Language Selection

English French German Italian Portuguese Spanish

Microsoft

Security: Microsoft Windows Strikes Again

Filed under
Microsoft
Security
  • U.S. Coast Guard Issues Alert After Ship Heading Into Port Of New York Hit By Cyberattack

    The U.S. Coast Guard has issued an official warning to owners of ships that cybersecurity at sea needs updating, and updating urgently. In the Marine Safety Alert published June 8, the Coast Guard "strongly encourages" that cybersecurity assessments are conducted to "better understand the extent of their cyber vulnerabilities." This follows an interagency investigation, led by the Coast Guard, into a "significant cyber incident" that had exposed critical control systems of a deep draft vessel bound for the Port of New York in February 2019 to what it called "significant vulnerabilities."

  • Malware on the High Seas: US Coast Guard Issues Alert [iophk: Windows TCO is not a laughing matter. Get rid of it.]

    The ship's network was mainly used for official business, including updating electronic charts, managing cargo data and communicating with shore-side facilities, pilots, agents and the Coast Guard, according to the report.

  • Eurofins Scientific: Forensic services firm paid ransom after cyber-attack [iophk: Windows TCO]

    BBC News has not been told how much money was involved in the ransom payment or when it was paid.

    The National Crime Agency (NCA) said it was a "matter for the victim" as to whether a ransom had been paid.

  • Eurofins Scientific Paid Up in Response to Ransomware Attack: Report [iophk: Windows TCO]

    Luxembourg-based laboratory testing services giant Eurofins Scientific reportedly paid the ransom demanded by cybercriminals following a successful ransomware attack that led to the company taking offline many of its systems and servers.

  • Eurofins Scientific forensics firm pays after hit with ransomware [iophk: Windows TCO]

    Eurofins didn’t disclose how much it paid to retrieve its information but the money was likely paid between June 10, when Eurofins issued a statement about the attack, and June 24 when it published an update saying it had “identified the variant of the malware used” in the attack and had strengthened its cybersecurity.

  • [Old] Combating WannaCry and Other Ransomware with OpenZFS Snapshots [iophk: use FreeBSD, OpenBSD, or GNU/Linux on the desktop to avoid ransomware and servers to avoid ransomware damage]

    OpenZFS is the powerful file system at the heart of every storage system that iXsystems sells and of its many features, snapshots can provide fast and effective recovery from ransomware attacks at both the individual user and enterprise level as I talked about in 2015. As a copy-on-write file system, OpenZFS provides efficient and consistent snapshots of your data at any given point in time. Each snapshot only includes the precise delta of changes between any two points in time and can be cloned to provide writable copies of any previous state without losing the original copy. Snapshots also provide the basis of OpenZFS replication or backing up of your data to local and remote systems. Because an OpenZFS snapshot takes place at the block level of the file system, it is immune to any file-level encryption by ransomware that occurs over it. A carefully-planned snapshot, replication, retention, and restoration strategy can provide the low-level isolation you need to enable your storage infrastructure to quickly recover from ransomware attacks.

German data protection organization: use of Office 365 in schools is illegal

Filed under
Microsoft

The data protection officer of the German federal state of Hessen has warned that the cloud-based Office 365 solution is not a compliant solution for use in schools when student information is being stored on it. This fits with earlier, similar conclusions by the Swedish and Dutch governments – US cloud solutions are not GDPR compliant.

Read more

Hey Microsoft, why is the Skype Snap app hopelessly outdated?

Filed under
Microsoft

The official Skype Snap app for Linux has not been updated in nearly six months, and Microsoft is yet to say why.

When introducing the cross-distro build in early 2018, the company said the Skype Snap app would give it the “…ability to push the latest features straight to our users, no matter which device or distribution they happen to use.”

Clearly, not.

Because at the time of writing this post the Skype Snap app sits on version 8.34.0.78, which the Snapcraft store reports was ‘last updated’ in November 2018.

However, the “regular” Linux version available to download from the Skype website is on version 8.47.0.73, released June 2019.

Read more

Also: Microsoft has caused an uproar among its partners by canceling one of their favorite perks: software for their own use [paywall]

Canonical GitHub account hacked, Ubuntu source code safe

Filed under
Microsoft
Security
Ubuntu

The GitHub account of Canonical Ltd., the company behind the Ubuntu Linux distribution, was hacked on Saturday, July 6.

"We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities," the Ubuntu security team said in a statement.

