Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Hidden For 6 Years, ‘Slingshot’ Malware Hacks Your PC Through Your Router
  • Security updates for Tuesday
  • Microsoft Admits It Incorrectly Upgraded Some Windows 10 Users to v1709 [Ed: Windows Update is technically (not a joke) a botnet. It takes over people's PCs and hands them over for Microsoft to use up their CPU and bandwidth. Microsoft has ignored users' "update" settings since at least Windows XP days.]

    Microsoft admitted last week that it incorrectly updated some Windows 10 users to the latest version of the Windows 10 operating system —version 1709— despite users having specifically paused update operations in their OS settings.

    The admission came in a knowledge base article updated last week. Not all users of older Windows versions were forcibly updated, but only those of Windows 10 v1703 (Creators Update).

    This is the version where Microsoft added special controls to the Windows Update setting section that allow users to pause OS updates in case they have driver or other hardware issues with the latest OS version.

  • We Still Need More HTTPS: Government Middleboxes Caught Injecting Spyware, Ads, and Cryptocurrency Miners

    Last week, researchers at Citizen Lab discovered that Sandvine's PacketLogic devices were being used to hijack users' unencrypted internet connections, making yet another case for encrypting the web with HTTPS. In Turkey and Syria, users who were trying to download legitimate applications were instead served malicious software intending to spy on them. In Egypt, these devices injected money-making content into users' web traffic, including advertisements and cryptocurrency mining scripts.

    These are all standard machine-in-the-middle attacks, where a computer on the path between your browser and a legitimate web server is able to intercept and modify your traffic data. This can happen if your web connections use HTTP, since data sent over HTTP is unencrypted and can be modified or read by anyone on the network.

    The Sandvine middleboxes were doing exactly this. On Türk Telekom’s network, it was reported that when a user attempted to download legitimate applications over HTTP, these devices injected fake "redirect" messages which caused the user’s browser to fetch the file from a different, malicious, site. Users downloading common applications like Avast Antivirus, 7-Zip, Opera, CCleaner, and programs from download.cnet.com had their downloads silently redirected. Telecom Egypt’s Sandvine devices, Citizen Lab noted, were using similar methods to inject money-making content into HTTP connections, by redirecting existing ad links to affiliate advertisements and legitimate javascript files to cryptocurrency mining scripts.

  • Let’s Encrypt takes free “wildcard” certificates live
  • GuardiCore Upgrades Infection Monkey Open Source Cyber Security Testing Tool
  • A Guide To Securing Docker and Kubernetes Containers With a Firewall
  • How IBM Helps Organizations to Improve Security with Incident Response

    Protecting organizations against cyber-security threats isn't just about prevention, it's also about incident response. There are many different organizations that provide these security capabilities, including IBM X-Force Incident Response and Intelligence Services (IRIS), which is led by Wendi Whitmore.

    In the attached video interview Whitmore explains how incident response works and how she helps organizations to define a winning strategy. Succeeding at incident response in Whitmore's view, shouldn't be focused just on prevention but on building a resilient environment.

More in Tux Machines

LAS 2018

  • LAS 2018
    This month I was at my second Libre Application Summit in Denver. A smaller event than GUADEC but personally was my favorite conference so far. One of the main goals of LAS has been to be a place for multiple platforms to discuss the desktop space and not just be a GNOME event. This year two KDE members, @aleixpol and Albert Astals Cid, who spoke about release cycle of KDE Applications, Plasma, and the history of Qt. It is always interesting to see how another project solves the same problems and where there is overlap. The elementary folks were there since this is @cassidyjames home turf who had a great “It’s Not Always Techincal” talk as well as a talk with @danrabbit about AppCenter which are both very important areas the GNOME Project needs to improve in. I also enjoyed meeting a few other community members such as @Philip-Scott and talk about their use of elementary’s platform.
  • Developer Center Initiative – Meeting Summary 21st September
    Since last blog post there’s been two Developer Center meetings held in coordination with LAS GNOME Sunday the 9th September and again Friday the 21st September. Unfortunately I couldn’t attend the LAS GNOME meeting, but I’ll cover the general progress made here.

The "Chinese EPYC" Hygon Dhyana CPU Support Still Getting Squared Away For Linux

Back in June is when the Linux kernel patches appeared for the Hygon Dhyana, the new x86 processors based on AMD Zen/EPYC technology licensed by Chengdu Haiguang IC Design Co for use in Chinese data-centers. While the patches have been out for months, they haven't reached the mainline kernel quite yet but that might change next cycle. The Hygon Dyhana Linux kernel patches have gone through several revisions and the code is mostly adapting existing AMD Linux kernel code paths for Zen/EPYC to do the same on these new processors. While these initial Hygon CPUs appear to basically be re-branded EPYC CPUs, the identifiers are different as rather than AMD Family 17h, it's now Family 18h and the CPU Vendor ID is "HygonGenuine" and carries a new PCI Express device vendor ID, etc. So the different areas of the kernel from CPUFreq to KVM/Xen virtualization to Spectre V2 mitigations had to be updated for the correct behavior. Read more

Good Support For Wayland Remote Desktop Handling On Track For KDE Plasma 5.15

The KDE Plasma 5.15 release due out next year will likely be in good shape for Wayland remote desktop handling. The KDE Plasma/KWin developers have been pursuing Wayland remote desktop support along a similar route to the GNOME Shell camp by making use of PipeWire and the XDG-Desktop-Portal. Bits are already in place for KDE Plasma 5.13 and the upcoming 5.14 release, but for the 5.15 release is now where it sounds like the support may be in good shape for end-users. Read more

Linux developers threaten to pull “kill switch”

Linux powers the internet, the Android in your pocket, and perhaps even some of your household appliances. A controversy over politics is now seeing some of its developers threatening to withdraw the license to all of their code, potentially destroying or making the whole Linux kernel unusable for a very long time. Read more