Language Selection

English French German Italian Portuguese Spanish

Security

Security: Updates, Keysigning, WannaCry, DJI and More

Filed under
Security
  • Security updates for Friday
  • DebConf17 Key Signing Party
  • Keysigning!
  • Faster reference-count overflow protection
  • A Solution to Hackers {sic}? More Hackers {sic}

     

    In other words: What if the problem we face is not too many bad hackers {sic}, but too few good ones?

  • Russian man sentenced to almost four years prison in US prison for 'botnet fraud'

     

    Maxim Senakh, of Veliky Novgorod in Russia, was arrested in Finland in 2015 and extradited to the USA to face charges. He pleaded guilty in March and was sentenced in Minnesota this month.

  • Staying Secure with Open Source [Ed: Let's talk about "Staying Secure with" proprietary software, where the code is all secret so you cannot see the bugs]

    Why did Heartbleed fail? One reason, while OSS may have more eyeballs on it, it suffers from inconsistent coding methodology.

  • Researchers say WannaCry operator moved bitcoins to “untraceable” Monero

     

    On Wednesday, the 52.2 bitcoins in the wallet were drained out over nine transactions, as detected by a bot created by Quartz's Keith Collins. Neutrino researchers traced the moved bitcoins to wallets associated with Monero.

  • What is the Kronos trojan and what is Marcus Hutchins accused of?

     

    Neither the indictment, nor the Department of Justice announcement, say how they connected him to the malware.  

  • The Indictment Against Malware Researcher Marcus Hutchines Is Really Weird

    So, yesterday, we wrote a quick post about recently-famous malware research Marcus Hutchins (famous for accidentally stopping the WannaCry attack) being detained by the FBI as he left Defcon. An hour or so later, we updated it with the details of the indictment which had been released. That had my quick response, which noted that the "evidence" didn't seem very strong. It just claims (without anything else) that Hutchins wrote the Kronos malware, and most of the indictment and most of the activity focuses on a second defendant (whose name is redacted) who apparently was out selling the malware. I was planning to write up a more thorough look at the indictment and its problems today, but last night, Orin Kerr beat me to it, and he (famed lawyer, law professor and former assistant US attorney) has a bit more expertise in the subject, so let's work off of his analysis.

  • WannaCry 'hero' to plead not guilty to accusation he wrote banking malware [iophk: "none of these even mention Microsoft Windows(tm)"]

     

    Marcus Hutchins, the celebrated security professional who was arrested Wednesday on federal charges he helped create and distribute malware that steals banking credentials, will be released from detention pending $30,000 bail, according to Las Vegas reporter Christy Wilcox and other news outlets.

  • Judge sets $30K bail in banking malware case for hacker who helped stop WannaCry attack

     

    "This is excellent news," said Nicholas Weaver, a computer scientist at the University of California at Berkeley. "The indictment is remarkably shallow even by indictment standards, which is disappointing because it adds considerable uncertainty and fosters distrust with the general security community."

  • Security researcher who neutralized WCry to be released on $30,000 bond

     

    Marcus Hutchins, the celebrated security professional who was arrested Wednesday on federal charges he helped create and distribute malware that steals banking credentials, will be released from detention pending $30,000 bail, according to Las Vegas reporter Christy Wilcox and other news outlets.

  • Army tells troops to stop using DJI drones immediately, because cyber

     

    But now all of those drones are getting pulled from service, as the result of classified findings in a May study by the Army Research Lab at Aberdeen Proving Grounds in Maryland, as well as a Navy memorandum citing "operational risks" in using DJI drones. The memorandum ordering the ban was obtained by Small UAS News.

  • US Army calls for units to discontinue use of DJI equipment

     

    According to a U.S. Army memo obtained by sUAS News, the U.S. Army Research Lab and U.S. Navy have concluded that there are operational risks associated with DJI equipment, a move that was run up the flag pole last month but kept under wraps.

  • US Army reportedly asks units to stop using DJI drones, citing cybersecurity concerns

     

    The memo notes that the Army had issued over 300 separate releases authorizing the use of DJI products for Army missions, meaning a lot of hardware may have been in active use prior to the memo, which is dated August 2nd, 2017.  

