Language Selection

English French German Italian Portuguese Spanish

Proprietary Software and Security Issues

Filed under
Security
  • SolarWinds [Attack] Reached 27 U.S. Attorneys’ Offices, Justice Says

    The attack compromised Microsoft 365 accounts of at least 80% of the department’s employees working in offices located in the Eastern, Northern, Southern and Western Districts of New York. Also affected to a lesser degree were employees in U.S. Attorneys’ offices in 14 other states, including California, Florida, Maryland, Texas and Virginia, as well as the District of Columbia.

  • Safari isn't protecting the web, it's killing it

    There's been a lot of discussion recently about how "Safari is the new IE" (1, 2, 3, 4, 5).

    I don't want to rehash the basics of that, but I have seen some interesting rebuttals, most commonly: Safari is actually protecting the web, by resisting adding unnecessary and experimental features that create security/privacy/bloat problems.

    That is worth further discussion, because it's widespread, and wrong.

    More specifically, Safari's approach isn't protecting the web from bloat & evil Google influence, because: [...]

  • Hasta la Vista Gmail

    I’ve been a Gmail user pretty much since day 1, when it was still an invite-only service in 2004.1 Not anymore. Over the past month I’ve migrated most of my email to Fastmail and I’m extremely happy with the result.

    Why bother? Well, I guess it won’t come to you as a shock that I’ve felt progressively more uncomfortable with how Google (and the like) are handling my personal data. I’ve also been getting quite frustrated with attempts to make email/my inbox “smarter”. I never needed a “priority inbox”, auto-categorization of email, etc. Simple is good. Just put the newest emails on the top and I’ll sort it out from there.

  • Google dodges regulation, hits advertisers with “regulatory” charges: What’s the Scam?

    We are not familiar with what draconian regulatory schemes exist for Google in Austria and Turkey, but here in Australia we know what it is – which is not much at all. And they paid no tax on their 2020 revenue of $5.2 billion.

  • Storing Encrypted Photos in Google’s Cloud

    Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices. As users store more and more photos in the cloud, significant privacy concerns arise because even a single compromise of a user’s credentials give attackers unfettered access to all of the user’s photos. We have created Easy Secure Photos (ESP) to enable users to protect their photos on cloud photo services such as Google Photos. [...]

  • Spyware revelations are a crucial moment for Indian democracy
  • Joint Open Letter: States Must Implement Moratorium on Surveillance Technology - PEN America

    We the undersigned civil society organizations and independent experts are alarmed at the media revelations that NSO Group’s spyware has been used to facilitate human rights violations around the world on a massive scale.

    These revelations are a result of the Pegasus Project and are based on the leak of 50,000 phone numbers of potential surveillance targets. The project is a collaboration of more than 80 journalists from 16 media organizations in 10 countries coordinated by Forbidden Stories, a Paris-based media non-profit, with the technical support of Amnesty International, who conducted forensic tests on mobile phones to identify traces of the Pegasus spyware.

  • Canonicalization Attacks Against MACs and Signatures

    Canonicalization Attacks occur when a protocol that feeds data into a hash function used in a Message Authentication Code (MAC) or Digital Signature calculation fails to ensure some property that’s expected of the overall protocol.

    The textbook example of a canonicalization attack is the length-extension attack against hash functions such as MD5–which famously broke the security of Flickr’s API signatures.

    But there’s a more interesting attack to think about, which affects the design of security token/envelope formats (PASETO, DSSE, etc.) and comes up often when folks try to extend basic notions of authenticated encryption (AE) to include additional authenticated (but unencrypted) data (thus yielding an AEAD mode).

More in Tux Machines

Fear, Uncertainty, Doubt/Misinformation

today's howtos

  • How to Install Linux Malware Detect (Maldet) on Fedora 34 - LinuxCapable

    Linux Malware Detect (LMD), also known as Maldet, is a malware scanner for Linux released under the GNU GPLv2 license. Maldet is quite popular amongst sysadmins and website devs due to its focus on the detection of PHP backdoors, dark mailers, and many other malicious files that can be uploaded on a compromised website using threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection.

  • How to Install Podman on Debian 11

    Developed by RedHat, Podman is a free and open-source daemonless container engine designed to be a drop-in replacement for the popular Docker runtime engine. Just like Docker, it makes it easy to build, run, deploy and share applications using container images and OCI containers ( Open Container Initiative ). Podman uses user and network namespaces and In comparison to Docker, Podman is considered more isolated and secure. Most commands in Docker will work in Podman. and so if you are familiar with running Docker commands, using podman will be such a breeze.

  • How to Install ArangoDB on Ubuntu Linux

    Every good application requires a database management system to match. As we know there are many of them and in many different categories. Today we will talk about how to install ArangoDB on Linux. In a nutshell, ArangoDB is an open-source NoSQL database system, and it is easily administered via the integrated web interface or the command-line interface.

  • How to Install Java 17 LTS (JDK 17) on Ubuntu 20.04 - LinuxCapable

    Java is a general-purpose, class-based, object-oriented multipurpose programming language that is popular due to the design of having lesser implementation dependencies, meaning that the compiled Java code can be run on all platforms that support Java without the need for recompilation. Java is also fast, secure, and reliable, therefore. It is widely used for developing Java applications in laptops, data centers, game consoles, scientific supercomputers, cell phones, etc. JDK 17 (JDK 17) has brought forward new language enhancements, updates to the libraries, support for new Apple computers, removals and deprecations of legacy features, and work to ensure Java code written today will continue working without change in future JDK versions. In the following tutorial, you will learn how to install the latest Java 17 (JDK 17) on Ubuntu 20.04.

Astro Pi 2: New Raspberry Pi hardware with updated camera, sensors to head to the ISS this year

Good news for earthbound Pi-tinkerers hoping to get their code into orbit: a follow-up to 2015's Astro Pi is due to head to the International Space Station (ISS) this year. Time has moved on a bit since the Principia mission of Tim Peake where the first units were installed aboard the orbiting outpost. While over 54,000 participants from 26 countries have since had code run on the hardware, the kit has fallen somewhat behind what is available on Earth. To that end, some new units are due to be launched, replete with updated hardware. In this case, heading to orbit will be Raspberry Pi 4 Model B units with 8GB RAM, the Raspberry Pi High Quality Camera (a 12.3MP device) and the usual complement of gyroscope, accelerometer, magnetometer, humidity, temperature and pressure sensors for users to code against. Read more Also: Tracking Maximum Power Point For Solar Efficiency | Hackaday

pgAdmin 4 v5.7, More PostgreSQL News, and SQLite Linux Tutorial for Beginners

  • PostgreSQL: pgAdmin 4 v5.7 Released

    The pgAdmin Development Team is pleased to announce pgAdmin 4 version 5.7. This release of pgAdmin 4 includes 26 bug fixes and new features. For more details please see the release notes. pgAdmin is the leading Open Source graphical management tool for PostgreSQL. For more information, please see the website.

  • PostgreSQL Weekly News - September 19, 2021

    Pgpool-II 4.2.5, a connection pooler and statement replication system for PostgreSQL, released Database Lab 2.5, a tool for fast cloning of large PostgreSQL databases to build non-production environments, released. pgexporter 0.1.0, a Prometheus exporter for PostgreSQL, released

  • SQLite Linux Tutorial for Beginners

    This SQLite Linux tutorial is intended for beginners who wish to learn how to get started with SQLite database. SQLite is one of the world’s most widely-used Database programs. So, what is a Database, and what is SQLite?