Language Selection

English French German Italian Portuguese Spanish

Security

Security: MacOS Hole is Back and Other Incidents

Filed under
Security
  • Updating macOS can bring back the nasty “root” security bug

    The serious and surprising root security bug in macOS High Sierra is back for some users, shortly after Apple declared it fixed. Users who had not installed macOS 10.13.1 (and thus were running a prior version of the OS when they received the security update) found that installing 10.13.1 resurfaced the bug, according to a report from Wired.

  • MacOS Update Accidentally Undoes Apple's "Root" Bug Patch

    But now multiple Mac users have confirmed to WIRED that Apple's fix for that problem has a serious glitch of its own. Those who had not yet upgraded their operating system from the original version of High Sierra, 10.13.0, to the most recent version, 10.13.1, but had downloaded the patch, say the "root" bug reappears when they install the most recent macOS system update. And worse, two of those Mac users say they've also tried re-installing Apple's security patch after that upgrade, only to find that the "root" problem still persists until they reboot their computer, with no warning that a reboot is necessary.

  • Former Sysadmin Caught Hacking His Ex-Employer by His Replacement

    On Wednesday, November 29, a Kansas City court sentenced a Missouri man to six years in federal prison without parole for hacking his former employer, stealing trade secrets, and for accessing child pornography.

    The man is Jacob Raines, 38, of Parkville, Missouri, who worked as IT manager for American Crane & Tractor Parts (AC&TP) in Kansas City from July 2004 until March 28, 2014, when he resigned his position.

  • Security News This Week: A New Bill Wants Jail Time for Execs Who Hide Data Breaches

    Failure to report within 30 days could come with imprisonment of up to five years for the execs who decided to cover it up.

  • Flaw Found In Dirty COW Patch
  • Researchers dissect open-source ransomware programs Bugware and Vortex

Security: Security Tools for Defenders, China/Russia, JavaScript and Updates

Filed under
Security

Security: NHS, Breaches, Ransom and More

Filed under
Security

  • NHS cyber unit welcomed with cautious optimism by privacy and security groups

    NHS Digital has started a £20 million procurement process for an internal security operations unit that will receive emergency support from the winning third party

  • Here's What I'm Telling US Congress about Data Breaches

    As I explained in that first blog post, I'm required to submit a written testimony 48 hours in advance of the event. That testimony is now publicly accessible and reproduced below.

  • Researchers dissect open-source ransomware programs Bugware and Vortex
  • How Can You Protect Your Computer?

    Virus threats are not new to the cyber community as it is one of those threatening factors that exist for decades now. Hackers are coming with all new malicious codes every then and now. You can find virus threats in the form of spyware, malware, Trojan horses, Worms, phishing scams, adware, ransomware and much more. The ideal solution to protect your system from virus threats is to keep your system up-to-date. Apart of it, some changes in online behavior can also help you deal with this menace. Let’s discuss ways to protect your computer from viruses and hackers.

  • What Apple, Google, Linux and a Huge Dirty COW have in common

    The Industrial Control Systems Cyber Emergency Response Team, aka ICS-CERT, was busy in November issuing alerts about medical device makers while tech stalwarts Apple and Google sent security vulnerabilities of their own. And you thought All Hallows’ Eve made October a frightful month? Here’s what happened in November.

System76 Shuts Off Intel Back Doors, But Will Continue to Pay Intel

Filed under
GNU
Linux
Hardware
Security
  • System76 Will Begin Disabling Intel ME In Their Linux Laptops

    Following the recent Intel Management Engine (ME) vulnerabilities combined with some engineering work the past few months on their end, System76 will begin disabling ME on their laptops.

  • Linux hardware vendor outlines Intel Management Engine firmware plan

    The Linux-equipped computer maker, System76, has detailed plans to update the Intel Management Engine (ME) firmware on its computers in line with Intel’s November 20th vulnerability announcement. In July, System76 began work on a project to automatically deliver firmware to System76 laptops which works in a similar fashion to how software is usually delivered through the operating system.

  • System76 to disable Intel Management Engine on its notebooks

    Intel has recently confirmed the earlier findings of third parties who revealed that its Management Engine firmware has some serious security issues. Since we talked about this recently, we should now move to System76's approach in handling this situation.

Want to switch from Apple macOS to Linux because of the 'root' security bug? Give deepin 15.5 a try!

Filed under
GNU
Linux
Mac
Security

Apple's macOS is a great operating system. Not only is it stable and beautifully designed, but it very secure too. Well, usually it is. Unless you live under a rock, you definitely heard about the macOS High Sierra security bug that made the news over the last couple of days. In case you somehow are unaware, the bug essentially made it so anyone could log into any Mac running the latest version of the operating system.

