- Latest Headlines
- Recent comments
- All-Time Popular Stories
- Hot Topics
- Latest Members
Just Enough Administration (JEA) is a new Windows 10/Server 2016 feature to create granular least privilege policies by granting specific administrative privileges to users, defined by built-in and script-defined PowerShell cmdlets. Microsoft's documentation claimed JEA was a security boundary so effective you did not need to worry about an attacker stealing and misusing the credentials of a JEA user.
But every JEA role capability example I found Microsoft had published had vulnerabilities that could be exploited to obtain complete system administrative rights, most of them immediately, reliably, and without requiring any special configuration. I find it hard to believe most custom role capabilities created by system administrators in the wild are going to be more secure than these, given the track record of the functionally similar features in Linux, the non-obvious nature of vulnerabilities, and the importance of dangerous cmdlets to routine system troubleshooting and maintenance.
I recommended Microsoft invert what their JEA articles and documentation said about security. Instead of leading with statements that JEA was a security barrier, users with JEA rights should not be considered administrators, and their credentials do not need to be protected like real administrators with a note that this may not be the case if you are not careful; Microsoft's JEA documentation should lead with statements that JEA should not be treated like a security barrier and users with JEA rights and their credentials should be tightly controlled exactly like normal administrators unless the role capabilities have been strictly audited by security professionals. Additionally, the README files and comments of their example role capabilities should start with stern reminders of this.
The first problem: many IoT devices, like those cameras, are consumer-oriented, which means their owners don't have a security-conscious IT department. "Individuals do not have the purchasing power of a large corporation," says John Dickson, principal of Denim Group, "so they cannot demand security features or privacy protections that a large corporation can of an a product or software vendor."
PC Pitstop Vice President of Cyber Security Dodi Glenn points out that many IoT purchasers neglect basic security measures, failing to change passwords from obvious defaults. And even if they did want to secure their devices, there are limits to what they can do: "You can't secure these devices with antivirus applications."
In what researchers call the "Internet of Unpatchable Things," a 12-year-old security flaw is being exploited by attackers in a recent spate of SSHowDowN Proxy attacks.
The Internet of Things (IoT) is an emerging market full of Wi-Fi and networked devices including routers, home security systems, and lighting products. While the idea of making your home more efficient and automating processes is an appealing one, unfortunately, vendors en masse are considering security as an afterthought for thousands of devices now in our homes, leaving our data vulnerable.
Documents in a class-action lawsuit against Ford and its original MyFord Touch in-vehicle infotainment (IVI) system reveal that the company's engineers and even its top executive were frustrated with the problematic technology.
The documents from the 2013 lawsuit show Ford engineers believed the IVI, which was powered by the SYNC operating system launched in 2010, might be "unsaleable" and even described a later upgrade as a "polished turd," according to a report in the Detroit News, which was confirmed by Computerworld.
The SYNC OS was originally powered by Microsoft software. Microsoft continued releasing software revisions it knew were defective, according to the lawsuit.
"In the spring of 2011, Ford hired Microsoft to oversee revisions, and hopefully the improvement, of the [software]. But ... Microsoft was unable to meaningfully improve the software, and Ford continued releasing revised software that it knew was still defective," the lawsuit states.
Last week, a U.S. District Court judge certified the case as a class action.
"It's not a question of if you're going to get hacked—it's when you're going to get hacked."
Those were the words of Verizon CEO Lowell McAdam as he sought to assure investors last week that the company is still interested in purchasing Yahoo despite the massive data breach of Yahoo consumer accounts.
Whether McAdam's words ring true for the hodgepodge of election systems across the US is anybody's guess. But in the wake of the Obama administration's announcement that the Russian government directed hacks on the Democratic National Committee and other institutions to influence US elections, a senator from Oregon says the nation should conduct its elections like his home state does: all-mail voting.
Open source security company SourceClear said it is integrating Atlassian’s suite of developer tools including Bitbucket Pipelines, JIRA Server, JIRA Cloud, and Bamboo into the company’s open source platform. The integration will result in automated security checks being a part of the developer workflow before they ship code.
There are new smartphones hitting the market constantly, but which is the best to pick up when you’re trying to save a buck or two? We’ve seen some great launches this summer and we’re only expecting more over the coming months, but for now, let’s go over the best affordable Android smartphones you can go pick up today…
StormCrawler (SC) is an open source SDK for building distributed web crawlers with Apache Storm. The project is under Apache license v2 and consists of a collection of reusable resources and components, written mostly in Java. It is used for scraping data from web pages, indexing with search engines or archiving, and can run on a single machine or an entire Storm cluster with exactly the same code and a minimal number of resources to implement.
