Language Selection

English French German Italian Portuguese Spanish

Microsoft

Proprietary Software Insecurity

Filed under
Microsoft
Mac
  • Why recent hacks show Apple’s security strength, not its weakness [Ed: Spinning bug doors as a strength? Apple has its share of liars coming to the rescue of proprietary software (not the first such bug). Moving from Microsoft to Apple "for security" is like swapping vodka for rum to cure one's liver.]

    It might be tempting to follow that line of thinking in light of two recent stories of vulnerabilities affecting the Mac and the Apple Watch. In the first instance, the Zoom video-calling app could be abused to let someone spy on you through your webcam. In the second, a flaw in Apple’s Walkie Talkie app could let a hacker eavesdrop on your iPhone conversations. They’re both troubling security issues.

  • Eavesdropping Concerns Cause Apple Watch’s Walkie-Talkie App to Be Disabled

    Just like any other Internet of things device, it’s important to remember that smartwatches are still devices. And many cool features can also be used for unethical purposes. There is always another side of the coin.

    This is what Apple Watch users found this week when Apple disabled the Walkie-Talkie app when it was discovered that it allowed users to listen in on each other’s iPhone calls without the other person’s knowledge.

  • 250M Accounts Affected By ‘TrickBot’ Trojan’s New Cookie Stealing Ability

    Popular malware TrickBot is back and this time it has learned some new capabilities like stealing cookies. So far, it has infected around 250 million Gmail accounts.

    As per the research firm Deep Instinct, among the affected accounts, some belonging to the governments of the US, the UK, and Canada have also fallen victim to TrickBot.

  • TrickBooster – TrickBot’s Email-Based Infection Module - Deep Instinct

    Seeing a signed malware binary delivered to a customer environment prompted us to investigate further. We analyzed the malware sample and found swaths of PowerShell code in its memory. Analysis of this PowerShell code immediately led us to the conclusion that we are dealing with a mail-bot.

  • A better zip bomb

    This article shows how to construct a non-recursive zip bomb that achieves a high compression ratio by overlapping files inside the zip container. "Non-recursive" means that it does not rely on a decompressor's recursively unpacking zip files nested within zip files: it expands fully after a single round of decompression. The output size increases quadratically in the input size, reaching a compression ratio of over 28 million (10 MB → 281 TB) at the limits of the zip format. Even greater expansion is possible using 64-bit extensions. The construction uses only the most common compression algorithm, DEFLATE, and is compatible with most zip parsers.

Security: Microsoft Windows Strikes Again

Filed under
Microsoft
Security
  • U.S. Coast Guard Issues Alert After Ship Heading Into Port Of New York Hit By Cyberattack

    The U.S. Coast Guard has issued an official warning to owners of ships that cybersecurity at sea needs updating, and updating urgently. In the Marine Safety Alert published June 8, the Coast Guard "strongly encourages" that cybersecurity assessments are conducted to "better understand the extent of their cyber vulnerabilities." This follows an interagency investigation, led by the Coast Guard, into a "significant cyber incident" that had exposed critical control systems of a deep draft vessel bound for the Port of New York in February 2019 to what it called "significant vulnerabilities."

  • Malware on the High Seas: US Coast Guard Issues Alert [iophk: Windows TCO is not a laughing matter. Get rid of it.]

    The ship's network was mainly used for official business, including updating electronic charts, managing cargo data and communicating with shore-side facilities, pilots, agents and the Coast Guard, according to the report.

  • Eurofins Scientific: Forensic services firm paid ransom after cyber-attack [iophk: Windows TCO]

    BBC News has not been told how much money was involved in the ransom payment or when it was paid.

    The National Crime Agency (NCA) said it was a "matter for the victim" as to whether a ransom had been paid.

  • Eurofins Scientific Paid Up in Response to Ransomware Attack: Report [iophk: Windows TCO]

    Luxembourg-based laboratory testing services giant Eurofins Scientific reportedly paid the ransom demanded by cybercriminals following a successful ransomware attack that led to the company taking offline many of its systems and servers.

  • Eurofins Scientific forensics firm pays after hit with ransomware [iophk: Windows TCO]

    Eurofins didn’t disclose how much it paid to retrieve its information but the money was likely paid between June 10, when Eurofins issued a statement about the attack, and June 24 when it published an update saying it had “identified the variant of the malware used” in the attack and had strengthened its cybersecurity.

