Language Selection

English French German Italian Portuguese Spanish

Microsoft

Microsoft Dirty Tricks and Entryism

Filed under
Microsoft

Security: Brutal Kangaroo Targets Windows, Linux Updates Available, Reproducible Builds, and Patching Stack Clash

Filed under
Linux
Microsoft
Security
  • Brutal Kangaroo

    Today, June 22nd 2017, WikiLeaks publishes documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables.

    The documents describe how a CIA operation can infiltrate a closed network (or a single air-gapped computer) within an organization or enterprise without direct access. It first infects a Internet-connected computer within the organization (referred to as "primary host") and installs the BrutalKangaroo malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware. If this thumbdrive is used to copy data between the closed network and the LAN/WAN, the user will sooner or later plug the USB disk into a computer on the closed network. By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked.

    The Brutal Kangaroo project consists of the following components: Drifting Deadline is the thumbdrive infection tool, Shattered Assurance is a server tool that handles automated infection of thumbdrives (as the primary mode of propagation for the Brutal Kangaroo suite), Broken Promise is the Brutal Kangaroo postprocessor (to evaluate collected information) and Shadow is the primary persistence mechanism (a stage 2 tool that is distributed across a closed network and acts as a covert command-and-control network; once multiple Shadow instances are installed and share drives, tasking and payloads can be sent back-and-forth).

  • Security updates for Wednesday
  • Reproducible Builds: week 112 in Stretch cycle
  • 5 things you need to know about Stack Clash to secure your shared Linux environment

    The vulnerability is present in Unix-based systems on i386 and amd64 architectures. Affected Linux distributions include Red Hat, Debian, Ubuntu, SUSE, CentOS and Gentoo. Solaris is owned by Oracle. FreeBSD, OpenBSD and NetBSD are also impacted. Qualys has been working with distributions and vendors since May to get the vulnerabilities fixed, and the updates are just beginning to be released. Administrators need to act promptly to update affected machines with the security updates.

Linux vs. Windows Server OS Comparison

Filed under
OS
Linux
Microsoft

A comparison between Linux and Windows while selecting the server operating system is like being in stalemate while playing the chess game where the outcome is unpredictable. Various versions of the Microsoft—from Windows—and the Linux-based operating systems are available in plenty today. But deciding the best option is a tougher task, rather, finding the right solution that fits the organizational requirements is easier.

Read more

Microsoft Openwashing by the Linux Foundation, Lockin Model, and More Openwashing With the Linux Foundation

Filed under
Microsoft
OSS

Openwashing and Parasites

Filed under
Microsoft
OSS

You Can’t Open the Microsoft Surface Laptop Without Literally Destroying It

Filed under
Microsoft
  • You Can’t Open the Microsoft Surface Laptop Without Literally Destroying It

    The company, which provides repair tools and manuals for popular gadgets like the iPhone and PlayStation, has handed the Surface Laptop a score of 0 out of 10 in terms of user repairability, stating definitively that the laptop "is not meant to be opened or repaired; you can't get inside without inflicting a lot of damage."

  • 2017 Surface Pro least repairable ever; Surface Laptop is made of glue

    iFixit's pictures, as ever, give a great look at the insides of the two machines. The Laptop has no external screws at all; to get into the system, iFixit had to peel off the glued-down fabric keyboard surround, an operation that obviously can't be undone, producing a machine that offers essentially no serviceability whatsoever.

Microsoft in the Details

Filed under
Microsoft

Openwashing and Attacks on FOSS, OSS Leftovers

Filed under
Microsoft
OSS
  • Microsoft is Bringing Native Linux Container Support and Bash to Windows Server [Ed: Microsoft wants to swallow GNU/Linux in a platform with NSA back doors and keyloggers, not to mention patent tax]
  • ​Microsoft joins Java-oriented Cloud Foundry [Ed: for influence and steering from the inside]
  • FreeNAS 11.0 is Now Here
  • OW2 Consortium: Building Beyond Europe

    This year marks the 10th anniversary of OW2, and the organization is celebrating during its annual conference, on June 26-27, in Paris, France. OSI GM Patrick Masson sat down with Cedric Thomas, CEO of OW2 to learn more about the foundation, it’s accomplishments over the past 10 years, and what’s in store for the anniversary celebration.

    The Open Source Initiative (OSI) Affiliate Membership Program is an international who’s who of open source projects, advocates, and communities: Creative Commons, Drupal Association, Linux Foundation, Mozilla Foundation, Open Source Matters (the foundation supporting Joomla), Python Software Foundation, Wikimedia Foundation, Wordpress Foundation and many more. Open source enthusiasts outside Europe may not be as familiar with another OSI Affiliate Member, OW2, however its impact on open source development and adoption across the EU has been significant.

