Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • A vigilante hacker may have built a computer worm to protect smart devices

    The worm, known as Hajime, has infected tens of thousands of easy-to-hack products such as DVRs, internet cameras, and routers. However, the program so far hasn’t done anything malicious.

    Instead, the worm has been preventing a notorious malware known as Mirai from infecting the same devices. It’s also been carrying a message written from its developer.

  • vuln disclosure and risk equilibrium
  • How to Look at Mission-Critical Safety in the Internet of Cars

    The autonomous car will redefine how we travel, ship inventory, and design infrastructure. As physical objects become more deeply integrated into the Internet of Things, the connected car will soon become an essential component of the IoT ecosystem.

    An important element as we look towards actually implementing the autonomous car is understanding how mission-critical safety software and the Internet of Cars will operate within the car ecosystem. This is a blog that tries to explain what is happening currently; the importance of creating a security-first approach with open source software; and how we at EPAM are approach and solving some of the common problems.

  • Google tells users with borked WiFi to stop using Windows 10
  • Tanium exposed hospital’s IT while using its network in sales demos

    Starting in 2012, Tanium apparently had a secret weapon to help it compete with the wave of newcomers, which the company's executives used in sales demonstrations: a live customer network they could tap into for product demonstrations. There was just one problem: the customer didn't know that Tanium was using its network. And since the customer was a hospital, the Tanium demos—which numbered in the hundreds between 2012 and 2015, according to a Wall Street Journal report—exposed live, sensitive information about the hospital's IT systems. Until recently, some of that data was shown in publicly posted videos.

  • Tanium CEO Apologizes for Being 'Hard-Edged' After Executive Exodus

    Cybersecurity startup used hospital's computer network for sales pitches without permission

More in Tux Machines

today's leftovers

  • ‘Crush Them’: An Oral History of the Lawsuit That Upended Silicon Valley

    The then-23-year-old giant, which ruled the personal computer market with a despotic zeal, stood accused of using monopoly power to bully collaborators and squelch competitors. Its most famous victim was Netscape, the pioneering web browser, but everyone from Apple to American Airlines felt threatened by late-’90s Microsoft. The company was big enough to be crowned America’s most valuable firm, bold enough to compare attacks on its domain to Pearl Harbor, and, eventually, bad enough to be portrayed as a (semifictionalized) cadre of hypercapitalist murderers in a major motion picture. The “don’t be evil” optics that colored the rise of today’s tech giants (and have recently lost their efficacy) were a direct response to Microsoft’s tyrannical rule.

