Language Selection

English French German Italian Portuguese Spanish

Microsoft

Proprietary Software Leftovers

Filed under
Server
Microsoft
  • For hacked companies, paying a ransom may not work: Many say they paid but were attacked again
  • Microsoft no longer offers Windows 7 drivers via Windows Update
  • 50,000 security disasters waiting to happen: The problem of America's water supplies

    The [cracker] had the username and password for a former employee's TeamViewer account, a popular program that lets users remotely control their computers, according to a private report compiled by the Northern California Regional Intelligence Center in February and seen by NBC News.

    After logging in, the [cracker], whose name and motive are unknown and who hasn't been identified by law enforcement, deleted programs that the water plant used to treat drinking water.

  • Police Bust Major Ransomware Gang Cl0p [iophk: Windows TCO]

    In the last few months Cl0p hit dozens of victims, encrypting their files and demanding a ransom. More recently, the hackers were trying to extort their victims by threatening to leak their files publicly on their dark web site, which displays 57 companies as of Wednesday.

    These victims include: oil giant Shell, security company Qualys, U.S. bank Flagstar, the controversial global law firm Jones Day, Stanford University, and University of California, among several others. The hackers were able to hack some of these victims by taking advantage of a flaw in Accellion File Transfer Appliance (FTA), a file-sharing service used by around 300 companies all over the world, according to Accellion.

  • Proofpoint identifies malware targeting government institutions

    Cybersecurity company Proofpoint has identified a malware called LastConn which has targeted government institutions in the Middle East and global government organisations associated with geopolitics in the region.

  • Christian Eriksen to get an implantable cardioverter-defibrillator unit

    According to a new Facebook update by the Danish national team, Christian Eriksen will be getting an implantable cardioverter-defibrillator (ICD) following his cardiac arrest against Finland on Saturday.

    National team doctor Morten Boesen confirmed the decision following talks with the cardiac specialist at city hospital Rigshospitalet, where Eriksen is still undergoing tests.

  • To stop the ransomware pandemic, start with the basics [iophk: Windows TCO]

    Trillions of dollars are at stake. Most people have a vague sense of narrowly avoided fiascos: from the Sony Pictures attack that roiled Hollywood in 2014, to Equifax in 2017, when the details of 147m people were stolen. The big hacks are a familiar but confusing blur: remember SoBig, or SolarWinds, or WannaCry?

    A forthcoming study from London Business School (LBS) captures the trends by examining comments made to investors by 12,000 listed firms in 85 countries over two decades. Cyber-risk has more than quadrupled since 2002 and tripled since 2013. The pattern of activity has become more global and has affected a broader range of industries. Workers logging in from home during the pandemic have almost certainly added to the risks. The number of affected firms is at a record high.

Microsoft loves Linux so much that packages.microsoft.com has fallen and can't get up

Filed under
Microsoft

Microsoft demonstrated its deep and meaningful affection for all things penguin overnight by borking packages.microsoft.com and leaving some Linux fans bereft of the company's wares.

For some of the hardcore, an absence of Microsoft software on their fiercely open-source setups might not be such a bad thing. For others, however, getting a 404 from an apt-get is a major workflow blocker.

The issue looks, at first glance, to be related to the Ubuntu paths as users struggled with the likes of Microsoft's OpenJDK and its flagship .NET platform.

ODBC packages were also borked, as well as the package link for Visual Studio Code and even poor old Microsoft Edge.

Microsoft has yet to respond to our request for more information, although a software engineer at the Windows behemoth, Rahul Bhandari, posted on GitHub: "Our infra team is still working to resolve this issue. They ran into some space issues but this issue should be resolved quickly. Unfortunately, I do not have an ETA yet."

Read more

Microsoft Windows and Apple as Liabilities

Filed under
Microsoft
Mac
  • Energy secretary backs ban on ransomware payments: 'You are encouraging the bad actors'

    Energy Secretary Jennifer Granholm said Sunday that she supports a law that would ban companies from paying ransom to [crackers] holding their information hostage after a recent spate of cyberattacks on companies responsible for crucial parts of the U.S. infrastructure.

