Language Selection

English French German Italian Portuguese Spanish

Microsoft

Microsoft Breaches and Their Impact

Filed under
Microsoft
Security

Microsoft Openwashing and Spin

Filed under
Microsoft

Microsoft Dirty Tricks and Entryism

Filed under
Microsoft

Security: Brutal Kangaroo Targets Windows, Linux Updates Available, Reproducible Builds, and Patching Stack Clash

Filed under
Linux
Microsoft
Security
  • Brutal Kangaroo

    Today, June 22nd 2017, WikiLeaks publishes documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables.

    The documents describe how a CIA operation can infiltrate a closed network (or a single air-gapped computer) within an organization or enterprise without direct access. It first infects a Internet-connected computer within the organization (referred to as "primary host") and installs the BrutalKangaroo malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware. If this thumbdrive is used to copy data between the closed network and the LAN/WAN, the user will sooner or later plug the USB disk into a computer on the closed network. By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked.

    The Brutal Kangaroo project consists of the following components: Drifting Deadline is the thumbdrive infection tool, Shattered Assurance is a server tool that handles automated infection of thumbdrives (as the primary mode of propagation for the Brutal Kangaroo suite), Broken Promise is the Brutal Kangaroo postprocessor (to evaluate collected information) and Shadow is the primary persistence mechanism (a stage 2 tool that is distributed across a closed network and acts as a covert command-and-control network; once multiple Shadow instances are installed and share drives, tasking and payloads can be sent back-and-forth).

  • Security updates for Wednesday
  • Reproducible Builds: week 112 in Stretch cycle
  • 5 things you need to know about Stack Clash to secure your shared Linux environment

    The vulnerability is present in Unix-based systems on i386 and amd64 architectures. Affected Linux distributions include Red Hat, Debian, Ubuntu, SUSE, CentOS and Gentoo. Solaris is owned by Oracle. FreeBSD, OpenBSD and NetBSD are also impacted. Qualys has been working with distributions and vendors since May to get the vulnerabilities fixed, and the updates are just beginning to be released. Administrators need to act promptly to update affected machines with the security updates.

Linux vs. Windows Server OS Comparison

Filed under
OS
Linux
Microsoft

A comparison between Linux and Windows while selecting the server operating system is like being in stalemate while playing the chess game where the outcome is unpredictable. Various versions of the Microsoft—from Windows—and the Linux-based operating systems are available in plenty today. But deciding the best option is a tougher task, rather, finding the right solution that fits the organizational requirements is easier.

Read more

Microsoft Openwashing by the Linux Foundation, Lockin Model, and More Openwashing With the Linux Foundation

Filed under
Microsoft
OSS

Openwashing and Parasites

Filed under
Microsoft
OSS

You Can’t Open the Microsoft Surface Laptop Without Literally Destroying It

Filed under
Microsoft
  • You Can’t Open the Microsoft Surface Laptop Without Literally Destroying It

    The company, which provides repair tools and manuals for popular gadgets like the iPhone and PlayStation, has handed the Surface Laptop a score of 0 out of 10 in terms of user repairability, stating definitively that the laptop "is not meant to be opened or repaired; you can't get inside without inflicting a lot of damage."

  • 2017 Surface Pro least repairable ever; Surface Laptop is made of glue

    iFixit's pictures, as ever, give a great look at the insides of the two machines. The Laptop has no external screws at all; to get into the system, iFixit had to peel off the glued-down fabric keyboard surround, an operation that obviously can't be undone, producing a machine that offers essentially no serviceability whatsoever.

Microsoft in the Details

Filed under
Microsoft

Openwashing and Attacks on FOSS, OSS Leftovers

Filed under
Microsoft
OSS
  • Microsoft is Bringing Native Linux Container Support and Bash to Windows Server [Ed: Microsoft wants to swallow GNU/Linux in a platform with NSA back doors and keyloggers, not to mention patent tax]
  • ​Microsoft joins Java-oriented Cloud Foundry [Ed: for influence and steering from the inside]
  • FreeNAS 11.0 is Now Here
  • OW2 Consortium: Building Beyond Europe

    This year marks the 10th anniversary of OW2, and the organization is celebrating during its annual conference, on June 26-27, in Paris, France. OSI GM Patrick Masson sat down with Cedric Thomas, CEO of OW2 to learn more about the foundation, it’s accomplishments over the past 10 years, and what’s in store for the anniversary celebration.

