Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Out-of-Control CIA Continues to be Exposed in WikiLeaks’ Vault 7

    After installing a small file, the operators would then be able to instruct the computer to kill any use of a web browser on a set schedule. For instance, the software could be instructed to shut down Firefox every 25-35 seconds. Similarly, the example included a measure to “lock up” PowerPoint files 10 minutes after they were loaded. It would also allow operators to create a delay when PowerPoint files were attempting to load.

    While the examples they used are simple and relatively harmless, the software could perform virtually any assigned task. Because the data is encrypted with a key stored outside of the machine, the code would be extremely difficult to detect and/or decipher.

    After installing the software, the documentation instructs users to “kick back” and “Relax – After Midnight will take care of the rest.”

    The second piece of software detailed is similar to “AfterMidnight” and is called “Assassin.” That piece of software is a relatively simple way of collecting data remotely and then delivering results to a listening post on a schedule.

    Through screenshots in the documents, it can be seen that the author is named “Justin,” is working from a Dell computer, and desktop shortcuts to an encrypted chat program called ‘Pidgin,’ as well as a folder entitled “drone.”

  • Global ‘Wana’ Ransomware Outbreak Earned Perpetrators $26,000 So Far

    However, I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward. It’s particularly galling because this attack potentially endangered the lives of many.

  • Ransomware: Microsoft can no longer claim to be 'proactive'

    Microsoft's reaction to the Windows ransomware crisis that occurred on Friday and Saturday has shown one thing: no longer can the company continue to use the business buzzword "proactive" when it talks about itself. It was caught unawares and left looking very old and tired in the way it responded to the situation.

  • Cyber attack: Hackers {sic} in China try to seize control of WannaCry ransomware's 'kill switch'

    “What you can follow is the money,” Mr Raiu said. “You can follow the Bitcoins [although] following the Bitcoins is kind of an art in itself.”

  • [Old] The Software Industry IS the Problem

    The question is how to introduce product liability, because just imposing it would instantly shut down any and all software houses with just a hint of a risk management function on their organizational charts.

  • [Old] Why Not Use Port Knocking?

    The robots currently at work knocking around for your guessable password could easily be repurposed to guess your Unicode password currently known as your port knocking sequence, and quite likely have been already.

More in Tux Machines

OSS Leftovers

  • Sunjun partners with Collabora to offer LibreOffice in the Cloud
  • Tackling the most important issue in a DevOps transformation
    You've been appointed the DevOps champion in your organisation: congratulations. So, what's the most important issue that you need to address?
  • PSBJ Innovator of the Year: Hacking cells at the Allen Institute
  • SUNY math professor makes the case for free and open educational resources
    The open educational resources (OER) movement has been gaining momentum over the past few years, as educators—from kindergarten classes to graduate schools—turn to free and open source educational content to counter the high cost of textbooks. Over the past year, the pace has accelerated. In 2017, OERs were a featured topic at the high-profile SXSW EDU Conference and Festival. Also last year, New York State generated a lot of excitement when it made an $8 million investment in developing OERs, with the goal of lowering the costs of college education in the state. David Usinski, a math and computer science professor and assistant chair of developmental education at the State University of New York's Erie Community College, is an advocate of OER content in the classroom. Before he joined SUNY Erie's staff in 2007, he spent a few years working for the Erie County public school system as a technology staff developer, training teachers how to infuse technology into the classroom.

Mozilla: Wireless Innovation for a Networked Society, New AirMozilla Audience Demo, Firefox Telemetry

  • Net Neutrality, NSF and Mozilla's WINS Challenge Winners, openSUSE Updates and More
    The National Science Foundation and Mozilla recently announced the first round of winners from their Wireless Innovation for a Networked Society (WINS) challenges—$2 million in prizes for "big ideas to connect the unconnected across the US". According to the press release, the winners "are building mesh networks, solar-powered Wi-Fi, and network infrastructure that fits inside a single backpack" and that the common denominator for all of them is "they're affordable, scalable, open-source and secure."
  • New AirMozilla Audience Demo
    The legacy AirMozilla platform will be decommissioned later this year. The reasons for the change are multiple; however, the urgency of the change is driven by deprecated support of both the complex back-end infrastructure by IT and the user interface by Firefox engineering teams in 2016. Additional reasons include a complex user workflow resulting in a poor user experience, no self-service model, poor usability metrics and a lack of integrated, required features.
  • Perplexing Graphs: The Case of the 0KB Virtual Memory Allocations
    Every Monday and Thursday around 3pm I check dev-telemetry-alerts to see if there have been any changes detected in the distribution of any of the 1500-or-so pieces of anonymous usage statistics we record in Firefox using Firefox Telemetry.

Games: All Walls Must Fall, Tales of Maj'Eyal

  • All Walls Must Fall, the quirky tech-noir tactics game, comes out of Early Access
    This isometric tactical RPG blends in sci-fi, a Cold War that never ended and lots of spirited action. It’s powered by Unreal Engine 4 and has good Linux support.
  • Non-Linux FOSS: Tales of Maj'Eyal
    I love gaming, but I have two main problems with being a gamer. First, I'm terrible at video games. Really. Second, I don't have the time to invest in order to increase my skills. So for me, a game that is easy to get started with while also providing an extensive gaming experience is key. It's also fairly rare. All the great games tend to have a horribly steep learning curve, and all the simple games seem to involve crushing candy. Thankfully, there are a few games like Tales of Maj'Eyal that are complex but with a really easy learning curve.

KDE and GNOME: KDE Discover, Okular, Librsvg, and Phone's UI Shell

  • This week in Discover, part 7
    The quest to make Discover the most-loved Linux app store continues at Warp 9 speed! You may laugh, but it’s happening! Mark my words, in a year Discover will be a beloved crown jewel of the KDE experience.
  • Okular gains some more JavaScript support
    With it we support recalculation of some fields based on others. An example that calculates sum, average, product, minimum and maximum of three numbers can be found in this youtube video.
  • Librsvg's continuous integration pipeline
    With the pre-built images, and caching of Rust artifacts, Jordan was able to reduce the time for the "test on every commit" builds from around 20 minutes, to little under 4 minutes in the current iteration. This will get even faster if the builds start using ccache and parallel builds from GNU make. Currently we have a problem in that tests are failing on 32-bit builds, and haven't had a chance to investigate the root cause. Hopefully we can add 32-bit jobs to the CI pipeline to catch this breakage as soon as possible.
  • Design report #3: designing the UI Shell, part 2
    Peter has been quite busy thinking about the most ergonomic mobile gestures and came up with a complete UI shell design. While the last design report was describing the design of the lock screen and the home screen, we will discuss here about navigating within the different features of the shell.