Language Selection

English French German Italian Portuguese Spanish

Proprietary Software and Security Issues: Microsoft Serving Malware, Ransomware, and FUD

Filed under
Microsoft
Security
  • Development on Windows is Painful

    Overall, I think I can at least tolerate this development experience. It's not really the most ideal setup, but it does work and I can get things done with it. It makes me miss NixOS though. NixOS really does ruin your expectations of what a desktop operating system should be. It leaves you with kind of impossible standards, and it can be a bit hard to unlearn them.

    A lot of the software I use is closed source proprietary software. I've tried to fight that battle before. I've given up. When it works, Linux on the desktop is a fantastic experience. Everything works together there. The system is a lot more cohesive compared to the "download random programs and hope for the best" strategy that you end up taking with Windows systems. It's hard to do the "download random programs and hope for the best" strategy with Linux on the desktop because there really isn't one Linux platform to target. There's 20 or something. This is an advantage sometimes, but is a huge pain other times.

    The conclusion here is that there is no conclusion.

  • Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow

    Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow (among others) inside the npm public code repository — all of which exfiltrate sensitive information.

    The packages weaponize a proof-of-concept (PoC) code dependency-confusion exploit that was recently devised by security researcher Alex Birsan to inject rogue code into developer projects.

    Internal developer projects typically use standard, trusted code dependencies that are housed in private repositories. Birsan decided to see what would happen if he created “copycat” packages to be housed instead in public repositories like npm, with the same names as the private legitimate code dependencies.

  • Ryuk ransomware develops worm-like capabilities, France warns

    A new sample of Ryuk ransomware appears to have worm-like capabilities, according to an analysis from the French National Agency for the Security of Information Systems (ANSSI), France’s national cybersecurity agency.

  • FireEye finds evidence Chinese [crackers] exploited Microsoft email app flaw since January [iophk: Windows TCO]

    Cybersecurity group FireEye on Thursday night announced it had found evidence that [crackers] had exploited a flaw in a popular Microsoft email application since as early as January to target groups across a variety of sectors.

    [...]

    Since then, FireEye found evidence that the hackers had gone after an array of victims, including “US-based retailers, local governments, a university, and an engineering firm,” along with a Southeast Asian government and a Central Asian telecom.

  • Does Linux Need Antivirus? [Ed: Avast: Let's badmouth GNU/Linux to make proprietary software sales, with back doors in them, based on the supposition that crap on top of poor practices will somehow yield better results]

More in Tux Machines

Make Linux look like Windows - 2021 edition

Here we go again. Roughly three years ago, I showed you how to skin your Linux installation to look more like Windows, should your particular taste lean in that direction. It was an interesting little experiment. Also nerdy to the core. But apart from possible nostalgia and tech glamor, there might also be practical reasons for why someone would want to make their distro look more like a Microsoft product. And the answer is: entice non-techie people who expect the familiar. Say you install a distro for folks with zero Linux knowledge and some rudimentary Windows familiarity. Normally, this is a recipe for disaster. I call this The Grandma Gentoo Test (TGGT), AKA how likely is the ordinary person to master the subtleties of computer usage without your nerdy help? But this is true for all operating systems, except Windows had been around for a long time, and it's the primary desktop interface that most people somewhat know how to somewhat use. So then, can you make your chosen distro behave like Windows, and nonce the wiser? Read more

Security Patches and GNU/Linux Security

  • Security updates for Monday

    Security updates have been issued by CentOS (nettle, squid, and thunderbird), Debian (libebml, python-bleach, and python2.7), Fedora (batik, gnuchess, kernel-headers, kernel-tools, ruby, singularity, and xorg-x11-server), Mageia (clamav, kernel, kernel-linus, and python3), openSUSE (chromium, fluidsynth, opensc, python-bleach, and wpa_supplicant), Oracle (gnutls and nettle), Red Hat (dpdk, gnutls and nettle, mariadb:10.3 and mariadb-devel:10.3, and redhat-ds:11), and SUSE (kernel, qemu, and xen).

  • Openwall Releases LKRG 0.9.0 with a Long List of Major Changes, Improvements & Bug Fixes

    Openwall recently announced the release of LKRG (Linux Kernel Runtime Guard) 0.9.0, featuring a host of major changes and improvements, as well as fixes for multiple security bugs. LKRG is a kernel module that performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel.

  • Can Linux Be Used To Offer More Security In A WFH World (On And Offline)?

    Operational security at least seemed so much easier back when traditional 9-to-5 office life was still dominant. Talk of professionals taking their work home with them was largely metaphorical, with only occasional instances of C-suite types dragging their laptops everywhere they went. Business hardware and systems would be shielded through physical security and isolated networks. One office (or office complex), one place to guard: entirely straightforward. Now, after a year that’s seen countless businesses (some eagerly and others reluctantly) adopt the working-from-home model, there are different challenges to overcome. Teams are scattered and must share sensitive data across the internet — data to which other companies and fraudsters would love to gain access. When information gets out, reputations are destroyed and businesses (particularly those working entirely online) struggle to survive.

Audiocasts and Videocasts: Linux in the Ham Shack, Ubuntu Budgie 21.04, and openSUSE 15.3

  • LHS Episode #408: Let’s Get Metaphysical

    Hello and welcome to the 408th installment of Linux in the Ham Shack. In this short topics episode, the hosts discuss the new, upcoming YOTA contest, Pop! OS, the new amateur radio census, codec2, Linux Mint, the Universal Ham Radio Remote and much more. Thank you for listening and have a great week!

  • Ubuntu Budgie 21.04 overview | Simplicity and Elegance in one package.

    In this video, I am going to show an overview of Ubuntu Budgie 21.04 and some of the applications pre-installed.

  • openSUSE 15.3 First Impressions & Preview

    openSUSE 15.3 is the next version of Leap, due to be released this year. I decided to take a look at the upcoming distro in its current state, to not only refresh myself on openSUSE itself, but to also see what the developers are up to nowadays.

Android Leftovers