Language Selection

English French German Italian Portuguese Spanish

Login

Enter your Tux Machines username.
Enter the password that accompanies your username.

More in Tux Machines

Today in Techrights

Security: PeopleSoft, DJI, IoT, Amazon, Microsoft, ​Google, Ad Blocking and Codewarz

  • Oracle rushes out 5 patches for huge vulnerabilities in PeopleSoft app server
    Oracle issued a set of urgent security fixes on Tuesday that repair vulnerabilities revealed today by researchers from the managed security provider ERPScan at the DeepSec security conference in Vienna, Austria. The five vulnerabilities include one dubbed "JoltandBleed" by the researchers because of its similarity to the HeartBleed vulnerability discovered in OpenSSL in 2014. JoltandBleed is a serious vulnerability that could expose entire business applications running on PeopleSoft platforms accessible from the public Internet. The products affected include Oracle PeopleSoft Campus Solutions, Human Capital Management, Financial Management, and Supply Chain Management, as well as any other product using the Tuxedo 2 application server. According to recent research by ERPScan, more than 1,000 enterprises have their PeopleSoft systems exposed to the Internet, including a number of universities that use PeopleSoft Campus Solutions to manage student data.
  • Man gets threats—not bug bounty—after finding DJI customer data in public view
    DJI, the Chinese company that manufactures the popular Phantom brand of consumer quadcopter drones, was informed in September that developers had left the private keys for both the "wildcard" certificate for all the company's Web domains and the keys to cloud storage accounts on Amazon Web Services exposed publicly in code posted to GitHub. Using the data, researcher Kevin Finisterre was able to access flight log data and images uploaded by DJI customers, including photos of government IDs, drivers licenses, and passports. Some of the data included flight logs from accounts associated with government and military domains.
  • New Study Finds Poorly Secured Smart Toys Lets Attackers Listen In On Your Kids
    We've long noted how the painful lack of security and privacy standards in the internet of (broken) things is also very well-represented in the world of connected toys. Like IOT vendors, toymakers were so eager to make money, they left even basic privacy and security standards stranded in the rear view mirror as they rush to connect everything to the internet. As a result, we've seen repeated instances where your kids' conversations and interests are being hoovered up without consent, with the data frequently left unencrypted and openly accessible in the cloud. With Luddites everywhere failing to realize that modern Barbie needs a better firewall, this is increasingly becoming a bigger problem. The latest case in point: new research by Which? and the German consumer group Stiftung Warentest found yet more flaws in Bluetooth and wifi-enabled toys that allow a total stranger to listen in on or chat up your toddler:
  • Amazon Key flaw makes entering your home undetected a possibility
  • How to fix a program without the source code? Patch the binary directly
  • ​Google Home and Amazon Echo hit by big bad Bluetooth flaws
  • Senator urges ad blocking by feds as possible remedy to malvertising scourge
    A US Senator trying to eradicate the Internet scourge known as malvertising is proposing that all federal agencies block ads delivered to worker computers unless advertisers can ensure their networks are free of content that contains malicious code. In a letter sent today, Oregon Senator Ron Wyden asked White House Cybersecurity Coordinator Rob Joyce to begin discussions with advertising industry officials to ensure ads displayed on websites can't be used to infect US government computers. If, after 180 days, Joyce isn't "completely confident" the industry has curbed the problem, Wyden asked that Joyce direct the US Department of Homeland Security to issue a directive "requiring federal agencies to block the delivery to employees' computers of all Internet ads containing executable code." "Malware is increasingly delivered through code embedded in seemingly innocuous advertisements online," Wyden wrote. "Individuals do not even need to click on ads to get infected: this malicious software, including ransomware, is delivered without any interaction by the user."
  • Weekend code warriors prepare to clash in Codewarz
    If you didn't have any weekend plans yet—or maybe even if you did—and you're interested in scratching your programming itch, there's something to add to your calendar. Codewarz, a programming competition that presents participants with 24 coding challenges, is running its first live event starting at 1pm Eastern on November 18 and ending at 9pm on November 20. This is not a hacking competition—it’s strictly coding. Participants can use their language of choice as long as it's one of the 15 supported by the event: the various flavors of C, Python, Node.js, Scala, PHP, Go, Ruby, and even BASH. (Sorry, no one has asked them to support ADA or Eiffel yet.) There's no compiling required, either. Each submitted solution is run in an interpreted sandbox on a Linux machine for evaluation and scoring. And the challenges run the gamut from beginner (things like text parsing, math and basic networking) to advanced (more advanced parsing and math, hashing, cryptography, and forensics challenges).

KVM & Xen Don't Change Much With Linux 4.15

There are a ton of exciting improvements building up in Linux 4.15, but not too much on the virtualization front. The Kernel-based Virtual Machine (KVM) work this time around isn't too exciting with no big ticket items debuting for Linux 4.15. KVM for this next kernel release finally has Python 3 support within the Python script that collects runtime statistics from the KVM kernel module. Most of the other work is relatively small additions and fixes. There is some optimizations to ARM's timer handling, PowerPC support for running in a hashed page table MMU mode and single-threaded mode support on POWER9, s390 prep work for exitless interrupts and crypto, and on the x86 front are some fixes, improved emulation in a few areas, and other small work. Read more

Software: Wpm, Wanna, Atelier, Narabu

  • Wpm – Measure Your Typing Speed From Terminal
    How is your weekend going, folks? Today, I’d like to share a command line utility that makes your weekend useful. Say hello to Wpm, a command line utility to test and improve your typing speed. Using Wpm, you can check and measure your typing speed from Terminal in words per minute. You may already be using any GUI-based utilities for this purpose. However, Wpm has many features that any GUI based typing speed tester utilities have.
  • Wanna – A Modern Eye Candy To-Do List App
    Today, we introduce to you a new project that is described in its GitHub page as an implementation of a 21st-century to-do list app. And who will beg to differ when the app is so spectacular it comes along with its own workflow and well-stated philosophy. Wanna is a modern cross-platform and open-source Electron-based To-Do list application with a focus on time management.
  • Monitoring 3DPrinters with Atelier
    One of the features that were asked a lot of times on our Telegram groups was the ability to monitor the 3DPrinter via a stream feed. Since we released the beta version of the AtCore couple weeks ago, we are trying now to get more work done with Atelier. In our project, Atelier is the interface running above AtCore. So it has a lot of more features than the AtCore TestClient has.
  • Introducing Narabu, part 6: Performance
    Narabu is a new intraframe video codec. You probably want to read part 1, part 2, part 3, part 4 and part 5 first. Like I wrote in part 5, there basically isn't a big splashy ending where everything is resolved here; you're basically getting some graphs with some open questions and some interesting observations.