Language Selection

English French German Italian Portuguese Spanish

NSA Back Doors in Windows Causing Chaos While Media is Obsessing Over DoS Linux Bug

Filed under
Microsoft
Security
  • U.S. Government Announces Critical Warning For Microsoft Windows Users

    The United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has gone public with a warning to Microsoft Windows users regarding a critical security vulnerability. By issuing the "update now" warning, CISA has joined the likes of Microsoft itself and the National Security Agency (NSA) in warning Windows users of the danger from the BlueKeep vulnerability.

    This latest warning, and many would argue the one with most gravitas, comes hot on the heels of Yaniv Balmas, the global head of cyber research at security vendor Check Point, telling me in an interview for SC Magazine UK that "it's now a race against the clock by cyber criminals which makes this vulnerability a ticking cyber bomb." Balmas also predicted that it will only be "a matter of weeks" before attackers started exploiting BlueKeep.

    The CISA alert appears to confirm this, stating that it has, "coordinated with external stakeholders and determined that Windows 2000 is vulnerable to BlueKeep." That it can confirm a remote code execution on Windows 2000 might not sound too frightening, this is an old operating system after all, it would be unwise to classify this as an exercise in fear, uncertainty and doubt. Until now, the exploits that have been developed, at least those seen in operation, did nothing more than crash the computer. Achieving remote code execution brings the specter of the BlueKeep worm into view as it brings control of infected machines to the attacker.

  • Netflix uncovers SACK Panic vuln that can bork Linux-based systems

More in Tux Machines

Debian Development: MiniDebConf, BigBlueButton, and Ben Hutchings' Work

  • Debian Project Leader: DPL Activity logs for April/May 2020

    I survived my first month as DPL! I agree with previous DPLs who have described it as starting a whole new job. Fortunately it wasn't very stressful, but it certainly was very time consuming. On the very first day my inbox exploded with requests. I dealt with this by deferring anything that wasn't important right away and just started working through it. Fortunately the initial swell subsided as the month progressed. The bulk of my remaining e-mail backlog are a few media outlets who wants to do interviews. I'll catch up with those during this month. Towards the end of the month, most of my focus was on helping to prepare for an online MiniDebConf that we hosted over the last weekend in May. We had lots of fun and we had some great speakers sharing their knowledge and expertise during the weekend.

  • Olivier Berger: Automate the capture a full BigBlueButton conference replay, with bbb-downloader

    BigBlueButton, aka BBB, is a webrtc conferencing solution, that among many features, allows to record a conference, for later replay. We have been working together with my colleague François Trahay, on a set of scripts (bbb-downloader) that will allow to easily (on Linux) download recordings of BBB conferences, for local backup, video editing, upload on video sharing platforms, etc. This is particularly useful in our distance learning contexts where students may have to catch up on a live session that was recorded. We have integrated a hackish solution to capture, as a single video, presentations that contained slide deck presentations. Let me explain why this was necessary.

  • Ben Hutchings: Introducing debplate, a template system for Debian packages

    For about two months I've been working on a new project, debplate, which currently lives at benh/debplate on Salsa. This is a template system for Debian packages, primarily intended to ease building multiple similar binary packages from a single source. With some changes, it could also be useful for making multiple source packages consistent (issue #9).

  • Ben Hutchings: Debian LTS work, May 2020

    I sent a request for testing an update of the linux package to 3.16.83. I then prepared and, after review, released Linux 3.16.84. I rebased the linux package onto that and sent out a further request for testing. I then backported some additional security fixes, but have still not made an upload.

Proton 5.0-8 Release Candidate

  • Proton 5.0-8 Release Candidate Brings Game Fixes, Performance Improvements

    Valve and CodeWeavers have been preparing a new release of the Proton 5.0 series for powering Steam Play with running modern Windows games on Linux. Out this morning is the release candidate of the imminent Proton 5.0-8 release. Proton 5.0-8 RC is bringing: - Crash fixes for Detroit: Become Human, Planet Zoo, Jurassic World: Evolution, Unity of Command II, and Splineter Cell Blacklist.

  • Steam Play Proton 5.0-8 has a Release Candidate up for testing

    Today, CodeWeavers developer Andrew Eikum put up a first Release Candidate for Steam Play Proton 5.0-8. Need more info on what Steam Play is? See our dedicated page. With an aim for gathering feedback and finding issues in the new release, to then push it out for everyone later if testing goes well. It has some major improvements in it but like with previous Proton RC releases, it's subject to change and some updates can be removed.

Zorin OS 15 – An Ultimate Linux Desktop Designed for Windows and macOS Users

In the advent of Linux’s grand entrance into the PC space back in 1993, has been an insurgency of operating systems and that time also happened to be the wake of a technological-oriented generation adopting computers at a much faster pace than ever before. In the light of this fact, Debian took off grandly (two years after Linux was born) and through it, a staggering 200 independent distributions have poured out – thanks to Ian Murdock. We can likewise say thanks to Canonical/Ubuntu for driving the concept of user-friendliness and usability for the “normal human” which other distros like Linux Mint et ‘al have perfected over the years to the extent at which it is more than reliable in this day and age. Read more

Software Releases: Audacious and Tor Browser

  • Audacious 4.0.4 Released with Further Qt5 UI Improvements

    Audacious music player 4.0.4 was released 2 days ago with further improvements to the new Qt5 UI. Ubuntu PPA updated for all current Ubuntu releases.

  • Onion location and Onion names in Tor Browser 9.5

    Yesterday the Tor Browser 9.5 was released. I am excited about this release for some user-focused updates. [...] This is the first proof of concept built along with Freedom of the Press Foundation (yes, my team) and HTTPS Everywhere to help people to use simple names for onion addresses. For example, below, you can see that I typed theintercept.securedrop.tor.onion on the browser, and that took us to The Intercept’s SecureDrop address.

  • New Release: Tor Browser 10.0a1

    Tor Browser 10.0a1 is now available from the Tor Browser Alpha download page and also from our distribution directory.

    Note: This is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release instead.