We usually don't see much of the scammy spam and malware. But that one time we went looking for them, we found a campaign where our OpenBSD greylisting setup was 100% effective in stopping the miscreants' messages.
During August 23rd to August 24th 2016, a spam campaign was executed with what appears to have been a ransomware payload. I had not noticed anything particularly unusual about the bsdly.net and friends setup that morning, but then Xavier Mertens' post at isc.sans.edu Voice Message Notifications Deliver Ransomware caught my attention in the tweetstream, and I decided to have a look.
The Federal Bureau of Investigation has found breaches in Illinois and Arizona's voter registration databases and is urging states to increase computer security ahead of the Nov. 8 presidential election, according to a U.S. official familiar with the probe.
The official, speaking on condition of anonymity, said on Monday that investigators were also seeking evidence of whether other states may have been targeted.
The FBI warning in an Aug. 18 flash alert from the agency's Cyber Division did not identify the intruders or the two states targeted.
Reuters obtained a copy of the document after Yahoo News first reported the story Monday.
We've written probably hundreds of stories on just what a dumb idea electronic voting systems are, highlighting how poorly implemented they are, and how easily hacked. And, yet, despite lots of security experts sounding the alarm over and over again, you still get election officials ridiculously declaring that their own systems are somehow hack proof.
And now, along comes the FBI to alert people that it's discovered at least two state election computer systems have been hacked already, and both by foreign entities.
Three Italian researchers have published a paper highlighting a security vulnerability in software-defined networking (SDN) that isn't intrinsic to legacy networks. It's not a showstopper, though, and they propose a solution to protect against it.
"It" is a new attack they call Know Your Enemy (KYE), through which the bad guys could potentially collect information about a network, such as security tool configuration data that could, for example, reveal attack detection thresholds for network security scanning tools. Or the collected information could be more general in nature, such as quality-of-service or network virtualization policies.
When it comes to making the shift to network virtualization (NV) and software-defined networking (SDN), one of the approaches gaining momentum is using virtualization technology to build a secure demilitarized zone (DMZ) in the data center.
Historically, there have been two major drawbacks to deploying firewalls as a secure mechanism inside a data center. The first is the impact a physical hardware appliance has on application performance once another network hop gets introduced. The second is the complexity associated with managing the firewall rules.
NV technologies make it possible to employ virtual firewalls that can be attached to specific applications and segregate them based on risk. This is the concept of building a secure DMZ in the data center. The end result is that the virtual firewall is not only capable of examining every packet associated with a specific application, but keeping track of what specific firewall rules are associated with a particular application becomes much simpler.
I have been debating whether to write this up for a while, but here I am. I have completely ditched SteamOS in favour of Ubuntu Mate.
If you follow me on Twitter, you would have probably known this article was coming due to how frustrating an experience it has been for me.
I was spurred on due to the BoilingSteam website writing about it, and they echo some of my own thoughts and frustrations.
Recently I was sat with my son and wanted to play a point & click adventure game called Putt-Putt with him. SteamOS needed to restart to update, so I did and it just flashed into a black screen. We waited quite a long time to see if anything happened but nothing did. After rebooting, the system was completely broken with another black screen.
Today, August 29, 2016, the maintainers of the Parsix GNU/Linux distribution announced the availability of multiple security updates, along with a new kernel version for the Parsix GNU/Linux 8.10 "Erik" release.