Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Thursday, 16 Aug 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Security Leftovers

Filed under
Security
  • #DEFCON DHS Says Collaboration Needed for Secure Infrastructure and Elections

    Speaking at DEFCON 26 in Las Vegas on the subject of “Securing our Nation's Election Infrastructure”, Jeanette Manfra, assistant secretary, Office of Cybersecurity and Communications from the Department of Homeland Security stressed the need for public and private sector collaboration.

    She said that “instead of thinking of individual risk and your own part, try to think about enterprise and government as a whole.”

    In terms of critical infrastructure, Manfra said that this is “purely voluntary in the private sector” and includes “everyone working for yourself or your company, and this includes academic institutions and the broader private and public partnership to work together to figure our critical infrastructure.”

    She went on to talk about the concept of collective defense, saying that government is “one player in the community,” and with companies and citizens on the front line with government sectors “we have to share information and be transparent and build trust with individuals and entities that we have not done before.”

  • The Enigma of AI & Cybersecurity

    We've only seen the beginning of what artificial intelligence can do for information security.

    Alan Turing is famous for several reasons, one of which is that he cracked the Nazis' seemingly unbreakable Enigma machine code during World War II. Later in life, Turing also devised what would become known as the Turing test for determining whether a computer was "intelligent" — what we would now call artificial intelligence (AI). Turing believed that if a person couldn't tell the difference between a computer and a human in a conversation, then that computer was displaying AI.

    AI and information security have been intertwined practically since the birth of the modern computer in the mid-20th century. For today's enterprises, the relationship can generally be broken down into three categories: incident detection, incident response, and situational awareness — i.e., helping a business understand its vulnerabilities before an incident occurs. IT infrastructure has grown so complex since Turing's era that it can be months before personnel notice an intrusion.

  • Open-source snafu leaves patient data exposed [Ed: They never generalise like this about proprietary software]

    Researchers at cyber security outfit Project Insecurity discovered dozens of security bugs in the OpenEMR system, which is described as the “most popular open source electronic health records and medical practice management solution”.

    Many of the flaws were classified as being of high severity, leaving patient records and other sensitive information within easy reach of would-be hackers.

    One critical flaw meant that an unauthenticated user was able to bypass the patient portal login simply by navigating to the registration page and modifying the URL, Project Insecurity reported in its findings.

  • Open Source Security Podcast: Episode 109 - OSCon and actionable advice

Let’s share

Filed under
OSS

“Information wants to be free” goes the slogan of the social movement encouraging open-source software, file sharing and a permissive legal environment for modifying and distributing the creative works in the form of open content or free content by using the internet and other forms of media. The free software and open access movements are among the most important developments after the rise of the world wide web. Swartz was not the only internet activist who believed in the concept of an open and free internet. There were people like Richard Stallman, who gave birth to the term “free software”, free as in freedom, not free as in no cost.

The aura of the information age is not just about new ideas but about a shift in the paradigms of communication and control. In this age of digital feudalism, we do not actually own the products we buy, but we are merely granted limited use of them as long as we continue to pay the rent. The radical expansion of intellectual property (IP) rights threatens to reach the point where they suppress any and all other rights of the individual and society. The current copyright laws have hindered creativity and resulted in a read-only internet culture in which we only consume information/content, despite technology advances that make it easy to create and contribute to culture. Copyright law doesn’t extend neatly to the digital world and the digital rights management tools the industry is endeavouring to develop to maintain copyright control are dampening the growth of a rich read-or-write culture.

We need to bring that open-source mentality to the content layer. Two-thirds of all websites run on open-source software, but most of the premium academic resources remain closed behind digital gates. The Directory of Open Access Journals reports that nearly 4,000 publications are available to the masses via the internet, a number that grows rapidly each year. It is essential to liberate data, liberate knowledge — especially data that taxpayers have already paid for.

Thanks to the Free Culture movement, vast knowledge repositories like Wikipedia and Stack Exchange and open access efforts like the science article sharing site arXiv.org have flourished as they permit content to be re-used for free and built upon, and many major websites offer Creative Commons (CC) licensing as part of their user interfaces (UI). In 2012, Google launched a worldwide campaign named Take Action for building a free and open world wide web. Here is the kernel of Google’s argument: “A free and open world depends on a free and open internet. Governments alone, working behind closed doors, should not direct its future. The billions of people around the globe who use the internet should have a voice”.

