Language Selection

English French German Italian Portuguese Spanish


App stores and Linux repositories: Maybe the worst ideas ever

Filed under

Technically, since we’re talking about Linux and free/open source software here, there’s nothing stopping someone from cloning the entire repository for a system before it goes offline and then providing that repository as a service to people who still want it. But this is a big undertaking and is something that a casual user of a platform simply isn’t going to do.

In my case, I absolutely would have done this for my N810. I would have cloned the entire repository, including system updates, and hosted it on my server for personal use (and provided it to anyone else who needed it). Would I have ever bothered to update it? Probably not. But I would have had it there for as long as I ran that device. But, alas, I didn’t know the company was killing the entire repository (perhaps I should have expected it, but I didn’t). So, I’m plum out of luck. Plus, I’m weird. Most people would absolutely not clone a repository and self-host it. That's just a crazy thing to do.

Read more

Security Leftovers

Filed under
  • EFF's Badge Hack Pageant Returns to DEF CON

    We are proud to announce the return of EFF's Badge Hack Pageant at the 24th annual DEF CON hacking conference in Las Vegas. EFF invites all DEF CON attendees to stretch their creative skills by reinventing past conference badges as practical, artful, and over-the-top objects of their choosing. The numerous 2015 pageant entries included a crocheted badge cozy, a quadcopter, counterfeit badges, a human baby, a breathalyzer, a dazzling array of LED shows, and more than one hand-made record player that would make MacGyver weep. We encourage you to join us and contribute something whether you are a crafter, a beginner, or a hardware hacking wizard. It's a great summer project so get started now and enjoy a great show!

  • @Deray’s Twitter Hack Reminds Us Even Two-Factor Isn’t Enough

    This has been the week of Twitter hacks, from Mark Zuckerberg to a trove of millions of passwords dumped online to, most recently, Black Lives Matter activist DeRay McKesson.

  • System calls for memory protection keys

    "Memory protection keys" are an Intel processor feature that is making its first appearance in Skylake server CPUs. They are a user-controllable, coarse-grained protection mechanism, allowing a program to deny certain types of access to ranges of memory. LWN last looked at kernel support for memory protection keys (or "pkeys") at the end of 2015. The system-call interface is now deemed to be in its final form, and there is a push to stage it for merging during the 4.8 development cycle. So the time seems right for a look at how this feature will be used on Linux systems.

YubiKey NEO: Ubuntu 16.04 usefulness (+ review)

Filed under

I got a hold of a YubiKey NEO, so I was wondering how useful it is and what can I do with it. Here’s my “tutorial” on setting it up using Ubuntu 16.04 and actually using it.

Read more

Tails 2.4 Launched With TOR 6.0 — Best Linux Distro For Anonymity And Privacy

Filed under

Tails is a popular privacy-focused Linux distribution–here are some other Linux distros for different purposes–with an aim to provide anonymous computing experience. This distro was most famously used by NSA whistleblower Edward Snowden.

If you are acquainted with Tails, you might be knowing that Tails forces all the network activity to go through the TOR network, making your all activities anonymous. Being a Live Linux distro, it can be booted from an SD card, DVD, or USB drive.

Read more

Security Leftovers

Filed under
  • Massive DDoS attacks reach record levels as botnets make them cheaper to launch

    There were 19 distributed denial-of-service (DDoS) attacks that exceeded 100 Gbps during the first three months of the year, almost four times more than in the previous quarter.

    Even more concerning is that these mega attacks, which few companies can withstand on their own, were launched using so-called booter or stresser botnets that are common and cheap to rent. This means that more criminals can now afford to launch such crippling attacks.

  • Twitter locks user accounts that need 'extra protection'

    Better safe than sorry, or so goes Twitter's latest thinking.

    The social network on Friday maintained it was not the victim of a hack or data breach, as previously reported. But Michael Coates, Twitter's head of information security, wrote in a blog post that the company has identified some accounts that need "extra protection." Those accounts have been locked, requiring users to reset their passwords in order to access them.

Security Leftovers

Filed under
  • Tuesday's security updates
  • Security advisories for Wednesday
  • Thursday's security updates
  • Security advisories for Friday
  • Slicing Into a Point-of-Sale Botnet

    Point-of-sale based malware has driven most of the credit card breaches over the past two years, including intrusions at Target and Home Depot, as well as breaches at a slew of point-of-sale vendors. The malware usually is installed via hacked remote administration tools. Once the attackers have their malware loaded onto the point-of-sale devices, they can remotely capture data from each card swiped at that cash register.

  • Microsoft's BITS file transfer tool fooled into malware distribution

    Researchers at Dell SecureWorks have spotted a new and dangerous way to misuse of Microsoft's Background Intelligent Transfer Service (BITS).

    While working on a customer clean-up project, SecureWorks staff found that attackers had created self-contained BITS tasks that didn't appear in the registries of affected machines, and their footprints were limited to entries on the BITS database.

    The attack was spotted on a Windows 7 machine in an academic administration environment.

iTWire shows Linux Australia the right way to host a server

Filed under

An iTWire article appears to have resulted in Linux Australia seeing the folly of not having proper arrangements in place for hosting its website.