    The Open Source Initiative (OSI) Affiliate Membership Program is an international who’s who of open source projects, advocates, and communities: Creative Commons, Drupal Association, Linux Foundation, Mozilla Foundation, Open Source Matters (the foundation supporting Joomla), Python Software Foundation, Wikimedia Foundation, Wordpress Foundation and many more. Open source enthusiasts outside Europe may not be as familiar with another OSI Affiliate Member, OW2, however its impact on open source development and adoption across the EU has been significant.

  • FSFE Newsletter - June 2017
Syndicate content

More in Tux Machines

today's leftovers

  • EV3DEV Lego Linux Updated
    The ev3dev Linux distribution got an update this month. The distribution targets the Lego EV3 which is a CPU Lego provides to drive their Mindstorm robots. The new release includes the most recent kernel and updates from Debian 8.8. It also contains tools needed for some Wi-Fi dongles and other updates.
  • Purism Librem 13 / 15 Laptops Hit GA Status
    Purism has announced their privacy-minded Coreboot-friendly Librem laptops have reached a general availability state. Purism will now be holding an inventory of their Librem 13 and Librem 15 laptops for quicker shipping rather than everything being made-to-order. While this means users will no longer need to wait "months" when ordering a Librem 13/15 laptop, it still doesn't sound like it will be a very quick turnaround time. Their press release announcing the GA state says, "will now arrive in user’s hands a few weeks after purchase."
  • Linux is Running on Almost All of the Top 500 Supercomputers
    Linux is still running on more than 99% of the top 500 fastest supercomputers in the world. Same as last year, 498 out of top 500 supercomputers run Linux while remaining 2 run Unix.
  • Alioth moving toward pagure
    Since 2003, the Debian project has been running a server called Alioth to host source code version control systems. The server will hit the end of life of the Debian LTS release (Wheezy) next year; that deadline raised some questions regarding the plans for the server over the coming years. Naturally, that led to a discussion regarding possible replacements. In response, the current Alioth maintainer, Alexander Wirt, announced a sprint to migrate to pagure, a free-software "Git-centered forge" written in Python for the Fedora project, which LWN covered last year. Alioth currently runs FusionForge, previously known as GForge, which is the free-software fork of the SourceForge code base when that service closed its source in 2001. Alioth hosts source code repositories, mainly Git and Subversion (SVN) and, like other "forge" sites, also offers forums, issue trackers, and mailing list services. While other alternatives are still being evaluated, a consensus has emerged on a migration plan from FusionForage to a more modern and minimal platform based on pagure.
  • elementary + GitHub
    We’re excited to finally say that elementary has completed our move and now lives on GitHub! We’ve migrated over 70 repositories from Launchpad and bzr. So what does that really mean?
  • Ultimate Edition 5.4
    For those who like a visually enhanced form of Linux then Ultimate Edition 5.4 is for you. The graphics are extremely nice compared to other versions of Linux I have seen. With animated cursors and having a desktop called ‘Budgie’ the Operating System (OS) is visually pleasing.
  • Google Summer of Code day 16
  • Google Summer of Code day 17
  • Running virt-controller locally
  • How to install and use Monit on Ubuntu/Debian Linux server as process supervision tool
  • AMDGPU VRAM Improvements Could Help DiRT Rally, Dying Light
    A patch series posted on Friday could help games suffering from visible video memory pressure when using the AMDGPU DRM driver. Independent developer John Brooks has posted a set of nine patches for improving the driver's performance when limited CPU-visible video memory is under pressure.
  • Understanding Xwayland - Part 1 of 2
    In this week’s article for my ongoing Google Summer of Code (GSoC) project I planned on writing about the basic idea behind the project, but I reconsidered and decided to first give an overview on how Xwayland functions on a high-level and in the next week take a look at its inner workings in detail. The reason for that is, that there is not much Xwayland documentation available right now. So these two articles are meant to fill this void in order to give interested beginners a helping hand. And in two weeks I’ll catch up on explaining the project’s idea. [...] In the second part next week we’ll have a close look at the Xwayland code to see how Xwayland fills its role as an Xserver in regards to its X based clients and at the same time acts as a Wayland client when facing the Wayland compositor.

