Language Selection

English French German Italian Portuguese Spanish

Security and Microsoft FUD

Filed under
Microsoft
Security
  • Security updates for Monday [LWN.net]

    Security updates have been issued by Debian (chromium, firefox-esr, ghostscript, libreswan, prosody, sphinxsearch, thunderbird, and uriparser), Fedora (cryptsetup, flatpak, kernel, mingw-uriparser, python-celery, python-kombu, and uriparser), Mageia (htmldoc, mbedtls, openexr, perl-CPAN, systemd, thunderbird, and vim), openSUSE (chromium and prosody), Red Hat (httpd, kernel, and samba), Scientific Linux (kernel), Slackware (expat), SUSE (ghostscript), and Ubuntu (pillow).

  • Domestic CCTV and audio recording | Pen Test Partners

    Last week, we had BBC Morning Live in to film a piece on the legalities and challenges of domestic CCTV systems. You can watch it on iPlayer here, starting at 10:30.

    It was sparked by a conversation we had with Radio 4 before Xmas, where a journalist had taken an interest in CCTV systems exposed on insecam.org.

    We had helped the journalist identify the homeowner with an exposed CCTV stream & they went to speak to them about it. Unsurprisingly, the homeowner had installed the system & left it exposed with default credentials. Whilst they could review their CCTV footage remotely on a mobile app, so could anyone else…

    It ended well though, as the homeowner took the system offline and secured it. One less exposed CCTV camera! The radio piece is here.

    As a reminder, if you don’t set a good, strong password for your CCTV system that you don’t use elsewhere, you run the risk of it being exposed and/or accessed remotely by nefarious parties.

  • Data & Society — Bounty Everything: Hackers and the Making of the Global Bug Marketplace

    In Bounty Everything: Hackers and the Making of the Global Bug Marketplace, researchers Ryan Ellis and Yuan Stevens provide a window into the working lives of hackers who participate in “bug bounty” programs—programs that hire hackers to discover and report bugs or other vulnerabilities in their systems. This report illuminates the risks and insecurities for hackers as gig workers, and how bounty programs rely on vulnerable workers to fix their vulnerable systems.
    Ellis and Stevens’s research offers a historical overview of bounty programs and an analysis of contemporary bug bounty platforms​​—the new intermediaries that now structure the vast majority of bounty work. The report draws directly from interviews with hackers, who recount that bounty programs seem willing to integrate a diverse workforce in their practices, but only on terms that deny them the job security and access enjoyed by core security workforces. These inequities go far beyond the difference experienced by temporary and permanent employees at companies such as Google and Apple, contend the authors. The global bug bounty workforce is doing piecework—they are paid for each bug, and the conditions under which a bug is paid vary greatly from one company to the next.
    Bounty Everything offers to reimagine how bounty programs can better serve the interests of both computer security and the workers that protect our digital world. Ellis & Stevens argue that if bounty programs are not designed and implemented properly, “this model can ironically perpetuate a world full of bugs that uses a global pool of insecure workers to prop up a business model centered on rapid iteration and perpetual beta.”

  • An Examination of the Bug Bounty Marketplace
  • Freexian’s report about Debian Long Term Support, December 2021

    Every month we review the work funded by Freexian’s Debian LTS offering. Please find the report for December below.

  • Malware targeting Linux systems hit a new high in 2021 [Ed: Microsoft-connected Crowdstrike spreading lots of anti-Linux FUD at the moment to sell its proprietary products and to help Microsoft]
  • New year brings bad news for Linux as 2021 saw up to 10 times more malware samples
  • Linux malware is on the rise. Here are three top threats right now [Ed: Microsoft operatives inside the media use Microsoft-connected Crowdstrike to smear Linux right now; nobody bothers to check their Microsoft connections (words taken at face value)]

Once again, Microsoft-connected firm smears "Linux"

  • Why Linux Saw A Massive Rise In Malware Attacks Last Year

    Crowdstrike actually expects...