  • [Old] Combating WannaCry and Other Ransomware with OpenZFS Snapshots [iophk: use FreeBSD, OpenBSD, or GNU/Linux on the desktop to avoid ransomware and servers to avoid ransomware damage]

    OpenZFS is the powerful file system at the heart of every storage system that iXsystems sells and of its many features, snapshots can provide fast and effective recovery from ransomware attacks at both the individual user and enterprise level as I talked about in 2015. As a copy-on-write file system, OpenZFS provides efficient and consistent snapshots of your data at any given point in time. Each snapshot only includes the precise delta of changes between any two points in time and can be cloned to provide writable copies of any previous state without losing the original copy. Snapshots also provide the basis of OpenZFS replication or backing up of your data to local and remote systems. Because an OpenZFS snapshot takes place at the block level of the file system, it is immune to any file-level encryption by ransomware that occurs over it. A carefully-planned snapshot, replication, retention, and restoration strategy can provide the low-level isolation you need to enable your storage infrastructure to quickly recover from ransomware attacks.

German data protection organization: use of Office 365 in schools is illegal

Filed under
Microsoft

The data protection officer of the German federal state of Hessen has warned that the cloud-based Office 365 solution is not a compliant solution for use in schools when student information is being stored on it. This fits with earlier, similar conclusions by the Swedish and Dutch governments – US cloud solutions are not GDPR compliant.

Read more

Hey Microsoft, why is the Skype Snap app hopelessly outdated?

Filed under
Microsoft

The official Skype Snap app for Linux has not been updated in nearly six months, and Microsoft is yet to say why.

When introducing the cross-distro build in early 2018, the company said the Skype Snap app would give it the “…ability to push the latest features straight to our users, no matter which device or distribution they happen to use.”

Clearly, not.

Because at the time of writing this post the Skype Snap app sits on version 8.34.0.78, which the Snapcraft store reports was ‘last updated’ in November 2018.

However, the “regular” Linux version available to download from the Skype website is on version 8.47.0.73, released June 2019.

Read more

Also: Microsoft has caused an uproar among its partners by canceling one of their favorite perks: software for their own use [paywall]

Canonical GitHub account hacked, Ubuntu source code safe

Filed under
Microsoft
Security
Ubuntu

The GitHub account of Canonical Ltd., the company behind the Ubuntu Linux distribution, was hacked on Saturday, July 6.

"We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities," the Ubuntu security team said in a statement.

"Canonical has removed the compromised account from the Canonical organisation in GitHub and is still investigating the extent of the breach, but there is no indication at this point that any source code or PII was affected," it said.

"Furthermore, the Launchpad infrastructure where the Ubuntu distribution is built and maintained is disconnected from GitHub and there is also no indication that it has been affected."

Read more

Microsoft and VMware Buying 'Leadership' in Linux

Filed under
Linux
Microsoft

Openwashing Leftovers (Mostly Google and Microsoft)

Filed under
Google
Microsoft
OSS

Windows 'Clones'

Filed under
Microsoft
  • ReactOS ‘a ripoff of the Windows Research Kernel’ claims Microsoft kernel engineer

    Reitschin does add he is no lawyer, but these claims do raise a number of serious concerns and questions about the ReactOS project. These claims alone will probably ensure no serious commercial entity will ever want to associate itself with ReactOS, and it will be interesting to see if these claims will ever lead to something more serious than mere words.

  • ReactOS 'a ripoff of the Windows Research Kernel' claims Microsoft kernel engineer [Ed: The original article is from Microsoft Tim.]
  • Samba 4.11 Aims To Be Scalable To 100,000+ Users

    For those using Samba for better Windows interoperability with SMB/CIFS/AD, the forthcoming Samba 4.11 will be a lot more scalable so it can be used within massive organizations.

    Samba has been undergoing work to improve its performance on the large scale for organizations with 100,000+ users and over one hundred thousand computer objects and memberships. Samba 4.11 will be able to scale a hell of a lot better than previous releases due to performance improvements around reindexing, domain joins, LDAP server memory, custom LMBD map size, better batch operation support, better LDB search performance, better sub-tree rename performance, and other tuning to allow Samba to perform at massive scales.

Rapid Ascent of Linux

Filed under
GNU
Linux
Microsoft
  • You should really get an Android or iPhone, says Microsoft: No more app updates for Windows Phone 8.x holdouts

    Another milestone was reached today in the long, drawn-out death of Windows Phone: Microsoft has stopped distributing app updates to the dozen or so Windows Phone 8.x devices not already consigned to the recyclers.

    To be fair, mainstream support for Windows Phone 8.1 was switched off almost two years ago, on 11 July 2017, and Microsoft really cannot be bothered to let developers who are still supporting apps on the platform use its store to distribute updates.

    The company had already axed the ability for developers to submit new apps for the doomed platform at the end of October last year. Today brings the Windows 8.x saga to an end – with developers no longer able to shovel out updates ... to say there'll be no more updates.

  • Microsoft Says Linux Surpassed Windows on Azure [Ed: Microsoft boosters such as Bogdan Popa keep pushing that "Microsoft loves Linux" lie because they know that this lie is actually useful to Microsoft and contributes to brand dilution]

    “Microsoft loves Linux” is something that we hear every once in a while, especially from Microsofties who try to get the software giant more involved into this world that they once hated.

