Language Selection

English French German Italian Portuguese Spanish

Microsoft

Microsoft Dirty Tricks and Entryism

Filed under
Microsoft

Security: Brutal Kangaroo Targets Windows, Linux Updates Available, Reproducible Builds, and Patching Stack Clash

Filed under
Linux
Microsoft
Security
  • Brutal Kangaroo

    Today, June 22nd 2017, WikiLeaks publishes documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables.

    The documents describe how a CIA operation can infiltrate a closed network (or a single air-gapped computer) within an organization or enterprise without direct access. It first infects a Internet-connected computer within the organization (referred to as "primary host") and installs the BrutalKangaroo malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware. If this thumbdrive is used to copy data between the closed network and the LAN/WAN, the user will sooner or later plug the USB disk into a computer on the closed network. By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked.

    The Brutal Kangaroo project consists of the following components: Drifting Deadline is the thumbdrive infection tool, Shattered Assurance is a server tool that handles automated infection of thumbdrives (as the primary mode of propagation for the Brutal Kangaroo suite), Broken Promise is the Brutal Kangaroo postprocessor (to evaluate collected information) and Shadow is the primary persistence mechanism (a stage 2 tool that is distributed across a closed network and acts as a covert command-and-control network; once multiple Shadow instances are installed and share drives, tasking and payloads can be sent back-and-forth).

  • Security updates for Wednesday
  • Reproducible Builds: week 112 in Stretch cycle
  • 5 things you need to know about Stack Clash to secure your shared Linux environment

    The vulnerability is present in Unix-based systems on i386 and amd64 architectures. Affected Linux distributions include Red Hat, Debian, Ubuntu, SUSE, CentOS and Gentoo. Solaris is owned by Oracle. FreeBSD, OpenBSD and NetBSD are also impacted. Qualys has been working with distributions and vendors since May to get the vulnerabilities fixed, and the updates are just beginning to be released. Administrators need to act promptly to update affected machines with the security updates.

Linux vs. Windows Server OS Comparison

Filed under
OS
Linux
Microsoft

A comparison between Linux and Windows while selecting the server operating system is like being in stalemate while playing the chess game where the outcome is unpredictable. Various versions of the Microsoft—from Windows—and the Linux-based operating systems are available in plenty today. But deciding the best option is a tougher task, rather, finding the right solution that fits the organizational requirements is easier.

Read more

Microsoft Openwashing by the Linux Foundation, Lockin Model, and More Openwashing With the Linux Foundation

Filed under
Microsoft
OSS

Openwashing and Parasites

Filed under
Microsoft
OSS

You Can’t Open the Microsoft Surface Laptop Without Literally Destroying It

Filed under
Microsoft
  • You Can’t Open the Microsoft Surface Laptop Without Literally Destroying It

    The company, which provides repair tools and manuals for popular gadgets like the iPhone and PlayStation, has handed the Surface Laptop a score of 0 out of 10 in terms of user repairability, stating definitively that the laptop "is not meant to be opened or repaired; you can't get inside without inflicting a lot of damage."

  • 2017 Surface Pro least repairable ever; Surface Laptop is made of glue

    iFixit's pictures, as ever, give a great look at the insides of the two machines. The Laptop has no external screws at all; to get into the system, iFixit had to peel off the glued-down fabric keyboard surround, an operation that obviously can't be undone, producing a machine that offers essentially no serviceability whatsoever.

Microsoft in the Details

Filed under
Microsoft

Openwashing and Attacks on FOSS, OSS Leftovers

Filed under
Microsoft
OSS
  • Microsoft is Bringing Native Linux Container Support and Bash to Windows Server [Ed: Microsoft wants to swallow GNU/Linux in a platform with NSA back doors and keyloggers, not to mention patent tax]
  • ​Microsoft joins Java-oriented Cloud Foundry [Ed: for influence and steering from the inside]
  • FreeNAS 11.0 is Now Here
  • OW2 Consortium: Building Beyond Europe

    This year marks the 10th anniversary of OW2, and the organization is celebrating during its annual conference, on June 26-27, in Paris, France. OSI GM Patrick Masson sat down with Cedric Thomas, CEO of OW2 to learn more about the foundation, it’s accomplishments over the past 10 years, and what’s in store for the anniversary celebration.