Read more

DXVK 0.65

Filed under
Gaming

Linux 4.19 and More

Filed under
Linux
  • New ARM SoCs & Boards To Be Supported By The Linux 4.19 Kernel

    Hardware support improvements coming for Linux 4.19 aren't limited to the x86 space but a lot of new ARM hardware support is also being introduced in this imminent kernel cycle.

    While the Linux 4.19 kernel merge window isn't quite open yet -- it should open tonight, following the release of Linux 4.18 -- the new feature work is already staged. There is the for-next arm-soc.git branch.

  • F2FS In Linux 4.19 Will Fix Big Performance Issue For Multi-Threaded Reads

    The Linux 4.19 kernel updates for the Flash-Friendly File-System (F2FS) should bring much faster performance for multi-threaded sequential reads -- as much as multiple times faster.

    Two years ago F2FS dropped its write-pages lock on the basis it could improve multi-threading performance... 4KB writes across 32 threads went up from 25 to 28MB/s on some tests done on the developer's hardware. While it was a minor win for multi-threaded writes, it turns out dropping the write-pages lock took a major toll on the multi-threaded read performance. Now with Linux 4.19, that write-pages lock is being restored.

  • SoundWire For Linux Preps Support For Multiple Masters

    Back in Linux 4.16 the SoundWire subsystem was added to the staging area as the MIPI standard for a low-power, two-wire sound bus that can support multiple audio streams and primarily utilized by small audio peripherals like IoT and mobile devices. With the next Linux kernel cycle, the SoundWire support is being improved upon.

Sparky 5.5 RC

Filed under
GNU
Linux

There are new iso images of SparkyLinux 5.5 Release Candidate available to download.
Sparky 5 follows rolling release model and is based on Debian testing “Buster”.

ISO images of Sparky 5.5 RC provides bug fixing found in the 5.5 dev20180725 release.

Read more

Akademy 2018 Day 1

Filed under
KDE

Akademy 2018 got off to a wet start with rains accompanying all attendees pouring into Vienna for KDE's largest annual community conference. Although the Pre-Registration event was held on Day Zero (Friday the 10th) and it was a fun-filled affair, Akademy kicked off in earnest on Saturday, with talks, panels and demonstrations. Read on to find out about Day 1 of Akademy and all that transpired:

Read more

The Release of Linux 4.18

Filed under
Linux
  • Linux 4.18

    One week late(r) and here we are - 4.18 is out there.

    It was a very calm week, and arguably I could just have released on
    schedule last week, but we did have some minor updates. Mostly
    networking, but some vfs race fixes (mentioned in the rc8 announment
    as "pending") and a couple of driver fixes (scsi, networking, i2c).
    Some other minor random things (arm crypto fix, parisc memory ordering
    fix). Shortlog appended for the (few) details.

    Some of these I was almost ready to just delay to until the next merge
    window, but they were marked for stable anyway, so it would just have
    caused more backporting. The vfs fixes are for old races that are
    really hard to hit (which is obviously why they are old and weren't
    noticed earlier). Some of them _have_ been seen in real life, some of
    them probably need explicit help to ever trigger (ie artificial delays
    just to show that "yes, this can actually happen in theory").

    Anyway, with this, the merge window for 4.19 is obviously open, and
    I'll start pulling tomorrow. I already have a couple of dozen pull
    requests pending due to the one-week delay of 4.18, but keep them
    coming.

    Linus

  • The 4.18 kernel is out

    Linus has released the 4.18 kernel. "It was a very calm week, and arguably I could just have released on schedule last week, but we did have some minor updates.

  • Linux 4.18 Kernel Officially Released

    Following the one week setback, the Linux 4.18 kernel is now officially available just a little more than two months since the cycle officially began.

    Linux 4.18 is now shipping and the latest kernel carrying the continued "Merciless Moray" codename.

today's leftovers

Filed under
Misc
  • Linux Apps Are Now Available on More Chromebooks Powered by Intel Braswell CPUs

    It looks like Google is taking support for Linux apps very serious lately by recently enabling its integrated virtualization machine for running Linux apps on Chrome OS to support Chromebooks powered by Intel Braswell CPUs.

  • The Academy launches open-source foundation for media developers

    The idea is to enable them to share resources and collaborate on technologies for image creation, visual effects, animation and sound.

    “We are thrilled to partner with The Linux Foundation for this vital initiative that fosters more innovation, more collaboration, more creativity among artists and engineers in our community,” said Academy CEO Dawn Hudson. “The Academy Software Foundation is core to the mission of our Academy: promoting the arts and sciences of motion pictures.”

