Language Selection

English French German Italian Portuguese Spanish

Security: National Security Threat, Windows Back Doors and Huawei Technologies

Filed under
Security
  • Lack of Secure Coding Called a National Security Threat

    The "call to action" report, "Software Security Is National Security: Why the U.S. Must Replace Irresponsible Practices with a Culture of Institutionalized Security," discusses systemic issues with the software development landscape and what needs to be done to rectify the problem of negligent coding. But solving the problem won't be easy, given the problems of speed-to-market pressures and the sheer number of IoT devices being produced, the report notes.

  • [Attackers] have been holding the city of Baltimore’s computers hostage for 2 weeks [Ed: Windows]

    Here’s what’s happening: On May 7, [attackers] digitally seized about 10,000 Baltimore government computers and demanded around $100,000 worth in bitcoins to free them back up. It’s a so-called “ransomware” attack, where hackers deploy malicious software to block access to or take over a computer system until the owner of that system pays a ransom.

    Baltimore, like several other cities that have been hit by such attacks over the past two years, is refusing to pay up. As a result, for two weeks, city employees have been locked out of their email accounts and citizens have been unable to access essential services, including websites where they pay their water bills, property taxes, and parking tickets. This is Baltimore’s second ransomware attack in about 15 months: Last year, a separate attack shut down the city’s 911 system for about a day. Baltimore has come under scrutiny for its handling of both attacks.

  • [Windows] Ransomware Cyberattacks Knock Baltimore's City Services Offline

    With no key, Rubin said the city will have to rebuild its servers from the ground up. That will likely take months, he said, and will involve implementing new hardware and software and restoring any data the city may have backed up.

  • After 2 Years, WannaCry Remains a Threat

    And while the immediate dangers associated with WannaCry have faded, the ransomware still lurks, and many systems have not been patched to prevent exploits by EternalBlue and EternalRomance.

  • ARM latest firm to suspend business with Huawei; Intel mum

    Chip designer ARM says it has to suspend business with Chinese telecommunications equipment vendor Huawei Technologies, a report claims.

  • The case against Huawei, explained

    This morning, ARM announced that it was cutting ties with Huawei, in the interest of “complying with all of the latest regulations set forth by the U.S. government.” It’s a catastrophe for Huawei’s device business, halting its access to current and future chip designs and coming on the heels of similar breaks from Google and Microsoft. Huawei is in deep, deep trouble, and we still don’t have a clear picture of why.

    Security experts have been warning about Huawei for more than a year, but it’s only in the last week that those warnings have escalated into an all-out trade blockade on the company’s US partners. There’s never been a full accounting of why the US government believes Huawei is such a threat, in large part because of national security interests, which means much of the evidence remains secret. But it’s worth tracing out exactly where the concerns are coming from and where they could go from here.

More in Tux Machines

Debian: CUPS, LTS and Archival

  • Praise Be CUPS Driverless Printing

    Last Tuesday, I finally got to start updating $work's many desktop computers to Debian Buster. I use Puppet to manage them remotely, so major upgrades basically mean reinstalling machines from scratch and running Puppet. Over the years, the main upgrade hurdle has always been making our very large and very complicated printers work on Debian. Unsurprisingly, the blog posts I have written on that topic are very popular and get me a few 'thank you' emails per month. I'm very happy to say, thanks to CUPS Driverless Printing (CUPS 2.2.2+), all those trials and tribulations are finally over. Printing on Buster just works. Yes yes, even color booklets printed on 11x17 paper folded in 3 stapled in the middle.

  • Freexian’s report about Debian Long Term Support, August 2019

    Like each month, here comes a report about the work of paid contributors to Debian LTS.

  • Louis-Philippe Véronneau: Archiving 20 years of online content

    mailman2 is pretty great. You can get a dump of an email list pretty easily and mailman3's web frontend, the lovely hyperkitty, is well, lovely. Importing a legacy mailman2 mbox went without a hitch thanks to the awesome hyperkitty_import importer. Kudos to the Debian Mailman Team for packaging this in Debian for us. But what about cramming a Yahoo! Group mailing list in hyperkitty? I wouldn't recommend it. After way too many hours spent battling character encoding errors I just decided people that wanted to read obscure emails from 2003 would have to deal with broken accents and shit. But hey, it kinda works! Oh, and yes, archiving a Yahoo! Group with an old borken Perl script wasn't an easy task. Hell, I kept getting blacklisted by Yahoo! for scraping too much data to their liking. I ended up patching together the results of multiple runs over a few weeks to get the full mbox and attachments. By the way, if anyone knows how to tell hyperkitty to stop at a certain year (i.e. not display links for 2019 when the list stopped in 2006), please ping me.

Running The AMD "ABBA" Ryzen 3000 Boost Fix Under Linux With 140 Tests

Last week AMD's AGESA "ABBA" update began shipping with a fix to how the boost clock frequencies are handled in hopes of better achieving the rated boost frequencies for Ryzen 3000 series processors. I've been running some tests of an updated ASUS BIOS with this adjusted boost clock behavior to see how it performs under Linux with a Ryzen 9 3900X processor. The AGESA 1.0.0.3 ABBA update has an improved boost clock frequency algorithm along with changes to the idle state handling. This AGESA update should better position AMD Ryzen 3000 processors with the boost clock behavior expected by users with better hitting the maximum boost frequency and doing so more aggressively. Read more

Stable kernels 5.2.16, 4.19.74, and 4.14.145

  • Linux 5.2.16
    I'm announcing the release of the 5.2.16 kernel. All users of the 5.2 kernel series must upgrade. The updated 5.2.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.2.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...
  • Linux 4.19.74
  • Linux 4.14.145

Linux Container Technology Explained (Contributed)

State and local governments’ IT departments increasingly rely on DevOps practices and agile development methodologies to improve service delivery and to help maintain a culture of constant collaboration, iteration, and flexibility among all stakeholders and teams. However, when an IT department adopts agile and DevOps practices and methodologies, traditional IT problems still need to be solved. One long-standing problem is “environmental drift,” when the code and configurations for applications and their underlying infrastructure can vary between different environments. State and local IT teams often lack the tools necessary to mitigate the effects of environmental drift, which can hamper collaboration and agility efforts. Read more