  • Siemens, DHS warn of “low skill” exploits against CT and PET Scanners

    The Department of Homeland Security's Industrial Control System Computer Emergency Response Team (ICS-CERT) has issued an alert warning of four vulnerabilities in multiple medical molecular imaging systems from Siemens. All of these systems have publicly available exploits that could allow an attacker to execute code remotely—potentially damaging or compromising the safety of the systems. "An attacker with a low skill would be able to exploit these vulnerabilities," ICS-CERT warned.

    Siemens identified the vulnerabilities in a customer alert on July 26, warning that the vulnerabilities were highly critical—giving them a rating of 9.8 out of a possible 10 using the Common Vulnerability Scoring System. The systems affected include Siemens CT, PET, and SPECT scanners and medical imaging workflow systems based on Windows 7.

  • Announcing Our 2017 Security Audit Results

    A few months ago, we hired an independent security research firm to conduct an audit on the encryption specification used by Standard Notes. In building out our product, we spent a lot of time making sure our encryption is as strong and fool-proof as possible. While it's easy for one to feel confident of their own work, a security audit is a must for any privacy-focused project to assure the developers and customers alike that data being encrypted and transferred is done safely and securely.

  • 20 Docker security tools compared

    There are quite a few Docker security tools in the ecosystem, how do they compare? This is a comprehensive list of Docker security tools that can help you implement some of the container security best practices.

    Is Docker insecure? Not at all. Actually features like process isolation with user namespaces, resource encapsulation with cgroups, immutable images and shipping the minimal software and dependencies reduce the attack vector providing a great deal of protection. But, is there anything else we can do? There is much more than image vulnerability scanning and these are 20 container and Docker specific security tools that can help.

  • Is Your Business Vulnerable to Cyberattack?

    If you still believe that to be the case, you must have been living under a rock for the last year or so. Cyber attacks have increased in scale and sophistication, but they have also increased in frequency. The WannaCry ransomware event from earlier this year was the largest cyber attack in history, impacting over 200,000 devices in 150 countries including hospitals in the UK, a large telecom corporation in Spain, FedEx in the US and even the Russian government.

Tails 3 Offers Easy Anonymity for All

Filed under
Security
Debian

If you’re seriously concerned about privacy, you want to ensure you’re doing all the right things and not leaving behind a trace of what you’ve browsed. There are many reasons for this—some good, some bad. I’d like to focus on the good (naturally). In the past few years, it has become clear that tracking web histories is not a myth. Businesses, governments—anyone with the skills can make use of your browsing history. That is the very reason why technology like Tor has recently gained popularity.

Read more

Security and DRM: WannaCry Researcher, DDoS, Scotland, BA, Grsecurity, WannaCry Bitcoins, and EME

Filed under
Security
  • Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con

    Motherboard verified that a detainee called Marcus Hutchins, 23, was being held at the Henderson Detention Center in Nevada early on Thursday. A few hours after, Hutchins was moved to another facility, according to a close personal friend.

  • WannaCry researcher arrested by FBI for his role in Kronos malware campaign

    According to friends, the first clues came when Hutchins failed to text from the airport. “He was radio-silent before his flight which is very unusual,” one friend told The Verge, “and he wasn’t on the Wi-Fi on the plane.”

  • Briton who stopped WannaCry attack arrested over separate malware claims

    According to an indictment released by the US Department of Justice on Thursday, Hutchins is accused of having helped to create, spread and maintain the banking trojan Kronos between 2014 and 2015.

  • Hacker Who Stopped WannaCry Charged With Writing Banking Malware

    Hutchins isn't the only member of the malware "conspiracy" named in the indictment against him. It accuses another person, whose name is redacted from the document, of doing what seems to be the majority of the legwork to distribute Kronos, including listing the malware for sale on criminal forums, creating a video advertisement that showed how it worked, and offering so-called "crypting" services meant to hide the malware from detection. The indictment also accuses Hutchins of helping update the malware in February 2015, at least six months after it first went on sale—the only hint that he may have worked on it after it was being actively used for criminal actions.