"Canonical has removed the compromised account from the Canonical organisation in GitHub and is still investigating the extent of the breach, but there is no indication at this point that any source code or PII was affected," it said.

"Furthermore, the Launchpad infrastructure where the Ubuntu distribution is built and maintained is disconnected from GitHub and there is also no indication that it has been affected."

Read more

Microsoft and VMware Buying 'Leadership' in Linux

Filed under
Linux
Microsoft

Openwashing Leftovers (Mostly Google and Microsoft)

Filed under
Google
Microsoft
OSS

Windows 'Clones'

Filed under
Microsoft
  • ReactOS ‘a ripoff of the Windows Research Kernel’ claims Microsoft kernel engineer

    Reitschin does add he is no lawyer, but these claims do raise a number of serious concerns and questions about the ReactOS project. These claims alone will probably ensure no serious commercial entity will ever want to associate itself with ReactOS, and it will be interesting to see if these claims will ever lead to something more serious than mere words.

  • ReactOS 'a ripoff of the Windows Research Kernel' claims Microsoft kernel engineer [Ed: The original article is from Microsoft Tim.]
  • Samba 4.11 Aims To Be Scalable To 100,000+ Users

    For those using Samba for better Windows interoperability with SMB/CIFS/AD, the forthcoming Samba 4.11 will be a lot more scalable so it can be used within massive organizations.

    Samba has been undergoing work to improve its performance on the large scale for organizations with 100,000+ users and over one hundred thousand computer objects and memberships. Samba 4.11 will be able to scale a hell of a lot better than previous releases due to performance improvements around reindexing, domain joins, LDAP server memory, custom LMBD map size, better batch operation support, better LDB search performance, better sub-tree rename performance, and other tuning to allow Samba to perform at massive scales.

Rapid Ascent of Linux

Filed under
GNU
Linux
Microsoft
  • You should really get an Android or iPhone, says Microsoft: No more app updates for Windows Phone 8.x holdouts

    Another milestone was reached today in the long, drawn-out death of Windows Phone: Microsoft has stopped distributing app updates to the dozen or so Windows Phone 8.x devices not already consigned to the recyclers.

    To be fair, mainstream support for Windows Phone 8.1 was switched off almost two years ago, on 11 July 2017, and Microsoft really cannot be bothered to let developers who are still supporting apps on the platform use its store to distribute updates.

    The company had already axed the ability for developers to submit new apps for the doomed platform at the end of October last year. Today brings the Windows 8.x saga to an end – with developers no longer able to shovel out updates ... to say there'll be no more updates.

  • Microsoft Says Linux Surpassed Windows on Azure [Ed: Microsoft boosters such as Bogdan Popa keep pushing that "Microsoft loves Linux" lie because they know that this lie is actually useful to Microsoft and contributes to brand dilution]

    “Microsoft loves Linux” is something that we hear every once in a while, especially from Microsofties who try to get the software giant more involved into this world that they once hated.

  • Linux is now beating Windows on Microsoft’s own turf, and Azure is better for it

    A Linux kernel developer working with Microsoft has let slip that Linux-based operating systems have a larger presence on Microsoft’s Azure cloud platform than Windows-based ones. The revelation appeared on an Openwall open-source security list in an application for Microsoft developers to join the list, and was apparently part of an evidently credible argument that Microsoft plays an active-enough role in Linux development to merit including the company in security groups.

Microsoft DRM, Security, and Apple's Combustion Threat

Filed under
Microsoft
Mac
Security
  • You Don't Own What You've Bought: Microsoft's Books 'Will Stop Working'

    The latest in our forever ongoing series, recognizing in the digital age how you often no longer own what you've bought, thanks to DRM and copyright: this week, people with Microsoft ebooks will discover they're dead.

  • Security updates for Tuesday

    Security updates have been issued by Arch Linux (firefox, firefox-developer-edition, libarchive, and vlc), CentOS (firefox, thunderbird, and vim), Debian (firefox-esr, openssl, and python-django), Fedora (glpi and xen), Mageia (thunderbird), openSUSE (ImageMagick, irssi, libheimdal, and phpMyAdmin), Red Hat (libssh2 and qemu-kvm), Scientific Linux (firefox, thunderbird, and vim), SUSE (389-ds, cf-cli, curl, dbus-1, dnsmasq, evolution, glib2, gnutls, graphviz, java-1_8_0-openjdk, and libxslt), and Ubuntu (python-django).