Canonical, the lead commercial sponsor behind the open-source Ubuntu Linux operating system, is set to debut its second major milestone release of 2016 on Oct. 13. The Ubuntu 16.10 release is named Yakkety Yak and follows the 16.04 Xenial Xerus release, which became generally available on April 21 and is a Long Term Support (LTS) release. The 16.10 release, however, is what Canonical considers to be a standard release. With an LTS, Canonical provides support for five years, while a standard release is supported only for nine months. In many respects, Ubuntu 16.10 is an incremental release and does not provide major new features, but rather a set of updated packages and minor improvements. Among the updated software are the open-source LibreOffice 5.2 productivity suite and the Firefox 48 web browser. Also of particular note is the fact that Ubuntu 16.10 is based on the latest Linux 4.8 kernel, which provides advanced hardware support and improved performance. The Ubuntu 16.10 milestone also provides a preview for the Unity 8 desktop. In this slide show, eWEEK takes a look at some of the features in the Ubuntu 16.04 Linux release.
Samsung unveiled a 14nm, dual Cortex-A53 “Exynos 7 Dual 7270” SoC with built-in LTE, which runs Tizen Linux on its new Gear S3 watch.
Samsung may be suffering through one of the worst months in its history, culminating with this week’s recall of the exploding Galaxy Note 7, but the company is so diverse it can also produce some feel-good news at the same time. This week, Samsung Electronics announced the beginning of mass production of a new wearables system-on-chip called the Exynos 7 Dual 7270. Billed as the first wearables-oriented SoC fabricated with a 14-nanometer (nm) FinFET process, the Exynos 7 Dual 7270 will first appear later this year in its Gear 3 smartwatches (see farther below).
The Next Thing unveiled a $16 COM version of the Chip SBC called the Chip Pro, plus a dev kit and a $6 SiP version of the Allwinner R8 SoC called the GR8.
The Next Thing, which gave us the $9-and-up Chip SBC and Chip-based PocketChip handheld computer, has unveiled a $16, open-spec computer-on-module version of the Chip called the Chip Pro. The Chip Pro measures 45 x 30mm compared to 60 x 40mm for the Chip. The Pro has half the RAM of the Chip with 256MB DDR3, and only 512MB NAND flash instead of 4GB NAND, but it retains the onboard WiFi and Bluetooth 4.2.
Earlier this week my colleague Steve Kovach gave you a quick list of reasons why you should buy the iPhone over any Android alternative. They’re all perfectly valid.
As someone who owns and uses phones from both sides of the fence, though, I thought it’d be fun to see if I could still take the opposite tack.
So consider this a counterpoint. If you don’t want to hop on the Apple train, here are a few time-tested advantages Google’s mobile OS has over its rival from Cupertino.
- Index: Our Jesper Kongstad Series of Danish Stories
- Danish Stories – Part V: Jesper Kongstad’s Chinchilla Fur Farming
- Addendum I: Danish Fur Industry – Further Information Regarding Political Lobbying
- Addendum II: Article About the Kongstads’ Villa Becoming a Breeding Farm for the Fur Industry
- Links 12/10/2016: Ansible Galaxy is Free Software, FreeBSD 11 Released
Wire is an open-source messaging service that offers fully encrypted calls, video and group chats — and now it’s available for Linux. Wire for Linux beta is available to download from today via the Wire website. It has the same feature set as Wire’s other desktops and mobile apps, including always-on end-to-end encryption.
System76 said on Tuesday that it has updated its Lemur-branded laptop with Intel’s new seventh-generation “Kaby Lake” processors. This laptop specifically ships with Ubuntu 16.04.01 LTS (64-bit) installed, thus offering a cheaper price point than an identical solution packing Windows 10. Pricing for the Lemur starts at $700.
According to the product page, this laptop provides five areas that can be configured: processor, memory, operating system drive, additional storage, and the type of Wireless AC connectivity. On the processor front, there are only two choices: the Intel Core i3-7100U (default) and the Intel Core i7-7500U (an added $160).
It’s Ubuntu 16.10 release week, which means you might be feeling a little nostalgic for releases past.
You could take a look back at every Ubuntu default wallpaper, from the very first release to this week’s pending one, or you could set every Ubuntu wallpaper as your desktop background.
The latest Raspberry Pi graphics driver hacking by Eric Anholt of Broadcom has been working to support QPU shaders by this open-source driver stack. QPUs are the shader core of the graphics hardware found in the Raspberry Pi SoC, but come up short of supporting OpenCL or OpenGL compute shaders.
Cyanogen mods self away from full Android alternative [Ed: Good riddance to another Microsoft proxy (which didn’t have to become that 2 years ago)]
Android alternative Cyanogen looks to have given up on trying to sell a full mobile operating system.
The shine has gone off the outfit of late, and in July, it reportedly axed 30 staffers. While there's a core of users who stick with the CyanogenMod code that's the genesis of the company, mobe-makers taking Cyanogen licenses are in short supply (the company claims 20 phones and millions of customers; IDC says nearly 345 million smartphones shipped in 2015).
Developers can get their hands on Android 7.1 by the end of the month, Google has said.
And almost all Nexus owners will have it implanted in their gadgets by the end of the year, albeit with some reservations.
The next chewy chunk of Nougat includes support for better storage management and telephony software, App shortcut APIs to build single click links directly into core directories, and UI changes to build cuddlier and more numerous graphics into the background. There’s also support for Google’s Daydream VR system, for the few phones that can handle it.
