Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Internet Explorer zero-day lets hackers steal files from Windows PCs [Ed: Microsoft Windows has back doors, so this is "small potatoes"]

    A security researcher has published today details and proof-of-concept code for an Internet Explorer zero-day that can allow hackers to steal files from Windows systems.

  • MicroBriefly: The tiniest firewall I have seen – Firewalla

    ...BSD Unix, and about the size of a paperback novel (small by standards of those days). Now, solid state storage (SSD) and low power CPUs are tiny, enough to easily fit in a matchbox or lighter sized device.

  • 'World's First Smart Contract Firewall' for EOS Launched By SlowMist

    Developers of EOSIO, an initiative supported by Block.one, a Cayman Islands-registered open-source software development firm with $4 billion in total funding (to date), have published a blog post, noting they’ve carefully looked into improving smart contract security on EOS.

    According to EOSIO’s blog, published on April 11th, FireWall.X provides an effective set of tools for “protecting smart contracts built” on EOS from “malicious hacks.” As explained by Zhong Qifu, a product manager at SlowMist Technology Co., the firm that developed FireWall.X, the “world’s first firewall” system for smart contracts aims to ensure the security of all EOS-based decentralized applications (dApps).

  • Bootstrap supply chain attack is another attempt to poison the barrel [Ed: Happens in proprietary software but we don't hear about it. Full of back doors.]

    Somebody smuggled something bad into the vast third-party, open-source supply chain we all depend upon.

  • Framing supply chain attacks

    The increase in the demand for innovative software has effectively reshaped the software development industry itself. Today, speed and agility are paramount and development teams are pushed to deliver highly advanced applications in record time — which means that writing every single line of code from the ground up is often not a sustainable practice. As the NIST puts it, “This ecosystem has evolved to provide a set of highly refined, cost-effective, reusable ICT solutions.”.

  • Apache Axis servers vulnerable to RCE due to expired domain
  • Building a data pipeline to defend New York from cyber threats
  • Linux Foundation aims to improve the sustainability and security of open source projects [Ed: Zemlin PAC pushing a Microsoft-led proprietary software effort]
  • Why AV companies are making their technology open source

    Some AV developers are opening source code for their technology, a strategy they can use to collect data and tech from anyone using their code, and which could help bring products to market faster.

    Why it matters: Open source providers are experimenting with how much of their technology to share, while protecting their intellectual property to stay competitive. Their decisions will have lasting implications for how AV technology develops.

  • Open Source Web Application SSO
  • Magento sites under attack through easily exploitable SQLi flaw

    A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is being actively exploited by attackers, so if you haven’t implemented the provided security update or patch, now is the time to do it.

  • A security researcher with a grudge is dropping Web 0days on innocent users

    Over the past three weeks, a trio of critical zeroday vulnerabilities in WordPress plugins has exposed 160,000 websites to attacks that allow criminal hackers to redirect unwitting visitors to malicious destinations. A self-proclaimed security provider who publicly disclosed the flaws before patches were available played a key role in the debacle, although delays by plugin developers and site administrators in publishing and installing patches have also contributed.

    Over the past week, zeroday vulnerabilities in both the Yuzo Related Posts and Yellow Pencil Visual Theme Customizer WordPress plugins—used by 60,000 and 30,000 websites respectively—have come under attack. Both plugins were removed from the WordPress plugin repository around the time the zeroday posts were published, leaving websites little choice than to remove the plugins. On Friday (three days after the vulnerability was disclosed), Yellow Pencil issued a patch. At the time this post was being reported, Yuzo Related Posts remained closed with no patch available.

More in Tux Machines

21 Best Free Linux Financial Software (Updated 2019)

We have all read stories about people who have experimented living without spending any money whatsoever. By growing their own food, washing in the river, using a solar panel to provide electricity, and bartering for certain goods and services, these adventures have met with limited success. However, for us mere mortals the simple fact is that we need money. Money to buy food, to purchase clothes, to pay our bills, as well as indulging in our other infinite wants and desires. While it can be a struggle to make ends meet, it is possible to make life easier through better money management. Financial management is about planning income and expenditure and making informed decisions that enable you to survive financially. With austerity still with us, it’s even more important to look after your finances, if only to make sure there are no nasty surprises when you receive your next bank statement. Linux offers a number of really good financial applications that are more than capable of handling both personal and small-business accounting operations. We feature the finest personal finance software. We also recommend software that helps individuals keep track of stock market movements, analyze the markets, and identify stock worth buying. There’s software for organizations with excellent open source business software, a couple of Bitcoin clients, and a calculator. Read more