    In an interview on NBC's "Meet the Press," Granholm acknowledged that she is not sure whether Congress or President Joe Biden are ready to take that step, but she warned that paying ransom only emboldens [crackers]. And she said private companies need to take responsibility and tell the government when they are attacked for the good of the country.

  • US recovers millions in cryptocurrency paid to Colonial Pipeline [crackers] [iophk: Windows TCO]

    Colonial Pipeline, a network that provides around 45 percent of the East Coast’s fuel, was the target of a crippling cyberattack last month that forced it to shut down operations for several days.

    Joseph Blount, the company’s CEO, later revealed in an interview with The Wall Street Journal that he authorized the company to pay the cyber criminals behind the attack the equivalent of $4.4 million in bitcoin on the day of the breach in exchange for the keys to decrypt the network.

    The FBI recommends against paying the ransom, as it may encourage the [attackers] to go after another group, and the payment may be used for criminal operations. The Biden administration has reiterated this stance in recent weeks.

  • US Snatches Back Ransom from Colonial Pipeline [Crackers] [iophk: Windows TCO]

    U.S. law enforcement officials say they have hit back at the Russian-based criminal network that caused gas pipelines to shut down across parts of the country last month, seizing much of the multimillion-dollar ransom payment before it could be used.

    The Justice Department announced Monday it recovered $2.3 million of the approximately $5 million Colonial Pipeline paid to the DarkSide Network following the ransomware attack, which resulted in fuel shortages along the U.S. East Coast.

  • Feds recover millions from pipeline ransom [crackers], hint at U.S. [Internet] tactic [iophk: Windows TCO]

    The FBI was able to seize control of DarkSide's proceeds by gaining access to a central account holding about 63.7 bitcoins, worth around $2.3 million, Deputy Director Paul Abbate said. A court document said that the seizure took place in Northern California, putting it within reach of U.S. law, and that the FBI was able to access the "private key," or password, for one of the gang's bitcoin wallets. It was unclear how the key was compromised.

  • Adversaries Could Shut Down US Power Grid, Energy Secretary Says [iophk: Windows TCO]

    When Granholm was asked by CNN’s Jake Tapper about vulnerabilities in the electricity grid and whether a foreign actor has the ability to shut it down, Granholm said, “Yeah, they do. There are thousands of attacks on all aspects of the energy sector and the private sector generally.”

  • Senate sergeant at arms says cyberattack more worrisome than repeat of Jan. 6 insurrection [iophk: Windows TCO]

    Senate Sergeant at Arms Karen Gibson said Saturday she is more concerned about a cyberattack on the government than another insurrection like the one that rocked Capitol Hill on Jan. 6.

  • First Known Malware Surfaces Targeting Windows Containers

    Organizations running Windows containers in their Kubernetes cluster have a brand-new threat to worry about.

    Researchers from Palo Alto Networks (PAN) have discovered what they say is the first known malware targeting Windows containers. The malware, named Siloscape, is designed to escape from a Windows container into the Kubernetes node so it can spread in the cluster.

    Attackers can use the malware to carry out a variety of malicious actions, such as credential and data theft, deploying ransomware, and breaching enterprise software development and testing environments.

    Daniel Prizmant, senior staff researcher at PAN's Unit 42 threat intelligence team, says the malware is a manifestation of the growing attacker focus on cloud environments. "Attackers are undergoing their own digital transformation and exploiting the massive enterprise shift to the cloud and new technologies like containers," he says. "As a result, container security has become important."

  • Apple pays millions to woman after explicit photos posted online

    Apple paid millions of dollars to a student after iPhone repair technicians posted explicit photos and videos from her phone to Facebook, legal documents have revealed.

    The tech giant agreed a settlement with the 21-year-old after two employees at a repair facility uploaded the images from a phone she had sent to Apple to be fixed, resulting in “severe emotional distress”.

    The incident, which occurred in 2016 at a centre in California run by Pegatron, an Apple contractor, is one of the most significant privacy violations to be revealed at an iPhone repair facility.

  • Student's nude photos leaked to Facebook by iPhone service centre, Apple now paying her millions of dollars

    The confidentiality agreement was meant to avoid “substantial business harm”, as Apple insisted on confidentiality throughout the settlement. For this reason, Apple was simply referred to as a “customer” throughout the proceedings.

    The tech major was only recently named as the customer during a separate, unrelated lawsuit it faced. Apple confirmed the incident to The Telegraph.

    The confidentiality agreement left many details of the incident hidden. What is known is that the two employees have been fired after an “exhaustive” investigation by Apple. Apple has also been reimbursed for the settlement by Pegatron. Pegatron and its insurers, who refused to pay the bill, have now settled the matter privately.

    The incident shows a glaring loophole in the tall claims repeatedly made by Apple over the strict control of its repair facilities. The company has often cited this as an argument against legislation that would make it easier for third parties to fix its devices. It seems like Apple’s case does not seem too strong if such incidents can occur within the company’s well-monitored facilities.

  • Apple settles with student after authorized repair workers leaked her naked pics to her Facebook page

Microsoft Security Lapses and Censorship

Filed under
Microsoft
    Are We Waiting for Everyone to Get [Cracked]? [iophk: Windows TCO]

    And those are just the attacks we see. Beneath the surface, American businesses are quietly paying off their digital extortionists and burying breaches in hopes that they never see the light of day. China continues to cart off America’s intellectual property, most recently in an aggressive cyberassault on the defense industrial base, and curiously, New York’s Metropolitan Transportation Authority. Russia’s government hackers have shut off the power in Ukraine twice. They’ve reached the control switches at American power plants, and breached nuclear plants too. And Russia’s elite intelligence agency, the S.V.R., slithered its way through hundreds of American companies and government agencies for nine months before it was caught. In the process, it wrecked confidence in the software supply chain. And, officials concede, its agents are quite likely still inside.

    To anyone who had been paying the slightest bit of attention, none of this comes as a surprise. We are racing toward — in fact have already entered — an era of visceral cyberattacks that threaten Americans’ way of life. And yet, despite the vulnerabilities these attacks reveal, individuals, organizations and policymakers have yet to fundamentally change their behavior.

    “If not this, then what?” Mr. Panetta still asks. “What will it take?”

  • ‘Unacceptable’: Microsoft slammed for Tiananmen Square’s anniversary move

    The photos were taken down globally from Bing, Microsoft’s search engine, on Friday — the 32nd anniversary of the event. A Microsoft spokesman said they were taken offline by mistake, attributing the removal to “human error.”

    The images reappeared around the world — outside of China — on Saturday.

  • Microsoft removed 'Tank Man' images on Tiananmen Square's anniversary

    Bing, unlike its major competitors including Google, operates within mainland China. That means Microsoft is forced to censor search results for Chinese users, according to Chinese law — particularly images and information about the Tiananmen Square protests and the killings that ensued.

  • Microsoft states that Tankman’s image was blocked due to human error

    The company didn’t elaborate on what the human error was and how it happened. It also doesn’t mention how many of the company’s Bing development teams are based in China. The company’s largest R & D center outside the United States is located in China, and a senior software engineer based in China announced a job in January to lead a team that develops technology to enhance Bing’s image search.

    Chinese authorities are calling on domestically operated search engines, websites and social media platforms to censor keywords and results that appear to be politically sensitive or critical of the Chinese government.

    References to the 1989 crackdown on Tiananmen Square are blocked in China, as are images related to events such as “Tank Man.”

    Microsoft’s Bing is one of the few international search engines operating in China, which complies with local censorship laws and competes with larger Chinese search engines such as Baidu and Sogou.

Microsoft, Security Issues, and Censorship

Filed under
Microsoft
Security
  • Microsoft says error caused 'Tank Man' Bing censorship

    The phrase relates to the iconic image of a lone protester standing before tanks in China's Tiananmen Square during demonstrations in 1989.

