Language Selection

English French German Italian Portuguese Spanish

Security: Windows Ransomware, Cortana Holes, Google Play Protect and More

Filed under
Security
  • The worst types of ransomware attacks
  • Patched Cortana Bug Let Hackers Change Your Password From the Lock Screen
  • What is Google Play Protect and How Does it Keep Android Secure?
  • ​Another day, another Intel CPU security hole: Lazy State

    Once upon a time, when we worried about security, we worried about our software. These days, it's our hardware, our CPUs, with problems like Meltdown and Spectre, which are out to get us. The latest Intel revelation, Lazy FP state restore, can theoretically pull data from your programs, including encryption software, from your computer regardless of your operating system.

    Like its forebears, this is a speculative execution vulnerability. In an interview, Red Hat Computer Architect Jon Masters explained: "It affects Intel designs similar to variant 3-a of the previous stuff, but it's NOT Meltdown." Still, "It allows the floating point registers to be leaked from another process, but alas that means the same registers as used for crypto, etc." Lazy State does not affect AMD processors.

  • Eric S. Raymond on Keeping the Bazaar Secure and Functional
  • Purple testing and chaos engineering in security experimentation

    The way we use technology to construct products and services is constantly evolving, at a rate that is difficult to comprehend. Regrettably, the predominant approach used to secure design methodology is preventative, which means we are designing stateful security in a stateless world. The way we design, implement, and instrument security has not kept pace with modern product engineering techniques such as continuous delivery and complex distributed systems. We typically design security controls for Day Zero of a production release, failing to evolve the state of our controls from Day 1 to Day (N).

    This problem is also rooted in the lack of feedback loops between modern software-based architectures and security controls. Iterative build practices constantly push product updates, creating immutable environments and applying complex blue-green deployments and dependencies on ever-changing third-party microservices. As a result, modern products and services are changing every day, even as security drifts into the unknown.

More in Tux Machines

Vista 10: Embrace, Now Extend

  • WLinux: Windows 10 Gets Its Own Exclusive Linux Distro
    Ubuntu, Debian, and Kali are some of the popular Linux distros available out there for Windows Subsystem for Linux. But, most of these distros contain packages that are irrelevant to WSL and lack development tools. How about a distro that is optimized specially for Windows 10?
  • New Linux Distro Created Specifically for Windows 10
    The Windows Subsystem for Linux allows users to run Linux distributions on top of Windows 10, and at this point, there are already several choices for users who want to try out this feature. In addition to Ubuntu, Debian, and Kali, beginning today, Windows 10 adopters are provided with a new Linux distro that’s specifically optimized for the WSL. Called WLinux, this new Linux distro is focused on the packages that are relevant to WSL, as well as the customizations to take full advantage of this Windows 10 feature.

Review: Bodhi Linux 5.0.0

Sometimes when reviewing an operating system it is difficult to separate the question "Is this a good distribution?" from "Is this a good distribution for me?" Bodhi is one of those projects where the answers to these questions are quite different, mostly over matters of style rather than functionality. On a personal level, I don't think I would ever be inclined to use Bodhi myself because I don't like the Moksha/Enlightenment style of desktop. It does a lot of little things differently (not badly, just differently) from other open source desktops and its style is not one I ever seem to find comfortable. This, combined with the streamlined, web-based AppCenter and unusual settings panel, makes Bodhi a distribution which always feels a bit alien to me. Let's put aside my personal style preferences though and try to look at the distribution objectively. Bodhi is trying to provide a lightweight, visually attractive distribution with a wide range of hardware support. It manages to do all of these things and do them well. The distribution is paying special attention to lower-end hardware, including 32-bit systems, and maintains a remarkably small memory footprint given the amount of functionality and eye candy included. Most lightweight distributions sacrifice quite a bit visually in order to provide the lightest interface possible, but Bodhi does a nice job of balancing low resource requirements with an attractive desktop environment. Bodhi is pleasantly easy to install, thanks to the Ubiquity installer, has a minimal collection of software (in the main edition) that allows us to craft our own experience and, for people who need more applications out of the box, there is the AppPack edition. All of this is to say that, for me personally, I spent more time that I would have liked this week searching through settings, trying to get used to how Moksha's panel works, tracking down less popular applications and re-learning when to use right-click versus left-click on the desktop. But, objectively, I would be hard pressed to name another distribution that more elegantly offers a lightweight desktop with visual effects, or that offers such easy access to both legacy and modern hardware support. In short, I think Bodhi Linux is a good distribution for those who want to get the most performance out of their operating system without sacrificing hardware support or the appearance of the interface. There are a few little glitches here and there, but sothing show-stopping and, overall, Bodhi is a well put together distribution. Read more

Android Leftovers

5 ways to play old-school games on a Raspberry Pi

They don't make 'em like they used to, do they? Video games, I mean. Sure, there's a bit more grunt in the gear now. Princess Zelda used to be 16 pixels in each direction; there's now enough graphics power for every hair on her head. Today's processors could beat up 1988's processors in a cage-fight deathmatch without breaking a sweat. But you know what's missing? The fun. You've got a squillion and one buttons to learn just to get past the tutorial mission. There's probably a storyline, too. You shouldn't need a backstory to kill bad guys. All you need is jump and shoot. So, it's little wonder that one of the most enduring popular uses for a Raspberry Pi is to relive the 8- and 16-bit golden age of gaming in the '80s and early '90s. But where to start? Read more