    The Open Source Initiative (OSI) Affiliate Membership Program is an international who’s who of open source projects, advocates, and communities: Creative Commons, Drupal Association, Linux Foundation, Mozilla Foundation, Open Source Matters (the foundation supporting Joomla), Python Software Foundation, Wikimedia Foundation, Wordpress Foundation and many more. Open source enthusiasts outside Europe may not be as familiar with another OSI Affiliate Member, OW2, however its impact on open source development and adoption across the EU has been significant.

  • FSFE Newsletter - June 2017

FOSS FUD and Microsoft Entryism

Filed under
Microsoft
OSS

GNU/Linux Prevents Back Doors, Microsoft Patches Some

Filed under
GNU
Linux
Microsoft
Security
Syndicate content

More in Tux Machines

5 fundamental differences between Windows 10 and Linux

This comparison really only scratches the surface. And don't get me wrong, there are areas where Windows 10 bests Linux (few, but they do exist). In the end, however, the choice is yours. Chances are you'll be making the choice based on which platform will allow you get more work done and do so with a certain level of efficiency and reliability. I would highly recommend, to anyone, if Linux can enable you to get your work done...give it a go and see if you don't find it more dependable and predictable. Read more

Firefly COM dual boots Android and Ubuntu on hexa-core RK3399

GNOME developer Bastien Nocera talks in his latest blog post about the enhancements he managed to implement in the past few weeks to the Bluetooth stack of the Fedora Linux operating system. Read more

Games: Morphite, Mooseman, Arma, and PlayStation 4 DualShock Controller

  • Stylish FPS 'Morphite' released without Linux support, but it's coming
    Sadly, Morphite [Steam] has seen a delay with the Linux version. Thankfully, the developer was quick to respond and it's still coming.
  • The Mooseman, a short side-scrolling adventure just released for Linux
    In the mood for something a little out there? Well, The Mooseman [Steam] a short side-scroller might just hit the spot.
  • Arma 3 1.76 for Linux is planned, work on it to start "soon"
    Bohemia Interactive have announced in their latest "SITREP" that the Linux version of Arma 3 will be updated to the latest version of 1.76, work is set to start on it "soon".
  • Sony's PlayStation 4 DualShock Controller Now Supported in Fedora Linux, GNOME
    GNOME developer Bastien Nocera talks in his latest blog post about the enhancements he managed to implement in the past few weeks to the Bluetooth stack of the Fedora Linux operating system. The patches submitted by the developer to the Bluetooth packages in the latest Fedora Linux release promise to bring improvements to the way PlayStation 3 DualShock controllers are set up in the environment if you're using the GNOME desktop environment. Until now, to set up a DualShock 3 controller, users had to plug it in via USB, then disconnect it, and then press the "P" button on the joypad, which would have popped-up a dialog to confirm the Bluetooth connection. But this method had some quirks though.

Debian Development Reports

  • Free software log (July and August 2017)
    August was DebConf, which included a ton of Policy work thanks to Sean Whitton's energy and encouragement. During DebConf, we incorporated work from Hideki Yamane to convert Policy to reStructuredText, which has already made it far easier to maintain. (Thanks also to David Bremner for a lot of proofreading of the result.) We also did a massive bug triage and closed a ton of older bugs on which there had been no forward progress for many years. After DebConf, as expected, we flushed out various bugs in the reStructuredText conversion and build infrastructure. I fixed a variety of build and packaging issues and started doing some more formatting cleanup, including moving some footnotes to make the resulting document more readable.
  • Freexian’s report about Debian Long Term Support, August 2017
    Like each month, here comes a report about the work of paid contributors to Debian LTS.
  • Reproducible Builds: Weekly report #125
    16 package reviews have been added, 99 have been updated and 92 have been removed in this week, adding to our knowledge about identified issues.