB2 bootloader software found in most Linux systems. It also affects any system or device using Secure Boot -- a root firmware interface responsible for validating the booting process -- with Microsoft's standard third party certificate authority. The vulnerability enables attackers to bypass Secure Boot to allow arbitrary code execution and “could be used to install persistent and stealthy bootkits,” NSA said in a press statement.

Security Leftovers

Filed under
Security

  • Security updates for Monday

    Security updates have been issued by Arch Linux (ffmpeg, libjcat, mbedtls, tcpreplay, and wireshark-cli), Debian (ark, evolution-data-server, libjpeg-turbo, libopenmpt, libpam-radius-auth, libphp-phpmailer, libssh, ruby-zip, thunderbird, and transmission), Fedora (chromium, clamav, claws-mail, evolution-data-server, freerdp, glibc, java-latest-openjdk, nspr, and nss), Gentoo (libsndfile, pycrypto, python, snmptt, thunderbird, and webkit-gtk), Mageia (botan2, chocolate-doom, cloud-init, dnsmasq, freerdp/remmina, gssdp/gupnp, java-1.8.0-openjdk, matio, microcode, nasm, openjpeg2, pcre2, php-phpmailer, redis, roundcubemail, ruby-rack, thunderbird, virtualbox, and xerces-c), openSUSE (claws-mail, ldb, and libraw), Oracle (firefox), Red Hat (bind, grub2, kernel-rt, libvncserver, nss and nspr, and qemu-kvm-rhev), Scientific Linux (firefox), Slackware (thunderbird), and SUSE (firefox, kernel, and targetcli-fb).

  • The 9 Best Cross-Platform Password Managers

    Bitwarden open-source password manager comes at no cost and rated as the best password manager. It provides a multi device sync option and unlimited passwords. Its free version helps in saving identities, credit cards and notes.

  • Linux Foundation announces new initiative to secure open-source software

    The Linux Foundation said today it’s presiding over a new foundation that brings some of the world’s most important open-source security initiatives under a new umbrella.

    The newly launched Open Source Security Foundation will host security projects such as the Core Infrastructure Initiative, which was set up in response to the infamous Heartbleed vulnerability discovered in the Open SSL protocol in 2014, and the Open Source Security Coalition, founded by GitHub Inc.’s Security Lab in 2019.

  • Technology and Enterprise Leaders Combine Efforts to Improve Open Source Security

    The Linux Foundation, today announced the formation of the Open Source Security Foundation (OpenSSF). The OpenSSF is a cross-industry collaboration that brings together leaders to improve the security of open source software (OSS) by building a broader community with targeted initiatives and best practices. It combines efforts from the Core Infrastructure Initiative, GitHub’s Open Source Security Coalition and other open source security work from founding governing board members GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat, among others. Additional founding members include ElevenPaths, GitLab, HackerOne, Intel, Okta, Purdue, SAFECode, StackHawk, Trail of Bits, Uber and VMware.

The Best Authenticator Apps for Linux Desktop

Filed under
GNU
Linux
Security

If you have ever used two-factor authentication before, then you have probably heard of tools like Google Authenticator. To make use of many of these services, you’ll have to have your phone near you. Luckily, there are desktop authenticator apps that can provide you with the secret key you need to log in to your account. Below are the best authenticator apps for the Linux desktop.

[...]

Yubico works with a hardware security token known as the Yubikey. You can store your credentials on this as opposed to on your device. This hardware security token can even be further secured by choosing to unlock it with either FaceID or TouchID.

With Yubico, you will also be able to easily transition between devices, even after upgrading. The Yubico app lets you generate multiple secrets across devices, making it simple for you to switch.

I have to admit that the security offered by a physical token like the Yubikey is great. However, users must bear in mind that they must have the key with them if they wish to use two-factor authentication. I know you may argue and say this is no better than having to carry a phone with you. However, you can’t put your phone on a keychain! Additionally, it’s tough to crack a hardware token. Someone would have to steal it from you if they wanted to access your data. Even after doing that, they still won’t know any of your passwords or anything else of the sort.

With Yubico Authenticator, you first have to insert your key before you can add services to the app. After inserting your key, you can then add a security token from a service you want to enable two-factor authentication for. This is an app more for a power user due to the steps that must be taken to get it set up.

Read more

Security and Some FUD/Alarmist Slant

Filed under
Security

           

  • Reproducible Builds (diffoscope): diffoscope 154 released

    The diffoscope maintainers are pleased to announce the release of diffoscope version 154. This version includes the following changes:

    [ Chris Lamb ]
    
    
    
    
    * Add support for F2FS filesystems.
      (Closes: reproducible-builds/diffoscope#207)
    * Allow "--profile" as a synonym for "--profile=-".
    * Add an add_comment helper method so don't mess with our _comments list
      directly.
    * Add missing bullet point in a previous changelog entry.
    * Use "human-readable" over unhyphenated version.
    * Add a bit more debugging around launching guestfs.
    * Profile the launch of guestfs filesystems.
    * Correct adding a comment when we cannot extract a filesystem due to missing
      guestfs module.
    
