Language Selection

English French German Italian Portuguese Spanish

July 2018

Security: LTE, Ticketmaster, Equifax and the "51% Attack"

Filed under
Security
  • LTE wireless connections used by billions aren’t as secure as we thought

    The attacks work because of weaknesses built into the LTE standard itself. The most crucial weakness is a form of encryption that doesn’t protect the integrity of the data. The lack of data authentication makes it possible for an attacker to surreptitiously manipulate the IP addresses within an encrypted packet. Dubbed aLTEr, the researchers’ attack causes mobile devices to use a malicious domain name system server that, in turn, redirects the user to a malicious server masquerading as Hotmail. The other two weaknesses involve the way LTE maps users across a cellular network and leaks sensitive information about the data passing between base stations and end users.

  • LTE (4G) Flaw Allows Attackers To Redirect Browsers And Spy On You

    The Long Term Evolution (LTE) standard for mobile communication, also known as 4G was designed to overcome security flaws of its predecessor standards and is used by millions of people across the globe.

    However, researchers have now uncovered weaknesses in LTE that allows attackers to hijack browsing session which redirects users to malicious websites and spy on their online activity to find out which sites they visit through their LTE device.

  • UK researcher says one line of code caused Ticketmaster breach

    Well-known British security researcher Kevin Beaumont says the breach of the British operations of American multinational ticket sales and distribution company Ticketmaster, that has led to the possible leak of tens of thousands of credit card details, was caused by the incorrect placement of a single line of code.

    As iTWire reported, Ticketmaster UK blamed third-party supplier Inbenta Technologies for the incident. Inbenta, in turn, said that the breach had been caused by Ticketmaster directly applying a customised piece of JavaScript without notifying its (Inbenta's) team.

  • Plant Your Flag, Mark Your Territory

    Some examples of how being a modern-day Luddite can backfire are well-documented, such as when scammers create online accounts in someone’s name at the Internal Revenue Service, the U.S. Postal Service or the Social Security Administration.

    Other examples may be far less obvious. Consider the case of a consumer who receives their home telephone service as part of a bundle through their broadband Internet service provider (ISP). Failing to set up a corresponding online account to manage one’s telecommunications services can provide a powerful gateway for fraudsters.

  • Former Equifax Manager Allegedly Took Advantage of Data Breach Crisis with Insider Trading Scheme

    Federal prosecutors and the Securities and Exchange Commission (SEC) announced charges Thursday against a former software development manager who allegedly took advantage of the chaos in order to run an insider trading scheme. The defendant is Sudhakar Reddy Bonthu, 44.

  • Former Equifax manager is charged with insider trading for selling shares before data breach was disclosed

    Sudhakar Reddy Bonthu allegedly made more than US$75,000 after betting that his company’s shares would fall when the breach was revealed

  • Cryptocurrencies Have Limits

    The Economic Limits Of Bitcoin And The Blockchain by Eric Budish is an important analysis of the economics of two kinds of "51% attack" on Bitcoin and other cryptocurrencies, such as those becoming endemic on Bitcoin Gold and other alt-coins:

Cinnamon Icing ... task manager - Ice Ice Desktop

Filed under
GNU
Linux

I like Icing, and I am happy to have discovered it. I believe Linux Mint - and Cinnamon - does not advertise its extensible nature well enough, or the many goodies available, be they desklets, applets, or widgets. They can help enhance the desktop experience, and some of these, like Icing, should even be considered as default options for future editions of the distribution. Just sayin'.

All in all, the icons-only Icing task manager is a refreshing addition to the Cinnamon desktop. It's got lots of options and settings, it's quite pretty, and you lose none of the power features that you previously had. On the contrary, you gain even more granular control over the context menu and thumbnails, and you can customize per-workspace settings. Very cool. In fact, icy cool. Do check it. And for those asking, Mint 19 Tara review coming soon. Dedoimedo out.

Read more

12 Things to do After Installing Linux Mint 19

Filed under
Linux

Here are some recommended things to do after install Linux Mint 19 afresh for a smoother and efficient experience. A must read for Linux Mint 19 beginners.
Read more

12 Things to do After Installing Linux Mint 19

Filed under
Linux

Here are some recommended things to do after install Linux Mint 19 afresh for a smoother and efficient experience. A must read for Linux Mint 19 beginners.
Read more

Raspbian Linux OS for Raspberry Pi Gets New First-Boot Configuration Wizard

Filed under
GNU
Linux
Debian

Raspberry Pi Foundation’s Raspbian Linux operating system for Raspberry Pi computers received a new stable version with various new features and many improvements.

