Language Selection

English French German Italian Portuguese Spanish

Login

Enter your Tux Machines username.
Enter the password that accompanies your username.

More in Tux Machines

Security Leftovers

  • Security updates for Wednesday [LWN.net]

    Security updates have been issued by Debian (blueman), Fedora (nodejs), Gentoo (firefox), openSUSE (kleopatra), Oracle (java-1.8.0-openjdk), SUSE (apache2, binutils, firefox, pacemaker, sane-backends, spice, spice-gtk, tomcat, virt-bootstrap, xen, and zeromq), and Ubuntu (ca-certificates, mariadb-10.1, mariadb-10.3, netty, openjdk-8, openjdk-lts, perl, and tomcat6).

  • Italian energy giant Enel hit by Windows NetWalker ransomware

    The Italian multinational energy giant Enel Group appears to have been hit by cyber criminals using the Windows NetWalker ransomware, and some screenshots of data stolen from the company has been posted on the dark web.

  • What would you risk for free Honey? | Almost Secure

    Honey is a popular browser extension built by the PayPal subsidiary Honey Science LLC. It promises nothing less than preventing you from wasting money on your online purchases. Whenever possible, it will automatically apply promo codes to your shopping cart, thus saving your money without you lifting a finger. And it even runs a reward program that will give you some money back! Sounds great, what’s the catch? With such offers, the price you pay is usually your privacy. With Honey, it’s also security. The browser extension is highly reliant on instructions it receives from its server. I found at least four ways for this server to run arbitrary code on any website you visit. So the extension can mutate into spyware or malware at any time, for all users or only for a subset of them – without leaving any traces of the attack like a malicious extension release. [...] In the end, I found that the Honey browser extension gives its server very far reaching privileges, but I did not find any evidence of these privileges being misused. So is it all fine and nothing to worry about? Unfortunately, it’s not that easy. While the browser extension’s codebase is massive and I certainly didn’t see all of it, it’s possible to make definitive statements about the extension’s behavior. Unfortunately, the same isn’t true for a web server that one can only observe from outside. The fact that I only saw non-malicious responses doesn’t mean that it will stay the same way in future or that other people will make the same experience. In fact, if the server were to invade users’ privacy or do something outright malicious, it would likely try to avoid detection. One common way is to only do it for accounts that accumulated a certain amount of history. As security researchers like me usually use fairly new accounts, they won’t notice anything. Also, the server might decide to limit such functionality to countries where litigation is less likely. So somebody like me living in Europe with its strict privacy laws won’t see anything, whereas US citizens would have all of their data extracted. But let’s say that we really trust Honey Science LLC given its great track record. We even trust PayPal who happened to acquire Honey this year. Maybe they really only want to do the right thing, by any means possible. Even then there are still at least two scenarios for you to worry about. The Honey server infrastructure makes an extremely lucrative target for hackers. Whoever manages to gain control of it will gain control of the browsing experience for all Honey users. They will be able to extract valuable data like credit card numbers, impersonate users (e.g. to commit ad fraud), take over users’ accounts (e.g. to demand ransom) and more. Now think again how much you trust Honey to keep hackers out. But even if Honey had perfect security, they are also a US-based company. And that means that at any time a three letter agency can ask them for access, and they will have to grant it. That agency might be interested in a particular user, and Honey provides the perfect infrastructure for a targeted attack. Or the agency might want data from all users, something that they are also known to do occasionally. Honey can deliver that as well.

Android Leftovers

Latest Issue of Linux Magazine (Behind Paywall)

Games: How to Build a New PC for GNU/Linux and New Titles

  • How to Build a New PC For Linux - Make Tech Easier

    Often times you will receive a recommendation that you should install Linux on an older PC. The thing is, Linux works extremely well on a new custom built PC, too. There are many users that are looking for a brand new Linux PC for home office use, workstation use, or other specialized uses. Here we walk you through how to build a new PC for Linux.

  • Build and connect more subway systems in a free Mini Metro content update | GamingOnLinux

    Mini Metro, the wonderful subway train-track building sort-of puzzle game just recently had a nice free content upgrade with more on the way. It's something of a masterpiece, and very highly rated so it's awesome to see it expand. Across multiple maps you gradually build up and design a transport network that rapidly expands, the point is to get people across to the correct station as quickly as possible. It's a hard game to pin down to a particular genre too. Is it a puzzle game? Is it a strategy game? Well, both sort-of and it's also both relaxing and often a little stressful too but it's brilliant and many things more.

  • Dying Light has a Left 4 Dead 2 crossover event and a free DLC | GamingOnLinux

    Love kicking ass and destroying Zombies? Check out the latest update to the excellent open-world parkour action in Dying Light with a new Left 4 Dead crossover event. The special experience is live now until October 29 18:00, which will see you battle the Viral Rush event which is meant to emulate the hordes that appear in Left 4 Dead. To make it a bit more interesting and unique Techland added in a "new type of shotgun ammo that gives the infected a taste of fire and brimstone". If you don't like it, you can turn off the special events like this in the menu.

  • The Zone: Stalker Stories to offer a unique blend of exploration and deck-building | GamingOnLinux

    A thoroughly curious blend of genres this one with The Zone: Stalker Stories offering up exploration, deckbuilding, card battles and RPG elements. On top of that, you're also getting treated to a visual novel styled story that's being carefully crafted by industry veterans from Illuminated Games who worked on the likes of Mount&Blade, The Next World and more. Inspired by the likes of Slay the Spire, S.T.A.L.K.E.R and Darkest Dungeon it's not going to be a roguelike, instead their plan is to offer a richly detailed story experience with hand-crafted environments with plenty to explore and secrets to find.