  • GSoC’18 Phase-3

    For this phase, I started with implementing Stamps feature in the Drawing activity. This feature allows users to use different stamps images in their beautiful arts. For now, I have added images from solar activity to use as stamps.

  • This week in Usability & Productivity, part 31

    This week we’re all at Akademy–KDE’s yearly gathering of developers, designers, system administrators, and users. I’m giving a presentation later today about how we can make KDE Software irresistible!

    As such, it as a bit of a lighter week for the Usability & Productivity initiative, what with all the preparation and conference-going, but we still managed to get quite a bit done. And all the in-person interactions are setting the stage for many more good things to come.

  • Something Happened to My OpenMandriva Lx OS

    Yesterday I booted my laptop with OpenMandriva Lx and went to look for a book. When I returned to the machine, a kernel panic was waiting for me on the screen.

    Apparently, something went very wrong with the updates that I performed last week, but I did not notice.

    This has happened before, though. As the laptop boots seven OSs (OpenMandriva, Mageia, PCLinuxOS, Pisi, Elive, Fedora, and PicarOS), when I install a system that changes the OMV-controlled GRUB2, OpenMandriva gets a panic.

    I do not have the expertise to rectify things other than by performing a re-install. So, I reinstalled OpenMandriva, updated it (the process did not last more than an hour or so) and, sure enough, the OS was bootable again.

    [...]

    Maybe it is time for me to start experimenting with BSD, Haiku, or something.

  • Google Pixel 3 XL Leak Reveals 6.7-inch Screen With Triple Camera Setup
  • Intel has no chance in servers and they know it

    Intel is flying press to an Analyst day to discuss their impending server meltdown. SemiAccurate has been detailing this impending catastrophe for over a year now, it is now time for the details.

  • Journeys

    This would be a long blog post as I would be sharing a lot of journeys, so have your favorite beverage in your hand and prepare for an evening of musing.

    Before starting the blog post, I have been surprised as the last week and the week before, lot of people have been liking my Debconf 2016 blog post on diaspora which is almost two years old. Almost all the names mean nothing to me but was left unsure as to reason of the spike. Were they debconf newcomers who saw my blog post and their experience was similar to mine or something, don’t know.

Source Analysis Research

Filed under
OSS
Security
  • Stylistic analysis can de-anonymize code, even compiled code

     

    A presentation today at Defcon from Drexel computer science prof Rachel Greenstadt and GWU computer sicence prof Aylin Caliskan builds on the pair's earlier work in identifying the authors of software and shows that they can, with a high degree of accuracy, identify the anonymous author of software, whether in source-code or binary form.  

  • Even Anonymous Coders Leave Fingerprints

     

    Rachel Greenstadt, an associate professor of computer science at Drexel University, and Aylin Caliskan, Greenstadt's former PhD student and now an assistant professor at George Washington University, have found that code, like other forms of stylistic expression, are not anonymous. At the DefCon hacking conference Friday, the pair will present a number of studies they've conducted using machine learning techniques to de-anonymize the authors of code samples. Their work could be useful in a plagiarism dispute, for instance, but it also has privacy implications, especially for the thousands of developers who contribute open source code to the world.

OSS Leftovers

Filed under
OSS
  • Tesla may Open Source Vehicle security Software to Other Car Manufacturers

    The best explanation to Tesla’s decision to give away its patents in good faith was written by  Bin Hu, Ming Hu, and Yi Yang on Informs.Org. They wrote, “We believe that Tesla opened up its patents to tip the scale between the two competing technologies in its favor. This is the logic: if Tesla’s patents are more likely to be adopted by other auto makers because they are free, the electric vehicle technology is more likely to become mainstream, and holding on to this belief, component suppliers (including energy companies by extension) are more likely to make investments into the electric vehicle technology rather than the competing hydrogen fuel-cell vehicle technology.”

  • Openbook is the latest dream of a digital life beyond Facebook

    As tech’s social giants wrestle with antisocial demons that appear to be both an emergent property of their platform power, and a consequence of specific leadership and values failures (evident as they publicly fail to enforce even the standards they claim to have), there are still people dreaming of a better way. Of social networking beyond outrage-fuelled adtech giants like Facebook and Twitter.

    There have been many such attempts to build a ‘better’ social network of course. Most have ended in the deadpool. A few are still around with varying degrees of success/usage (Snapchat, Ello and Mastodon are three that spring to mine). None has usurped Zuckerberg’s throne of course.