Coming more than two months after the previous update released on April 18, the Raspbian 2018-06-27 update is now available for Raspberry Pi users to introduce a few enhancements and fix many bugs. The most prominent new feature of this release is the implementation of a new configuration wizard that will be displayed after the first boot.

Read more

Deep Learning with Open Source Python Software

Filed under
Development

Let’s clear up one potential source of confusion at the outset. What’s the difference between Machine Learning and Deep Learning? The two terms mean different things.

In essence, Machine Learning is the practice of using algorithms to parse data, learn insights from that data, and then make a determination or prediction. The machine is ‘trained’ using huge amounts of data.

Deep Learning is a subset of Machine Learning that uses multi-layers artificial neural networks to deliver state-of-the-art accuracy in tasks such as object detection, speech recognition, language translation and others. Think of Machine Learning as cutting-edge, and Deep Learning as the cutting-edge of the cutting-edge.

Read more

Mathieu Bridon's, Paul Wise's, and Chris Lamb's Activities; Report on the Debian Bug Squashing Part

Filed under
Red Hat
Debian

Chinese GNU/Linux Distributions: Ubuntu Kylin 18.04 and deepin 15.6

Filed under
GNU
Linux
  • An Overview of UKUI Desktop Environment on Ubuntu Kylin 18.04

    UKUI is a new desktop environment for GNU/Linux operating system. It's best known to be the user interface of Ubuntu Kylin, one of official Ubuntu Flavors, hence we can guess the name stands for Ubuntu Kylin User Interface (hence I still didn't find any source about it). Along with it, of course, Ubuntu Kylin 18.04 LTS has been released last April with the latest UKUI. This short overview introduce both the UKUI and the Ubuntu Kylin 18.04 in brief about how they look and what they bring. Enjoy!

  • deepin 15.6 GNU/Linux Download Links, Mirrors, and Torrents

    deepin 15.6 GNU/Linux operating system has been released on Friday, 15 June 2018 with many new things and improvements. It's the continuation of the previous 15.5 released at 30 November 2017 as a part of version 15 the series since 2015. It's available only for 64 bit architecture. Here's the official download link, torrent, and some mirrors from USA, Taiwan, German, and Indonesia. I included the SHA256SUM hash here so you can immediately compare your ISO check result.

nChain’s Key Generating Software Is Not Open Source

Filed under
OSS

nChain, the Jimmy Nguyen and Craig Wright blockchain scaling company that focuses entirely on Bitcoin Cash, is not open source. This, despite creating key generating software that is crucial for security.

nChain’s SDK, dubbed “Nakasendo” has a Github repository that is completely devoid of source code. There is a file that says “source code” but inside curious users will only find the same license and readme file available separately on the Nakasendo repository.

While it is not unusual for developers to open a near empty repository in order to act as a holding page for when the real work begins, it is the license already included that disqualifies nChain from being open source.

Read more

Also: GitHub Developers Are Giving Microsoft a Chance [Ed: Which ones? The one Conde Nast spoke to for this Microsoft puff piece? Many delete GitHub already.]

More in Tux Machines

Malicious Proprietary Software From Microsoft and Google

  • Microsoft rolls out a new update for Surface Duo SDK Preview

    The new update is available for Mac, Windows and Ubuntu....

  • Microsoft Brings Its Windows 10 Antivirus Arsenal to Linux [Ed: Wow. Softpedia's "LINUX" section (Popa) is now an arm of Microsoft proprietary software marketing. Sure missing Marius Nester there. Whose arsenal is this? NSA's?]
  • Microsoft: Linux Defender antivirus now in public preview, iOS and Android are next [Ed: Of course Microsoft's sponsored propaganda network also promotes Microsoft proprietary software in the “LINUX” section. It does this all the time. The site has also just put "GitHub: We won't take down any of your content unless we really have to" under the "LINUX" section because proprietary software (GitHub) is somehow "LINUX"?!]
  • Chrome deploys deep-linking tech in latest browser build despite privacy concerns

    Google has implemented a browser capability in Chrome called ScrollToTextFragment that enables deep links to web documents, but it has done so despite unresolved privacy concerns and lack of support from other browser makers. Via Twitter on Tuesday, Peter Snyder, privacy researcher at privacy-focused browser maker Brave Software, observed that ScrollToTextFragment shipped earlier this month in Chrome 80 unflagged, meaning it's active, despite privacy issues that have been raised. "Imposing privacy and security leaks to existing sites (many of which will never be updated) REALLY should be a 'don't break the web,' never-cross redline," he wrote. "This spec does that." The debate over the feature percolated last year on mailing lists and in GitHub issues posts and picked up in October when the team working on Chrome's Blink engine declared their intent to implement the specification. The feature rollout serves to illustrate that the consensus-based web standards process doesn't do much to constrain the technology Google deploys.

