Language Selection

English French German Italian Portuguese Spanish

Security: Updates, "American Consumer Institute" and US Elections

Filed under
Security
  • Security updates for Friday
  • OPINION: Latest Research Shows Your Android Apps Aren’t As Secure As You Think [Ed: One wonders why Steve Pociask, aka "American Consumer Institute", is so eager to make Android look bad and attribute holes in PROPRIETARY software to "open source".]
  • Dem introduces bill to create federal cybersecurity apprenticeship program

    Under the bill, the programs would be required to offer certain cybersecurity certifications and help connect participants with local businesses or other entities for apprenticeships in hopes to boost the number of qualified workers for federal cyber jobs.

  • The Overlooked Weak Link in Election Security

    More than one-third of counties that are overseeing elections in some of the most contested congressional races this November run email systems that could make it easy for hackers to log in and steal potentially sensitive information.

    A ProPublica survey found that official email accounts used by 11 county election offices, which are in charge of tallying votes in 12 key U.S. House of Representatives races from California to Ohio, could be breached with only a user name and password — potentially allowing hackers to vacuum up confidential communications or impersonate election administrators. Cybersecurity experts recommend having a second means of verifying a user’s identity, such as typing in an additional code from a smartphone or card, to thwart intruders who have gained someone’s login credentials through trickery or theft. This system, known as two-factor verification, is available on many commercial email services.

    “Humans are horrific at creating passwords, which is why ‘password’ is the most commonly used password,” said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology in Washington, D.C., who has pushed for security fixes in the voting process. This means increasingly we need something other than passwords to secure access to our accounts, especially email, which tends to undergird all our other accounts.”

    The email vulnerabilities emerged in ProPublica’s survey of election security in 27 counties encompassing all or part of roughly 40 congressional districts that the Cook Political Report has said are toss-ups. These contests could determine if Democrats take control the U.S. House of Representatives, where the party needs to pick up about two dozen seats to flip the current Republican majority. Of the 12 districts in counties with less protected email systems, Republicans are seeking re-election in 10. The other two are open seats where incumbents are stepping down.

More in Tux Machines

today's howtos and software bits

Security: Windows, Books, Apple and More

  • Windows 7 Enters the Last Six Months of Support [Ed: Microsoft propagandist (for ages) Bogdan Popa won't advise people to hop over to GNU/Linux (which he lies about, saying Microsoft "loves Linux")]

    According to third-party data provided by NetMarketShare, Windows 7 continues to be one of the most popular choices for desktop users.

  • Security bootcamp: 8 must-read books for leaders

    The threat of cybercrime constantly looms over business leaders – and it becomes more urgent as cyber attacks become more sophisticated. In 2019, security breaches happen more frequently, and the associated financial hit has increased, according to research from Accenture. Notably, the report points out that hackers increasingly target humans – the “weakest link in cyber defenses” – at all levels of organizations, through tactics like ransomware and phishing. (Witness the recent wave of ransomware attacks against U.S. cities, large and small.) That’s why it’s becoming essential for everyone – not just security professionals – to be well-versed in risk and their organization’s security efforts.

  • Security scanning your DevOps pipeline

    Security is one of the most important considerations for running in any environment, and using open source software is a great way to handle security without going over budget in your corporate environment or for your home setup. It is easy to talk about the concepts of security, but it's another thing to understand the tools that will get you there. This tutorial explains how to set up security using Jenkins with Anchore. There are many ways to run Kubernetes. Using Minikube, a prepackaged virtual machine (VM) environment designed for local testing, reduces the complexity of running an environment.

  • This Is Why We Have Betas. iOS 13 Beta Shows Saved Passwords

    There’s a reason we have beta versions of software: all the kinks need to be worked out. This is also why using beta versions always come with warnings and disclaimers that you’re using the software at your own risk. Users of the iOS 13 beta have discovered that there’s a bug that makes it easy to access the data in “Website & App Passwords” in the Settings app. Certainly, this is something Apple needs to get fixed before the official release, expected for September.

  • Hackers breached Bulgaria’s tax agency and leaked the data of 5M people

    Bulgaria has suffered what has been described as the biggest data leak in its history. The stolen data, which hackers emailed to local media on July 15, originates from the country’s tax reporting service – the National Revenue Agency (NRA). The breach contains the personal data of 5 million citizens, local outlet Capital reports. To put that into perspective, Bulgaria has a population of 7 million. Among other things, the trove includes personal identifiable numbers, addresses, and even income data.