  • Linux is now beating Windows on Microsoft’s own turf, and Azure is better for it

    A Linux kernel developer working with Microsoft has let slip that Linux-based operating systems have a larger presence on Microsoft’s Azure cloud platform than Windows-based ones. The revelation appeared on an Openwall open-source security list in an application for Microsoft developers to join the list, and was apparently part of an evidently credible argument that Microsoft plays an active-enough role in Linux development to merit including the company in security groups.

Microsoft DRM, Security, and Apple's Combustion Threat

Filed under
Microsoft
Mac
Security
  • You Don't Own What You've Bought: Microsoft's Books 'Will Stop Working'

    The latest in our forever ongoing series, recognizing in the digital age how you often no longer own what you've bought, thanks to DRM and copyright: this week, people with Microsoft ebooks will discover they're dead.

  • Security updates for Tuesday

    Security updates have been issued by Arch Linux (firefox, firefox-developer-edition, libarchive, and vlc), CentOS (firefox, thunderbird, and vim), Debian (firefox-esr, openssl, and python-django), Fedora (glpi and xen), Mageia (thunderbird), openSUSE (ImageMagick, irssi, libheimdal, and phpMyAdmin), Red Hat (libssh2 and qemu-kvm), Scientific Linux (firefox, thunderbird, and vim), SUSE (389-ds, cf-cli, curl, dbus-1, dnsmasq, evolution, glib2, gnutls, graphviz, java-1_8_0-openjdk, and libxslt), and Ubuntu (python-django).

  • Kali Linux in the DigitalOcean Cloud

    DigitalOcean is a cloud provider similar to AWS, Microsoft Azure, Google Cloud Platform, and many others. They offer instances, called “droplets”, with different Linux distributions such as Debian, Ubuntu, FreeBSD, etc. Similar to AWS, DigitalOcean has datacenters around the world and sometimes multiple datacenters in each country.

    However, one feature in particular sets them apart them from their competitors. A little while ago, they added support for custom images, which allows users to import virtual machine disks and use them as droplets. This is perfect for us as we can use our own version of Kali Linux in their cloud.

    While it might be possible to load the official Kali Linux virtual images, it wouldn’t be very efficient. Instead, we’ll build a lightweight Kali installation with the bare minimum to get it working.

  • Cybersecurity Experts Blocked 5 Million Attempted Hacks of IoT Cameras

    Trend Micro cybersecurity experts report that they blocked an astounding five-million hack attempts on IoT cameras. It’s quite frightening to think what may have happened if these experts weren’t hard at work.

  • Public Certificate Poisoning Can Break Some OpenPGP Implementations

    OpenPGP installations can grind to a halt and fail to verify the authenticity of downloaded packages as the keyserver network has been flooded with bogus extra signatures attesting ownership of a certificate.

    Vulnerabilities that allow this type of certificate spamming attack have been known for years and a timely fix or mitigation is nowhere in sight, neither from the keyserver network community nor the OpenPGP Working Group.

  • Report: Apple Discovers MacBook Air Logic Board Issue

                   

                     

    Not all 13-inch MacBook Air with Retina Display units from 2018 are believed to be affected by the logic board issue. The memo reportedly said that only units with certain serial numbers were affected; Apple plans to inform the owners of those devices via email. Affected units can be taken to Apple's retail stores or authorized repair shops until four years after their original purchase date, 9to5Mac said. 
     

                     

    It's not clear why Apple didn't publicly announce the replacement program.  

  •              

  • Apple finds issue w/ logic board in some 2018 MacBook Airs, offers free repair

                   

                     

    Apple has confirmed in an internal document to repair staff that it’s identified an issue with the main logic board in what it says is a “very small number” of MacBook Air models. Apple Stores and authorized repair staff have been informed to replace the main logic board in affected machines at no cost to customers, according to the document obtained by 9to5Mac.  

  •              

  • Apple Recalls 15-Inch MacBook Pro Laptop Computers Due to Fire Hazard

                   

                     

    The batteries in the recalled laptop computers can overheat, posing a fire hazard.  

  •              

  • Apple recalls 432,000 MacBook Pro laptops for fire and burn risks

                   

                     

    Manufactured in China, the recalled computers had a retail price of $2,000 and more, and were sold at Apple and electronics stores nationwide, as well as online, from September 2015 through February 2017.  

  •              

  • 2015 15" MacBook Pro Recall Applies to About 432,000 Units, Apple Received 26 Reports of Batteries Overheating

                   

                     

    Last week, Apple launched a worldwide recall and replacement program for select 2015 15-inch MacBook Pro units, sold primarily between September 2015 and February 2017, due to batteries that "may overheat and pose a fire safety risk." Apple will replace affected batteries free of charge.  