  • WannaCry 'hero' arrested for creating other malware

    According to an indictment provided to CNN Tech, Hutchins created the malware and shared it online. The Eastern District of Wisconsin returned a six-count indictment against Hutchins on July 12, 2017. It was unsealed at the time of his arrest.

  • WannaCry hero Hutchins arrested in US by FBI

    British security researcher Marcus Hutchins, who accidentally stopped the spread of the WannaCry ransomware that was affecting Windows machines in May, has been arrested by the FBI in Las Vegas.

  • After Defcon, the FBI arrested the UK national who stopped Wannacry

    According to a US Marshals spokesman, Hutchins was arrested by the FBI shortly after the Defcon/Blackhat conference in Las Vegas, though no one has disclosed the charge. His friends cannot locate him.

  • FBI arrests WannaCry hero Marcus Hutchins in Las Vegas over malware claims

    A young cyber expert who stopped the WannaCry global cyber attack has been arrested in the US for allegedly conspiring to advertise and sell a malicious software that targeted bank accounts.

  • Guy Who Accidentally Stopped WannaCry Ransomware Detained After Defcon

    As you may recall, earlier this year, when the WannaCry ransomware was spreading like wildfire, it was accidentally stopped by a security researcher in the UK who was (mostly) known only by the pseudonym MalwareTech. He wrote about the whole experience after having tweeted about it earlier. Basically he spotted the domain that WannaCry was pinging and saw that it wasn't registered -- so he registered it, if just to track the spread of the malware. But, that process actually stopped WannaCry from spreading due to the way the ransomware was designed. The story of someone accidentally stopping a massive malware breakout was a good one and it was widely covered by the press. MalwareTech got lots of good press out of it... and as a thank you, at least one UK publication doxxed him and revealed his name, his age, some of his social media photos and even what he liked to eat. That wasn't very nice. Still, now it's known that Marcus Hutchens is MalwareTech, and people should be thanking him.

  • Convicted Fraudster Uses DDoS Attack To Clean Up Search Results, Fails Spectacularly

    Nice work, Andrew. Generating a federal indictment is a surefire way to ensure your vanity search results remain unmarred by "offending court decisions." But this DDoS wasn't Rakhshan's only attempt to scrub the web of negative info. Searching through the Lumen (formerly Chilling Effects) database reveals post-alleged attack efforts Rakhshan made to clean up unflattering search results.

  • Scottish government whacked by two ransomware attacks in the past year

    The government noted that the actual number of attacks may be higher than it recorded, but added that it is ‘not always possible to identify or record unsuccessful incidents that could be defined as attacks, such as phising emails or those with potential malware that can be filtered before ever reaching the Scottish government.'

  • BA suffers yet more IT borkage causing 'chaos' at London airports

    The IT glitch, which was resolved at around 9am UK time, caused 'carnage' at check-in desks at the three London airports, according to pissed off holidaymakers.

  • Open-source advocate sued over comments on kernel hardening group

    A group that supplies a hardening patch for the Linux kernel has sued a well-known free and open-source practitioner for claiming that the patches in question violate the licence under which the kernel is distributed.

    The group, Grsecurity which has filed the lawsuit under its trading name Open Source Security, sells its patch to subscribers and has taken offence at Bruce Perens' characterisation of their efforts as presenting "a contributory infringement and breach of contract risk".

    Perens issued a statement on 28 June, detailing his reasons why users should avoid using the Grsecurity patch. "It (the patch) is a derivative work of the Linux kernel which touches the kernel internals in many different places. It is inseparable from Linux and cannot work without it," he wrote.

  • WannaCry hackers finally empty ransom wallets following bitcoin split

    The hackers {sic} behind WannaCry have cashed out more than $140,000 (£105,000) worth of bitcoins paid by victims of the ransomware bastard.

  • Bitcoin’s split gave the WannaCry hackers an instant boost to their profits

    In reality, the WannaCry hackers will have a tough time liquidating any of their holdings. It has become far more difficult for hackers to cash out because a major bitcoin exchange called btc-e, which allegedly is responsible for laundering 95% of ransomware funds, has gone offline.