    [...]

    The team behind Openbook includes crypto(graphy) royalty, Phil Zimmermann — aka the father of PGP — who is on board as an advisor initially but billed as its “chief cryptographer”, as that’s what he’d be building for the platform if/when the time came. 

  • Classic Shell Rebrands Itself as Open Shell and Transitions into Open Source [Ed: If it only runs in Windows, then how "Open" can it really be? It's just a companion for spyware.]
  • Badgy is an open source E Ink badge

    Squaro Engineering has just developed their first e Ink product called Badgey. It features a 2.9 inch e-paper display with a resolution of 296×128 E and a five-way tactical switch for user input. The default firmware includes support for WiFiManager and OTA updates. This device retails for $29.99 and they offer volume pricing options, but it does not come with a battery, it has to be purchased separately.

  • Unifont 11.0.02 Released

    Unifont 11.0.02 is now available. This is an interim release, with another released planned in the autumn of 2018. The main addition in this release is David Corbett's contribution of the over 600 glyphs in the Sutton SignWriting Unicode block.

BSD: OpenSSH 7.8, mandoc, nbdkit

Filed under
BSD

Ubuntu 18.04 Vs. Fedora 28

Filed under
Linux

Hello folks. Today I'll highlight some of the features and differences between the two popular Linux distros; Ubuntu 18.04 and Fedora 28. Each has their own package management; Ubuntu uses DEB while Fedora uses RPM, but both of them features the same Desktop Environment (GNOME) and aims to provide quality desktop experience for the Linux users.

Read<br />
more

Brasero – Disk Burning App for Ubuntu, Linux Mint

Filed under
Ubuntu

Brasero is a very simple disk burning GNOME app available for all Linux distributions. However, for sometime it has been removed from the standard Ubuntu OS images. The main reason behind is the low usage of DVD, CD storage mediums in recent times. However, if you still wants to burn some disks, erase or re-write some disks, you can still install Brasero in Ubuntu and other Linux distributions.

Read more

Kernel: Linux 4.18, Linux 4.19, Linux Plumbers Conference and Mesa 18.1.6 Release Notice

Filed under
Linux
  • Patches Revised For AMD Zen Based Hygon Dhyana Server CPUs

    Patches have been revised for the Linux kernel to support the initial Hygon Dhyana server CPUs that are the licensed AMD Family 17h "Zen" technology, basically the EPYC server CPUs for the Chinese market.

    Back in June the initial Hygon Dhyana Linux patches were posted and today they were revised for the third time. V3 of the Hygon Dhyana patches are re-based against the latest Linux 4.18 development code and rework some of the vendor checking codes for improved consistency.

  • Qualcomm Adreno 600 Series Support Proposed For Linux 4.19 Kernel

    While a bit late, Freedreno lead developer Rob Clark is hoping to see the Qualcomm Adreno 600 series bring-up happen for the Linux 4.19 kernel cycle.

    The MSM Direct Rendering Manager has long been prepping for Adreno 600 series support as the latest-generation Qualcomm graphics found on their Snapdragon SoCs. The initial code for A6xx was posted earlier this year including work by Qualcomm / Code Aurora on that hardware bring-up. With Linux 4.19 queued in DRM-Next is already the "DPU1" display code needed for newer SoCs and Rob Clark is hoping to get the working A6xx support in place for this cycle.

  • Linux Plumbers Conference: Early Registration Ending Soon!

    The early registration deadline is August 18, 2018, after which the regular-registration period will begin. So to save $150, register for the Linux Plumbers Conference before August 18th!

  • Mesa 18.1.6 Release Notice

    Due to a busy week and a slip of my mind I didn't get out the announcement for 18.1.6 on Wednesday. Therefore, I'm planning to make the release Monday August 13th, at or around 10AM PDT.

  • Mesa 18.1.6 On The Way With Over Three Dozen Fixes

    While Mesa 18.2 is baking for release later this month, Mesa 18.1 remains the currently supported stable series. Final release preparations are underway for Mesa 18.1.6 as the latest bi-weekly point release.

    Mesa 18.1.6 is expected to be released this coming Monday, 13 August, and so far has staged more than three dozen fixes as confirmed via Friday's release notice.

Programming/Development: Git-cinnabar Release and Programming Language Rankings

Filed under
Development
  • Announcing git-cinnabar 0.5.0

    Git-cinnabar is a git remote helper to interact with mercurial repositories. It allows to clone, pull and push from/to mercurial remote repositories, using git.

