Language Selection

English French German Italian Portuguese Spanish

Microsoft

Security in Android, Windows

Filed under
Android
Microsoft
Security
  • With Android Oreo, Google is introducing Linux kernel requirements

    Android may be a Linux-based operating system, but the Linux roots are something that few people pay much mind. Regardless of whether it is known or acknowledged by many people, the fact remains that Android is rooted in software regarded as horrendously difficult to use and most-readily associated with the geekier computer users, but also renowned for its security.

  • Exclusive: India and Pakistan hit by spy malware - cybersecurity firm [Ed: When you use Microsoft Windows in government in spite of back doors]

    Symantec Corp, a digital security company, says it has identified a sustained cyber spying campaign, likely state-sponsored, against Indian and Pakistani entities involved in regional security issues.

    In a threat intelligence report that was sent to clients in July, Symantec said the online espionage effort dated back to October 2016. 

    [...]

    Symantec’s report said an investigation into the backdoor showed that it was constantly being modified to provide “additional capabilities” for spying operations.

Microsoft-Connected Firm Says GNU/Linux Desktop Market Exceeds 3%, Microsoft in Trouble in France

Filed under
GNU
Linux
Microsoft
  • Linux desktop market share has hit another all time high above 3%, according to netmarketshare [Ed: This Microsoft-connected firm says share on the desktop higher than 3%; in reality can be higher than this, especially if ChromeOS, Android etc. get counted.]
  • Linux Browser Marketshare Strikes Above 3%

    According to Net Applications' Netmarketshare, the Linux market share on the desktop as judged by browser interactions may now be above 3%.

    The company is reporting a 3.37% Linux marketshare for August 2017, a rise from 2.53% a month prior and the first time they have reported the Linux desktop marketshare above 3%.

  • France demands €600 million in tax from Microsoft

    France's tax authority is seeking 600 million euros ($715 million) from Microsoft's local subsidiary for billing French customers from Ireland, the weekly L'Express reported on Wednesday.
    The magazine reported that the bills concerned internet advertising and keywords for internet searches.
       
    Despite a considerable presence in France, Microsoft paid only 32.2 million euros in corporate tax there last year, according to L'Express.

Proprietary and Openwashing: Facebook. Skype, LinkedIn, Talend, and Slack

Filed under
Microsoft

Angelfire

Filed under
Microsoft
Security

Today, August 31st 2017, WikiLeaks publishes documents from the Angelfire project of the CIA. Angelfire is an implant comprised of five components: Solartime, Wolfcreek, Keystone (previously MagicWand), BadMFS, and the Windows Transitory File system. Like previously published CIA projects (Grasshopper and AfterMidnight) in the Vault7 series, it is a persistent framework that can load and execute custom implants on target computers running the Microsoft Windows operating system (XP or Win7).

Solartime modifies the partition boot sector so that when Windows loads boot time device drivers, it also loads and executes the Wolfcreek implant, that once executed, can load and run other Angelfire implants. According to the documents, the loading of additional implants creates memory leaks that can be possibly detected on infected machines.

Keystone is part of the Wolfcreek implant and responsible for starting malicious user applications. Loaded implants never touch the file system, so there is very little forensic evidence that the process was ever ran. It always disguises as "C:\Windows\system32\svchost.exe" and can thus be detected in the Windows task manager, if the operating system is installed on another partition or in a different path.

BadMFS is a library that implements a covert file system that is created at the end of the active partition (or in a file on disk in later versions). It is used to store all drivers and implants that Wolfcreek will start. All files are both encrypted and obfuscated to avoid string or PE header scanning. Some versions of BadMFS can be detected because the reference to the covert file system is stored in a file named "zf".

The Windows Transitory File system is the new method of installing AngelFire. Rather than lay independent components on disk, the system allows an operator to create transitory files for specific actions including installation, adding files to AngelFire, removing files from AngelFire, etc. Transitory files are added to the 'UserInstallApp'.

Read more

Bugs? What bugs? Microsoft sees no evil.

Filed under
Microsoft

On Aug. 23, Microsoft released Windows 10 Fall Creators Update Build 16273. This late beta doesn’t introduce new features. It’s all about stabilizing the next Windows 10 update before releasing it to the public. In short, it’s a bug-fix version — with a twist. While Microsoft tells us which bugs have been fixed in this build, it doesn’t say anything about new bugs, or old bugs that haven’t been fixed.

Read more

Microsoft Openwashing of Visual Studio and LinkedIn

Filed under
Microsoft

Desktop: Entroware's New GNU/Linux Laptop, Microsoft Caught Red-handed

Filed under
GNU
Linux
Microsoft

Openwashing: Oracle, Mono, Microsoft and Red Hat

Filed under
Microsoft
  • Oracle Open Source Library now available to C and C++ developers [Ed: openwashing of a link to Oracle's proprietary lockin]

    The production release of the Oracle Database Programming Interface for C (ODPI-C), which gives more streamlined access to C and C++ developers to Oracle Database, has been launched on GitHub.

    The open-source wrapper is aimed primarily at language interface developers, allowing users to quickly call more common features of the Oracle Call Interface (OCI), the main C API for Oracle Database. But the company says that its conciseness makes it a flexible and accessible tool.

  • Mono 5.2 Released With Various Changes [Ed: Microsoft lockin painted as "open"]
  • Microsoft's .NET Core 2.0: What's new and why it matters
  • Microsoft Launches .NET Core 2.0 With Better Linux Support
  • Tips for finding partners open enough to work with you

    Imagine I'm working on the front line of an open organization, and I'm committed to following principles like transparency, inclusivity, adaptability, collaboration, community, accountability, and commitment to guide that front-line work. A huge problem comes up. My fellow front-line workers and I can't handle it on our own, so we discuss the problem and decide that one of us has to take it to top management. I'm selected to do that.

