Language Selection

English French German Italian Portuguese Spanish

Security: Windows, Microsoft Malware, GPS Bug, and Some Exaggeration/FUD

Filed under
Security
  • Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs - blackMORE Ops

    The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are engaged in addressing a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental organizations (NGOs). A sophisticated cyber threat actor leveraged a compromised end-user account from Constant Contact, a legitimate email marketing software company, to spoof a U.S.-based government organization and distribute links to malicious URLs.[1] CISA and FBI have not determined that any individual accounts have been specifically targeted by this campaign.

  • Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices [Ed: Lousy anti-journalist sites try to blame the victims for having received malware from Microsoft itself]

    Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems.

  • GPS Daemon (GPSD) Rollover Bug

    Critical Infrastructure (CI) owners and operators, and other users who obtain Coordinated Universal Time (UTC) from Global Positioning System (GPS) devices, should be aware of a GPS Daemon (GPSD) bug in GPSD versions 3.20 (released December 31, 2019) through 3.22 (released January 8, 2021).

  • New Linux kernel memory corruption bug causes full system compromise [Ed: This is "local privilege escalation", i.e. vastly less severe than all those back doors in Windows, but so-called 'security' firms aren't meant to talk about state-mandated holes]

    Researchers dubbed it a “straightforward Linux kernel locking bug” that they exploited against Debian Buster’s 4.19.0.13-amd64 kernel.

GPS not reliable, due to bugs

  • Global Displacement System, A Gpsd Bug Will Hit Unpatched Systems This Sunday - PC Perspective

    You might not remember what Gpsd is but it is in the news every 19.6 years, or more specifically every 1024 weeks, thanks to lazy timekeeping implementation for GPS satellites, which keep track of the number of weeks since January 5, 1980 as an unsigned 10-bit integer. That means when it hits 1023, the next week it rolls over to 0 and many systems which interface with GPS using timestamps will suddenly have corrupted location data.

    Gpsd is an example of this, it is a a service daemon that translates data from Global Positioning System (GPS), Global Navigation Satellite System (GNSS), and Automatic Identification System (AIS) and is used in a huge variety of applications. Some applications such as Kismet, GpsDrive, and roadmap will be affected but are not necessarily mission critical but more an annoyance when they stop functioning properly. However Gpsd is also used in things driverless cars, marine navigation, and military IFF; small errors in those systems can have large real world effects.

  • CISA: GPS software bug may cause unexpected behavior this Sunday

    The Cybersecurity and Infrastructure Security Agency (CISA) warned that GPS deices might experience issues over the weekend because of a timing bug impacting Network Time Protocol (NTP) servers running the GPS Daemon (GPSD) software.

  • Disable Time Sync NOW—Ugly GPSd Bug Brings Sunday FAILs

    On Sunday, you might find some equipment thinks it’s 2002. That’s because of a weird bug in gpsd—the code on which a bunch of Network Time Protocol servers rely.

  • A GPS-Based Bug Could Roll Back Your Devices to 2002 [Ed: Put another way, GPS (US) basically broken. There are alternatives to it.]
  • If your apps or gadgets break down on Sunday, this may be why: Gpsd bug to roll back clocks to 2002

    Come Sunday, October 24, 2021, those using applications that rely on gpsd for handling time data may find that they're living 1,024 weeks – 19.6 years – in the past.

    A bug in gpsd that rolls clocks back to March, 2002, is set to strike this coming weekend.

    The programming blunder was identified on July 24, 2021, and the errant code commit, written two years ago, has since been fixed. Now it's just a matter of making sure that every application and device deploying gpsd has applied the patch.

    The Network Time Protocol (NTP) provides a way for devices and services to keep accurate time using a hierarchical set of servers rated in terms of precision, with "stratum 0" representing the most accurate time sources.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Best Open Source Gantt Chart Software for Linux

Gantt chart is the simplest way to assign resources, manage timelines, and visualize dependencies. It helps you to avoid confusion and cut unproductive events. With a glance, you can have all activities, allocated assets, and the scheduled dates of each. While a Gantt chart is a must for any complex project, in general, you need this project management tool: Read more

NuTyX 21.10.5 available with cards 2.4.140

The NuTyX team is happy to announce the new version of NuTyX 21.10.0 and cards 2.4.138. The xorg-server graphics server version 21.1.1, the Mesa 3D library in 21.2.5, Gtk4 4.4.0 and Qt 5.15.2. The python interpreters are en 3.10.0 et 2.7.18. The XFCE desktop environment is updated to version 4.16. The MATE desktop environment is a 1.26 version . The GNOME desktop environment is also updated to version 40.1.1 The KDE desktop environment is available in Plasma 5.23.3, Framework 5.88.0 and applications in 21.08.3. Available browsers are: Firefox 94.0.2, Chromium 96.0.4664.45, Epiphany 40.3, etc Many desktop applications have been updated as well like Thunderbird 91.2.0, Scribus 1.5.7, Libreoffice 7.1.5.2, Gimp 2.10.28, etc. Read more