    On Friday users who searched for the term reported receiving the message: "There are no results for tank man".

    It prompted accusations of possible censorship on the protest anniversary.

  • The Cover-Up Continues: The Truth About Bill Gates, Microsoft, and Jeffrey Epstein

    While more revelations about the Bill Gates–Jeffrey Epstein relationship have begun trickling out following the Gates’s divorce announcement, the strong evidence pointing to their relationship beginning decades prior to 2011 continues to be covered up by the media—not necessarily to protect Bill but to protect Microsoft.

    [...]

    The Daily Beast also revealed that the details of the Gates’s divorce had been decided several weeks prior to the official announcement. Then, on May 9, the Wall Street Journal published a report suggesting that the plans for divorce went back even farther, with Melinda having consulted divorce lawyers in 2019. Allegedly, that consultation was made after details of Bill Gates’s relationship with Jeffrey Epstein had gained considerable mainstream media attention, including from the New York Times.

    While mainstream media outlets apparently agree that Jeffrey Epstein was a likely factor in the Gates’s recently announced split up, what these same outlets refuse to cover is the real extent of the Bill Gates–Jeffrey Epstein relationship. Indeed, the mainstream narrative holds that Gates’s ties to Epstein began in 2011, despite the evidence pointing to their relationship beginning decades earlier.

    This blanket refusal to honestly report on the Gates-Epstein ties likely is due to Gates’s outsized role in current events, both in terms of global health policy as it relates to COVID-19 and in his being a major promoter and funder of controversial technocratic “solutions” to a slew of societal problems. What is more likely, however, is that the nature of the relationship between Gates and Epstein before 2011 is even more scandalous than what transpired later, and it may have major implications not just for Gates but for Microsoft as a company and for some of its former top executives.

    [...]

    One line stands out, however, as the first major clue toward demystifying the true origin the of the Gates-Epstein relationship. Soon after Rosser introduces Epstein in the article, he states that Epstein “has made many millions out of his business links with the likes of Bill Gates, Donald Trump and Ohio billionaire Leslie Wexner, whose trust he runs.”

    Both Wexner’s and Trump’s relationships with Epstein prior to 2001 are well known and date back to 1985 and 1987, respectively. Mainstream media, however, continue to report that Gates and Epstein first met in 2011 and have declined to follow the leads laid out by Nigel Rosser. I am personally aware of this withholding of information to a degree as a BBC reporter contacted me in 2019 for details about this 2001 Evening Standard article, which I provided. To date, the BBC has never reported on the contents of that article. Notably, the BBC has received millions in funding for years from the Bill & Melinda Gates Foundation.

    Not only was Rosser’s article never retracted, but neither Gates, Trump, nor Wexner disputed the claims made in the article at the time, which was well before Epstein became notorious. In addition, given that Gates is named alongside two known close Epstein associates at the time—Donald Trump and Leslie Wexner—it further suggests that Gates’s ties to Epstein prior to 2001 were considerable enough to warrant his mention alongside these two other men.

    In addition to the Evening Standard article, there is evidence from Maria Farmer, an Epstein victim who was employed by Epstein and Maxwell from 1995 to 1996, that she recalled hearing Epstein mention Bill Gates in such a way as to imply they were close friends and which gave her the impression that the Microsoft cofounder might soon be visiting one of Epstein’s residences.

    [...]

    Of all the alliances and partnerships Isabel negotiated during her early years at CommTouch, it was her dealings with Microsoft cofounders Bill Gates and Paul Allen that put CommTouch “on the map.” Microsoft’s cofounders did much more than put CommTouch “on the map,” however, as they essentially intervened to prevent the collapse of its initial public offering, a fate that had befallen Isabel Maxwell’s previous company, the McKinley Group, not long before. Indeed, CommTouch kept pushing back its IPO until a massive investment from firms tied to Microsoft cofounder Paul Allen was announced in July 1999.