Luckily, Apple has already patched the bug, and some people -- like me -- have forgiven the company. Understandably, not everyone will be as forgiving as me. Undoubtedly, there are Mac users that are ready to jump ship as a result of the embarrassing bug. While that is probably an overreaction, if you are set on trying an alternative operating system, you should not go with Windows 10. Instead, you should embrace Linux. In fact, rather serendipitously, a Linux distribution with a UI reminiscent of macOS gets a new version today. Called "deepin," version 15.5 of the distro is now ready to download.

Read more

Also: deepin 15.5 Linux Distro Released — Get A Beautiful And Easy-to-use Linux Experience

Ubuntu 16.04 LTS Will Soon Get an Important Unity Stack Update with 27 Bug Fixes

Filed under
Security
Ubuntu

When Mark Shuttleworth said Canonical wouldn't develop Unity anymore, there were rumors that Unity 7 will also no longer receive any maintenance work. But Canonical shattered those rumors and said it would continue to patch things in the Unity Stack for supported releases, such as Ubuntu 16.04 LTS.

Truth be told, we didn't actually see any signs of life support for Unity since that announcement, but it looks like the team responsible for keeping the desktop environment bug-free has done some great work lately and managed to squash no less than 27 bugs for the Unity Stack in Ubuntu 16.04 LTS (Xenial Xerus).

Read more

System76 will disable Intel Management engine on its Linux laptops

Filed under
GNU
Linux
Security

System76 is one a handful of companies that sells computers that run Linux software out of the box. But like most PCs that have shipped with Intel’s Core processors in the past few years, System76 laptops include Intel’s Management Engine firmware.

Intel recently confirmed a major security vulnerability affecting those chips and it’s working with PC makers to patch that vulnerability.

But System76 is taking another approach: it’s going to roll out a firmware update for its recent laptops that disables the Intel Management Engine altogether.

Read more

Security: Uber, Amazon, Updates, Reproducible Builds, Mirai and Tizi

Filed under
Security

Security: WordPress, Apple, NSA, Microsoft and Uber

Filed under
Security

Security: KAISER, Coppersmith Attack, Updates, and Web Threats

Filed under
Security
  • KAISER: hiding the kernel from user space

    Since the beginning, Linux has mapped the kernel's memory into the address space of every running process. There are solid performance reasons for doing this, and the processor's memory-management unit can ordinarily be trusted to prevent user space from accessing that memory. More recently, though, some more subtle security issues related to this mapping have come to light, leading to the rapid development of a new patch set that ends this longstanding practice for the x86 architecture.

  • Security updates for Wednesday
  • ROCA: Return Of the Coppersmith Attack

    On October 30, 2017, a group of Czech researchers from Masaryk University presented the ROCA paper at the ACM CCS Conference, which earned the Real-World Impact Award. We briefly mentioned ROCA when it was first reported but haven't dug into details of the vulnerability yet. Because of its far-ranging impact, it seems important to review the vulnerability in light of the new results published recently.

  • Some Websites Are Mining Cryptocurrency Using Your CPU Even When You Close Browser

    The advent of cryptocurrencies was bound to spark the interest of cybercriminals who are always looking to exploit some technology to steal some clicks or install malware. In the recent times, we’ve come across reports of a huge number of websites using your PCU power to mine cryptocurrency; the browser extensions and Android apps aren’t untouched by this epidemic. Developers have also come up with different options to ban this practice altogether.

    In the previous research work conducted by security firms, it was found that a miner could be run as long as the browser was running; close the browser and mining activity stops. However, as per the latest technique spotted by Malwarebytes, some dubious website owners can mine digital coins like Monero even after browser window is closed.

  • Top 10 Common Hacking Techniques You Should Know About

    Using simple hacks, a hacker can know about your personal unauthorized information which you might not want to reveal. Knowing about these common hacking techniques like phishing, DDoS, clickjacking etc., could come handy for your personal safety.

Syndicate content

More in Tux Machines

GNOME: Belated GUADEC Report, "Is GNOME Just Lazy?"

  • Alberto Ruiz: GUADEC 2017: GNOME’s Renaissance
    This is a blog post I kept as a draft right after GUADEC to reflect on it and the GNOME project but failed to finish and publish until now. Forgive any outdated information though I think the post is mostly relevant still. I’m on my train back to London from Manchester, where I just spent 7 amazing days with my fellow GNOME community members. Props to the local team for an amazing organization, everything went smoothly and people seemed extremely pleased with the setup as far as I can tell and the venues seemed to have worked extremely well. I mostly want to reflect on a feeling that I have which is that GNOME seems to be experiencing a renaissance in the energy and focus of the community as well as the broader interest from other players.
  • EzeeLinux Show 18.5 | Is GNOME Just Lazy?
    GNOME is dropping Active Desktop, Ubuntu is holding back Nautilus and I have been writing a lot of scripts.