  •      
  • New Mexico Sues Google Over Collection of Children's Data
           
             

    New Mexico’s attorney general sued Google Thursday over allegations the tech company is illegally collecting personal data generated by children in violation of federal and state laws.

Security: Debian LTS Work, Various Patches, Honeypots/Honeynets and FUD (Marketing)

  • Freexian’s report about Debian Long Term Support, January 2020

    January started calm until at the end of the month some LTS contributors met, some for the first time ever, at the Mini-DebCamp preceeding FOSDEM in Brussels. While there were no formal events about LTS at both events, such face2face meetings have proven to be very useful for future collaborations! We currently have 59 LTS sponsors sponsoring 219h each month. Still, as always we are welcoming new LTS sponsors!

  • Security updates for Friday

    Security updates have been issued by CentOS (openjpeg2), Debian (cloud-init, jackson-databind, and python-reportlab), Red Hat (ksh, python-pillow, systemd, and thunderbird), Slackware (proftpd), SUSE (java-1_7_0-ibm, nodejs10, and nodejs12), and Ubuntu (ppp and squid, squid3). 

  • Honeypots and Honeynets
  • Up close and personal with Linux malware [Ed: ESET trying to sell its useless proprietary software for a platform that does not need it]

    Chances are that the very word ‘Linux’ conjures up images of near-impenetrable security. However, Linux-based computer systems and applications running on them increasingly end up in the crosshairs of bad actors, and recent years have seen discoveries of a number of malicious campaigns that hit Linux systems, including botnets that were made up of thousands of Linux servers. These mounting threats have challenged the conventional thinking that Linux is more or less spared the problems that affect other operating systems, particularly Windows.

Events: ONES, SUSECON and FOSDEM

  • Linux Foundation, LF Networking, and LF Edge Announce Keynote Speakers for Open Networking & Edge Summit North America 2020

    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, along with co-hosts LF Networking, the umbrella organization fostering collaboration and innovation across the entire open networking stack, and LF Edge, the umbrella organization building an open source framework for the edge, today announced initial keynote speakers for Open Networking & Edge Summit (ONES) North America 2020. The event takes place April 20-21 in Los Angeles, California. Open Networking & Edge Summit (formerly Open Networking Summit) is the industry’s premier open networking event now expanded to comprehensively cover Edge Computing, Edge Cloud and IoT. The event enables collaborative development and innovation across enterprises, service providers/telcos and cloud providers to shape the future of networking and edge computing with a deep focus on technical, architectural and business discussions in the areas of Open Networking & AI/ML-enabled use cases for 5G, IoT, Edge and Enterprise deployment, as well as targeted discussions on Edge/IoT frameworks and blueprints across Manufacturing, Retail, Oil and Gas, Transportation and Telco Edge cloud, among other key areas.

  • SUSE welcomes Dublin City University students at SUSECON 2020

    DCU relies on SUSE to support their IT infrastructure. DCU also utilize our academic program for teaching and training Open Source technologies in the classroom, so when the idea came to invite a university to SUSECON, they were a perfect fit. Nearly 50 master’s students and a handful of teaching staff from the Faculty of Engineering and Computing are looking forward to attending this year’s SUSECON. MSc and M.Eng students from the School of Computing and the School of Electronic Engineering will be in attendance throughout the week. The event will provide numerous opportunities for the students to learn from and engage with industry experts from companies like SUSE, Microsoft and SAP.

  • Follow-up on the train journey to FOSDEM

    Here’s a recap of my train journey based on the Twitter thread I kept posting as I travelled.

Videos/Audiocasts/Shows: Clear Linux, Canonical's Ubuntu Desktop Team, MX Linux 19.1

  • Clear Linux | The Fastest Linux Distro?

    Clear Linux | The Fastest Linux Distro? Let's do a deep dive into Clear Linux and go through the installation, configuration, and overall setup for it on your System.

  • Brunch with Brent: Heather Ellsworth | Jupiter Extras 57

    Brent sits down with Heather Ellsworth, Software Engineer on Canonical's Ubuntu Desktop Team, a GNOME Foundation Member, and former Purism Librem 5 Documentation Engineer. We discuss her deep history in experimental high energy physics at CERN, the similarities and synergies between the sciences and software engineering, her love of documentation, her newly established maintainership of LibreOffice, and how empathy factors into good bug reporting.

  • MX Linux 19.1 overview | simple configuration, high stability, solid performance

    In this video, I am going to show an overview of MX Linux 19.1 and some of the applications pre-installed.