    [...]

    It further appears that Bill Gates, then head of Microsoft, made a personal investment in CommTouch at the behest of Isabel Maxwell. In an October 2000 article published in the Guardian, Isabel “jokes about persuading Bill Gates to make a personal investment” in CommTouch sometime during this period.

    [...]

    While the Gates Foundation and the Clinton Foundation intermingled, and the latter had ties to Epstein and Maxwell, it also appears that Epstein had significant influence over two of the most prominent science advisers to Bill Gates over the last fifteen years—Melanie Walker and Boris Nikolic.

    [...]

    During her time at the Gates Foundation, Walker introduced Boris Nikolic, Gates’s science adviser, to Epstein. Today, Melanie Walker is the cochair of the World Economic Forum’s Global Future Council on Neurotechnology and Brain Science, having previously been named a WEF Young Global Leader. She also advises the World Health Organization, which is closely linked to Bill Gates’s “philanthropy.”

  • [Crackers] Breached Colonial Pipeline Using Compromised Password [Ed: Windows]

    The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast was the result of a single compromised password, according to a cybersecurity consultant who responded to the attack.

    Hackers gained entry into the networks of Colonial Pipeline Co. on April 29 through a virtual private network account, which allowed employees to remotely access the company’s computer network, said Charles Carmakal, senior vice president at cybersecurity firm Mandiant, part of FireEye Inc., in an interview. The account was no longer in use at the time of the attack but could still be used to access Colonial’s network, he said.

  • David Tomaschik: GPU Accelerated Password Cracking in the Cloud: Speed and Cost-Effectiveness

    As a red teamer and security researcher, I occasionally find the need to crack some hashed passwords. It used to be that John the Ripper was the go-to tool for the job. With the advent of GPGPU technologies like CUDA and OpenCL, hashcat quickly eclipsed John for pure speed. Unfortunately, graphics cards are a bit hard to come by in 2021. I decided to take a look at the options for running hashcat on Google Cloud.

    There are several steps involved in getting hashcat running with CUDA, and because I often only need to run the instance for a short period of time, I put together a script to spin up hashcat on a Google Cloud VM. It can either run the benchmark or spin up an instance with arbitrary flags. It starts the instance but does not stop it upon completion, so if you want to give it a try, make sure you shut down the instance when you’re done with it. (It leaves the hashcat job running in a tmux session for you to examine.)

Isn’t It Time to Switch to Linux? 12 Reasons to Abandon Windows

Filed under
GNU
Linux
Microsoft

So you've been using Windows for a long time. You've heard about this Linux thing and maybe you've even tried it, but you still haven't made the switch. Maybe the newest Windows update really chafed you and you're seriously considering a change.

To help you make an informed decision, let's take a look today at what Linux can offer as a Windows replacement. Below are some of the best reasons Windows users switch to Linux. If they don't convince you, then maybe nothing will.

Read more

Security and Proprietary Software Leftovers

Filed under
Microsoft
Security
  • How to delete saved passwords in Firefox

    While it is convenient to store your login credentials in your browser, it is also be a privacy and security risk. If a friend or family member, or even a repair man accesses your computer, they will have access to your account on any website that has a saved login. If your computer becomes lost or stolen, or if a hacker is able to remotely gain control of it, this information could very easily fall into the wrong hands.

  • Supreme Court Overturns Overbroad Interpretation of CFAA, Protecting Security Researchers and Everyday Users

    EFF filed briefs both encouraging the Court to take today's case and urging it to make clear that violating terms of service is not a crime under the CFAA. In the first, filed alongside the Center for Democracy and Technology and New America’s Open Technology Institute, we argued that Congress intended to outlaw computer break-ins that disrupted or destroyed computer functionality, not anything that the service provider simply didn’t want to have happen. In the second, filed on behalf of computer security researchers and organizations that employ and support them, we explained that the broad interpretation of the CFAA puts computer security researchers at legal risk for engaging in socially beneficial security testing through standard security research practices, such as accessing publicly available data in a manner beneficial to the public yet prohibited by the owner of the data. 