  • WannaCry: hackers withdraw £108,000 of bitcoin ransom

    More than £108,000 in bitcoin paid by victims of the WannaCry ransomware attack, which crippled parts of the NHS as well as businesses in 150 countries worldwide, has been withdrawn from the digital wallets the funds were being held in.

  • Are Internet Standards Standing in the Way of Digital Accessibility?

     

    Disabled people often need to modify digital content so they can consume it. Some advocates are worried new standards will turn them into criminals.

  • DRM in web standards creates new barriers to accessibility

     

    But an equally important activity that DRM interferes with is accessibility adaptation, which, despite being protected in many countries' copyright laws, turns into a legal minefield if DRM has to be removed in order to make a copyrighted work accessible for people with disabilities.  

Marcus Hutchins and Bruce Perens Sued

Filed under
Security
Legal
  • Slayer of WCry worm charged with creating unrelated banking malware

    Marcus Hutchins, the 23-year-old security professional who accidentally stopped the spread of the virulent WCry ransomware worm in May, has been named in a federal indictment that alleges he was part of a conspiracy that created and distributed a piece of unrelated malware that steals banking credentials from unsuspecting computer users.

    According to the eight-page indictment, the conspiracy involved Hutchins and two other individuals whose names still have not been made public. After Hutchins allegedly created the banking trojan dubbed "Kronos," a video circulated in July 2014 on a publicly available website that demonstrated how the malware worked. A month later, one of the unnamed co-conspirators put the malware up for sale at a price of $3,000. Hutchins and one of the co-conspirators allegedly updated Kronos around February 2015.

  • Linux kernel hardeners Grsecurity sue open source's Bruce Perens

    "As a customer, it’s my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog.

    The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may helped him draft that post, for defamation and business interference.

    [...]

    Linus Torvalds, who oversees the Linux kernel, has called Grsecurity's patches "garbage."

    Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code – a right under the GPLv2 license – will no longer be customers and will lose the right to distribute subsequent versions of the software.

Security: Updates, MacOS, AV Snakeoil, Containers, IoT, Windows Ransomware

Filed under
Security

Dumbo

Filed under
Microsoft
Security

Today, August 3rd 2017 WikiLeaks publishes documents from the Dumbo project of the CIA. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.

Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.

Dumbo is run by the field agent directly from an USB stick; it requires administrator privileges to perform its task. It supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. 64bit Windows XP, or Windows versions prior to XP are not supported.

Read more

Security: Swedish Breach, 'Hacked' [sic], Black Hat and Defcon and WordPress Patches

Filed under
Security
  • Following security breach, Sweden shores up outsourcing rules

    The Swedish government is restricting outsourcing of privacy sensitive data, following the possible leak of all of its vehicle data, outsourced to IBM in 2015 without the proper security checks. The stricter limits on what may be outsourced, were announced at a press conference on 24 July by Prime Minister Stefan Löfven.

  • 12 signs you've been hacked -- and how to fight back [Ed: Microsoft employee describes the symptoms of knowing your PC is hijacked by someone (other than Microsoft)]

    In today's threatscape, anti-malware software provides little peace of mind. In fact, anti-malware scanners on the whole are horrifically inaccurate, especially with exploits less than 24 hours old. After all, malicious hackers and malware can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable.

    To combat this, many antimalware programs monitor program behaviors, often called heuristics, to catch previously unrecognized malware. Other programs use virtualized environments, system monitoring, network traffic detection and all of the above at once in order to be more accurate. Still they fail us on a regular basis.

  • Security This Week: The Very Best Hacks From Black Hat and Defcon

    As they do every year, hackers descended on Las Vegas this week to show off the many ways they can decimate the internet's security systems. Here's a collection of some of our favorite talks from this week's Black Hat conference, including some we didn't get the chance to cover in depth.

  • WordPress 4.8.1 Maintenance Release

    After over 13 million downloads of WordPress 4.8, we are pleased to announce the immediate availability of WordPress 4.8.1, a maintenance release.