System Monitoring Center is an Ideal Task Manager & Resource Monitor for Linux

Graphically monitoring the system resources may not be the best experience on Linux. The system monitoring tool that comes baked in with your desktop environment might limit the details. For instance, GNOME’s system monitor does not display the CPU frequency and temperatures. In addition, the default system monitor applications available for Linux usually aim for simplicity instead of providing detailed insights. Read more

today's leftovers

  • How Ubuntu Boosts Developer Desktop Productivity | Ubuntu

    Seventeen years after its first release, Ubuntu is firmly established as the Linux developer desktop of choice around the world. From education through to enterprise, Ubuntu delivers the tools developers need to succeed across their careers. In this blog, we will cover the main aspects that contribute to this success. [...] Developers start their careers with Ubuntu, and 69% of student developers reported that they prefer Ubuntu as an OS. It’s not surprising. With Ubuntu, they gain access to the best of open source, including AI/ML frameworks, such as Pytorch and TensorFlow, ROS for robotics and LXD and multipass for virtualisation. Open source technology is now a critical part of any enterprise, and familiarity with open source is a key consideration in hiring. As a result, getting new developers onboarded and productive quickly is easier with Ubuntu. It’s a system they’re familiar with. It’s flexible and customisable. And, as an operating system, it spans both the workstation and the cloud, providing a consistent development experience across your technology stack.

  • Our 12 favorite Arduino UNO projects | Arduino Blog

    The UNO wasn’t Arduino’s first board, and it won’t be its last. There have been many varieties of microcontroller and maker boards before and after the UNO, but none have been as iconic. As we cross the epic milestone of 10 million UNOs sold and the launch of the UNO Mini Limited Edition, we decided it was time to take a look back at some of our favorite UNO projects from the last 10 years. And we want to hear about yours, too. Join us over on social media to share your favorite UNO projects, whether you built them yourself or marveled at someone else’s electronic creation.

  • Personal computer maker Raspberry Pi plans London listing

    The company behind Britain's best-selling personal computer is preparing the ground for a spring listing which is expected to value it at more than £370m.

    The trading arm of the Raspberry Pi Foundation has hired bankers from Stifel and Liberum to advise on a London float after securing a $45m (£33m) investment in September.

    The Cambridge-based foundation offloaded stakes to Lansdowne Partners and the Ezrah Charitable Trust to fund product development and marketing after seeing booming demand for its miniature personal computers during lockdown.

  • Mozilla Privacy Blog: Mozilla files comments on UK Data Protection Consultation

    Mozilla recently submitted its comments to a public consultation on reforming the UK’s data protection regime launched by the UK Department for Digital, Culture, Media & Sport. With the public consultation, titled ‘Data: A New Direction’, the UK government set out to re-evaluate the UK’s approach to data protection after no longer being bound by the bloc’s General Data Protection Regulation (GDPR). We took this opportunity to share our thoughts on data stewardship and the role effective regulation can play in addressing the lopsided power dynamics between large data collectors and users. For Mozilla, privacy is not optional. It is an integral aspect of our Manifesto, which states that individuals’ security and privacy on the internet are fundamental and must not be treated as optional. This is why privacy is at the core of our product work and why we have long promoted robust data protection in our policy and advocacy work. Further, Mozilla’s Data Futures Lab is exploring alternative approaches to data governance and promoting data stewardship through original research and support to builders.

  • 42 things I learned from building a production database

    In 2017, I went to Facebook on a sabbatical from my faculty position at Yale. I created a team to build a storage system called Delos at the bottom of the Facebook stack (think of it as Facebook’s version of Chubby). We hit production with a 3-person team in less than a year; and subsequently scaled the team to 30+ engineers spanning multiple sub-teams. In the four years that I led the team (until Spring 2021), we did not experience a single severe outage (nothing higher than a SEV3). The Delos design is well-documented in two academic papers (in OSDI 2020 and SOSP 2021). Delos is currently replacing all uses of ZooKeeper at Facebook.

    Here are some of the things I learned as the tech lead for Delos. My intent in publishing this is to help others in similar roles (leading teams that are building new infra at large companies); much of it may not generalize to different settings.