    Today's win is an important victory for users everywhere. The Court rightly held that exceeding authorized access under the CFAA does not encompass “violations of circumstance-based access restrictions on employers’ computers.” Thus, “an individual ‘exceeds authorized access’ when he accesses a computer with authorization but then obtains information located in particular areas of the computer— such as files, folders, or databases—that are off limits to him.” Rejecting the Government’s reading allowing CFAA charges for any website terms of service violation, the Court adopted a “gates-up-or-down” approach: either you are entitled to access the information or you are not. This means that private parties’ terms of service limitations on how you can use information, or for what purposes you can access it, are not criminally enforced by the CFAA.

  • Van Buren is a Victory Against Overbroad Interpretations of the CFAA, and Protects Security Researchers

    The decision is a victory for all Internet users, as it affirmed that online services cannot use the CFAA’s criminal provisions to enforce limitations on how or why you use their service, including for purposes such as collecting evidence of discrimination or identifying security vulnerabilities. It also rejected the use of troubling physical-world analogies and legal theories to interpret the law, which in the past have resulted in some of its most dangerous abuses.

    The Van Buren decision is especially good news for security researchers, whose work discovering security vulnerabilities is vital to the public interest but often requires accessing computers in ways that contravene terms of service. Under the Department of Justice’s reading of the law, the CFAA allowed criminal charges against individuals for any website terms of service violation. But a majority of the Supreme Court rejected the DOJ’s interpretation. And although the high court did not narrow the CFAA as much as EFF would have liked, leaving open the question of whether the law requires circumvention of a technological access barrier, it provided good language that should help protect researchers, investigative journalists, and others. 

    The CFAA makes it a crime to “intentionally access[] a computer without authorization or exceed[] authorized access, and thereby obtain[] . . . information from any protected computer,” but does not define what authorization means for purposes of exceeding authorized access. In Van Buren, a former Georgia police officer was accused of taking money in exchange for looking up a license plate in a law enforcement database. This was a database he was otherwise entitled to access, and Van Buren was charged with exceeding authorized access under the CFAA. The Eleventh Circuit analysis had turned on the computer owner’s unilateral policies regarding use of its networks, allowing private parties to make EULA, TOS, or other use policies criminally enforceable. 

  • The M.T.A. Is Breached by Hackers as Cyberattacks Surge

    A [cracking] group believed to have links to the Chinese government penetrated the Metropolitan Transportation Authority’s computer systems in April, exposing vulnerabilities in a vast transportation network that carries millions of people every day, according to an M.T.A. document that outlined the breach.

    The [crackers] did not gain access to systems that control train cars and rider safety was not at risk, transit officials said, adding that the intrusion appeared to have done little, if any, damage.

    But a week after the agency learned of the attack, officials raised concerns that [crackers] could have entered those operational systems or that they could continue to penetrate the agency’s computer systems through a back door, the document also shows.

  • Malware authors increasingly bypassing scans by Microsoft tool

    Malware authors are crafting their wares to bypass scans on Windows systems altogether, using a number of tricks to avoid being put under the microscope by Microsoft's Antimalware Scan Interface, the global security firm Sophos claims.

  • Beef Shortage Update: Prices Rise As Plants Recover From JBS Cyberattack [iophk: Windows TCO]

    Specialist website Beef Central reported that the U.S. plants are likely to get back to work from Thursday, while its Australian plants will reopen on Friday or at the beginning of next week. It reported that some JBS Australia plants completed boning shifts on Wednesday, but it was only to clear carcasses held in cold storage from kills performed last Friday, before the cyberattack occurred.

Proprietary Software/Microsoft Leftovers

Filed under
Microsoft
Security
  • Big Oil Fought Cybersecurity Regulations, Making Pipeline Attacks Easier [Ed: Microsoft Windows]
  • New ‘Epsilon Red’ ransomware is targeting [sic] unpatched Microsoft Exchange servers [iophk: Windows TCO]

    First detected by security researchers at Sophos plc and revealed Friday, the ransomware was found targeting [sic] a U.S.-based business in the hospitality industry. Delivered as the final executable payload in a hand-controlled attack, the ransomware demanded a payment of 4.29 bitcoin, valued at the time at about $210,000.