    This release contains 29 maintenance fixes and enhancements, chief among them are fixes to the rich Text widget and the introduction of the Custom HTML widget. For a full list of changes, consult the release notes, the tickets closed, and the list of changes.

Security: Updates, DDOS, Russia, and 'The Darkening Web'

Filed under
Security
  • Security updates for Wednesday
  • Kaspersky says that DDoS attacks are back in fashion
  • Man used DDoS attacks on media to extort them to remove stories, FBI says

    A 32-year-old Seattle man is behind bars while awaiting a federal hacking trial for launching a DDoS attack. He is being held without bail on allegations that he attacked a US-based legal services website to force it to remove a link to a case citation about his past criminal conduct. The authorities also say the suspect launched distributed denial of service attacks on various overseas media outlets for not removing stories about his credit-card scam and other crimes.

    The FBI says that the day after a DDoS attack in January, 2015, the suspect sent an e-mail to Leagle.com pretending to be the hacking group Anonymous. The e-mail explained that the DDoS attack was launched because the defendant, Kamyar Jahanrakhshan, "is being unjustly victimised by you" for not abiding by his numerous requests to remove the link and even pay $100 in cash to get the job done.

  • White House Says Russia’s Hackers Are Too Good to Be Caught but NSA Partner Called Them “Morons”

    The hackers behind the dump of Democratic Party emails in the midst of last year’s presidential race left apparent evidence of their identity — a breadcrumb trail winding from the stolen files back to the Russian government, according to assessments from the U.S. intelligence community. Some of this evidence was there from the beginning, embedded inside the first documents to hit the web, raising a niggling question: Why would diabolically skilled Russian operatives operate so sloppily?

    This question has persisted, and last week the White House seized upon it, promulgating the idea that if the Russian government were really behind the attacks, its online agents wouldn’t have left any fingerprints. Russia quickly repeated this claim through its UK embassy.

    But a 2011 presentation to the NSA and its foreign partners by Canada’s signals intelligence agency, the Communications Security Establishment, undermines the notion of a foreign hacker so skilled that a victim would never know their identity. The document calls Russian hackers “morons” for routinely compromising the security of a “really well designed” system intended to cover their tracks; for example, the hackers logged into their personal social and email accounts through the same anonymizing system used to attack their targets, comparable to getting an anonymous burner phone for illicit use and then placing calls to your girlfriend, parents, and roommate.

  • 'The Darkening Web' warns of destruction through cyber means

Security: Updates, Reproducible Builds, RSA and "Echo" Bugging Devices

Filed under
Security
  • Security updates for Tuesday
  • Reproducible Builds: Weekly report #118
  • Episode 57 - We may never see amazing security research ever again

    Josh and Kurt talk about Black Hat and Defcon, safes, banks, voting machines, SMBv1 DoS attack, Flash, liability, and password masking.

  • Q&A: Former RSA CEO's new venture takes on Linux container security

    The historical, reactive model of security was a bunch of perimeter controls. With intelligence-driven security, the controls have to be much more agile and react to circumstances in real time. To create a defense in depth strategy, you need to anticipate attacks, to stop attacks before they start, and if you can't stop them, you have to detect an attack when it's in progress. If you can't detect an attack, then you need to be able to prevent a wholesale breach. If you can't prevent a breach, then you have to be able to detect that a breach has occurred, and respond quickly enough to prevent loss or disruption.

  • How a hacked Amazon Echo could secretly capture your most intimate moments

    It's a fact of modern life that many of us forget—the phones, computers, and other connected devices we depend on can often be used against us as secret listening devices. On Tuesday, attention turned to the Amazon Echo, with a demonstration that showed how hackers can convert some models into devices that can surreptitiously record our most intimate moments.

    To be clear, the hack works only against older models of Amazon Echoes. It also requires physical access to the device by a hacker with above-average skills in Linux and embedded hardware systems. That means people aren't likely to be exposed to such attacks unless they own a 2015 or 2016 device and are a target of interest to the Central Intelligence Agency, a similar nation-sponsored spy group, an advanced corporate espionage operation, or a highly determined stalker.