Further, a member of Linux Australia has suggested the office-bearers should resign en masse for not anticipating a breakdown in hosting the organisation's website recently.

Linux Australia secretary, Sae Ra Germaine, posted to the Linux-aus mailing list in April to explain why the organisation experienced server downtime, ultimately because the team charged with managing this task, while recognising a risk of disruption, did not engage with the University hosting the server instead choosing only to liaise with ex-employees, and discontinued searching for a new host between December 2015 and March 2016.

Read more

Also: Preventing break-ins on your Linux system

Imagination’s new router chips could save open source firmware from FCC rules

Filed under

A company that designs MIPS processors for networking hardware says it is developing technology that would allow installation of open source firmware on wireless routers while still complying with the US Federal Communications Commission's latest anti-interference rules.

The FCC now requires router makers to prevent third-party firmware from changing radio frequency parameters in ways that could cause interference with other devices, such as FAA Doppler weather radar systems.

Read more

Also: Small footprint open source hypervisor makes highly efficient use of hardware virtualization technology in Imagination’s MIPS CPUs

Mozilla contributes to FOSS security

Filed under

Security Leftovers

Filed under
  • University gives in to $20,000 ransomware demand

    Calgary officials agreed to pay the ransom but it will take some time for the encryption keys to be used on all of the university's infected machines, of which there are over 100. The process is time-consuming and it is not yet known if the keys will even work.

  • University of Calgary pays hackers $20,000 after ransomware attack

    A chain of hospitals in Washington, D.C., was hit in March, while a Los Angeles medical centre shelled out $17,000 earlier this year to hackers following a ransomware attack.

  • Unintended Consequences Of Slavery In IT

    Obviously many use That Other OS for valid purposes but few would do so if this incident was on their radar. There are hundreds of such malwares. How many times will the university pay up for permission to use the hardware they own? They’ve already likely paid Intel double the value for their chips, M$, even more for permission to use Intel’s chips and now a steady stream of cyber-criminals.

  • Mikko Hypponen: Real Hackers Don't Wear Hoodies (Cybercrime is Big Business)

    I'll be discussing these topics, and how they apply to open source systems and to service providers further in my keynote ("Complexity: The enemy of Security") at the OPNFV Summit in Berlin on June 22-23. See you in Berlin!

  • Password Re-user? Get Ready to Get Busy

    In the wake of megabreaches at some of the Internet’s most-recognized destinations, don’t be surprised if you receive password reset requests from numerous companies that didn’t experience a breach: Some big name companies — including Facebook and Netflix — are in the habit of combing through huge data leak troves for credentials that match those of their customers and then forcing a password reset for those users.

  • Your mobile phone account could be hijacked by an identity thief

    A few weeks ago an unknown person walked into a mobile phone store, claimed to be me, asked to upgrade my mobile phones, and walked out with two brand new iPhones assigned to my telephone numbers. My phones immediately stopped receiving calls, and I was left with a large bill and the anxiety and fear of financial injury that spring from identity theft. This post describes my experiences as a victim of ID theft, explains the growing problem of phone account hijacking, and suggests ways consumers and mobile phone carriers can help combat these scams.

  • Belgium tops list of nations most vulnerable to hacking

    A new “heat map of the internet” has revealed the countries most vulnerable to hacking attacks, by scanning the entire internet for servers with their front doors wide open.

  • Australia fourth most vulnerable nation to hacking: study

    Australia ranks fourth among the countries most vulnerable to hacking attacks, according to a study by penetration testing and information security form Rapid7.

    Belgium tops the list, followed by Tajikistan and Samoa.

    The company compiled what it calls a "heat map" of the Internet, looking for servers that had exposed ports that could be compromised.

  • University pays almost $16,000 to recover crucial data held hostage

    Canada's University of Calgary paid almost $16,000 ($20,000 Canadian, ~£10,800) to recover crucial data that has been held hostage for more than a week by crypto ransomware attackers.

    The ransom was disclosed on Wednesday morning in a statement issued by University of Calgary officials. It said university IT personnel had made progress in isolating the unnamed ransomware infection and restoring affected parts of the university network. It went on to warn that there's no guarantee paying the controversial ransom will lead to the lost data being recovered.