Hardware: ASUS Chromebooks, MacBook Air Slowdowns, Exploding 'i' Things and Planned Obsolescence

  • Acer Chromebook R 11
  • ASUS Chromebook Flip C302CA
  • ASUS Chromebook C202SA
  • The 2019 MacBook Air Has 35% Slower SSD Than 2018 Model

    Tests were conducted on MacBook Air variants with different internal storage options and the drop in the write speeds were witnessed in every variant regardless of the internal storage.

  • 11-Year-Old Girl’s iPhone 6 Exploded Burning Holes In Blanket

    With smartphones from various tech companies falling prey to the exploding game, it seems like it’s Apple’s turn, as this time an iPhone caught fire in Bakersfield, California. It is suggested that 11-year-old Kayla Ramos was sitting in her sister’s bedroom and was holding the iPhone 6 in her hands. She mostly used it for watching YouTube videos and sometimes gave it to her younger siblings.

  • How many kinds of USB-C™ to USB-C™ cables are there?

    Why did it come to this? This problem was created because the USB-C connectors were designed to replace all of the previous USB connectors at the same time as vastly increasing what the cable could do in power, data, and display dimensions. The new connector may be and virtually impossible to plug in improperly (no USB superposition problem, no grabbing the wrong end of the cable), but sacrificed for that simplicity is the ability to intuitively know whether the system you've connected together has all of the functionality possible. The USB spec also cannot simply mandate that all USB-C cables have the maximum number of wires all the time because that would vastly increase BOM cost for cases where the cable is just used for charging primarily.

    How can we fix this? Unfortunately, it's a tough problem that has to involve user education. [...]

Programming: Thread Synchronization, Python, C++

  • Thread Synchronization in Linux and Windows Systems, Part 1

    In modern operating systems, each process has its own address space and one thread of control. However, in practice we often face situations requiring several concurrent tasks within a single process and with access to the same process components: structures, open file descriptors, etc.

  • Intro to Black – The Uncompromising Python Code Formatter

    There are several Python code checkers available. For example, a lot of developers enjoy using Pylint or Flake8 to check their code for errors. These tools use static code analysis to check your code for bugs or naming issues. Flake8 will also check your code to see if you are adhering to PEP8, Python’s style guide.

  • Report from the February 2019 ISO C++ meeting (Library)

    Back in February, I attended the WG21 C++ standards committee meeting in rainy Kona, Hawaii (yes, it rained most of the week). This report is so late that we’re now preparing for the next meeting, which will take place mid-July in Cologne. As usual, I spent the majority of my time in the Library Working Group (for LWG; for details on the various Working Groups and Study Groups see Standard C++: The Committee). The purpose of the LWG is to formalize the specification of the C++ Standard Library, i.e. the second “half” of the C++ standard (although in terms of page count it’s closer to three quarters than half). With a new C++20 standard on the horizon, and lots of new features that people want added to the standard library, the LWG has been very busy trying to process the backlog of new proposals forwarded by the Library Evolution Working Group (LEWG). One of the main tasks at the Kona meeting was to review the “Ranges Design Cleanup” proposal. The cleanup involves a number of fixes and improvements to the new Ranges library, addressing issues that came up during the review of the previous (much larger) proposal to add the Ranges library, which is one of the biggest additions to the C++20 library (most of the other significant additions to C++20 affect the core language, without much library impact). In fact, I’d say it’s one of the biggest additions to the C++ standard library since the first standard in 1998. The Ranges library work overhauls the parts of the standard that originated in the Standard Template Library (STL), i.e. iterators, algorithms, and containers, to re-specify them in terms of C++ Concepts. This has been a multi-year effort that has now landed in the C++20 working draft, following multiple proposals and several meetings of wording review by LWG.

  • Save and load Python data with JSON

    JSON stands for JavaScript Object Notation. This format is a popular method of storing data in key-value arrangements so it can be parsed easily later. Don’t let the name fool you, though: You can use JSON in Python—not just JavaScript—as an easy way to store data, and this article demonstrates how to get started.