Security: Updates, Windows Disasters, Swedish Cabinet, Sonatype, Vault 7, Firejail, DEF CON 25, Windows 10, Svpeng, TLS

Filed under
Security
  • Security updates for Monday
  • Ransomware: Claim that 22% SMBs shutting shop after attacks [iophk: "Windows TCO"]

     

    Ransomware attacks caused 22% of small and medium-sized businesses in seven countries, including Australia, to pack up for good, a report from the security firm Malwarebytes claims.  

  • Swedish Cabinet reshuffled in wake of IT security row

    It’s not often that an IT security breach leads to the departure of two government ministers. But that is just what has happened in Sweden in the aftermath of a series of disclosures about a data breach and an outsourced IT contract.

  • Active Management of Open Source Components Delivers Measurable Improvements Claims Sonatype Report

    In July, Sonatype released their third annual State of the Software Supply Chain report concluding that when organisations actively manage the quality of open source components in software applications they see a 28% improvement in developer productivity (through reduction in manual governance), a 30% reduction in overall development costs, and a 48% increase in application quality (as application vulnerabilities are removed early reducing their incidence in production). Analysis also showed that applications built by teams utilising automated governance tools reduced the percentage of defective components by 63%.

  • The CIA’s Aeris Malware Can Exfiltrate Data From Linux Systems

    Not a week goes by without WikiLeaks unveiling some more condemning evidence of the CIA’s malware tools. The latest reveal is Aeris, an automated implement which affects many different distributions of the Linux operating system. This particular tool packs quite a lot of features under the hood in an effort to gather as much intelligence as possible. This is surely not the last tool of its kind we will meet.

  • Firejail A Namespace Separation Security Sandbox

    ​Linux distro is mostly loved for its security features. When we people want more security we use TOR and VPN. Today I am going to tell you about an application called Firejail that helps to protect your personal files via sandbox technique. 

    ​Firejail is a sandbox application built for Linux distros which uses the capabilities of Linux kernel to use namespace separation. In the simplest sense, apps launched through Firejail cannot access your personal files on your hard drive. Isn’t that cool? Cool and safe!

  • Defcon vote-hacking village shows that "secure" voting machines can be broken in minutes

     

    Nearly 20 years later, the country's voting security debt has mounted to incredible heights, and finally, just maybe, the security researchers are getting the hearing they deserve.  

  • Def Con hackers showed how easily voting machines can be hacked [Ed: Windows powered]

    At Def Con’s hacker voting machine village, where 30 pieces of election equipment sat waiting, hackers were given a deliciously wicked goal. John Hopkins computer scientist Matt Blaze said, “We encourage you to do stuff that if you did on election day they would probably arrest you.”

    And they did. Most of the voting machines were purchased via eBay, but some did come from government auctions. Despite the various different manufacturers of the voting equipment boxes, there was a common theme—they are “horribly insecure.”

    Granted, come election day, officials would likely notice if hackers were physically taking apart the machines. Tinkering with an external USB port on a computerized voting box and using it to upload malicious software may or may not get noticed. Yet those are not the only ways hackers could potentially influence votes and an election’s outcome; there’s the sneaky way of remotely accessing the machine from a laptop.

  • How DEF CON Securely Streams Video to Hackers [Author: "Linux Powered!"]

    The DEF CON 25 security conference is famous for its wide variety and number of security sessions and events. Not everyone can be in every session and some even choose to watch remotely, which is where DEF CON TV (DCTV) comes into play.

    DCTV streamed several sessions from the event, both to local hotels as well as the outside internet. Securely setting up and managing the DCTV streaming is no easy task, but it's one that DEF CON hackers put together rapidly.