Syndicate content

More in Tux Machines

Leftovers: Software

  • Desktop Gmail App WMail Scores a Sizeable Update
    There's a new stable release of WMail, the app that describes itself as "the missing desktop client for Gmail".
  • 2 free desktop recording tools to try: SimpleScreenRecorder and Kazam
    A picture might be worth a thousand words, but a video demonstration can save a lot of talking. I'm a visual learner, so seeing how to do something has been very helpful in my education. I've found that students benefit from seeing exactly how an application is configured or how a code snippet is written. Desktop screen recorders are great tools for creating instructional videos. In this article, I'll look at two free, open source desktop screen recorders: SimpleScreenRecorder and Kazam.
  • Nightfall on Linux
    I've looked at general astronomy programs in the past that are helpful for many tasks you might need to do in your stargazing career. But, several specific jobs are more complicated and require specialized software to make relevant calculations, so here, let's take a look at Nightfall. Nightfall is a program that can handle calculations involving binary star systems. It can animate binary star systems, taking into account not only orbital speeds but also rotational motion and the changing shape of stars due to their close positions. You can model what it would look like and what kind of light curves you would register when observing a binary system. You even can take a set of actual observational data and find a best-fit model for the system you are studying.
  • Nmap 7.31 Security Scanner Updates Npcap with Raw 802.11 Wi-Fi Capture Support
    The first point release of the popular, open-source, and cross-platform Nmap 7.30 free security scanner and network mapper arrived, versioned 7.31, adding several important stability improvements, and bug fixes. New features in Nmap 7.31 include Npcap 0.10r9, which has been upgraded from version 0.10r2 bundled in Nmap 7.30 to add raw 802.11 Wi-Fi capture support, updated Zenmap graphical interface to indicate that better display of hostname is attached to Topology page's address, and IPv6 fingerprint submission improvements. "To increase the number of IPv6 fingerprint submissions, a prompt for submission will be shown with some random chance for successful matches of OS classes that are based on only a few submissions. Previously, only unsuccessful matches produced such a prompt," read the release notes for Nmap 7.31.
  • Shotwell 0.25.0 Image Viewer Supports ACDSee Tags, Improves Piwigo Support
    A new stable release of the popular Shotwell open-source image viewer and organizer arrived for users of Linux-based operating systems, version 0.25.0, bringing lots of important changes. As usual, we've managed to get our hands on the internal changelog, which we've also attached at the end of the story for your reading pleasure, and we'd like to tell you that Shotwell 0.25.0 now supports the tags written by the commercial ACDSee photo manipulation software. The application now makes use of Unicode characters, supports recent Vala compiler releases, improves the Piwigo upload support by implementing an option to override the SSL (Secure Sockets Layer) certificate handling, and another one to display the SSL certificate, along with better creation of new albums.
  • xfce4-panel 4.12.1 Released, Xfce 4.14 Still A Long Ways Out
    Xfce4-panel 4.12.1 has been released as a "long overdue maintenance release" while Xfce 4.14 is still in its infancy. Xfce4-panel 4.12.1 has translation updates, support for xfpanel-switch in the preferences, and just some basic fixes. This comes a few weeks after the quiet bug-fix releases of xfce4-settings 4.12.1 and also joined by the xfconf 4.12.1 release this week.
  • Video Call Improvements Land in Skype for Linux Alpha 1.11
  • Dual-GPU integration in GNOME
    Thanks to the work of Hans de Goede and many others, dual-GPU (aka NVidia Optimus or AMD Hybrid Graphics) support works better than ever in Fedora 25. On my side, I picked up some work I originally did for Fedora 24, but ended up being blocked by hardware support. This brings better integration into GNOME.
  • ‘GNOME To Do’ App Picks Up New Features
    GNOME To Do is one of those apps you’ve probably heard of, but do not use. And with a bunch of rivals task managers and to-do list apps available on Linux — from Simplenote to Remember the Milk — and online, the little app that might has its work cutout.

today's howtos

More Games for GNU/Linux

  • Humble Gems Bundle Goes Live, Offers Chroma Squad For Peanuts
    Wallets at the ready as Humble Gems Bundle is now live, a pay-what-you-can-be-bothered-to-palooza offering a selection of hitherto undiscovered indie gaming marvels. Alright, they’re all games that you’ve probably heard of before, certainly if you’re an active fan of the indie gaming scene.
  • Civilization 6 Linux Release Teased By Aspyr?
    Recently, Aspyr Media confirmed that they’ll be doing a Civilization 6 Linux release soon. Currently, Civilization 6 is live on both PC and Mac. Will Aspyr Media release concrete details about the Civilization 6 Linux release in the next few days?
  • Playstation 4 Linux Hack May Show 4.01 Vulnerability
    A new video about a Playstation 4 Linux hack may have shown a vulnerability in the 4.01 firmware update that came out for the Playstation 4 a few weeks ago. The hacking news came from a video at the GeekPwn 2016 convention in Shanghai, China, where the hacking was shown via a live demo. In this demo, a pair of Chinese computer users use a Linux computer and the Webkit browser, which is used to inject a certain exploit into the Playstation 4. One cut later, and a command line prompt appears that is then used to play Super Mario Bros. While the first use for it in the live demo is innocuous, the fact that this is even possible points once again to possible holes in the Playstation’s security.
  • PlayStation 4 hack enables Linux on recent Sony firmware
    A showcase event at this week’s GeekPwn conference in Shanghai suggests that Sony’s PlayStation 4 has been hacked, as a recently released video shows the console running an unsanctioned Linux build courtesy of a web browser exploit. While details regarding the hack are not yet known, a browser-based security issue in PS4 firmware version 4.01 could potentially allow users to root the upcoming PlayStation 4 Pro console in order to run unlicensed applications and games.

Red Hat News