  • Michał Górny: Empty directories, *into, dodir, keepdir and tmpfiles.d
  • FRAMED Collection, a noir-styled spy adventure where you rearrange comic tiles is now out
    It's actually a compilation of FRAMED and FRAMED 2, games that have been widely praised and previously only available on mobile platforms. It has you moving around slices of an animated comic book, to put the noir-styled spy adventure story together. It actually sounds hilarious, as it's not a basic "this one has to go here" type of game, as it changes what happens based on where you put the tiles creating some amusing sounding failures:
  • Paradox’s grand strategy titles will be getting more content soon
    At their annual convention, Paradox Interactive have announced new expansions for their current grand strategy titles. There’s a little bit of everything for fans of these games.
  • Why OpenShift Is The New OpenStack For Red Hat
  • Help the Debian kernel team to help you
    I gave the first talk this morning at Mini-DebConf Hamburg, titled "Help the kernel team to help you". I briefly described several ways that Debian users and developers can make it easier (or harder) for us to deal with their requests. The slides are up in on my talks page, and video should be available soon.
  • UbuCon Europe 2018: Analysing a dream [English|Spanish]
    The idea of organising the Ubucon in Xixon, Asturies was set two years ago, while participating in the European Ubucon in Essen (germany). The Paris Ubucon took place and in those days we uderstood that there was a group enough of people with the capacities and the will to hold an European Congress for Ubuntu lovers. We had learnt a lot from German and French colleagues thanks to their respective amazing organizations and, at the same time, our handicap was the lack of s consolidated group in Spain.
  • 19-year-old Developer at the Forefront of TRON (TRX) Opensource Wallet DApp
  • 19-years-old German developer Spearheads TRON (TRX) Opensource Wallet DApp
    No doubt that Tron community is preparing for mainnet launch, with different ideas coming in from all roads. As part of its readiness, Tron has unveiled its Opensource Wallet DApp developed by 19-year old German developer, Marius Gill, who has been programming since 13 years old. The DApp is an outcome of Project Genesis, which was launched in March 2018 purposely to encourage TRON’s community engagement in bringing in new things into Tron ecosystem. The project provides a bonus pool of 2 billion dollars for active members around the world have lent their hands in implementing ideas for the community.
  • Collabora and GStreamer spring in Sweden
    Earlier this month, a few of us from Collabora, Olivier Crête, Nicolas Dufresne, George Kiagiadakis and I attended the GStreamer Spring Hackfest in Lund, Sweden. Hosted by Axis Communications (who uses GStreamer in their surveillance cameras for many years now), it was a great opportunity for the GStreamer community to touch base and work on open bugs and pet projects. [...] As for myself, I mainly worked on (or rather started to work on) split-field interlacing support in GStreamer, adding relevant formats and modes in the GStreamer video library. In addition, as a Meson developer (Nirbheek Chauhan) was present, I took the opportunity to discuss with him the last bit of porting build system of Geoclue to Meson, a side project I've been working on. It helped me get it done faster but also helped Nirbheek find some issues in Meson and fix them! All in all, my first GStreamer hackfest was an awesome experience (even though I was not feeling well). It was also very nice to hangout and socialize with old and new friends in the GStreamer community after a long time. Many thanks again to Axis for hosting us in their offices! See you at the GStreamer Conference this fall!
  • Reality Redrawn Opens At The Tech
    The Tech Museum of Innovation in San Jose was filled on Thursday with visitors experiencing new takes on the issue of fake news by artists using mixed reality, card games and even scratch and sniff cards. These installations were the results of Mozilla’ Reality Redrawn challenge. We launched the competition last December to make the power of misinformation and its potential impacts visible and visceral. Winners were announced in February.
  • Tangerine UI problems
    I've been a big fan of Tangerine for a while, it's a bank that doesn't charge fees and does what I need to do. They used to have a great app and website and then it all went a bit wrong. It's now a HTML app for Desktop and mobile. This isn't the fault of the tools used, but there's some terrible choices in the app across both. [...] The overall feel of the app is that its full of spinners, far too cluttered and just to confusing. Hey not everything I've built is perfect, but even I can spot some real problems with this app. I pretty sure Tangerine can do better than this. And yes, I'm writing this while drinking a beer I recently bought, as shown on my transaction page.
  • Majority of software plagued by vulnerabilities as open source adoption soars [Ed: More of Black Duck's FUD]
  • SiFive Releases 'Expansion Board' to Build Interest in RISC-V Processor
  • FreeBSD 11.2 Beta 2 Available For Testing, Brings PTI Optimization
    The second beta release of FreeBSD 11.2 is now available for weekend testing. FreeBSD 11.2-BETA2 is now available with a variety of bug fixes, a fix to restore boot support for the Banana Pi ARM board, a context switch optimization for page table isolation (PTI), DTrace improvements, various build fixes, and a range of other system fixes.
  • Sony Is Working On AMD Ryzen LLVM Compiler Improvements - Possibly For The PlayStation 5
    One of Sony's compiler experts has taken to working on some tuning for the AMD Ryzen "znver1" microarchitecture support within the LLVM compiler stack. This begs the question why Sony is working on Ryzen improvements if not for a future product.
  • Popular YouTuber Says Apple Won't Fix His iMac Pro Damaged While Disassembled

    The damage resulted when they dropped the display while attempting to reattach it to the aluminum chassis. Towards the end of the video, Sebastian also says the iMac Pro requires a new logic board and power supply unit, suggesting there may have been a short circuit that caused damage to internal components as well.

  • Most dangerous new cyber security threats [iophk: "Windows TCO, yet neither Microsoft nor Windows get a mention"]

Steam Controller Kernel Driver Is Landing In The Linux 4.18 Kernel

The Linux 4.18 kernel will feature the initial Steam Controller kernel driver that works without having to use the Steam client or using third-party user-space applications like the SC-Controller application. A few months back we reported on a kernel driver being worked on for the Steam Controller by an independent user/developer outside of the gates of Valve. In part through reverse-engineering, Rodrigo Rivas Costa has been working on this native Steam Controller Linux kernel driver that works for both USB cable and wireless modes of the Steam Controller and is a proper HID driver. Read more

Video of AsteroidOS

KDevelop 5.2.2 and 5.2.3 released

KDevelop 5.2.2 and 5.2.3 released We today provide a stabilization and bugfix release with version 5.2.2 and 5.2.3. 5.2.2 was tagged 6 weeks ago, but we never managed to release it because we did not have the patience to fix the Windows installers in time due to a broken CI. Windows installers are provided for 5.2.3 again. We'll only provide source tarballs for 5.2.2 and we encourage everyone to just skip this release and use 5.2.3 which contains a few more bug fixes. This is a bugfix-only release, which introduces no new features and as such is a safe and recommended update for everyone currently using KDevelop 5.2.1. Read more Also: This week in Usability & Productivity, part 19