Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Internet Explorer zero-day lets hackers steal files from Windows PCs [Ed: Microsoft Windows has back doors, so this is "small potatoes"]

    A security researcher has published today details and proof-of-concept code for an Internet Explorer zero-day that can allow hackers to steal files from Windows systems.

  • MicroBriefly: The tiniest firewall I have seen – Firewalla

    ...BSD Unix, and about the size of a paperback novel (small by standards of those days). Now, solid state storage (SSD) and low power CPUs are tiny, enough to easily fit in a matchbox or lighter sized device.

  • 'World's First Smart Contract Firewall' for EOS Launched By SlowMist

    Developers of EOSIO, an initiative supported by Block.one, a Cayman Islands-registered open-source software development firm with $4 billion in total funding (to date), have published a blog post, noting they’ve carefully looked into improving smart contract security on EOS.

    According to EOSIO’s blog, published on April 11th, FireWall.X provides an effective set of tools for “protecting smart contracts built” on EOS from “malicious hacks.” As explained by Zhong Qifu, a product manager at SlowMist Technology Co., the firm that developed FireWall.X, the “world’s first firewall” system for smart contracts aims to ensure the security of all EOS-based decentralized applications (dApps).

  • Bootstrap supply chain attack is another attempt to poison the barrel [Ed: Happens in proprietary software but we don't hear about it. Full of back doors.]

    Somebody smuggled something bad into the vast third-party, open-source supply chain we all depend upon.

  • Framing supply chain attacks

    The increase in the demand for innovative software has effectively reshaped the software development industry itself. Today, speed and agility are paramount and development teams are pushed to deliver highly advanced applications in record time — which means that writing every single line of code from the ground up is often not a sustainable practice. As the NIST puts it, “This ecosystem has evolved to provide a set of highly refined, cost-effective, reusable ICT solutions.”.

  • Apache Axis servers vulnerable to RCE due to expired domain
  • Building a data pipeline to defend New York from cyber threats
  • Linux Foundation aims to improve the sustainability and security of open source projects [Ed: Zemlin PAC pushing a Microsoft-led proprietary software effort]
  • Why AV companies are making their technology open source

    Some AV developers are opening source code for their technology, a strategy they can use to collect data and tech from anyone using their code, and which could help bring products to market faster.

    Why it matters: Open source providers are experimenting with how much of their technology to share, while protecting their intellectual property to stay competitive. Their decisions will have lasting implications for how AV technology develops.

  • Open Source Web Application SSO
  • Magento sites under attack through easily exploitable SQLi flaw

    A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is being actively exploited by attackers, so if you haven’t implemented the provided security update or patch, now is the time to do it.

  • A security researcher with a grudge is dropping Web 0days on innocent users

    Over the past three weeks, a trio of critical zeroday vulnerabilities in WordPress plugins has exposed 160,000 websites to attacks that allow criminal hackers to redirect unwitting visitors to malicious destinations. A self-proclaimed security provider who publicly disclosed the flaws before patches were available played a key role in the debacle, although delays by plugin developers and site administrators in publishing and installing patches have also contributed.

    Over the past week, zeroday vulnerabilities in both the Yuzo Related Posts and Yellow Pencil Visual Theme Customizer WordPress plugins—used by 60,000 and 30,000 websites respectively—have come under attack. Both plugins were removed from the WordPress plugin repository around the time the zeroday posts were published, leaving websites little choice than to remove the plugins. On Friday (three days after the vulnerability was disclosed), Yellow Pencil issued a patch. At the time this post was being reported, Yuzo Related Posts remained closed with no patch available.

More in Tux Machines

Some Difficulty That Are Often Experienced By New Linux Users

On a Linux Users forum, I asked about the difficulties experienced by users. Apparently, I got many interesting and varied answers. Here are some of the difficulty that Linux users feel based on the opinions of people in the forum. Read more

OSI: Powering Potential and Open Source Hong Kong (OSHK)

