Security and Proprietary Software
-
Patch Tuesday, January 2020 Edition
As first reported Monday by KrebsOnSecurity, Microsoft addressed a severe bug (CVE-2020-0601) in Windows 10 and Windows Server 2016/19 reported by the NSA that allows an attacker to spoof the digital signature tied to a specific piece of software. Such a weakness could be abused by attackers to make malware appear to be a benign program that was produced and signed by a legitimate software company.
-
Was It an Act of War? That’s Merck Cyber Attack’s $1.3 Billion Insurance Question. [iophk: Windows TCO]
In all, the attack crippled more than 30,000 laptop and desktop computers at the global drugmaker, as well as 7,500 servers, according to a person familiar with the matter. Sales, manufacturing, and research units were all hit. One researcher told a colleague she’d lost 15 years of work. Near Dellapena’s suburban office, a manufacturing facility that supplies vaccines for the U.S. market had ground to a halt. “For two weeks, there was nothing being done,” Dellapena recalls. “Merck is huge. It seemed crazy that something like this could happen.”
-
A Windows 10 Vulnerability Was Used to Rickroll the NSA and Github [iophk: Windows TCO]
"What Saleem just demonstrated is: With [a short] script you can generate a cert for any website, and it's fully trusted on IE and Edge with just the default settings for Windows," Kenn White, a researcher and security principal at MongoDB, said. "That's fairly horrifying. It affects VPN gateways, VoIP, basically anything that uses network communications." (I spoke with White before Rashid had demonstrated the attack against Chrome.)
The flaw involves the way the new versions of Windows check the validity of certificates that use elliptic-curve cryptography. While the vulnerable Windows versions check three ECC parameters, they fail to verify a fourth, crucial one, which is known as a base point generator and is often represented in algorithms as G. This failure is a result of Microsoft's implementation of ECC rather than any flaw or weakness in the ECC algorithms themselves.
-
VirtaMove Announces Beta Version V-Migrate for Linux Container Migrations
The new release of VirtaMove’s award-winning application migration product V-Migrate for Linux now moves legacy Red Hat and other Linux application infrastructure forward with a stateful re-install of applications into a container. You can now easily move legacy applications from Red Hat Enterprise Linux RHEL 5 and 6 to new Linux Docker containers on modern Linux releases and even run those containers on Microsoft Windows Server 2019. V-Migrate for Linux software automatically moves Linux-based applications from older to newer operating systems, on modern in-house servers or on hybrid or public cloud environments, including Microsoft Azure and Amazon AWS clouds. RHEL 6 reaches End of Maintenance Support 2 on November 30, 2020. On January 14, 2020, Microsoft ended all support for Windows Server 2008 R2.
- Login or register to post comments
- Printer-friendly version
- 2371 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago