Language Selection

English French German Italian Portuguese Spanish

Proprietary Software and Security Issues

Filed under
Misc
  • Running a recent Apache web server version? You probably need to patch it. Now

    The Apache Software Foundation has hurried out a patch to address a pair of HTTP Web Server vulnerabilities, at least one of which is already being actively exploited.

    Apache's HTTP Server is widely used, and the vulnerabilities, CVE-2021-41524 and CVE-2021-41773, aren't great. The latter, a path traversal and file disclosure flaw, is particularly problematic.

    The former was reported to Apache's security team on 17 September and can be exploited by an external source to DoS a server with a specially crafted request. It turned up in version 2.4.49, which was released on September 15, and the Apache crew is not aware of any exploit.

  • VoIP Unlimited hit by outage in wake of DDoS claims • The Register

    A British VoIP firm has staggered back to its feet after being smacked with a series of apparent DDoSes a month after suffering a series of sustained attacks it said were delivered by the REvil ransomware gang.

    In an update at 11:56 UK time, it said it was "continuing to suffer from large scale DDoS attacks. VoIP Unlimited engineers are continuing to mitigate the impact on services."

  • Source Tags & Codes

    The saga of the Missouri governor reflects a failure by the powerful to embrace curiosity—curiosity encouraged by the HTML language he fails to understand.

  • blog.ipfire.org - Feature Spotlight: Weaponising IPFire Location to proactively detect Fast Flux setups

    Thanks to libloc, the free & open source location database, IPFire comes with an accurate, trustworthy database for mapping IP addresses to countries and Autonomous Systems, and vice versa. This allows us to introduce a new feature: Proactive detection of Fast Flux setups, which are commonly used by ne'er-do-wells for hosting questionable and malicious content on compromised machines around the world, switching from one infected PC, IoT device, or router to another within minutes.

    To the best of our knowledge, this is a unique feature. Contrary to other security mechanisms such as AV scanners, which are often lagging behind, it detects malware, phishing, C&C servers and other nefarious things proactively - before any threat intelligence source in the world even knows about them. Even better, measurements done so far indicate it comes with a near-zero false positive rate in productive environments.1

  • A class of its own, CNCF & Linux Foundation Kubernetes exam [Ed: Adrian Bridgwater publishing spam for Zemlin now over in ComputerWeekly… real journalism is dead. It’s all sponsored.]
  • KubeCon 2021: New Kubernetes Certificate and the future of Kubernetes - Market Research Telecast

    The CNCF, the foundation under the umbrella of the Linux Foundation, which is responsible for the administration of the Kubernetes source code, has the KubeCon North America opened and welcomed visitors again after two years. In autumn 2019, users and developers of Kubernetes and cloud native technologies from their environment met for the last time on site at KubeCon & CloudNativeCon in the USA. The following European edition 2020 at the end of March took place via live streams from living rooms.

  • Citrix has built a browser, and lost a CEO

    According to a regulatory filing, in early October, the company's board appointed Robert M. Calderoni as interim CEO, after David Henshall stepped down from the role.

  • User locked out of Microsoft account by MFA bug, complains of customer-hostile support • The Register [Ed: By Microsoft Tim]

    Konstantin Gizdov, an IT professional, was locked out of his Microsoft account by a bug in the company's Multi-Factor Authentication (MFA), but says support refused to acknowledge the bug or recover his account.

    Gizdov is founder of KGE Consultancy Ltd in Edinburgh and an Arch Linux Trusted User.

    His problems began when he received an email informing him that his Microsoft account had been renamed. "I immediately clicked on the 'That was not me' button," he said in a post, after which he managed to contact support.

  • Apple patches 'actively exploited' iPhone zero-day with iOS 15.0.2 update

    If you're using an iPhone, install the iOS 15.0.2 update immediately: Apple has warned that the latest OS upgrade patches an "actively exploited" zero-day.

    Described as a "memory corruption issue" by Apple, the vuln is present within the IOMobileFrameBuffer kernel extension, used for managing display memory. Malicious applications are said to be capable of triggering an integer overflow in the framebuffer, permitting execution of arbitrary code with kernel privileges.

    The bug, publicly tracked as CVE-2021-30883, has not yet been published in full although technical descriptions and proofs of concept are already circulating on security-focused areas of the web.

  • Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once [iophk: Windows TCO]

    According to Fortinet’s Global State of Ransomware Report 2021 (PDF), released last week, most organizations report that ransomware is their top most concerning cyber-threat. That’s particularly true for respondents in Latin America, Asia-Pacific and Europe-Middle East-Africa, who report that they’re more likely to be victims than their peers in the U.S. or Canada.

  • Treasury: $590M paid out by victims of ransomware attacks in first half of 2021 [iophk: Windows TCO]

    Just over 450 ransomware payments were reported to FinCEN from the beginning of January through end of June, with the amount of suspicious activity reports increasing by 30 percent from last year. The amount paid by victims also massively increased compared to 2020, when $416 million was paid out over the entire year.

  • Ransomware? No fear, Scott Morrison has a plan. An action plan

    Hence the Ransomware Action Plan. It's just like the numerous other plans which Morrison and his ministers have put forth, meaningless jumbles of words, all aimed at that one Saturday before next May when the election will have to be held.

    When something that should necessarily have some gravitas starts out like this: "The world has never been more interconnected and our reliance on the internet to fuel Australia’s prosperity and maintain our way of life has never been greater", you just know that it's weapons-grade BS.

  • Apple to make 10 million fewer iPhones due to microchip shortage

    Chip suppliers such as Broadcom and Texas Instruments have reportedly told the smartphone maker that they won't be able to deliver as many units as they said they could.

  • New Windows 10 KB5006670 update breaks network printing
  • Short URLs come in handy for cybercrooks

    However, there are downsides too. URL shorteners are often used by online fraudsters to trick users into following a link to compromise their systems, swindle money from their bank accounts or even trick them into mine cryptocurrency without the intervention of the user. Recipients could be clicking a malware link (short links) or be directed to a spoofing page where the victim’s sensitive information could be recorded and later used for stealing sensitive data or money.

More in Tux Machines

Best Open Source Gantt Chart Software for Linux

Gantt chart is the simplest way to assign resources, manage timelines, and visualize dependencies. It helps you to avoid confusion and cut unproductive events. With a glance, you can have all activities, allocated assets, and the scheduled dates of each. While a Gantt chart is a must for any complex project, in general, you need this project management tool: Read more

NuTyX 21.10.5 available with cards 2.4.140

The NuTyX team is happy to announce the new version of NuTyX 21.10.0 and cards 2.4.138. The xorg-server graphics server version 21.1.1, the Mesa 3D library in 21.2.5, Gtk4 4.4.0 and Qt 5.15.2. The python interpreters are en 3.10.0 et 2.7.18. The XFCE desktop environment is updated to version 4.16. The MATE desktop environment is a 1.26 version . The GNOME desktop environment is also updated to version 40.1.1 The KDE desktop environment is available in Plasma 5.23.3, Framework 5.88.0 and applications in 21.08.3. Available browsers are: Firefox 94.0.2, Chromium 96.0.4664.45, Epiphany 40.3, etc Many desktop applications have been updated as well like Thunderbird 91.2.0, Scribus 1.5.7, Libreoffice 7.1.5.2, Gimp 2.10.28, etc. Read more

System Monitoring Center is an Ideal Task Manager & Resource Monitor for Linux

Graphically monitoring the system resources may not be the best experience on Linux. The system monitoring tool that comes baked in with your desktop environment might limit the details. For instance, GNOME’s system monitor does not display the CPU frequency and temperatures. In addition, the default system monitor applications available for Linux usually aim for simplicity instead of providing detailed insights. Read more

today's leftovers

  • How Ubuntu Boosts Developer Desktop Productivity | Ubuntu

    Seventeen years after its first release, Ubuntu is firmly established as the Linux developer desktop of choice around the world. From education through to enterprise, Ubuntu delivers the tools developers need to succeed across their careers. In this blog, we will cover the main aspects that contribute to this success. [...] Developers start their careers with Ubuntu, and 69% of student developers reported that they prefer Ubuntu as an OS. It’s not surprising. With Ubuntu, they gain access to the best of open source, including AI/ML frameworks, such as Pytorch and TensorFlow, ROS for robotics and LXD and multipass for virtualisation. Open source technology is now a critical part of any enterprise, and familiarity with open source is a key consideration in hiring. As a result, getting new developers onboarded and productive quickly is easier with Ubuntu. It’s a system they’re familiar with. It’s flexible and customisable. And, as an operating system, it spans both the workstation and the cloud, providing a consistent development experience across your technology stack.

  • Our 12 favorite Arduino UNO projects | Arduino Blog

    The UNO wasn’t Arduino’s first board, and it won’t be its last. There have been many varieties of microcontroller and maker boards before and after the UNO, but none have been as iconic. As we cross the epic milestone of 10 million UNOs sold and the launch of the UNO Mini Limited Edition, we decided it was time to take a look back at some of our favorite UNO projects from the last 10 years. And we want to hear about yours, too. Join us over on social media to share your favorite UNO projects, whether you built them yourself or marveled at someone else’s electronic creation.

  • Personal computer maker Raspberry Pi plans London listing

    The company behind Britain's best-selling personal computer is preparing the ground for a spring listing which is expected to value it at more than £370m.

    The trading arm of the Raspberry Pi Foundation has hired bankers from Stifel and Liberum to advise on a London float after securing a $45m (£33m) investment in September.

    The Cambridge-based foundation offloaded stakes to Lansdowne Partners and the Ezrah Charitable Trust to fund product development and marketing after seeing booming demand for its miniature personal computers during lockdown.

  • Mozilla Privacy Blog: Mozilla files comments on UK Data Protection Consultation

    Mozilla recently submitted its comments to a public consultation on reforming the UK’s data protection regime launched by the UK Department for Digital, Culture, Media & Sport. With the public consultation, titled ‘Data: A New Direction’, the UK government set out to re-evaluate the UK’s approach to data protection after no longer being bound by the bloc’s General Data Protection Regulation (GDPR). We took this opportunity to share our thoughts on data stewardship and the role effective regulation can play in addressing the lopsided power dynamics between large data collectors and users. For Mozilla, privacy is not optional. It is an integral aspect of our Manifesto, which states that individuals’ security and privacy on the internet are fundamental and must not be treated as optional. This is why privacy is at the core of our product work and why we have long promoted robust data protection in our policy and advocacy work. Further, Mozilla’s Data Futures Lab is exploring alternative approaches to data governance and promoting data stewardship through original research and support to builders.

  • 42 things I learned from building a production database

    In 2017, I went to Facebook on a sabbatical from my faculty position at Yale. I created a team to build a storage system called Delos at the bottom of the Facebook stack (think of it as Facebook’s version of Chubby). We hit production with a 3-person team in less than a year; and subsequently scaled the team to 30+ engineers spanning multiple sub-teams. In the four years that I led the team (until Spring 2021), we did not experience a single severe outage (nothing higher than a SEV3). The Delos design is well-documented in two academic papers (in OSDI 2020 and SOSP 2021). Delos is currently replacing all uses of ZooKeeper at Facebook.

    Here are some of the things I learned as the tech lead for Delos. My intent in publishing this is to help others in similar roles (leading teams that are building new infra at large companies); much of it may not generalize to different settings.