Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • [Florida] Panhandle county that backed Trump among Russian hacking victims [iophk: "Windows TCO"]

     

    Washington County was one of two counties successfully hacked by Russians seeking voter information files. The FBI and the Department of Homeland Security in the past week have briefed Gov. Ron DeSantis and Florida’s congressional delegation about the attack, but federal authorities have asked that the names of the two counties be kept confidential.

  • Hacking democracies: Cataloguing cyber-enabled attacks on elections

     

    Of the 97 national elections in free or partly free countries reviewed for this report during the period from 8 November 2016 to 30 April 2019, a fifth (20 countries) showed clear examples of foreign interference, and several countries had multiple examples (see the appendix to this report).17 It’s worth noting that confidence in attributions to foreign actors varied widely. In ideal circumstances, a government source made the attribution, but often the attribution was more informal. Our intention was not to provide an exhaustive list of every alleged case of foreign interference but instead to capture the spread of states experiencing the phenomenon and illustrative examples of different methods. Details on all examples identified through this research are set out in the appendix.

  • Slack patches vulnerability in Windows client that could be used to hijack files

     

    The potential attack used a weakness in the way the "slack://" protocol handler was implemented in the Windows application. By creating a crafted link posted in a Slack channel, the attacker could alter the default settings of the client—changing the download directory, for example, to a new location with a URL such as “slack://settings/?update={‘PrefSSBFileDownloadPath’:’’}”. That path could be directed to a Server Message Block (SMB) file-sharing location controlled by the attacker. Once clicked, all future downloads would be dropped onto the attacker's SMB server. This link could be disguised as a Web link—in a proof-of-concept, the malicious Slack attack posed as a link to Google.

  • Protecting your computer against Intel’s latest security flaw is easy, unless it isn’t

     

    The new vulnerabilities are built into Intel hardware and go by various names. ZombieLoad, Fallout, or RIDL are the catchy ones; the more technical name is Microarchitectural Data Sampling (MDS). Before we get into it more, you probably want to know what to do about it.

  • Sites infected as open source Alpaca Forms & analytics service Picreel compromised [Ed: JavaScript is a security threat and this isn't the fault of FOSS but of poor stewardship]

    Hackers have breached two services and modified the JavaScript code to infect more than 4,600 websites with malware, according to security researchers.

  • The 10 Best Free and Open Source Identity Management Tools

    Identity and access management must form the core of your cybersecurity policies and platforms. Securing credentials and verifying users can help deflect and prevent an overwhelming majority of data breaches. Indeed, IAM forms the modern enterprise’s digital perimeter; strong authentication protocols alone can help keep digital assets secure and keeps external and internal threat actors out.

  • Top 3 Open Source Tools for SAST

    Static Application Security Testing, or SAST, is a type of security testing which analyzes the source code of an application to determine security flaws. It can also be termed as Source Code Analysis. SAST examines the source code before it’s compiled without executing anything. Due to this feature, it can be employed early in the development cycle to reap maximum benefits. This ensures that secure source code is written. Also, making early detection of security vulnerabilities lowers cost of fixing bugs post development. 

  • Open Source Innovation in Cybersecurity

    There is a convergence of growth in the number of protection vulnerabilities. The rise in hacker capabilities and tools are being enacted in the European Union, and businesses are expanding their investments in cybersecurity significantly. According to Global Market Insights, between 2019 and 2024, the demand for cybersecurity goods and assistance is assumed to grow from $120 billion to more than $300 billion annually. Estimation of Gartner affirms that by 2020 more than 60 percent of companies will have invested in multiple data security tools.

    [...]

    In smart cars, IoT platforms and cybersecurity software projects like Kali Linux, open source is a leading technology. While it has undergone exponential growth, the thriving proliferation of convenient source by banking networks, was not invariably a foregone conclusion.

  • Open Source Versioning: The Race to Stay Up-to-Date [Ed: The same is true for proprietary software, but companies like Microsoft bankrolled an industry of FUD that never speaks of back doors in blobs, only high-profile FOSS bugs]

    Open source libraries, once shunned as risky and not ready for prime time, are now used extensively across major corporations, including insurers. The reason is simple: In time- and resource-constrained companies trying to stay technologically competitive, it doesn’t make sense anymore to try to reinvent a wheel that’s already been battle-tested. However, having made the commitment to open source code and solution sets, it’s imperative to keep up-to-date with open source library maintenance and updates.

  • Don't let security fall apart at the SIEMs. How open source search can upgrade SIEM to fight modern threats
  • WhatsApp hack: Is any app or computer truly secure?

More in Tux Machines

First Release Candidate of Linux 5.3

  • Linux 5.3-rc1
    It's been two weeks, and the merge window is over, and Linux 5.3-rc1
    is tagged and pushed out.
    
    This is a pretty big release, judging by the commit count. Not the
    biggest ever (that honor still goes to 4.9-rc1, which was
    exceptionally big), and we've had a couple of comparable ones (4.12,
    4.15 and 4.19 were also big merge windows), but it's definitely up
    there.
    