  • Linux malware rises

    The number of malware infections targeting Linux devices rose by 35 per cent in 2021, and it looks lie the writers want to recruit IoT devices for DDoS (distributed denial of service) attacks.

    According to a Crowdstrike report in 2021 XorDDoS, Mirai, and Mozi were the most prevalent families, accounting for 22 per cent of Linux-targeting malware attacks observed in 2021.

    Mozi saw an explosive growth in its activity, with ten times more samples circulating in the wild the year that passed compared to the previous one. XorDDoS use increased by123 per cent.

Slashdot is giving a megaphone to Microsofters against Linux

  • Linux Malware Sees 35% Growth During 2021

    The number of malware infections targeting Linux devices rose by 35% in 2021, most commonly to recruit IoT devices for DDoS (distributed denial of service) attacks

Microsofters

More FUD

Bruce Schneier has become megaphone of Microsoft proxy, FUD

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Fedora Magazine: Five common mistakes when using automation

As automation expands to cover more aspects of IT, more administrators are learning automation skills and applying them to ease their workload. Automation can ease the burden of repetitive tasks and add a level of conformity to infrastructure. But when IT workers deploy automation, there are common mistakes that can wreak havoc on infrastructures large and small. Five common mistakes are typically seen in automation deployments. Read more

Security Leftovers

  • Reproducible Builds: Supporter spotlight: Jan Nieuwenhuizen on Bootstrappable Builds, GNU Mes and GNU Guix

    The Reproducible Builds project relies on several projects, supporters and sponsors for financial support, but they are also valued as ambassadors who spread the word about our project and the work that we do. This is the fourth instalment in a series featuring the projects, companies and individuals who support the Reproducible Builds project. We started this series by featuring the Civil Infrastructure Platform project and followed this up with a post about the Ford Foundation as well as a recent ones about ARDC and the Google Open Source Security Team (GOSST). Today, however, we will be talking with Jan Nieuwenhuizen about Bootstrappable Builds, GNU Mes and GNU Guix.

  • CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities [Ed: Proprietary software is a threat to national security]

    CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, vRealize Suite Lifecycle Manager.

  • Software Supply Chain: A Risky Time for Dependencies [Ed: This is a proprietary software problem too and it's not a new problem; the FUD patterns are newer and driven by special interests]

    The software supply chain is a critical element in the lifecycle of applications and websites. The interdependencies and components common in modern software development can increase the attack surface and sometimes allow hackers to bypass robust security layers you’ve added to your infrastructure.

Shows and Videos: FLOSS Weekly, Linux Out Loud, Bringing Windows Best Feature To Linux, and More

  • FLOSS Weekly 681: Yes, UCAN - James Walker, Fission.codes and UCAN

    User Controlled Authorization Networks (UCANs) are just one of the many new and useful approaches to decentralization that James Walker, of fission.codes, shares with Doc Searls and Dan Lynch. If you want a detailed dose of pure optimism about Web3 working for you and me, this is the episode for you on FLOSS Weekly.

  • 14: Back Stage Pass - Linux Out Loud - TuxDigital

    This week, Linux Out Loud chats about what it is like for us to be content creators on the Tux Digital Network. Welcome to episode 14 of Linux Out Loud. We fired up our mics, connected those headphones as we searched the community for themes to expound upon. We kept the banter friendly, the conversation somewhat on topic, and had fun doing it.

  • Bringing Windows Best Feature To Linux!! - Invidious

    Have you ever felt like Linux was just missing something but not sure what it was missing, well maybe it was missing a really annoying watermark telling you to activate your system everytime you use it.

  • Why Use The Terminal Instead of GUI Apps? - Invidious

    New Linux users often are confused with why more intermediate-to-advanced users gravitate to the terminal rather than just using GUI apps for the same task. There are reasons why newer users hate the terminal and longtime Linux users love the terminal.

  • Linux in the Ham Shack/LHS Episode #467: The Weekender XCI

    It's time once again for The Weekender. This is our departure into the world of hedonism, random topic excursions, whimsy and (hopefully) knowledge. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we're doing. We'd love to hear from you.

Android Leftovers