Language Selection

English French German Italian Portuguese Spanish

Security: BSDcan, Ransom and Exploits

Filed under
Security
  • ssh in https

    The wifi network at BSDcan, really the UOttawa network, blocks a bunch of ports. This makes it difficult to connect to outside machines using “exotic” protocols, basically anything except http or https. There are many ways to resolve this, here’s what I did.

  • These firms promise high-tech ransomware solutions—but typically just pay hackers [iophk: “Windows continues to enable entire cottage industries around grifting”]

    Proven Data promised to help ransomware victims by unlocking their data with the “latest technology,” according to company emails and former clients. Instead, it obtained decryption tools from cyberattackers by paying ransoms, according to Storfer and an FBI affidavit obtained by ProPublica.

    Another US company, Florida-based MonsterCloud, also professes to use its own data recovery methods but instead pays ransoms, sometimes without informing victims such as local law enforcement agencies, ProPublica has found. The firms are alike in other ways. Both charge victims substantial fees on top of the ransom amounts. They also offer other services, such as sealing breaches to protect against future attacks. Both firms have used aliases for their workers, rather than real names, in communicating with victims.

  • Google Starts Tracking Zero-Days Exploited in the Wild

    The new project, named 0Day ‘In the Wild’, is basically a spreadsheet that Project Zero uses to track vulnerabilities exploited before they became known to the public or the vendor.

    The spreadsheet currently lists over 100 vulnerabilities exploited in the wild since 2014. The table includes the flaw’s CVE identifier, impacted vendor, impacted product, the type of vulnerability, a brief description, the date of its discovery, the date when a patch was released, a link to the official advisory, a link to a resource analyzing the flaw, and information on attribution.

More in Tux Machines

OSS Leftovers

  • How open source is benefitting SUSE, its channel partners and customers

    Open source technology is being talked about even more rampantly today. Phillip Cockrell, Vice President of Global Channels, SUSE articulates, “More than anything, open source is the core of innovation. It is by all and for all and propelling all aspects of technology development today.” SUSE, a native open source software company, which provides reliable, software-defined infrastructure and application delivery solutions that give organisations greater control and flexibility, is a seasoned 25-year-old player in the domain.

  • What is AOSP? Android Open Source Project, the ‘Android without Google’

    AOSP is the acronym for Android Open Supply Challenge ; that’s, ‘Android Open Source Project’. So it's simply the supply code of Android, the cellular working system of the Mountain View firm. However what’s it for? Its fundamental software is by OEMs; cellular producers obtain AOSP and make their 'ROM inventory', but additionally serves as the premise for customized ROMs and forks. AOSP, or Android Open Supply Challenge, isn’t the identical as Android Inventory . Whereas AOSP is the supply code of the working system, Android Inventory is the 'pure model' with out bloatware of any sort and solely with apps and Google providers, in addition to the native launcher. AOSP, nevertheless, is the premise of Android Vanilla , which is the model that’s distributed to smartphone producers and is topic to modifications. On it, the producer's personal purposes and providers are launched, and naturally the customization layer and the variations which can be essential for particular elements to work.

  • How to Avoid Technical Debt in Open Source Projects
  • Introducing OpenDrop, an open-source implementation of Apple AirDrop written in Python

    A group of German researchers recently published a paper “A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link”, at the 28th USENIX Security Symposium (August 14–16), USA. The paper reveals security and privacy vulnerabilities in Apple’s AirDrop file-sharing service as well as denial-of-service (DoS) attacks which leads to privacy leaks or simultaneous crashing of all neighboring devices. As part of the research, Milan Stute and Alexander Heinrich, two researchers have developed an open-source implementation of Apple AirDrop written in Python – OpenDrop. OpenDrop is like a FOSS implementation of AirDrop. It is an experimental software and is the result of reverse engineering efforts by the Open Wireless Link project (OWL). It is compatible with Apple AirDrop and used for sharing files among Apple devices such as iOS and macOS or on Linux systems running an open re-implementation of Apple Wireless Direct Link (AWDL).

  • The Top 13 Free and Open Source Storage Solutions

    In this article we will examine free and open source storage solutions by providing a brief overview of what to expect, as well as blurbs on each tool.

  • Open Source Origination Technology Platform for Online Lenders

    DigiFi was founded by Joshua Jersey and Bradley Vanderstarren in 2014. It started its life as Promise Financial, an online lender, and raised $110 million in credit capital. It built up its own proprietary tech as there was no solution provider in 2014 offering an end-to-end loan origination platform that could automate the entire process. They sold off the tech to a large lending institution in 2017 and pivoted to DigiFi, one of the world’s first open source loan origination systems (LOS) which equips the lenders with flexible and modern tools to create unique platforms and digital experiences.

  • IT favors open source networking over Cisco ACI, VMware NSX

    Companies trying to avoid or lessen the use of expensive network automation software from Cisco and VMware are turning to open source tools that are often good enough for many tasks associated with managing complex modern networks. Cisco's application-centric infrastructure (ACI) and VMware's NSX are powerful technologies for operating networks built on the vendors' respective products. But many large enterprises have data centers filled with perfectly good multivendor hardware and software that very few organizations are willing to swap for an all Cisco or VMware alternative. Therefore, companies are turning to open source networking products, such as Ansible, Chef, Puppet and SaltStack, for automating many network-related chores across as much of the data center as possible, while relegating ACI and NSX to Cisco- or VMware-only portions of the network.

  • What Attorneys Should Know About Open Source Software Licensing

    With the next waves of technological change, such as autonomous vehicles, blockchain, and IoT, newer, more complex OSS licenses may be drafted, and argued in the courts, to protect the interests of software innovators and the OSS community.

Open Data: Schlumberger and Waymo

  • Schlumberger open-sources data ecosystem, contributing to industrywide data development
  • Schlumberger Open Sources Data Ecosystem

    Oilfield services company Schlumberger said it will open source its data ecosystem and contribute to The Open Group Open Subsurface Data Universe (OSDU) Forum to accelerate the delivery of the OSDU Data Platform. The OSDU Forum is an international forum of oil and gas operators, cloud services companies, technology providers, suppliers of applications to oil and gas operators, academia and other standards organizations working together to develop an open, standards-based, data platform that will bring together exploration, development and wells data.

  • Waymo open-sources data set for autonomous vehicle multimodal sensors

    Waymo, the Alphabet subsidiary that hopes to someday pepper roads with self-driving taxis, today pulled back the curtains on a portion of the data used to train the algorithms underpinning its cars: The Waymo Open Dataset. Waymo principal scientist Dragomir Anguelov claims it’s the largest multimodal sensor sample corpus for autonomous driving released to date. “[W]e are inviting the research community to join us with the [debut] of the Waymo Open Dataset, [which is composed] of high-resolution sensor data collected by Waymo self-driving vehicles,” wrote Anguelov in a blog post published this morning. “Data is a critical ingredient for machine learning … [and] this rich and diverse set of real-world experiences has helped our engineers and researchers develop Waymo’s self-driving technology and innovative models and algorithms.”

Linux Foundation: Open Mainframe, Cloud Native Computing Foundation, IBM and More

Finance in FOSS or FOSS-Like