  • Kali Linux in the DigitalOcean Cloud

    DigitalOcean is a cloud provider similar to AWS, Microsoft Azure, Google Cloud Platform, and many others. They offer instances, called “droplets”, with different Linux distributions such as Debian, Ubuntu, FreeBSD, etc. Similar to AWS, DigitalOcean has datacenters around the world and sometimes multiple datacenters in each country.

    However, one feature in particular sets them apart them from their competitors. A little while ago, they added support for custom images, which allows users to import virtual machine disks and use them as droplets. This is perfect for us as we can use our own version of Kali Linux in their cloud.

    While it might be possible to load the official Kali Linux virtual images, it wouldn’t be very efficient. Instead, we’ll build a lightweight Kali installation with the bare minimum to get it working.

  • Cybersecurity Experts Blocked 5 Million Attempted Hacks of IoT Cameras

    Trend Micro cybersecurity experts report that they blocked an astounding five-million hack attempts on IoT cameras. It’s quite frightening to think what may have happened if these experts weren’t hard at work.

  • Public Certificate Poisoning Can Break Some OpenPGP Implementations

    OpenPGP installations can grind to a halt and fail to verify the authenticity of downloaded packages as the keyserver network has been flooded with bogus extra signatures attesting ownership of a certificate.

    Vulnerabilities that allow this type of certificate spamming attack have been known for years and a timely fix or mitigation is nowhere in sight, neither from the keyserver network community nor the OpenPGP Working Group.

  • Report: Apple Discovers MacBook Air Logic Board Issue

                   

                     

    Not all 13-inch MacBook Air with Retina Display units from 2018 are believed to be affected by the logic board issue. The memo reportedly said that only units with certain serial numbers were affected; Apple plans to inform the owners of those devices via email. Affected units can be taken to Apple's retail stores or authorized repair shops until four years after their original purchase date, 9to5Mac said. 
     

                     

    It's not clear why Apple didn't publicly announce the replacement program.  

  •              

  • Apple finds issue w/ logic board in some 2018 MacBook Airs, offers free repair

                   

                     

    Apple has confirmed in an internal document to repair staff that it’s identified an issue with the main logic board in what it says is a “very small number” of MacBook Air models. Apple Stores and authorized repair staff have been informed to replace the main logic board in affected machines at no cost to customers, according to the document obtained by 9to5Mac.  

  •              

  • Apple Recalls 15-Inch MacBook Pro Laptop Computers Due to Fire Hazard

                   

                     

    The batteries in the recalled laptop computers can overheat, posing a fire hazard.  

  •              

  • Apple recalls 432,000 MacBook Pro laptops for fire and burn risks

                   

                     

    Manufactured in China, the recalled computers had a retail price of $2,000 and more, and were sold at Apple and electronics stores nationwide, as well as online, from September 2015 through February 2017.  

  •              

  • 2015 15" MacBook Pro Recall Applies to About 432,000 Units, Apple Received 26 Reports of Batteries Overheating

                   

                     

    Last week, Apple launched a worldwide recall and replacement program for select 2015 15-inch MacBook Pro units, sold primarily between September 2015 and February 2017, due to batteries that "may overheat and pose a fire safety risk." Apple will replace affected batteries free of charge.  

  •                  

  • 'Dangerous' Muslim Brotherhood fatwa app in Apple Store's top 100 downloads

                       

                         

    The Euro Fatwa app, which was launched in April, was created by the European Council for Fatwa and Research, a Dublin private foundation set up by Yusuf Al Qaradawi, spiritual leader of the Muslim Brotherhood.
     

                         

    Touted as a guide to help Muslims adhere to Islam, critics including Germany’s security service, say the app is a radicalisation tool.  

  •                  

  • Jony Ive found Tim Cook's disinterest in design 'dispiriting'

                       

                         

    But more damagingly, the WSJ highlights that Ive was left "dispirited" by Tim Cook, in stark contrast to his close relationship with Steve Jobs. Cook, apparently "showed little interest in the product development process" according to the paper's sources. Ive was also left frustrated by the makeup of Apple's board of directors, which was filled with people with backgrounds outside of Apple's core business (the pun is ours, and very much intended). 
     

                         

    As well as these reports, Ive's own words have come back to haunt the company. Back in 2014, he told The Times he'd leave Apple if it stopped innovating. Awkward.  

Microsoft and Google Openwashing

Filed under
Google
Microsoft
Syndicate content