Red Hat Hires From Microsoft; Fedora 27 Release Party at Taipei

Devices: Advantech, Tizen, F-Droid

OSS Leftovers

  • Why no more new AND successful FOSS projects in the last ten years?
     

    If you ask me, the new, successful FOSS projects should be project that fix, replace, rewrite, whatever… the really unglamorous, low-level tools, libraries and so on that would make that happen. Yes, I know that this is really unlikely to happen under current business models and until IoT everywhere, new iPhones every year and the like are perceived as higher priorities, regardless of their environmental impacts and, very often, sheer lack of sense.

  • FOSS Backstage - CfP open
    It's almost ten years ago that I attended my first ApacheCon EU in Amsterdam. I wasn't entirely new to the topic of open source or free software. I attended several talks on Apache Lucene, Apache Solr, Hadoop, Tomcat, httpd (I still remember that the most impressive stories didn't necessarily come from the project members, but from downstream users. They were the ones authorized to talk publicly about what could be done with the project - and often became committers themselves down the road.
  • Liveblogging RIT’s FOSS projects class: initial questions for community spelunking
    Stephen Jacobs (SJ) and I are co-teaching “Project in FOSS Development” at RIT this semester, which basically means “hey students, want to get course credit for contributing to a FOSS project?” The class is centered around 5 project sprints of two weeks each. The first 3 weeks of class are preparing for the sprint periods; the week before spring break is a pause to reflect on how sprints are going. Otherwise, class efforts will be centered around executing project work… (aka “getting stuff done”).
  • Design’N’Buy launches All-In-One Designer on Magento Open Source 2.2
    Design’N’Buy announces the launch of their flagship product – the AIOD on Magento Open Source Version 2.2. With the launch of web to print solution on Magento Version 2.2 , Design’N’Buy becomes first event in web to print industry to offer complete eCommerce printing solution for printers on one of the widest and latest technology platform.
  • Singapore: Blockchain startup Bluzelle raises $19.5m through ICO
    Singapore-based decentralised database provider Bluzelle has announced that its initial coin offering (ICO) has raised $19.5 million in funding, according to a press statement.
  • Blockchain Startup Bluzelle Raises $19.5M USD In ICO
    Bluzelle’ advisor list includes the likes of Brian Fox, creator of GNU Bash, Alex Leverington, one of the original Core ethereum developers, Prashant Malik, co-creator of Apache Cassandra and Ryan Fugger, the original creator of the cryptocurrency Ripple.
  • The Document Liberation project announces five new or improved libraries
    The Document Liberation Project has announced five new or improved libraries to export EPUB3 and import AbiWord, MS Publisher, PageMaker and QuarkXPress files.
  • Lawsuit accuses PACER of milking the public for cash in exchange for access
    The federally run online court document access system known as PACER now finds itself listed on a federal docket. Its overseer, the US government, is a defendant in a proposed class-action lawsuit accusing the service of overcharging the public. The suit, brought by three nonprofits on Thursday, claims millions of dollars generated from a recent 25-percent increase in page fees are being illegally spent by the Administrative Office of the Courts (AO). The cost for access is 10 cents per page and up to $3 a document. Judicial opinions are free. This isn't likely to break the bank for some, but to others it adds up and can preclude access to public records. The National Consumer Law Center, the Alliance for Justice, and the National Veterans Legal Services Program also claim in the lawsuit that these fees are illegal because the government is charging more than necessary to keep the PACER system afloat (as is required by Congress).
  • Is the Most Massive, Illegal Paywall in the World About to Come Down?
    A groundbreaking lawsuit is poised to decimate what is arguably the most unjust, destructive, and it now sounds like illegal paywall in the world, the Public Access to Court Electronic Records, PACER. PACER is the federal government court documents repository. Every federal court document, for every case, lives in PACER. It’s essentially a giant FTP document repository with a horrendous search system bolted on, not dissimilar to EDGAR. PACER was created in 1988 to enable access to court records electronically. Initially available only in courthouses the system was expanded to the web in 2001.
  • Codasip Announces Studio 7, Design and Productivity Tools for Rapid Generation of RISC-V Processors
    Codasip, the leading supplier of RISC-V® embedded processor IP, today announced that it has launched the 7th generation of its Studio, the unique IP-design and customization software that allows for fast configuration and optimization of RISCV processors, customer-proprietary processor architectures, and their accompanying software development toolchains.
  • EE4J Code Begins the Journey to Open Source
    The EE4J project, which was created to manage the Eclipse Foundation’s stewardship of Java EE technologies following Oracle’s decision to open source them, is starting to gain traction. Soon after the project was created, EclipseLink and Yasson (the official reference implementation of Java JSON Binding, JSR-367) became the first two projects to be transferred under the EE4J umbrella. As reported in December, the announcement was made that seven more projects were being proposed.