Flirting With Red Hat and Fedora Games Spin 25

  • Q&A: Flying the open source flag
    Red Hat’s vice-president and general manager for the ASEAN region, Damien Wong, sheds light on the company’s strategy for tackling a market that is not used to paying for software
  • Coming off a strong quarter, Red Hat CEO Jim Whitehurst talks public clouds and containers
    Coming off a quarterly earnings report that shattered expectations, Red Hat CEO Jim Whitehurst believes his company is as well-positioned to capitalize on the shift to cloud computing as it ever has been. Red Hat is in a very interesting place in 2017, with one foot in two different eras of enterprise computing but thriving in that position instead of feeling trapped. It still makes most of its money selling Red Hat Enterprise Linux to companies running their own data centers, but it has become the de facto leader of the OpenStack cloud computing project and has interesting DevOps products in Ansible (IT automation) and OpenShift (container management). On Tuesday, the company reported a 19 percent increase in both revenue and net income to $677 million and $73 million, respectively, during its first fiscal quarter of the year. Financial analysts, who peppered Whitehurst with more than their usual share of “Great quarter!” asides during a conference call, were expecting revenue of $648 million according to Marketwatch. The company also raised revenue guidance for its full fiscal year.
  • Fedora Games Spin 25
    Fedora Games Spin can be downloaded from https://labs.fedoraproject.org/games/download/index.html. Here, you can choose from the 32- or 64-bit version of the OS. Download the version you need and save it to your hard disk.

Software: Calibre, juju, Wine, Castle Game Engine, Budgie and Latte Dock

  • Calibre 3.1 Open-Source Ebook Manager Released with Support for RAR 5.0 Archives
    Last week's major Calibre 3.0 update made a lot of noise among the ebook community with its new support for reading books in-browser on your phone or tablet, and now developer Kovid Goyal announces the first point release to the series. Calibre 3.1 is out, and among the new features is ships with, we can mention support for reading RAR and CBR files compressed using the latest RAR 5.0 archiving format, a new option in the Tag browser to control the spacing between items, and new buttons to the Edit metadata dialog to easily set and clear the "Yes/No" columns.
  • conjure-up dev summary for week 25
    We recently switched over to using a bundled LXD and with that change came a few hiccups in deployments. We've been monitoring the error reports coming in and have made several fixes to improve that journey. If you are one of the ones unable to deploy spells please give this release another go and get in touch with us if you still run into problems.
  • Wine 2.11 Adds OpenGL Support in the Android Driver, Adobe Premiere Improvements
  • Castle Game Engine 6.2 release
    We’re proud to announce the release of Castle Game Engine 6.2!
  • Budgie Desktop User? Here’s 5 Applets You Should Be Using
    Are you a Budgie desktop user wanting to add a bit more functionality to your nimble, lightweight desktop? Well you can, by adding Budgie applets. Budgie applets are like little souped-up mini-apps that live in your panel. They provide additional features and functionality in an accessible and semi-uniform manner. You likely already have a small set of icons and applets nestled in the far reaches of your Budgie panel right now, such as the simple clock applet, Wi-Fi signal status, and volume control.
  • Latte Dock Is Working On Wayland Support, New Features
    Latte Dock, the desktop dock based on KDE's Plasma Framework and Qt, is preparing for their next release at the end of August. Latte Dock 0.7 is expected to be the next major release of this dock and it's slated for availability by the end of August.
  • Latte Dock accepts donations, what is coming...
    to cheer you up a bit for the upcoming 0.7 version which is scheduled for the end of August or maybe earlier ;) based on the effort...