  • FBI says Russia-linked group behind JBS [crack] [iophk: Windows TCO]

    The FBI has identified a Russia-linked group as the entity behind the cyberattack on the meat producing group JBS USA.

    “We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,” the FBI wrote in a statement on Wednesday.

  • Russia-Linked Group Behind JBS Attack Revels in ‘Audaciousness’ [iophk: Windows TCO]

    REvil, the Russian-linked [cracking] group the FBI said is responsible for the cyberattack on JBS SA, the largest meat producer in the world, has emerged as one of the most prolific -- and public -- ransomware groups in recent years.

    The [crackers], also known as Sodinokibi, have been at the forefront of the ransomware-as-a-service model of cyberattacks since the group first came to prominence as a security threat in 2019. In this model, [cracking] groups provide malware for others to use in an attack in exchange for a cut of the ransom payments. In order to recruit talent, REvil deposited $1 million in Bitcoin as a way to give potential affiliates peace of mind that they would get paid.

  • FBI names REvil as the group behind meat supplier cyberattack [iophk: Windows TCO]

    The FBI has said that cybercriminal group REvil (also known as Sodinokibi) was behind the recent attack on meat supplier JBS (via The Record). This follows a statement from White House deputy press secretary Karine Jean-Pierre, which indicated that the attack likely came from a Russian-based organization.

  • FBI: JBS ransomware attack was carried out by REvil [iophk: Windows TCO]

    Smilyanets said there hasn’t been any signs of public postings from REvil related to the incident—the group often pressures organizations into paying a demand by exposing some information. “That can indicate that negotiations are underway,” he said.

Official Statement Regarding UXDivers Grial Kit and MauiKit.com usage

Filed under
KDE
Microsoft
Legal

Today May 28, 2021, during a routine reverse search of the term “MauiKit,” we came across a rather surprising finding, a Xamarin Technical Partner, UXDivers, had recently started to use a previously registered but unused domain, mauikit.com. Once again, we find ourselves in a rather unfortunate situation as we’re facing very similar circumstances as last year with Xamarin itself.

[...]

As per the ICANN lookup website, the domain mauikit.com was created on the 21st of May 2020. Coincidentally, this is exactly the month when last year Xamarin (a Microsoft subsidiary) decided to rebrand their UI framework “Xamarin.Form”s to “MAUI,” to be specific, it was registered two days after we raised this problem with Xamarin at their GitHub repository.

Read more

Proprietary Software and More

Filed under
Microsoft
  • DC Attorney General Sues Amazon for Alleged Monopolistic Price-Fixing

    "You have to break up Amazon," said one consumer advocate, who argued there's a "fundamental conflict of interest when you own the infrastructure and you also compete on that infrastructure."

  • Techdirt Podcast Episode 284: How To Think About Cybersecurity [Ed: Microsoft Windows TCO]

    The recent ransomware attack on the Colonial Pipeline has brought renewed public attention to cybersecurity issues. The field is always evolving, and the attack serves as a great starting point for understanding the current state of cybersecurity, so this week we're joined by three experts — Ross Nordurft and Alex Botting from Venable LLP, and Amy Mahn from the National Institute of Standards and Technology — to discuss the lessons from the pipeline attack, and how to take a risk management approach to cybersecurity.

  • Ransomware forced Bose systems offline, exposed personal data of 6 former employees

    A ransomware intrusion of the computer networks of Bose in March forced some of the electronic giant’s IT systems offline and exposed the personal information of a handful of former employees, the company said in a breach notification letter.

    Seven weeks into an investigation of the incident, in late April, Bose discovered that hackers had accessed and “potentially exfiltrated” files containing the Social Security numbers and salary information of six former Bose employees based in New Hampshire, according to the statement.