    When I do, I learn there is nothing we can do about the problem within the company. So management decides to let me present the issue to outside individuals who can help us.

    In my search for the expertise required to fix the problem, I learned that no single individual has that expertise—and that we must find an outside, skilled partner (company) to help us address the issue.

Slackware Security and Windows Insecurity

Filed under
Microsoft
Security
Slack
  • OpenJDK7 and Flash Player security updates (Aug ’17)

    On the blog of IcedTea release manager Andrew Hughes (aka GNU/Andrew) you can find the announcement for IcedTea 2.6.11 which builds OpenJDK 7u151_b01. This release includes the official July 2017 security fixes for Java 7. Note that the security updates for Java 8 were already pushed to my repository some time ago.

  • Kremlin's hackers 'wield stolen NSA exploit to spy on hotel guests in Europe, Mid East'

    Miscreants are using various techniques, including the leaked NSA EternalBlue exploit also wielded by the WannaCry malware, to hack into laptops and other devices used by government and business travelers, FireEye researchers declared on Friday.

Syndicate content

More in Tux Machines

OpenSUSE fonts – The sleeping beauty guide

Pandora’s box of fonts is one of the many ailments of the distro world. As long as we do not have standards, and some rather strict ones at that, we will continue to suffer from bad fonts, bad contrast, bad ergonomics, and in general, settings that are not designed for sustained, prolonged use. It’s a shame, because humans actually use computers to interface with information, to READ text and interpret knowledge using the power of language. It’s the most critical element of the whole thing. OpenSUSE under-delivers on two fonts – anti-aliasing and hinting options that are less than ideal, and then it lacks the necessary font libraries to make a relevant, modern and pleasing desktop for general use. All of this can be easily solved if there’s more attention, love and passion for the end product. After all, don’t you want people to be spending a lot of time interacting, using and enjoying the distro? Hopefully, one day, all this will be ancient history. We will be able to choose any which system and never worry or wonder how our experience is going to be impacted by the choice of drivers, monitors, software frameworks, or even where we live. For the time being, if you intend on using openSUSE, this little guide should help you achieve a better, smoother, higher-quality rendering of fonts on the screen, allowing you to enjoy the truly neat Plasma desktop to the fullest. Oh, in the openSUSE review, I promised we would handle this, and handle it we did! Take care. Read more

Today in Techrights

Direct Rendering Manager and VR HMDs Under Linux

  • Intel Prepping Support For Huge GTT Pages
    Intel OTC developers are working on support for huge GTT pages for their Direct Rendering Manager driver.
  • Keith Packard's Work On Better Supporting VR HMDs Under Linux With X.Org/DRM
    Earlier this year Keith Packard started a contract gig for Valve working to improve Linux's support for virtual reality head-mounted displays (VR HMDs). In particular, working on Direct Rendering Manager (DRM) and X.Org changes needed so VR HMDs will work well under Linux with the non-NVIDIA drivers. A big part of this work is the concept of DRM leases, a new Vulkan extension, and other changes to the stack.

Software: Security Tools, cmus, Atom-IDE, Skimmer Scanner

  • Security Tools to Check for Viruses and Malware on Linux
    First and foremost, no operating system is 100 percent immune to attack. Whether a machine is online or offline, it can fall victim to malicious code. Although Linux is less prone to such attacks than, say, Windows, there is no absolute when it comes to security. I have witnessed, first hand, Linux servers hit by rootkits that were so nasty, the only solution was to reinstall and hope the data backup was current. I’ve been a victim of a (very brief) hacker getting onto my desktop, because I accidentally left desktop sharing running (that was certainly an eye opener). The lesson? Even Linux can be vulnerable. So why does Linux need tools to prevent viruses, malware, and rootkits? It should be obvious why every server needs protection from rootkits — because once you are hit with a rootkit, all bets are off as to whether you can recover without reinstalling the platform. It’s antivirus and anti-malware where admins start getting a bit confused. Let me put it simply — if your server (or desktop for that matter) makes use of Samba or sshfs (or any other sharing means), those files will be opened by users running operating systems that are vulnerable. Do you really want to take the chance that your Samba share directory could be dishing out files that contain malicious code? If that should happen, your job becomes exponentially more difficult. Similarly, if that Linux machine performs as a mail server, you would be remiss to not include AV scanning (lest your users be forwarding malicious mail).
  • cmus – A Small, Fast And Powerful Console Music Player For Linux
    You may ask a question yourself when you see this article. Is it possible to listen music in Linux terminal? Yes because nothing is impossible in Linux. We have covered many popular GUI-based media players in our previous articles but we didn’t cover any CLI based media players as of now, so today we are going to cover about cmus, is one of the famous console-based media players among others (For CLI, very few applications is available in Linux).
  • You Can Now Transform the Atom Hackable Text Editor into an IDE with Atom-IDE
    GitHub and Facebook recently launched a set of tools that promise to allow you to transform your Atom hackable text editor into a veritable IDE (Integrated Development Environment). They call the project Atom-IDE. With the release of Atom 1.21 Beta last week, GitHub introduced Language Server Protocol support to integrate its brand-new Atom-IDE project, which comes with built-in support for five popular language servers, including JavaScript, TypeScript, PHP, Java, C#, and Flow. But many others will come with future Atom updates.
  • This open-source Android app is designed to detect nearby credit card skimmers
    Protecting our data is a constant battle, especially as technology continues to advance. A recent trend that has popped up is the installation of credit card skimmers, especially at locations such as gas pumps. With a simple piece of hardware and 30 seconds to install it, a hacker can easily steal credit card numbers from a gas pump without anyone knowing. Now, an open-source app for Android is attempting to help users avoid these skimmers.