Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Out-of-Control CIA Continues to be Exposed in WikiLeaks’ Vault 7

    After installing a small file, the operators would then be able to instruct the computer to kill any use of a web browser on a set schedule. For instance, the software could be instructed to shut down Firefox every 25-35 seconds. Similarly, the example included a measure to “lock up” PowerPoint files 10 minutes after they were loaded. It would also allow operators to create a delay when PowerPoint files were attempting to load.

    While the examples they used are simple and relatively harmless, the software could perform virtually any assigned task. Because the data is encrypted with a key stored outside of the machine, the code would be extremely difficult to detect and/or decipher.

    After installing the software, the documentation instructs users to “kick back” and “Relax – After Midnight will take care of the rest.”

    The second piece of software detailed is similar to “AfterMidnight” and is called “Assassin.” That piece of software is a relatively simple way of collecting data remotely and then delivering results to a listening post on a schedule.

    Through screenshots in the documents, it can be seen that the author is named “Justin,” is working from a Dell computer, and desktop shortcuts to an encrypted chat program called ‘Pidgin,’ as well as a folder entitled “drone.”

  • Global ‘Wana’ Ransomware Outbreak Earned Perpetrators $26,000 So Far

    However, I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward. It’s particularly galling because this attack potentially endangered the lives of many.

  • Ransomware: Microsoft can no longer claim to be 'proactive'

    Microsoft's reaction to the Windows ransomware crisis that occurred on Friday and Saturday has shown one thing: no longer can the company continue to use the business buzzword "proactive" when it talks about itself. It was caught unawares and left looking very old and tired in the way it responded to the situation.

  • Cyber attack: Hackers {sic} in China try to seize control of WannaCry ransomware's 'kill switch'

    “What you can follow is the money,” Mr Raiu said. “You can follow the Bitcoins [although] following the Bitcoins is kind of an art in itself.”

  • [Old] The Software Industry IS the Problem

    The question is how to introduce product liability, because just imposing it would instantly shut down any and all software houses with just a hint of a risk management function on their organizational charts.

  • [Old] Why Not Use Port Knocking?

    The robots currently at work knocking around for your guessable password could easily be repurposed to guess your Unicode password currently known as your port knocking sequence, and quite likely have been already.

More in Tux Machines

today's leftovers

  • Why Linus is right (as usual)
    Last year, some security “hardening” code was added to the kernel to prevent a class of buffer-overflow/out-of-bounds issues. This code didn’t address any particular 0day vulnerability, but was designed to prevent a class of future potential exploits from being exploited. This is reasonable. This code had bugs, but that’s no sin. All code has bugs. The sin, from Linus’s point of view, is that when an overflow/out-of-bounds access was detected, the code would kill the user-mode process or kernel. Linus thinks it should have only generated warnings, and let the offending code continue to run.
  • Kube-Node: Let Your Kubernetes Cluster Auto-Manage Its Nodes
    As Michelle Noorali put it in her keynote address at KubeCon Europe in March of this year: the Kubernetes open source container orchestration engine is still hard for developers. In theory, developers are crazy about Kubernetes and container technologies, because they let them write their application once and then run it anywhere without having to worry about the underlying infrastructure. In reality, however, they still rely on operations in many aspects, which (understandably) dampens their enthusiasm about the disruptive potential of these technologies. One major downside for developers is that Kubernetes is not able to auto-manage and auto-scale its own machines. As a consequence, operations must get involved every time a worker node is deployed or deleted. Obviously, there are many node deployment solutions, including Terraform, Chef or Puppet, that make ops live much easier. However, all of them require domain-specific knowledge; a generic approach across various platforms that would not require ops intervention does not exist.
  • Red Hat, Inc. (RHT) Shares Bought by Aperio Group LLC
  • Cloudera, Inc. (CLDR) vs. Red Hat, Inc. (RHT): Breaking Down the Data

Software: VidCutter, Super Productivity, MKVToolNix

  • VidCutter 5.0 Released With Improved UI, Frame Accurate Cutting
    A new version of VidCutter, a free video trimmer app, is available for download. VidCutter 5.0 makes it easier to cut videos to specific frames, improves the export of video clips with audio and subtitle tracks, and refreshes the default application icon. Why Vidcutter? If you want split video, trim video, or join video clips into a single montage then Vidcutter is ideal. The app lets you perform these tasks, as well as many more, quickly and easily. VidCutter is a Qt5 application that uses the open-source FFMpeg media engine.
  • Linux Release Roundup: Fedora 27, Shotwell, Corebird + More
    It’s been another busy week in the world of Linux, but we’re here to bring you up to speed with a round-up of the most notable new releases. The past 7 days have given us a new version of free software’s most popular photo management app, a new release of a leading Linux distribution, and updated one of my favourite app finds of the year.
  • Super Productivity is a Super Useful To-Do App for Linux, Mac & Windows
    Super Productivity is an open-source to-do list and time tracking app for Windows, macOS and Linux. It’s built using Electron but doesn’t require an internet connection (which is pretty neat). And it has (optional) integration with Atlassian’s Jira software.
  • MKVToolNix 18.0.0 Open-Source MKV Manipulation App Adds Performance Improvements
    A new stable release of the MKVToolNix open-source and cross-platform MKV (Matroska) manipulation software arrived this past weekend with various performance improvements and bug fixes. MKVToolNix 18.0.0 continues the monthly series of stability and reliability updates by adding performance improvements to both the AVC and HEVC ES parsers thanks to the implementation of support for copying much less memory, and enabling stack protection when building the program with Clang 3.5.0 or a new version.

OSS Leftovers

  • Reveal.js presentation hacks
    Ryan Jarvinen, a Red Hat open source advocate focusing on improving developer experience in the container community, has been using the Reveal.js presentation framework for more than five years. In his Lightning Talk at All Things Open 2017, he shares what he's learned about Reveal.js and some ways to make better use of it. Reveal.js is an open source framework for creating presentations in HTML based on HTML5 and CSS. Ryan describes Gist-reveal.it, his project that makes it easier for users to create, fork, present, and share Reveal.js slides by using GitHub's Gist service as a datastore.
  • Font licensing and use: What you need to know
    Most of us have dozens of fonts installed on our computers, and countless others are available for download, but I suspect that most people, like me, use fonts unconsciously. I just open up LibreOffice or Scribus and use the defaults. Sometimes, however, we need a font for a specific purpose, and we need to decide which one is right for our project. Graphic designers are experts in choosing fonts, but in this article I'll explore typefaces for everyone who isn't a professional designer.
  • Broader role essential for OpenStack Foundation, says Mirantis’ Renski
  • URSA Announces Name Change to Open Source Integrators to Reflect Their Full Spectrum of Open ERP Expertise
  • 2018 is Year for Open Source Software for Pentagon
    The US Pentagon is set to make a major investment in open source software, if section 886 of the National Defense Authorization Act for Fiscal Year 2018 is passed. The section acknowledges the use of open source software, the release of source code into public repositories, and a competition to inspire work with open source that supports the mission of the Department of Defense.
  • How startups save buckets of money on early software development
     

    Moving along, we have to segue with a short modularity lesson. More specifically, how modularity applies to software.

    Essentially, all products and services become cheaper and more plentiful when all the processes involved in production become modularised.

today's howtos