Language Selection

English French German Italian Portuguese Spanish

Security News, Notably Microsoft/NSA Catastrophe

Filed under
Microsoft
Security
  • Major cyber attack hits companies, hospitals, schools worldwide

    Private security firms identified the ransomware as a new variant of "WannaCry" that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.

  • Massive cyberattack hits several hospitals across England
  • Rejection Letter

    We start with a shadowy US government agency, the NSA, systematically analyzing the software of the biggest American computer companies in search of vulnerabilities. So far, so plausible: this is one of the jobs of an intelligence and counter-espionage agency focussed on information technology. However, instead of helping Microsoft fix them, we are supposed to believe that the NSA hoard their knowledge of weaknesses in Microsoft Windows, a vitally important piece of their own nation's infrastructure, in case they'll come in handy againt some hypothetical future enemy. (I'm sorry, but this just won't wash; surely the good guys would prioritize protecting their own corporate infrastructure? But this is just the first of the many logical inconsistencies which riddle the back story and plot of "Zero Day".)

  • Microsoft issues ‘highly unusual’ Windows XP patch to prevent massive ransomware attack
  • Is it prudent to ask if Britain’s nuke subs, which also run Windows XP, have also been hit by ransomware?

    Let’s reword this to drive the point home. How likely is it that the United States NSA, through its persistent interest in keeping us unsafe, has managed to hand control of Britain’s nuclear weapons platforms to unknown ransomware authors, perhaps in Russia or Uzbekistan?

  • Current wave of ransomware not written by ordinary criminals, but by the NSA

    The lesson here is that the NSA’s mission, keeping a country safe, is in direct conflict with its methods of collecting a catalog of vulnerabilities in critical systems and constructing weapons to use against those systems, weapons that will always leak, instead of fixing the discovered weaknesses and vulnerabilities that make us unsafe.

  • Wana Decrypt0r Ransomware Outbreak Temporarily Stopped By "Accidental Hero"

    A security researcher that goes online by the nickname of MalwareTech is the hero of the day, albeit an accidental one, after having saved countless of computers worldwide from a virulent form of ransomware called Wana Decrypt0r (also referenced as WCry, WannaCry, WannaCrypt, and WanaCrypt0r).

  • DDOS attacks in Q1 2017

    In Q1 2017, the geography of DDoS attacks narrowed to 72 countries, with China accounting for 55.11% (21.9 p.p. less than the previous quarter). South Korea (22.41% vs. 7.04% in Q4 2016) and the US (11.37% vs. 7.30%) were second and third respectively.

    The Top 10 most targeted countries accounted for 95.5% of all attacks. The UK (0.8%) appeared in the ranking, replacing Japan. Vietnam (0.8%, + 0.2 p.p.) moved up from seventh to sixth, while Canada (0.7%) dropped to eighth.

  • Applied Physical Attacks and Hardware Pentesting

    This week, I had the opportunity to take Joe Fitzpatrick’s class “Applied Physical Attacks and Hardware Pentesting”. This was a preview of the course he’s offering at Black Hat this summer, and so it was in a bit of an unpolished state, but I actually enjoyed the fact that it was that way. I’ve taken a class with Joe before, back when he and Stephen Ridley of Xipiter taught “Software Exploitation via Hardware Exploitation”, and I’ve watched a number of his talks at various conferences, so I had high expectations of the course, and he didn’t disappoint.

  • SambaXP 2017: John Hixson’s Reflection

    The next talk was given by Jeremy Allison on the recent symlink CVE. Jeremy explained how it was discovered and the measures that were taken to fix it.