  • Windows 10 default user profile is potentially writable by everyone

     

    Microsoft refuses to fix the issue properly because there is a "simple command everyone can execute" but has not (to my knowledge) told anyone about this command because everyone assumes the issue has been fixed by KB4022715 and KB4022725

  • [Older] The Internet of Things : A disaster for no good reason

     

    The reason I'm frustrated is because if these things were designed this way, I would WANT them. I really wish my washing machine would tell me when the wash is done because I am EXTREMELY bad at remembering to go check on it. But I can't buy that, I can't buy something that just has a $5 microprocessor with just enough intelligence to connect to the internet and send me an email or a push notification if the buzzer on the washer goes off. The only thing I can buy is a washing machine that's had a horrible, unreliable PC full of quarter-baked software crammed into it which will stop working when some godforsaken cloud service is "sunset", and which is so dependant on the reliability and trustworthiness of the software on the computer that if someone hacks it or the software has a bug, the washer can start spraying water at me when I have the loading door open.

  • 'Most dangerous' banking trojan gets update

     

    Svpeng, designed to steal banking information through different means, now embeds itself in Android's accessibility services — the software that helps users with disabilities navigate devices and apps, the cybersecurity firm said. So Svpeng is now able to steal any data in a text box and log all keystrokes.  

  • Enterprise Network Monitoring Needs Could Hamper the Adoption of TLS 1.3

    The upcoming version of the Transport Layer Security (TLS) protocol promises to be a game changer for web encryption. It will deliver increased performance, better security and less complexity. Yet many website operators could shun it for years to come.

    TLS version 1.3 is in the final stages of development and is expected to become a standard soon. Some browsers, including Google Chrome and Mozilla Firefox, already support this new version of the protocol on an opt-in basis and Cloudflare enables it by default for all websites that use its content delivery network.

Syndicate content

More in Tux Machines

today's howtos

icons and Themes: Vamox , Ashes, and DamaDamas

  • Vamox Icons Offers Three Color Variants for Linux Desktop
    Vamox icons were designed as a university thesis project by Emiliano Luciani and Darío Badagnani in 2008. The objective was to design a interface of a distro that the university could use for learning about design thin free software, From start these icons were developed for Ubuntu. Now these icons has three variants blue, orange and red, which are compatible with most of the Linux desktop environments such as: Gnome, Unity, Cinnamon, Mate, Xfce and so on. We have added these icons to our PPA for Ubuntu/Linux Mint and other related distributions, If you are using distribution other than Ubuntu/Linux Mint/its derivatives then download icons and install it in one of these "~/.icons" or "/usr/share/icons/" location. If you find any missing icons or problem with this icon set then report it to creator via linked page and hopefully it will get fixed soon.
  • Ashes Is A Light Theme For Your Linux Desktop
    Ashes theme is based on Adapta and Flat-Plat theme but it includes the mixture of blue and pink color scheme with gray search entity. Usually derived themes always try to make better and enhanced version by the person who forked it, to make desktop much perfect and elegant, same thing goes for this theme, it looks and feels great on almost every desktop. Mainly it is designed to work in Unity and Gnome desktop but it can also work in other desktops such as Cinnamon, Mate, and so on. For the Gnome desktop creator have added the dark title-bar/header-bar support, so you can enable Global-Dark-Theme using Gnome-Tweak-Tool, if you prefer dark title-bars. If you are using distribution other than Ubuntu/Linux Mint/its derivatives then download theme from here and install it "~/.themes" or "/usr/share/themes/" location. If you find any kind of bug or issue within this theme then report it to creator and since this theme is in active development hopefully it will be fixed soon.
  • DamaDamas Icons Looks Great And At The Same Time Give Windows Flavor
    If you have been searching for Windows icons for your Linux desktop then you are at the right place. The DamaDamas icons are from Pisi GNU/Linux and available for every Linux distribution, these icons give Windows look and feel to your desktop. There isn't much information available for these icons but the icons are SVG format and there are almost 4000+ icons packed in very fairly sized archive. We have added these icons to our PPA and these icons are compatible with almost every desktop environment such as: Gnome, Unity, Cinnamon, Xfce, Mate, KDE Plasma and so on. If you find any missing icons or problem with this icon set then report it to creator via linked page and hopefully it will get fixed soon.