  • The RedMonk Programming Language Rankings: June 2018

    They’re a month overdue, and from the volume of inbound questions about when the language rankings would drop, it’s been noticed. As always, these are a continuation of the work originally performed by Drew Conway and John Myles White late in 2010. While the means of collection has changed, the basic process remains the same: we extract language rankings from GitHub and Stack Overflow, and combine them for a ranking that attempts to reflect both code (GitHub) and discussion (Stack Overflow) traction. The idea is not to offer a statistically valid representation of current usage, but rather to correlate language discussion and usage in an effort to extract insights into potential future adoption trends.

Graphics/Ubuntu: Wayland 1.16 and Weston 5.0 Release Candidates, XDG Shell Stable Supported by Mir

Filed under
Graphics/Benchmarks
Ubuntu
  • [ANNOUNCE] wayland-1.15.93

    The RC1 release candidate for wayland 1.16 is now available.

  • Wayland 1.16 & Weston 5.0 Release Candidates For Testing

    Derek Foreman of Samsung's Open-Source Group put out the release candidates on Friday for the upcoming Wayland 1.16 release as well as the Weston 5.0 reference compositor.

    The Wayland 1.16 release candidate hasn't seen any changes over the earlier development release besides updating the contributor documentation to reflect that Gitlab is now used for handling merge requests. The Wayland 1.16 cycle overall was quite light but earlier in the cycle it did see build system updates, dropping of the wl_buffer definition, and the protocol now allows a zero physical size output.

  • XDG Shell Stable Supported by Mir

    Support for the stable XDG Shell protocol has just landed in Mir, and it will ship with the next release. It will eventually replace XDG Shell unstable v6 as the primary way in which Wayland applications create traditional style windows. You can get it now in our development PPA: ppa:mir-team/dev.

  • Mir Now Supports XDG Shell Stable

    Canonical developers continue working on advancing the Mir display server's support for Wayland.

    The latest Wayland enhancement to Mir is on supporting the stable version of the XDG Shell protocol. XDG-Shell is the protocol for improved management of Wayland surfaces including for minimization of windows, dragging, resizing, and other desktop-aligned tasks. XDG Shell also defines protocol around transient windows like pop-up menus.