More in Tux Machines

OSS Leftovers

  • Sunjun partners with Collabora to offer LibreOffice in the Cloud
  • Tackling the most important issue in a DevOps transformation
    You've been appointed the DevOps champion in your organisation: congratulations. So, what's the most important issue that you need to address?
  • PSBJ Innovator of the Year: Hacking cells at the Allen Institute
  • SUNY math professor makes the case for free and open educational resources
    The open educational resources (OER) movement has been gaining momentum over the past few years, as educators—from kindergarten classes to graduate schools—turn to free and open source educational content to counter the high cost of textbooks. Over the past year, the pace has accelerated. In 2017, OERs were a featured topic at the high-profile SXSW EDU Conference and Festival. Also last year, New York State generated a lot of excitement when it made an $8 million investment in developing OERs, with the goal of lowering the costs of college education in the state. David Usinski, a math and computer science professor and assistant chair of developmental education at the State University of New York's Erie Community College, is an advocate of OER content in the classroom. Before he joined SUNY Erie's staff in 2007, he spent a few years working for the Erie County public school system as a technology staff developer, training teachers how to infuse technology into the classroom.

Mozilla: Wireless Innovation for a Networked Society, New AirMozilla Audience Demo, Firefox Telemetry

  • Net Neutrality, NSF and Mozilla's WINS Challenge Winners, openSUSE Updates and More
    The National Science Foundation and Mozilla recently announced the first round of winners from their Wireless Innovation for a Networked Society (WINS) challenges—$2 million in prizes for "big ideas to connect the unconnected across the US". According to the press release, the winners "are building mesh networks, solar-powered Wi-Fi, and network infrastructure that fits inside a single backpack" and that the common denominator for all of them is "they're affordable, scalable, open-source and secure."
  • New AirMozilla Audience Demo
    The legacy AirMozilla platform will be decommissioned later this year. The reasons for the change are multiple; however, the urgency of the change is driven by deprecated support of both the complex back-end infrastructure by IT and the user interface by Firefox engineering teams in 2016. Additional reasons include a complex user workflow resulting in a poor user experience, no self-service model, poor usability metrics and a lack of integrated, required features.
  • Perplexing Graphs: The Case of the 0KB Virtual Memory Allocations
    Every Monday and Thursday around 3pm I check dev-telemetry-alerts to see if there have been any changes detected in the distribution of any of the 1500-or-so pieces of anonymous usage statistics we record in Firefox using Firefox Telemetry.

Games: All Walls Must Fall, Tales of Maj'Eyal

  • All Walls Must Fall, the quirky tech-noir tactics game, comes out of Early Access
    This isometric tactical RPG blends in sci-fi, a Cold War that never ended and lots of spirited action. It’s powered by Unreal Engine 4 and has good Linux support.
  • Non-Linux FOSS: Tales of Maj'Eyal
    I love gaming, but I have two main problems with being a gamer. First, I'm terrible at video games. Really. Second, I don't have the time to invest in order to increase my skills. So for me, a game that is easy to get started with while also providing an extensive gaming experience is key. It's also fairly rare. All the great games tend to have a horribly steep learning curve, and all the simple games seem to involve crushing candy. Thankfully, there are a few games like Tales of Maj'Eyal that are complex but with a really easy learning curve.

KDE and GNOME: KDE Discover, Okular, Librsvg, and Phone's UI Shell

  • This week in Discover, part 7
    The quest to make Discover the most-loved Linux app store continues at Warp 9 speed! You may laugh, but it’s happening! Mark my words, in a year Discover will be a beloved crown jewel of the KDE experience.
  • Okular gains some more JavaScript support
    With it we support recalculation of some fields based on others. An example that calculates sum, average, product, minimum and maximum of three numbers can be found in this youtube video.
  • Librsvg's continuous integration pipeline
    With the pre-built images, and caching of Rust artifacts, Jordan was able to reduce the time for the "test on every commit" builds from around 20 minutes, to little under 4 minutes in the current iteration. This will get even faster if the builds start using ccache and parallel builds from GNU make. Currently we have a problem in that tests are failing on 32-bit builds, and haven't had a chance to investigate the root cause. Hopefully we can add 32-bit jobs to the CI pipeline to catch this breakage as soon as possible.
  • Design report #3: designing the UI Shell, part 2
    Peter has been quite busy thinking about the most ergonomic mobile gestures and came up with a complete UI shell design. While the last design report was describing the design of the lock screen and the home screen, we will discuss here about navigating within the different features of the shell.