  •                  

  • 'Dangerous' Muslim Brotherhood fatwa app in Apple Store's top 100 downloads

                       

                         

    The Euro Fatwa app, which was launched in April, was created by the European Council for Fatwa and Research, a Dublin private foundation set up by Yusuf Al Qaradawi, spiritual leader of the Muslim Brotherhood.
     

                         

    Touted as a guide to help Muslims adhere to Islam, critics including Germany’s security service, say the app is a radicalisation tool.  

  •                  

  • Jony Ive found Tim Cook's disinterest in design 'dispiriting'

                       

                         

    But more damagingly, the WSJ highlights that Ive was left "dispirited" by Tim Cook, in stark contrast to his close relationship with Steve Jobs. Cook, apparently "showed little interest in the product development process" according to the paper's sources. Ive was also left frustrated by the makeup of Apple's board of directors, which was filled with people with backgrounds outside of Apple's core business (the pun is ours, and very much intended). 
     

                         

    As well as these reports, Ive's own words have come back to haunt the company. Back in 2014, he told The Times he'd leave Apple if it stopped innovating. Awkward.  

Syndicate content

More in Tux Machines

Top 20 Best Openbox Themes for Linux System in 2019

Have you ever heard about the stacking window manager, Openbox? It is broadly used in Unix-like systems. Most probably, it’s among the most customizable parts out there. You can easily modify and beautify this with a little bit of effort. The question may arise- with what and how can you do this? Well! We are going to disclose it now. It’s by Openbox themes, which lets you have a minimalist and fantastic visual interface for your desktop manager. Read more

Fedora IoT Review

With the rise in IoT use, we are witnessing a demand for ready-made operating systems to support smart device development. Currently, the race is between proprietary versions such as IoT Plug and Play by Microsoft and open source operating systems. One such emerging open source player is Fedora which has a workstation that supports virtualization and containers. Fedora is also slated to release an Internet of Things edition called “Fedora IoT” in future. Here is a review of the open source product’s support capabilities for IoT and relevant installation details. Read more

5 Practical Examples of the Read Command in Linux

With read command, you can make your bash script interactive by accepting user inputs. Learn to use the read command in Linux with these practical examples. Read more

Programming: C++, C and Python

  • Extend C++ capabilities with LLVM STLExtras.h

    The LLVM compiler project provides a header file called STLExtras.h that extends the capabilities of C++ without any dependency on the rest of LLVM. In this article, we take a quick look at its basic functionality.

  • Rewriting Old Solaris C Code In Python Yielded A 17x Performance Improvement

    While we normally hear of rewriting code from Python and other scripting languages into C/C++ when its a matter of performance, in the case of Oracle Solaris it was taking old C code and modernizing it in Python 3 to yield a ~17x performance improvement. Shared today on Oracle's official Solaris blog was an interesting anecdote about their listusers command being rewritten in Python 3 from C. Oracle's Darren Moffat noted the C code was largely untouched since around 1988 and given its design at a time when systems were less dense than today with hundreds or even thousands of users per system.

  • Python Projects for Beginners: The Best Way to Learn

    Learning Python can be difficult. You can spend time reading a textbook or watching videos, but then struggle to actually put what you've learned into practice. Or you might spend a ton of time learning syntax and get bored or lose motivation. How can you increase your chances of success? By building Python projects. That way you're learning by actually doing what you want to do! When I was learning Python, building projects helped me bring together everything I was learning. Once I started building projects, I immediately felt like I was making more progress.

  • PyCon 2019: The People of PyCon

    I can’t tell you how amazing it was to meet the individuals I read, listen to, or who make the tools I use. I was so happy to meet the authors that helped me to grow over the last few years, especially Dan Bader, Peter Baumgartner, Matt Harrison, Reuven Lerner, Harry Percival , and Lacey Williams Henschel. I love podcasts, so it was wonderful to meet Michael Kennedy and Brian Okken in person. And I was happy to meet Paul Ganssle, Russell Keith-Magee, Barry Warsaw, and other maintainers and contributors. It was a delight to meet Bob Belderbos and Julian Sequeira from PyBites.

  • Find the first non-consecutive number with Python

    Your task is to find the first element of an array that is not consecutive. E.g. If we have an array [1,2,3,4,6,7,8] then 1 then 2 then 3 then 4 are all consecutive but 6 is not, so that’s the first non-consecutive number. If the whole array is consecutive then return None.

  • Perceiving Python programming paradigms

    Early each year, TIOBE announces its Programming Language of The Year. When its latest annual TIOBE index report came out, I was not at all surprised to see Python again winning the title, which was based on capturing the most search engine ranking points (especially on Google, Bing, Yahoo, Wikipedia, Amazon, YouTube, and Baidu) in 2018.