Ubuntu MATE 17.10 Alpha 2, Solus 3, OpenMandriva Lx 3.02, and More

KDE: QtWebEngine on FreeBSD, KDE PIM, Akademy 2017, Craft, Accessibility, Comics Manager for Krita, Progress on Kube

  • QtWebEngine on FreeBSD
    Tobias and Raphael pushed the button today to push QtWebEngine into FreeBSD ports. This has been a monumental effort, because the codebase is just .. ugh. Not meant for third-party consumption, let’s say. There are 76 patches needed to get it to compile at all. Lots of annoying changes to make, like explaining that pkg-config is not a Linux-only technology. Nor is NSS, or Mesa, while #include is, in fact, Linux-only. Lots of patches can be shared with the Chromium browser, but it’s a terrible time-sink nonetheless.
  •  
  • KDE PIM in Randa 2017
    Randa Meetings is an annual meeting of KDE developers in a small village in Swiss Alps. The Randa Meetings is the most productive event I ever attended (since there’s nothing much else to do but hack from morning until night and eat Mario’s chocolate :-)) and it’s very focused – this year main topic is making KDE more accessible. Several KDE PIM developers will be present as well – and while we will certainly want to hear other’s input regarding accessibility of Kontact, our main goal in Randa will be to port away from KDateTime (the KDE4 way of handling date and time in software) to QDateTime (the Qt way of handling date and time). This does not sound very interesting, but it’s a very important step for us, as afterward, we will finally be free of all legacy KDE4 code. It is no simple task, but we are confident we can finish the port during the hackfest. If everything goes smoothly, we might even have time for some more cool improvements and fixes in Kontact ;-)
  • Services Collaborating Openly at Akademy 2017
    At the recently concluded Akademy 2017 in the incredibly hot but lovely Almería, yours truly went and did something a little silly: Submitted both a talk (which got accepted) and hosted a BoF, both about Open Collaboration Services, and the software stack which KDE builds to support that API in the software we produce. The whole thing was amazing. A great deal of work, very tiring, but all 'round amazing. I even managed to find time to hack a little bit on Calligra Gemini, which was really nice. This blog entry collects the results from the presentation and the BoF. I realise this is quite long, but i hope that you stick with it. In the BoF rundown, i have highlighted the specific results, so hopefully you'll be able to skim-and-detail-read your specific interest areas ;)
  • Akademy 2017 - A wonderful experience
    Akademy 2017 was such a great experience, that I would love to share with you all in this post.
  • Akademy 2017 - Recap
    Last month I had opportunity to visit the Almería, Spain for Akademy 2017. Akademy 2017 is KDE’s annual world summit. Akademy makes it possible to meet the felow KDE contributors, some of whom you only know with their IRC nicknames (Yes, I am not old enough to know every contributors yet :p). Here is few things I did at the Akademy 2017.
  • My Adventures on Crafting part III – Craft Atelier
    Once upon a time, I start o use Craft, an amazing tool inside KDE that does almost all the hard work to compile KDE Applications on Windows and MacOS. Thanks to the great work of Hannah since last year Randa Meetings, Craft is becoming a great tool. Using all the power of Python, I started to be able to work on the deploy of AtCore for Windows.
  • Why YOU care about accessibility, and can help!
    Accessibility (a11y for short) seems like a niche area of concern for many people. I was thinking about this recently on a hot morning in Spain, walking to the bus station with my wheeled luggage. The sidewalks are thoughtfully cut out for wheelchairs -- and those with luggage! and the kids riding skateboards, and...... the rest of us.
  • Writing a comics manager for Krita
    Those who know me, or at the least know my history with Krita is that one of the prime things I personally want to use Krita for is making comics. So back in the day one of the things I did was make a big forum post discussing the different parts of making a comic and how different software solves it. One of the things about making a comic is that is a project. Meaning, it is big and unwieldy, with multiple files and multiple disciplines. You need to be able to write, to draw, to ink, to color. And you need to be able to do this consistently.
  • Progress on Kube
    We’ve been mostly focusing on ironing out UX problems all over the place. It turns out, when writing desktop applications using QtQuick you’ll be ending up with a lot of details to figure out for yourself.