  • You're Invited: Celebrating Powering Potential.
    OSI Affiliate Member Powering Potential Inc. (PPI) is currently preparing for their annual fundraising event scheduled for Wednesday, June 5, 2019, from 6 to 8:30 p.m. at NoMad Studio, located at 29 W. 39th Street, 10th Floor, in New York City. This year PPI celebrates their 10 Year Partnership with the Segal Family Foundation. The close, long-time relationship has been a key factor in the amazing progress PPI has made in bringing their “Educating through Technology” programs to the rural students in Tanzania. Proceeds from this year’s event will go towards the Sazira Secondary School SPARC+ Lab Upgrade impacting 800+ students in rural Tanzania: an ambitious project needing $23,500. While this is significant, The Collegiate Churches of New York recently awarded Powering Potential a generous grant of $13,000 towards this goal. PPI has an incredible event planned for their guests. Back by popular demand, Tanzanian dancers performing traditional dance led by Justa Lujwangana, CEO and founder of Curious on Tanzania will provide entertainment for the evening. A buffet will also feature authentic Tanzanian dishes based on menus from Taste of Tanzania by Miriam Malaquais. The author has donated twenty of her books for sale at the event with proceeds going to PPI.
  • Open Source Hong Kong Becomes an OSI Affiliate Member
    The Open Source Initiative (OSI), the founding organization of the open source software movement, is excited to announce the Affiliate Membership of the Open Source Hong Kong (OSHK). For ten years OSHK has worked across Asia to support open source communities, foster open source development, and increase the use of open source software, their recent OSI Membership highlights both organizations' desires to collaborate across communities. “OSHK mission is promoting Open Source Software projects in Hong Kong and foster its development by connecting to the global open source community. In joining OSI as an Affiliate Member, OSHK connects with OSI, and other open source organizations, to support the promotion of open source,' said Sammy Fung, President of OSHK. "Open Source Software is not just about viewing the source code, it also guarantees the right to use the software, and modify it for our own use. By working together, I believe both organizations will be able to extend our reach and missions." “We are excited to welcome OSHK as an OSI Affiliate Member,” said Molly de Blanc, OSI President. “The open source community truly is global, and their dedication to that idea is what inspires us as an organization. Our work for the future of open source is driven by that global community, and having the voices of OSHK in our affiliate membership helps us meet our goal in promoting and protecting open source and communities. We look forward to supporting their efforts and collaborating to help spread the message of open source even further.”

Games: GOG, Zork and Epic Games

  • GOG are revamping GOG Galaxy, to help you manage multiple launchers and still no Linux support
    It's like a much fancier version of Steam's own ability to add games installed from other sources, as Galaxy 2.0 will also support cross-launcher friends lists and chat making it sound pretty darn handy. They do also state you can "Connect more platforms and add new features with open-source integrations.". Those hoping that is some kind of olive branch being extended for Linux will likely be disappointed though, going by their FAQ on the newer dedicated Galaxy site it sounds more like it's simply for adding other services into the client itself for those GOG haven't yet done. This would have been the perfect time to finally announce the ridiculously long-overdue Linux support for GOG Galaxy (especially with the Epic Store also not supporting Linux), sadly GOG are continuing to leave Linux out. In response to a user question on Twitter about Linux, the GOG team simply said "GOG GALAXY 2.0 will be available for Windows and Mac.". While an honest answer, it's also pretty blunt. No mention of it coming, just a whole lot of nothing.
  • Zork And The Z-Machine: Bringing The Mainframe To 8-bit Home Computers
    Computer games have been around about as long as computers have. And though it may be hard to believe, Zork, a text-based adventure game, was the Fortnite of its time. But Zork is more than that. For portability and size reasons, Zork itself is written in Zork Implementation Language (ZIL), makes heavy use of the brand-new concept of object-oriented programming, and runs on a virtual machine. All this back in 1979. They used every trick in the book to pack as much of the Underground Empire into computers that had only 32 kB of RAM. But more even more than a technological tour de force, Zork is an unmissable milestone in the history of computer gaming. But it didn’t spring up out of nowhere. [...] While home computers were still scarce, the concept of selling software to regular consumers was also new. This was the time when the Atari 2600 had just gone on sale, starting the second generation game consoles that were expandable to play more that one game through the use of plug-in cartridges. It was a new market, with many questions among MIT, Stanford and other students regarding the open hacker culture versus the world of commercial software. Some, like Richard Stallman, not changing their stance on this much since their student days at MIT. As the Zork developers were graduating, they realized that with the success of Zork on their hands, they had this one chance to commercialize it, taking their lives and careers into an entirely different direction from their original goals. With little standing in their way, Infocom was founded on June 22nd, 1979.
  • Gaming Platform War Update: Epic Games Store Suspends Accounts...For Buying Too Many Games
    As we've talked about before, it seems an era of gaming platform wars is upon us. While Valve's Steam platform mostly only had to contend with less-used storefronts like GOG and Origin, a recent front was opened up by the Epic Games Store, which has promised better cuts to publishers to get exclusive games and has attempted to wage a PR battle to make people mad at Steam. It's all quite involved, with opinions varying across the internet as to who the good and bad guys in this story are.

today's howtos