OSS Leftovers

  • [Older] Andy Rubin says Essential’s Ambient OS will be open source, just like Android
    Playground CEO Andy Rubin, whose new company Essential unveiled a new premium Android smartphone and Amazon Echo competitor today, says his company’s Ambient OS smart home platform will be open source. That means that Rubin, who rose to fame in the tech industry for co-founding Android, essentially wants to apply the same open-source philosophy that made Android the most dominant mobile operating system to the smart home.
  • [Older] How to Build Open Source Communities
    Seeing programming as a social activity changes how we build communities around programming. We should focus on building a community, and not on building a codebase, argued Ash Furrow at Craft. He suggested using a code of conduct, moving long or heated discussions into a Skype call or Google Hangout, avoiding fixing easy issues yourself, and distributing power and responsibilities.
  • [Older] R3’s open-source distributed ledger platform ‘Corda’ goes into public beta
    R3, the financial innovation company that runs blockchain consortium, announced that it’s open-source, financial-grade, distributed ledger platform ‘Corda’ has entered into first public beta. The release of the public beta represents a step forward in the path of Corda, towards API stabilization for production applications. The announcement was first made by Richard Gendal Brown, Chief Technology Officer of R3, last week.
  • As Blockchain Advances, Developers Look To Open Source As A Solution
    As the digitization of financial transactions becomes ever more mainstream, with Bitcoin’s core technology blockchain leading the way, the rapid adaptation raises security concerns at the same time its enhanced efficiency is being exploited. A recent Greenwich Associates survey highlights the conundrum but also points to solutions.
  • The perils of live demonstrations
    Yesterday, I was giving a talk at the The South SF Bay Haskell User Group about how implementing lock-step simulation is trivial in Haskell and how Chris Smith and me are using this to make CodeWorld even more attractive to students. I gave the talk before, at Compose::Conference in New York City earlier this year, so I felt well prepared. On the flight to the West Coast I slightly extended the slides, and as I was too cheap to buy in-flight WiFi, I tested them only locally.
  • Announcing automatically updating Linux LibreOffice builds
    I’m finally ready to announce LibreOffice daily builds for Linux that integrate our new automatic updater. The work on the automatic updater has been going on for nearly a year now and is finally in a shape that we produce builds on TDF hardware that will automatically update using delta updates. The current builds are 64-bit Linux builds created on SLES 12.2 and should run on most Linux distros. These builds are .tar.gz based archives that you can extract and just run. Note that we can’t update builds that are placed into locations that are not writeable by the current user (and due to missing support for signing executables and libraries on Linux there are no plans to change that).
  • A beta for PostgreSQL 10
    PostgreSQL version 10 had its first beta release on May 18, just in time for the annual PGCon developer conference. The latest annual release comes with a host of major features, including new versions of replication and partitioning, and enhanced parallel query. Version 10 includes 451 commits, nearly half a million lines of code and documentation, and over 150 new or changed features since version 9.6. The PostgreSQL community will find a lot to get excited about in this release, as the project has delivered a long list of enhancements to existing functionality. There's also a few features aimed at fulfilling new use cases, particularly in the "big data" industry sector.
  • Firefox Focus for Android, Torvalds reflects on Linux, and more news
  • University of Missouri launches systemwide initiative to adopt affordable and open educational resources
    On Wednesday, University of Missouri System President Mun Choi and Chancellors Leo Morton, Tom George, Garnett Stokes and Christopher Maples announced a plan that will save students significant amounts of money on textbooks and other course materials. This effort is designed to reduce the cost of attendance and enhance learning for students. The plan takes advantage of Open Educational Resources, or class materials that are free for students, and AutoAccess, which is a program that makes textbooks and class materials available online at a lower cost than traditional learning resources.
  • Textbook Costs to Drop Under University of Missouri Plan
    University system President Mun Choi wants to use more open-source learning material written by experts, vetted by their peers and posted for free downloading. Choi spoke about the effort Wednesday at an event with members of the Board of Curators, administrators, lawmakers, faculty from all four campuses and student representatives, the Columbia Daily Tribune (http://bit.ly/2t2L4HQ ) reported.
  • Sudo or Sudo Not, There Is No (4th) Try
    If you've been using Linux for any length of time, at some point in some tutorial or troubleshooting guide you've more than likely encountered Linux's magic word: "sudo". A casual observer probably can tell you that it's used to access restricted functions on your computer, but there is much more to it than that.