    The merge window also started out pretty painfully, with me hitting a
    couple of bugs in the first couple of days. That's never a good sign,
    since I don't tend to do anything particularly odd, and if I hit bugs
    it means code wasn't tested well enough. In one case it was due to me
    using a simplified configuration that hadn't been tested, and caused
    an odd issue to show up - it happens. But in the other case, it really
    was code that was too recent and too rough and hadn't baked enough.
    The first got fixed, the second just got reverted.
    
    Anyway, despite the rocky start, and the big size, things mostly
    smoothed out towards the end of the merge window. And there's a lot to
    like in 5.3. Too much to do the shortlog with individual commits, of
    course, so appended is the usual "mergelog" of people I merged from
    and a one-liner very high-level "what got merged". For more detail,
    you should go check the git tree.
    
    As always: the people credited below are just the people I pull from,
    there's about 1600 individual developers (for 12500+ non-merge
    commits) in this merge window.
    
    Go test,
    
                Linus
    
  • Linux 5.3-rc1 Debuts As "A Pretty Big Release"

    Just as expected, Linus Torvalds this afternoon issued the first release candidate of the forthcoming Linux 5.3 kernel. It's just not us that have been quite eager for Linux 5.3 and its changes. Torvalds acknowledged in the 5.3-rc1 announcement that this kernel is indeed a big one: "This is a pretty big release, judging by the commit count. Not the biggest ever (that honor still goes to 4.9-rc1, which was exceptionally big), and we've had a couple of comparable ones (4.12, 4.15 and 4.19 were also big merge windows), but it's definitely up there."

  • The New Features & Improvements Of The Linux 5.3 Kernel

    The Linux 5.3 kernel merge window is expected to close today so here is our usual recap of all the changes that made it into the mainline tree over the past two weeks. There is a lot of changes to be excited about from Radeon RX 5700 Navi support to various CPU improvements and ongoing performance work to supporting newer Apple MacBook laptops and Intel Speed Select Technology enablement.

today's howtos and programming bits

  • How to fix Ubuntu live USB not booting
  • How to Create a User Account Without useradd Command in Linux?
  • Container use cases explained in depth
  • Containerization and orchestration concepts explained
  • Set_env.py

    A good practice when writing complicated software is to put in lots of debugging code. This might be extra logging, or special modes that tweak the behavior to be more understandable, or switches to turn off some aspect of your test suite so you can focus on the part you care about at the moment. But how do you control that debugging code? Where are the on/off switches? You don’t want to clutter your real UI with controls. A convenient option is environment variables: you can access them simply in the code, your shell has ways to turn them on and off at a variety of scopes, and they are invisible to your users. Though if they are invisible to your users, they are also invisible to you! How do you remember what exotic options you’ve coded into your program, and how do you easily see what is set, and change what is set?

  • RPushbullet 0.3.2

    A new release 0.3.2 of the RPushbullet package is now on CRAN. RPushbullet is interfacing the neat Pushbullet service for inter-device messaging, communication, and more. It lets you easily send alerts like the one to the left to your browser, phone, tablet, … – or all at once. This is the first new release in almost 2 1/2 years, and it once again benefits greatly from contributed pull requests by Colin (twice !) and Chan-Yub – see below for details.

  • A Makefile for your Go project (2019)

    My most loathed feature of Go was the mandatory use of GOPATH: I do not want to put my own code next to its dependencies. I was not alone and people devised tools or crafted their own Makefile to avoid organizing their code around GOPATH.

  • Writing sustainable Python scripts

    Python is a great language to write a standalone script. Getting to the result can be a matter of a dozen to a few hundred lines of code and, moments later, you can forget about it and focus on your next task. Six months later, a co-worker asks you why the script fails and you don’t have a clue: no documentation, hard-coded parameters, nothing logged during the execution and no sensible tests to figure out what may go wrong. Turning a “quick-and-dirty” Python script into a sustainable version, which will be easy to use, understand and support by your co-workers and your future self, only takes some moderate effort. 

  • Notes to self when using genRSS.py

The Status of Fractional Scaling (HiDPI) Between Windows & Linux

There’s a special type of displays commonly called “HiDPI“, which means that the number of pixels in the screen is doubled (vertically and horizontally), making everything drawn on the screen look sharper and better. One of the most common examples of HiDPI are Apple’s Retina displays, which do come with their desktops and laptops. However, one issue with HiDPI is that the default screen resolutions are too small to be displayed on them, so we need what’s called as “scaling”; Which is simply also doubling the drawn pixels from the OS side so that they can match that of the display. Otherwise, displaying a 400×400 program window on a 3840×2160 display will give a very horrible user experience, so the OS will need to scale that window (and everything) by a factor of 2x, to make it 800×800, which would make it better. Fractional scaling is the process of doing the previous work, but by using fractional scaling numbers (E.g 1.25, 1.4, 1.75.. etc), so that they can be customized better according to the user’s setup and needs. Now where’s the issue, you may ask? Windows operating system has been supporting such kind of displays natively for a very long time, but Linux distributions do lack a lot of things in this field. There are many drawbacks, issues and other things to consider. This article will take you in a tour about that. Read more Also: Vulkan 1.1.116 Published With Subgroup Size Control Extension

Android Leftovers