Syndicate content

More in Tux Machines

Android Leftovers

OSS Leftovers

  • 8 hurdles IT must overcome if they want open source success
    Open source software has the potential to drive innovation and collaboration across an enterprise, and can transform the way developers work together. "Open source is now part of the evaluation criteria when deciding on a software platform, so much so that it is expected," said Matt Ingenthron, senior director of engineering at Couchbase. "In this way, open source has somewhat faded into the background in a positive way. Just like no consumer would inquire if a mobile phone had internet access or text messaging, choosing an open source solution is almost always an option."
  • Sprint calls on open source analytics to prevent cyberfraud
    Mobile phone-related fraud is big business. Fraudsters, hackers, and other bad actors employ creative techniques to compromise networks, hijack user information, and piece together customer identities that are then sold for big bucks on the dark web. To protect its customers, Sprint needed to transform the way it detected and blocked fraudulent activity. “In the mobile phone business, there’s no markup on selling devices — our bread and butter is the network and the services that are delivered on that network, through the devices,” says Scott Rice, CIO of Sprint. “Identity theft is a huge problem and the ability for nefarious actors to use that theft of information to impersonate our customers means we were eating the costs of the devices and the costs of services delivery.”
  • Open Source Platform Delivers LDAP Integration
    The latest release of InfluxData, an open source platform for metrics, events, and other time series data, adds LDAP integration, new advanced analytics, and self-healing capabilities in the time series database platform. According to the company, time series data, collected and stored with InfluxData’s Time Series database platform is integral to observability and is becoming mission critical for organizations. Enhancements to InfluxEnterprise make it easier for administrators to keep this mission critical data available and secure by checking and verifying every requested action. This includes creating databases, storing data and running queries – against a user’s stored authorizations and role.
  • YOYOW-WeCenter Special Edition Release: Free and Open Source
    The YOYOW-WeCenter Special Edition, customized and developed by YOYOW and based on WeCenter Q&A community framework, has been released on GitHub. Compared to regular WeCenter frameworks, YOYOW is providing free open source services and will be continually iterating products and will be introducing an incentive mechanism. Each Q&A community can directly integrate into YOYOW's bottom layer network and enjoy the network services provided by YOYOW.
  • Add-on Recommended By Mozilla Caught Logging Users’ Browsing History
    According to the reports by Mike Kuketz, an independent security blogger from Germany and uBlock Origin, an add-on named “Web Security” has been caught collecting users’ browsing history. [...] Soon after this discovery by Hill, Kuketz added a post on his blog about the same extension pointing to the same strange behavior of the add-on. A user on Kuketz’s blog decoded the garbled data and found that the add-on was collecting users’ browsing history and sending it to a German server.
  • Zombies: Top 5 Open Source Vulnerabilities That Refuse To Die [Ed: Microsoft partner WhiteSource continues to stigmatise FOSS as a security nightmare, using bugs branded by other Microsoft partner for extra panic]
  • How a civic hacker used open data to halve tickets at Chicago's most confusing parking spot
    Matt Chapman used the Freedom of Information Act to get the City of Chicago's very mess parking ticket data; after enormous and heroic data normalization, Chapman was able to pinpoint one of the city's most confusing parking spots, between 1100-1166 N State St, which cycled between duty as a taxi-stand and a parking spot with a confusingly placed and semi-busted parking meter. After surveying the site and deducing the problem, Chapman contacted the alderman responsible for that stretch of North State Street, and, eight months later, the signage was cleaned up and made more intuitive. Followup data analysis showed that Chapman's work had halved the number of parking tickets issued on the spot, with 600-odd fewer tickets in the past 20 months, for a savings of $60,000 to Chicago motorists.
  • Bluespec, Inc. Releases a New Family of Open-Source RISC-V Processors
    Bluespec Inc. has released Piccolo, its first in a family of RISC-V open-source processors provided as a vehicle for open innovation in embedded systems. Piccolo is a 3-stage RV32IM processor whose small “footprint” is ideal for many IoT applications. The repository (https://github.com/bluespec/Piccolo) contains a royalty-free synthesizable Verilog core that can be easily integrated and deployed into an ASIC or FPGA. Bluespec, Inc. will actively maintain Piccolo. It also offers commercial-grade tools for the customization and verification of RISC-V cores. Configurations will be continually added to provide the full spectrum of embedded controller features. Companies or universities interested in contributing to the Piccolo project should contact Bluespec, Inc. (add contact – RISC-V open source support).

KDE Applications 18.08 Open-Source Software Suite Released, Here's What's New

Being in development for the past several months, KDE Applications 18.08 goes stable today and will hit the software repositories of various popular GNU/Linux distributions during the next few days. This is a major release and brings numerous new features and improvements across multiple apps, including Dolphin, Konsole, Gwenview, KMail, Akonadi, Cantor, Spectacle, and others. "We continuously work on improving the software included in our KDE Application series, and we hope you will find all the new enhancements and bug fixes useful," reads today's announcement. "More than 120 bugs have been resolved in applications including the Kontact Suite, Ark, Cantor, Dolphin, Gwenview, Kate, Konsole, Okular, Spectacle, Umbrello and more!" Read more

Security Leftovers

  • How to Protect Your PC From the Intel Foreshadow Flaws
  • AT&T Sued After SIM Hijacker Steals $24 Million in Customer's Cryptocurrency
    It has only taken a few years, but the press, public and law enforcement appear to finally be waking up to the problem of SIM hijacking. SIM hijacking (aka SIM swapping or a "port out scam") involves a hacker hijacking your phone number, porting it over to their own device (often with a wireless carrier employee's help), then taking control of your personal accounts. As we've been noting, the practice has heated up over the last few years, with countless wireless customers saying their entire identities were stolen after thieves ported their phone number to another carrier, then took over their private data. Sometimes this involves selling valuable Instagram account names for bitcoin; other times it involves clearing out the target's banking or cryptocurrency accounts. Case in point: California authorities recently brought the hammer down on one 20-year-old hacker, who had covertly ported more than 40 wireless user accounts, in the process stealing nearly $5 million in bitcoin. One of the problems at the core of this phenomenon is that hackers have either tricked or paid wireless carrier employees to aid in the hijacking, or in some instances appear to have direct access to (apparently) poorly-secured internal carrier systems. That has resulted in lawsuits against carriers like T-Mobile for not doing enough to police their own employees, the unauthorized access of their systems, or the protocols utilized to protect consumer accounts from this happening in the first place.
  • Voting Machine Vendors, Election Officials Continue To Look Ridiculous, As Kids Hack Voting Machines In Minutes
  • Security updates for Thursday