Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • More than 300 Cisco switch models vulnerable to CIA hack

    A cache of CIA documents was dropped on the internet two weeks ago via WikiLeaks. It was a huge volume of data, some of which detailed CIA tools for breaking into smartphones and even smart TVs. Now, Cisco has said its examination of the documents points to a gaping security hole in more than 300 models of its switches. There’s no patch for this critical vulnerability, but it’s possible to mitigate the risk with some settings changes.

    Cisco’s security arm sent out an advisory on Friday alerting customers that the IOS and IOS XE Software Cluster were vulnerable to hacks based on the leaked documents. The 318 affected switch models are mostly in the Catalyst series, but there are also some embedded systems and IE-series switches on the list. These are enterprise devices that cost a few thousand dollars at least. So, nothing in your house is affected by this particular attack.

  • Assange chastises companies who haven't responded to CIA vulnerability offers

    Wikileaks head Julian Assange slammed companies not taking the site up on the sites offer to share security flaws the CIA had exploited in their products.

    In a screen-shot statement tweeted on Saturday, Wikileaks noted that "Organizations such as Mozilla" had responded to the site's emails offering unreleased security vulnerabilities from leaked CIA files. "Google and other companies" had not.

    "Most of these lagging companies have conflicts of interest due to their classified work with US government agencies. In practice such associations limit industry staff with US security clearances from fixing holes based on leaked information from the CIA. Should such companies choose to not secure their users against CIA or NSA attacks users may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts," the statement read.

    Wikileaks recently published a trove of files leaked from the CIA, including descriptions of hacking techniques. The site made an effort to redact source code showing how to actually accomplish the techniques, although enough code slipped through the cracks for researchers to reverse engineer at least one of the security flaws.

  • Gentoo: 201703-02 Adobe Flash Player: Multiple vulnerabilities

More in Tux Machines

Top 4 open source alternatives to Google Analytics

If you have a website or run an online business, collecting data on where your visitors or customers come from, where they land on your site, and where they leave is vital. Why? That information can help you better target your products and services, and beef up the pages that are turning people away. To gather that kind of information, you need a web analytics tool. Many businesses of all sizes use Google Analytics. But if you want to keep control of your data, you need a tool that you can control. You won’t get that from Google Analytics. Luckily, Google Analytics isn’t the only game on the web. Here are four open source alternatives to Google Analytics. Read more

Welcome To The (Ubuntu) Bionic Age: Nautilus, a LTS and desktop icons

If you are following closely the news of various tech websites, one of the latest hot topic in the community was about Nautilus removing desktop icons. Let’s try to clarify some points to ensure the various discussions around it have enough background information and not reacting on emotions only as it could be seen lately. You will have both downstream (mine) and upstream (Carlos) perspectives here. Read more

Programming: Perl, JavaScript, Ick, PowerFake, pylint-django, nbdkit filters

  • An Open Letter to the Perl Community

    Some consider Perl 6 to be a sister language to Perl 5. Personally, I consider Perl 6 more of a genetically engineered daughter language with the best genes from many parents. A daughter with a difficult childhood, in which she alienated many, who is now getting out of puberty into early adulthood. But I digress.

  • Long Live Perl 5!

    While not mentioned in the original Letter, a frequent theme in the comments was that Perl 6 should be renamed, as the name is inaccurate or is damaging.

    This is the topic on which I wrote more than once and those who have been following closely know that, yes, many (but by no means all) in the Perl 6 community acknowledge the name is detrimental to both Perl 6 and Perl 5 projects.

    This is why with a nod of approval from Larry we're moving to create an alias to Perl 6 name during 6.d language release, to be available for marketing in areas where "Perl 6" is not a desirable name.

  • JavaScript Trends for 2018
    Trying to bet on how many new JavaScript frameworks will be released each month, is, the best software engineer’s game in the past 5 years.
  • Ick: a continuous integration system
    TL;DR: Ick is a continuous integration or CI system. See http://ick.liw.fi/ for more information.
  • Introducing PowerFake for C++
    PowerFake is a new mini-framework/tool to make it possible to fake/mock free functions and static & non-virtual member functions in C++. It requires no change to the code under test, but it might need some structural changes, like moving some parts of the code to a different .cpp file; or making inline functions non-inline when built for testing. It is useful for writing unit tests and faking/mocking functions which should not/cannot be run during a test case. Some say that such a feature is useful for existing code, but should not be needed for a code which is written testable from the beginning. But, personally I don’t agree that it is always appropriate to inject such dependencies using virtual interfaces or templates. Currently, it is not supposed to become a mocking framework on its own. I hope that I can integrate PowerFake into at least one existing C++ mocking framework. Therefore, currently it doesn’t provide anything beyond faking existing functions.
  • Introducing pylint-django 0.8.0
    Since my previous post was about writing pylint plugins I figured I'd let you know that I've released pylint-django version 0.8.0 over the weekend. This release merges all pull requests which were pending till now so make sure to read the change log.
  • nbdkit filters
    nbdkit is our toolkit for creating Network Block Device (NBD) servers from “unusual” data sources. nbdkit was already configurable by writing simple plugins in several programming languages. Last week Eric Blake and I added a nice new feature: You can now modify existing plugins by placing “filters” in front of them.

Moving to Linux from dated Windows machines

Every day, while working in the marketing department at ONLYOFFICE, I see Linux users discussing our office productivity software on the internet. Our products are popular among Linux users, which made me curious about using Linux as an everyday work tool. My old Windows XP-powered computer was an obstacle to performance, so I started reading about Linux systems (particularly Ubuntu) and decided to try it out as an experiment. Two of my colleagues joined me. Read more