4G-equipped dual dashcam can tap into telematics

The VIA Mobile360 D700 Drive Recorder is a fleet management dashcam system with interior and exterior HD cameras, CANBus telematics monitoring, 4G, and GPS that runs Linux on a dual -A53 Novatek NT96685T. VIA Technologies has launched a Linux-driven camera and telematics system for fleet management that joins other Mobile360 branded systems such as its Android-based VIA Mobile360 Surround View Sample Kit. While the Surround View system has four cameras, a 7-inch touchscreen, ruggedization features, and optional ADAS, the new VIA Mobile360 D700 Drive Recorder is a smaller, simpler affair with dual cameras and a dashcam form factor. The system “enables fleet operators to achieve greater asset efficiency, reduce operational costs, and improve driver safety,” says VIA. Read more

5 of the Best Linux Distros for Beginners

If you’re considering giving Linux a try, you might be put off by the risk of a steep learning curve. Not every Linux distro is as hard to get your head around as Arch, however. A number of Linux distros are perfectly well-suited to beginners. Let’s take a closer look at five ideal Linux distros for beginners taking their first steps into the Linux world. Read more

Debian: Debian Installer Buster RC 2, Matrix, Hackerspace and DPL Sam Hartman

  • Debian Installer Buster RC2 Released

    With Debian 10 "Buster" aiming to be released in early July, a second release candidate of the Debian Installer has been made available.

  • Debian Installer Buster RC 2 release

    The Debian Installer team[1] is pleased to announce the second release candidate of the installer for Debian 10 "Buster".

  • June 2019 Matrix on Debian update

    Unfortunately, the recently published Synapse 1.0 didn’t make it into Debian Buster, which is due to be released next week, so if you install 0.99.2 from Buster, you need to update to a newer version which will be available from backports shortly after the release. Originally, 0.99 was meant to be the last version before 1.0, but due to a bunch of issues discovered since then, some of them security-related, new incompatible room format was introduced in 0.99.5. This means 0.99.2 currently in Debian Buster is going to only see limited usefulness, since rooms are being upgraded to the new format as 1.0 is being deployed across the network. For those of you running forever unstable Sid, good news: Synapse 1.0 is now available in unstable! ACME support has not yet been enabled, since it requires a few packages not yet in Debian (they’re currently in the NEW queue). We hope it will be available soon after Buster is released.

  • Support your local Hackerspace

    My first Hackerspace was Noisebridge. It was full of smart and interesting people and I never felt like I belonged, but I had just moved to San Francisco and it had interesting events, like 5MoF, and provided access to basic stuff I hadn’t moved with me, like a soldering iron. While I was never a heavy user of the space I very much appreciated its presence, and availability even to non-members. People were generally welcoming, it was a well stocked space and there was always something going on. These days my local hackerspace is Farset Labs. I don’t have a need for tooling in the same way, being lucky enough to have space at home and access to all the things I didn’t move to the US, but it’s still a space full of smart and interesting people that has interesting events. And mostly that’s how I make use of the space - I attend events there. It’s one of many venues in Belfast that are part of the regular Meetup scene, and for a while I was just another meetup attendee. A couple of things changed the way I looked at. Firstly, for whatever reason, I have more of a sense of belonging. It could be because the tech scene in Belfast is small enough that you’ll bump into the same people at wildly different events, but I think that’s true of the tech scene in most places. Secondly, I had the realisation (and this is obvious once you say it, but still) that Farset was the only non-commercial venue that was hosting these events. It’s predominantly funded by members fees; it’s not getting Invest NI or government subsidies (though I believe Weavers Court is a pretty supportive landlord).

  • Sam Hartman: AH/DAM/DPL Meet Up

    All the members of the Antiharassment team met with the Debian Account Managers and the DPL in that other Cambridge— the one with proper behaviour, not the one where pounds are weight and not money. I was nervous. I was not part of decision making earlier this year around code of conduct issues. I was worried that my concerns would be taken as insensitive judgment applied by someone who wasn’t there. I was worried about whether I would find my values aligned with the others. I care about treating people with respect. I also care about freedom of expression. I value a lot of feminist principles and fighting oppression. Yet I’m happy with my masculinity. I acknowledge my privilege and have some understanding of the inequities in the world. Yet I find some arguments based on privilege problematic and find almost all uses of the phrase “check your privilege” to be dismissive and to deny any attempt at building empathy and understanding. And Joerg was there. He can be amazingly compassionate and helpful. He can also be gruff at times. He values brevity, which I’m not good at. I was bracing myself for a sharp, brief, gruff rebuke delivered in response to my feedback. I know there would be something compassionate under such a rebuke, but it might take work to find.