Language Selection

English French German Italian Portuguese Spanish

Security: Kromtech, Nginx, Equifax, Kickstarter, Microsoft Windows

Filed under
Security
  • [Older] The creepiest data breach till date: Passwords of 540,000 Car Tracking Devices Leaked Online

    Data breaches have become so common these days that every single day we get news about a data breach. We have seen data breaches from big to small, from dangerous to embarrassing, but this is one is the creepiest data breach of 2017, this leak of credentials of almost 540,000 Car Tracking Devices might take the biscuit.

    The Kromtech Security Center recently found over half a million login credentials belonging to SVR, a company specializes in “vehicle recovery”, is leaked online and is publicly accessible. SVR provides its customers with around-the-clock surveillance of cars and trucks, just in case those vehicles are towed or stolen.

  • Nginx 1.13.6 Patches Web Server for the Year 2038 Flaw

    Developers and organizations around the world rushed to fix the Y2K bug nearly 20 years ago as the calendar rolled over to the new millennium. There is also a similar bug that is resident in Unix/Linux systems known as the Year 2038 bug.

    The latest vendor to fix its software for the 2038 bug is open-source web application server vendor nginx. The new nginx 1.13.6 release debuts on Oct. 10, fixing 11 different bugs.

    "Bugfix: nginx did not support dates after the year 2038 on 32-bit platforms with 64-bit time_t," the nginx changelog noted.

  • Equifax: About those 400,000 UK records we lost? It's now 15.2M. Yes, M for MEELLLIOON

    Last month, US credit score agency Equifax admitted the personal data for just under 400,000 UK accounts was slurped by hackers raiding its database. On Tuesday this week, it upped that number ever-so-slightly to 15.2 million.

    In true buck-passing fashion, at the time of writing, Equifax hadn't even released a public statement on the matter. Instead it fell to Blighty's National Cyber Security Centre to reveal the bad news that a blundering American firm had put them at risk of phishing attacks.

    “We are aware that Equifax was the victim of a criminal cyber attack in May 2017," the NCSC said in a statement today.

    “Equifax have today updated their guidance to confirm that a file containing 15.2m UK records dating from between 2011 and 2016 was attacked in this incident. NCSC advises that passwords are not re-used on any accounts if you have been told by Equifax that any portion of your membership details have been accessed.”

  • Major Data Breach Left 15 Million Accounts from These Popular Sites Vulnerable

    In what seems like an ever-lengthening line of data breaches in recent weeks (This restaurant, this financial services company, and this supermarket have all been breached in the past month), Lifehacker has reported that information from 15 million Kickstarter and Bitly accounts are now available to the public due to a 2014 data breach. The breach itself isn’t new, much like the fresh news about Yahoo’s massive breach, but it’s much less disconcerting. Although the information is now public, it is still encrypted, and both Kickstarter and Bitly took swift action to notify users of the breach when it originally occurred, urging them to change their passwords and nullifying the breach ones if user action was not taken.

  • It's 2017... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too

    Microsoft today released patches for more than 60 CVE-listed vulnerabilities in its software. Meanwhile, Adobe is skipping October's Patch Tuesday altogether.

    Among the latest holes that need papering over via Windows Update are three vulnerabilities already publicly disclosed – with one being exploited right now by hackers to infect vulnerable machines. That flaw, CVE-2017-11826, is leveraged when a booby-trapped Microsoft Office document is opened, allowing malicious code within it to run with the same rights as the logged-in user, and should be considered a top priority to patch.

    Dustin Childs, of Trend Micro's Zero Day Initiative, noted today that users and administrators should also pay special attention to Microsoft's ADV170012, an advisory warning of weak cryptographic keys generated by Trusted Platform Modules (TPMs) on Infineon motherboards.

More in Tux Machines

Android Leftovers

Linux Scaling Benchmarks With The AMD Threadripper 2990WX In Various Workloads

While yesterday were the benchmarks showing how Linux games struggle to scale past a few CPU cores/threads, in this article is a look at the scaling performance of various applications/workloads under Linux up to 64 threads using the AMD Threadripper 2990WX. Here's a look at how the Linux performance changes in a variety of applications from one to sixty-four threads with this new HEDT processor. The benchmarks today are for mostly curiosity sake about Linux and the Threadripper 2990WX, particularly on the impact of 32 threads (cores) to 64 threads with SMT, etc. In the next few days is a much more interesting comparison and that is looking at the Windows Server 2019 vs. Linux performance on the Threadripper 2990WX at various SMT and CCX configurations. That should reveal a lot about Windows' scaling abilities given the immense interest this week in the Windows vs. Linux Threadripper performance. But for today are just these reference numbers. Read more

AryaLinux: A Distribution and a Platform

I’ll be honest, if you’re just a standard desktop user, AryaLinux is not for you. Although you can certainly get right to work on the desktop, if you need anything outside of the default applications, you might find it a bit too much trouble to bother with. If, on the other hand, you’re a developer, AryaLinux might be a great platform for you. Or, if you just want to see what it’s like to build a Linux distribution from scratch, AryaLinux is a pretty easy route. Even with its quirks, AryaLinux holds a lot of promise as both a Linux distribution and platform. If the developers can see to it to build a GUI front-end for the alps package manager, AryaLinux could make some serious noise. Read more

Lennart Jern: How Do You Fedora?

Lennart Jern is a Swedish-speaking Finn, who has been living in Umeå, Sweden, for about three years. He was born and raised in southern Finland where he obtained his master’s degree in applied mathematics. His time at university exposed Lennart’s true passion. “While at the university, I realized that computer science was really what I wanted to work with.” In order to follow his dream of working in computer science he moved to Sweden with his wife to pursue a master’s program in computer science. After a short while he had learned enough to land a job with a local startup. “I’m working with cloud/distributed systems, specifically with tools like kubernetes and OpenShift.” Lennart’s first contact with Linux was in 2006. Some of the computers in his high school were running OpenSuse. He installed Ubuntu’s Hardy Heron in 2008 and has been using Linux ever since. Read more