  • BootHole fixes causing boot problems across multiple Linux distros
  •        

  • Red Hat Security Update Renders Systems Unbootable

    Update, shared by PAjamian: Red Hat is now recommending that users do not apply grub2, fwupd, fwupdate or shim updates until new packages are available.

  • Red Hat and CentOS systems aren’t booting due to BootHole patches

    Early this morning, an urgent bug showed up at Red Hat's bugzilla bug tracker—a user discovered that the RHSA_2020:3216 grub2 security update and RHSA-2020:3218 kernel security update rendered an RHEL 8.2 system unbootable. The bug was reported as reproducible on any clean minimal install of Red Hat Enterprise Linux 8.2.

  • Bug in widely used bootloader opens Windows, Linux devices to persistent compromise

    CVE-2020-10713, named “BootHole” by the researchers who discovered it, can be used to install persistent and stealthy bootkits or malicious bootloaders that will operate even when the Secure Boot protection mechanism is enabled and functioning.

    “The vulnerability affects systems using Secure Boot, even if they are not using GRUB2. Almost all signed versions of GRUB2 are vulnerable, meaning virtually every Linux distribution is affected,” the researchers explained.

    “In addition, GRUB2 supports other operating systems, kernels and hypervisors such as Xen. The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority. Thus the majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries. This vulnerability makes these devices susceptible to attackers such as the threat actors recently discovered using malicious UEFI bootloaders.”

    The researchers have done a good job explaining in detail why the why, where and how of the vulnerability, and so did Kelly Shortridge, the VP of Product Management and Product Strategy at Capsule8. The problem effectively lies in the fact that a GRUB2 configuration file can be modified by attackers to make sure that their own malicious code runs before the OS is loaded.

  • Security updates for Friday

    Security updates have been issued by Debian (grub2 and mercurial), Fedora (chromium, firefox, and freerdp), Oracle (firefox and kernel), Red Hat (firefox), Scientific Linux (firefox, grub2, and kernel), and SUSE (ghostscript and targetcli-fb). 

  •  

  • Linux warning: TrickBot malware is now infecting your systems [Ed: "Linux warning" is alarmism because it does not do anything on its own, it's just exploiting already-compromised servers, e.g. weak password and misconfiguration]
  • Beware! TrickBot Malware Is Now Infecting Linux Devices
Syndicate content

More in Tux Machines

today's howtos

Kernel: Linux Plumbers and New in Linux 5.9

  • Linux Plumbers currently sold out

    Linux Plumbers is currently sold out of regular registration tickets. Although the conference is virtual this year our virtual platform cannot support an unlimited number of attendees, hence the cap on registration. We are currently reviewing our capacity limits to see if we can allow more people to attend without over burdening the virtual platform and potentially preventing discussion. We will make another announcement next week regarding registration.

  • Linux 5.9 Supports A Lot Of New Audio Hardware, Intel Silent Stream Added

    The Linux kernel continues supporting a lot more audio devices and much more punctual than a decade or two ago.

  • Linux 5.9 Networking Changes Are As Active As Ever

    Each kernel cycle the networking subsystem sees a lot of churn given the importance of network interconnect performance and reliability especially in high performance computing environments where Linux dominates.

5 of the Best Linux Laptops in 2020

If you’re shopping for a laptop and know you’re planning to run Linux, you can either get any laptop, reformat the hard drive and install your favorite Linux distro on it or just get a laptop that is running Linux right out of the box. Here are some of the best Linux laptops you can get in 2020. [...] These all come preloaded with Ubuntu 20.04 LTS, which is a solid base for any of the various flavors or just vanilla Ubuntu. Many of the drivers have been contributed upstream by Dell, so many distros that use newer kernels should be able to take full advantage of the Killer Wi-Fi cards and Intel Iris Plus Graphics. [...] Pine64 has been in the news often for its Pinephone, but the Pinebook Pro is another great product from them. It’s a 14” ARM laptop that weighs less than 3 lbs/1.5 KG and sips power. It’s a great little machine that helps to push Linux forward on the ARM platform and comes in just under $200. Read more

Richard Stallman: A Discussion on Freedom, Privacy & Cryptocurrencies

Dr. Richard Stallman is well-known for his free software movement activism. His speeches and work revolve around a term: freedom. And it is precisely that word that prompted Stallman to launch the GNU Project, founding the Free Software Foundation and releasing the GNU General Public License, among other projects, to promote the free software concept. RMS, as Dr. Stallman is also known, has some opinions regarding the concept of cryptocurrencies that have been widely discussed within the crypto community. Read more