Software AG (Frankfurt TecDAX: SOW) has significantly expanded the capabilities of its Apama Community Edition with a new Internet of Things (IoT) Analytics Kit, provided free of charge as Open Source Software under the Apache License, v2.0, along with the ability to run on Raspberry Pi. A different version of Apama Community Edition is also now available as a re-distributable runtime.
PhatWare Corporation, a leading professional software and application developer, is pleased to announce that the entire source code of its award-winning, multilingual WritePad handwriting recognition engine is now available under GPL v.3 license.
Yarn, introduced on Tuesday under a BSD license and without the patent clause that terminates Facebook's React license for those involved in patent litigation against the company, is an alternative npm client. It's not to be confused with Apache Hadoop YARN (Yet Another Resource Negotiator), which is cluster management software.
The Medicines for Malaria Venture (MMV) has posted a Malaria Box, containing over 400 compounds that might be effective against malaria to almost 200 research groups in two years. It’s an open science project, because the only stipulation is that information is deposited in the public domain (and therefore cannot be patented).
GlaxoSmithKline (GSK)’s Open Lab project, the Tres Cantos Medicines Development Campus near Madrid, Spain, enables visiting scientists to use GSK’s high-tech facilities to research neglected diseases such as malaria and TB.
Even Bill Gates has tweeted that open-source collaboration between scientists could become a drug discovery catalyst.
Now, one scientist is embarking upon a virtual pharmaceutical company that will develop a paediatric cancer drug in the open.
If you are designing life-saving tech to help refugees living in refugee camps, you’re probably not going to design a proprietary product, because doing so would be tantamount to signing the death warrant of a percentage of the refugee camp residents. Open source is how the most number of refugees can be helped. In that vein, learn about an initiative to design a low-cost. open source arsenic detector for use in ensuring safe drinking water in refugee camps.
Episode one seeks to explain the blockchain, the technology that allows bitcoins to be transferred between entities, as well as the motives behind its creators.
Last year, Fujitsu launched its first open source project, Open Service Catalog Manager (OSCM), for service providers, IT departments and end users to manage and track the cost of provisioning cloud-native applications.
Building off last week's XFS updates for Linux 4.9 is now a specific feature merge for this file-system: shared data extents.
Dave Chinner sent in the pull request today and he does expect that there will be some follow-up bug-fixes and clean-ups as a result of the big code change.
Linus Torvalds has never pulled any punches when it comes to sharing his opinions about everything from Linux kernel changes to computer processors. And in his most recent comments he’s made it abundantly clear that he favors x86 chips over ARM processors.
After nearly three years of development, FreeBSD 11.0 was officially released on October 10. The FreeBSD 11.0 release follows the FreeBSD 10.0 update that debuted in January 2014.
FreeBSD,a well known and vastly used operating system,based on the BSD version of UNIX got release announcement of FreeBSD 11.0.With numerous of changes and improvements in the previously released development releases,now finally the finally release is here with first stable release, FreeBSD 11.0.
Amid rising political tensions with the U.S., Russia is planning to further lower its usage of licensed software from IT giants like International Business Machines Corp IBM , Microsoft Corporation MSFT , SAP AG SAP and Oracle Corporation ORCL .
Per Bloomberg, "The State Duma, Russia's lower house of parliament, is drafting a bill to restrict government agencies from buying licensed software, giving preference to open-source software."
The proposed law is an addition to an already existing federal law that came into effect on Jan 1, 2016, which restricts the use of foreign software in the public sector, if there is a domestic version available.
After a long and painful illness, a battle with cancer over the last six years, my brother has died in Brussels, aged only 53.
My love for him has always been the adoring, muted kind that looked up to the light he shone, that basked in his enthusiasm and tried, and failed, to keep up with the thousand-and-one ideas he gave voice and form to. Many of his passions were beyond my comprehension but very real, nevertheless. As a computer programmer, writer of internet protocols and founder of on-line communities, his interests went way over my head. As an author, latterly, we connected and I was able to collaborate with him on one of his books – The Psychopath Code – an involvement for which I am profoundly grateful: Not only has this particular book helped me to navigate a few tricky moments in my own life, but the understanding we shared was like coming home.
I can’t begin to do justice to my brother’s legacy as a professional innovator, thinker, and networker. Pieter was one of these rare people totally unafraid to take chances, to think not just outside the box but into the next universe. How he maintained his enthusiasm and energy, where his inspiration came from, I shall not know in this lifetime.
His death last Tuesday has opened up a hole in my life, a tear in the fabric of my normal. Poignantly – and painfully – it is only as his legacy becomes clearer that I notice the loss of his quiet, determined contribution in my life. Always, in the background, he encouraged me, supporting my modest hopes for an ordinary life: my ambitions to study, to write, to marry and have a child. In all these attempts he was unwaveringly supportive, while seeking so little from me in return. Of course, elder brothers are looked up to, and often expected to take the lead. But lately, in these last few years, while he faced pain and uncertainty – about which he has written so candidly on his blog – while he battled fear and the shadows of disappointment with his trademark wry humour, he faced these challenges fearlessly and with a fiery determination that is frankly awe-inspiring.