Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Internet Explorer zero-day lets hackers steal files from Windows PCs [Ed: Microsoft Windows has back doors, so this is "small potatoes"]

    A security researcher has published today details and proof-of-concept code for an Internet Explorer zero-day that can allow hackers to steal files from Windows systems.

  • MicroBriefly: The tiniest firewall I have seen – Firewalla

    ...BSD Unix, and about the size of a paperback novel (small by standards of those days). Now, solid state storage (SSD) and low power CPUs are tiny, enough to easily fit in a matchbox or lighter sized device.

  • 'World's First Smart Contract Firewall' for EOS Launched By SlowMist

    Developers of EOSIO, an initiative supported by Block.one, a Cayman Islands-registered open-source software development firm with $4 billion in total funding (to date), have published a blog post, noting they’ve carefully looked into improving smart contract security on EOS.

    According to EOSIO’s blog, published on April 11th, FireWall.X provides an effective set of tools for “protecting smart contracts built” on EOS from “malicious hacks.” As explained by Zhong Qifu, a product manager at SlowMist Technology Co., the firm that developed FireWall.X, the “world’s first firewall” system for smart contracts aims to ensure the security of all EOS-based decentralized applications (dApps).

  • Bootstrap supply chain attack is another attempt to poison the barrel [Ed: Happens in proprietary software but we don't hear about it. Full of back doors.]

    Somebody smuggled something bad into the vast third-party, open-source supply chain we all depend upon.

  • Framing supply chain attacks

    The increase in the demand for innovative software has effectively reshaped the software development industry itself. Today, speed and agility are paramount and development teams are pushed to deliver highly advanced applications in record time — which means that writing every single line of code from the ground up is often not a sustainable practice. As the NIST puts it, “This ecosystem has evolved to provide a set of highly refined, cost-effective, reusable ICT solutions.”.

  • Apache Axis servers vulnerable to RCE due to expired domain
  • Building a data pipeline to defend New York from cyber threats
  • Linux Foundation aims to improve the sustainability and security of open source projects [Ed: Zemlin PAC pushing a Microsoft-led proprietary software effort]
  • Why AV companies are making their technology open source

    Some AV developers are opening source code for their technology, a strategy they can use to collect data and tech from anyone using their code, and which could help bring products to market faster.

    Why it matters: Open source providers are experimenting with how much of their technology to share, while protecting their intellectual property to stay competitive. Their decisions will have lasting implications for how AV technology develops.

  • Open Source Web Application SSO
  • Magento sites under attack through easily exploitable SQLi flaw

    A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is being actively exploited by attackers, so if you haven’t implemented the provided security update or patch, now is the time to do it.

  • A security researcher with a grudge is dropping Web 0days on innocent users

    Over the past three weeks, a trio of critical zeroday vulnerabilities in WordPress plugins has exposed 160,000 websites to attacks that allow criminal hackers to redirect unwitting visitors to malicious destinations. A self-proclaimed security provider who publicly disclosed the flaws before patches were available played a key role in the debacle, although delays by plugin developers and site administrators in publishing and installing patches have also contributed.

    Over the past week, zeroday vulnerabilities in both the Yuzo Related Posts and Yellow Pencil Visual Theme Customizer WordPress plugins—used by 60,000 and 30,000 websites respectively—have come under attack. Both plugins were removed from the WordPress plugin repository around the time the zeroday posts were published, leaving websites little choice than to remove the plugins. On Friday (three days after the vulnerability was disclosed), Yellow Pencil issued a patch. At the time this post was being reported, Yuzo Related Posts remained closed with no patch available.

More in Tux Machines

Manjaro 18.0.4 Illyria Xfce review - Nice but somewhat crude

Overall, Manjaro 18.0.4 Illyria Xfce is a decent distro. It has lots of good and unique points. Network, media and phone support is good. You get a colorful repertoire of high-quality programs, the performance and battery life are excellent, and the desktop is fairly pretty. The system was also quite robust and stable. But then, there were issues - including inconsistent behavior compared to the Plasma crop. The installation can be a bit friendlier (as Plasma one does). The package management remains the Achilles' Heel of this distro. Having too many frontends is confusing, and none of them do a great job. The messages on dependencies, the need for AUR (if you want fancy stuff), and such all create unnecessary confusing. There were also tons of visual papercuts, and I struggled getting things in order. All in all, Manjaro is getting better all the time, but it is still too geeky for the common person, as it breaks the fourth wall of nerdiness too often. 7/10, and I hope it can sort itself out and continue to deliver the unique, fun stuff that gets sidelined by the rough edges. Read more

Top 10 Best Open Source Speech Recognition Tools for Linux

Speech is a popular and smart method in modern time to make interaction with electronic devices. As we know, there are many open source speech recognition tools available on different platforms. From the beginning of this technology, it has been improved simultaneously in understanding the human voice. This is the reason; it has now engaged a lot of professionals than before. The technical advancement is strong enough to make it more clear to the common people. Read more

Slackware, the Longest Active Linux Distro, Finally Has a Patreon Page

"Slackware is the longest active Linux distribution project, founded in 1993," writes TheBAFH (Slashdot reader #68,624). "Today there are many Linux distributions available, but I've remained dedicated to this project as I believe it still holds an important place in the Linux ecosystem," writes Patrick J. Volkerding on a new Patreon page. He adds that Slackware's users "know that Slackware can be trusted not to constantly change the way things work, so that your investment in learning Slackware lasts longer than it would with a system that's a moving target... Your support is greatly appreciated, and will make it possible for me to continue to maintain this project." Read more

See Ubuntu Desktop Running on a Samsung Galaxy S10

I might have written about its availability a few times, but until today I had never actually seen Ubuntu 16.04 LTS running on a Samsung smartphone. Don’t panic, you haven’t missed any major announcements and Samsung hasn’t started to sell phones with Ubuntu pre-loaded. I’m instead referring to the “Linux on DeX” development experience. DeX is nifty bit of software tech that lets (select) Samsung devices running Android drive a more traditional “desktop” experience when connected to an external monitor, keyboard and mouse. “Turn your Galaxy devices into a PC-like experience with a single cable,” Samsung say. Additionally, ‘Linux on DeX’ is an Android app that’s only available as part of DeX. It lets users download and run a full desktop Linux experience using container technology on any supported Samsung Galaxy smartphone or tablet. Read more