  • FSFE Newsletter - June 2017

FOSS FUD and Microsoft Entryism

Filed under
Microsoft
OSS

GNU/Linux Prevents Back Doors, Microsoft Patches Some

Filed under
GNU
Linux
Microsoft
Security
Syndicate content

More in Tux Machines

GNU/Linux, Docker Gain in Rented Space

LibreOffice Help From FSF, Mike Saunders

  • New FSF membership benefit: LibreOffice certification
    The Free Software Foundation (FSF) today announced that the opportunity to apply for LibreOffice certification for migrations and trainings is now available to FSF Associate Members. LibreOffice is a free software project of The Document Foundation (TDF), a non-profit based in Germany. An office suite, LibreOffice encompasses word processing, and programs for the creation and editing of spreadsheets, slideshows, databases, diagrams and drawings, and mathematical formulae. It uses the ISO standard OpenDocument file format (ODF).
  • Marketing activities so far in 2017: Mike Saunders
    Thanks to donations to The Document Foundation, along with valued contributions from our community, we maintain a small team working on various aspects of LibreOffice including documentation, user interface design, quality assurance, release engineering and marketing. Together with Italo Vignoli, I help with the latter, and today I’ll summarise some of the achievements so far in 2017.

Debian/Ubuntu: Q4OS, Ubuntu Dock and LXD Weekly Status Update

  • There's Now a Windows 10 Installer for the Debian-Based Q4OS Linux Distribution
    The Q4OS development team is pleased to inform us today about the immediate availability for download of a Windows installer for their Debian-based GNU/Linux distribution, Q4OS, allowing users to create a dual-boot environment on their PCs. For those not familiar to Q4OS, it's an open-source and free Linux distro based on the popular Debian GNU/Linux operating system and built around the Trinity Desktop Environment (TDE), which resembles the look and feel of the old-school KDE 3.5 desktop environment. Created with an emphasis on Windows users who want to migrate to a free, open-source, and more secure operating system, Q4OS now lets them install the distribution alongside Microsoft Windows in an easy manner, without having to do any modifications to your personal computer or install any other apps.
  • Ubuntu Dock Now Has Dynamic Transparency
    Ubuntu devs have listened to our gripe on the jarring contrast between GNOME 3.26's transparent top bar and the Ubuntu Dock.
  • Ubuntu Dock Features Adaptive Transparency on Ubuntu 17.10, Here's How It Works
    Ubuntu contributor Didier Roche continues his development on the look and feel of the upcoming Ubuntu 17.10 (Artful Aardvark) operating system, and today he announced that Ubuntu Dock is getting adaptive transparency. Canonical confirmed that Ubuntu 17.10 would come with the GNOME 3.26 desktop environment by default, though the default session has suffered numerous modifications compared to the vanilla one to make things easier for those using the Unity interface on Ubuntu 17.04 (Zesty Zapus) or Ubuntu 16.04 LTS (Xenial Xerus). Most probably, Ubuntu 16.04 LTS users won't upgrade to Ubuntu 17.10, but we're sure Ubuntu 17.04 users will because it'll reach end of life in about four months from the moment of writing, sometime in January 2018. Therefore, Canonical wants to make their Unity to GNOME transition as painless as possible.
  • LXD: Weekly Status #15
    This week has been pretty quiet as far as upstream changes since half the team was attending the Open Source Summity, the Linux Plumbers Conference and the Linux Security Summit in Los Angeles, California.

Events: KDE/Randa 2017 and Linux Foundation

  • KMyMoney’s Łukasz Wojniłowicz in Randa
    Please read the following guest post from Łukasz who joined me last week in Randa to work on KMyMoney.
  • Randa 2017 – Databases are back to KMyMoney
    On the morning of Day 5 we chased and fixed a problem that was introduced a long time ago but never caused any trouble. The code goes back into the KDE3 version of KMyMoney and was caused by some changes inside Qt5. The fix prevents a crash when saving a transaction which opens an additional dialog to gather more information (e.g. price information). With the help of other devs here in Randa, we were able to drill down the problem and update the code to work on KF5/Qt5 keeping the existing functionality.
  • Randa 2017 – Days 3 and 4
    On Day 3, we started out at 7:02 as usual with the team responsible for breakfast meeting in the kitchen. KMyMoney wise, we worked some more on keyboard navigation and porting to KF5. The dialog to open a database and the logic around it have been rewritten/fixed, so that it is now possible to collect the information from the user and proceed with opening. The database I have on file for testing does not open though due to another problem which I still need to investigate.
  • Watch the Keynote Videos from Open Source Summit in Los Angeles
    If you weren’t able to attend Open Source Summit North America 2017 in Los Angeles, don’t worry! We’ve rounded up the following keynote presentations so you can hear from the experts about the growing impact of open source software.
  • uniprof: Transparent Unikernel for Performance Profiling and Debugging
    Unikernels are small and fast and give Docker a run for its money, while at the same time still giving stronger features of isolation, says Florian Schmidt, a researcher at NEC Europe, who has developed uniprof, a unikernel performance profiler that can also be used for debugging. Schmidt explained more in his presentation at Xen Summit in Budapest in July. Most developers think that unikernels are hard to create and debug. This is not entirely true: Unikernels are a single linked binary that come with a shared address space, which mean you can use gdb. That said, developers do lack tools, such as effective profilers, that would help create and maintain unikernels.