  • Why Billionaires Like Bill Gates Can’t Fix the Problems They Helped Create

    In April last year, the University of Oxford was reportedly considering offering a Covid vaccine developed by its scientists on a nonexclusive basis, which would have made it possible for manufacturers across the world to produce it more cheaply and widely. But then, as reported in Kaiser Health News, “Oxford — urged on by the Bill & Melinda Gates Foundation — reversed course. It signed an exclusive vaccine deal with AstraZeneca that gave the pharmaceutical giant sole rights and no guarantee of low prices.”

    This deal-making left many people aghast. It seemed to conflict with the Gates Foundation’s stated mission to improve global access to medicines, but it’s not surprising to those who’ve long followed the foundation’s proclivity to lend big pharma a helping hand. Recently, Melinda told The Times that vaccine makers like Pfizer and AstraZeneca “should make a small profit, because we want them to stay in business.”

    Define small. AstraZeneca paid nothing toward Oxford’s basic research on the vaccine, yet the company now has exclusive distribution rights, standing to make billions from the deal brokered by the Gates Foundation.

Syndicate content

More in Tux Machines

Here’s Why Switching to Linux Makes Sense in 2021

Linux does have several benefits over Windows and macOS in certain areas. People are realizing it, and it is slowly gaining popularity in the desktop OS market. Of course, the majority of desktop users still swear by Windows or macOS, but a greater number of users are trying out new Linux distributions to see if they can switch to Linux. They may have heard good things about Linux as a desktop choice, or just want to try something different while confined to their homes. Who knows? Here, I will be presenting you all the good reasons why Linux makes more sense in 2021. Read more

today's leftovers

  • LHS Episode #416: The Weekender LXXIII

    It's time once again for The Weekender. This is our bi-weekly departure into the world of amateur radio contests, open source conventions, special events, listener challenges, hedonism and just plain fun. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we're doing. We'd love to hear from you.

  • Donation button removed

    Over the years, I have blown hot and cold over whether to have a donation button. Did take it down for awhile, about a year ago I think. I received an email asking if can send me a bank cheque, which reminded me about that donation button. I declined the offer. I really don't need donations. It is really my pleasure to upload blog reports about EasyOS, Puppy, DIY hiking gear, and all the rest that have posted about. Ibiblio.org is still very kindly hosting downloads, and I also went back to the Puppy Forum.

  • Akademy 2021 – I

    I am still digesting the load of information that Marc Mutz gave in his intense training session last night between 6 and almost 11 p.m. about C++/STL history, containers, iterators, allocators, the Non-Owning Interface Idiom and all that other good stuff. Great job Marc.

  • Stuck Updates Fix

    When rolling out a new feature that lets you skip (offline) updates on boot-up earlier this week we have messed up and also brought in a nasty bug that prevents updates from applying. Unfortunately we can’t automatically rectify this problem because, well, updates are never applied. In case you find Discover showing the same updates over and over again, even after rebooting to apply the update, you may be affected.

  • AWS SSM Parameters

    If you are not familiar with the Parameter Store it provides hierarchical storage for config data, strings, and other values. As well as being used for storing private information the parameter store provides a public namespace for SUSE, /aws/service/suse, which is now being leveraged to provide the latest image id’s for all active SUSE images.

Proprietary Software Leftovers

  • Steam on ChromeOS: Not a Rumor Anymore - Boiling Steam

    If you follow us or other sources like Chrome Unboxed you are by now aware that there’s ample rumors about Google/Valve working on bringing Steam on ChromeOS. We know the technology pieces are there, as recently discussed with Luke Short in our recent podcast. However, we are still waiting for an official announcement that would turn the expected rumors into reality.

  • First American Financial Pays Farcical $500K Fine

    In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. [NYSE:FAF] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000.

  • How Russian threats in the 2000s turned this country into the go-to expert on cyber defense

    Estonia is no stranger to the cyber threat posed by Russia. Back in 2007, a decision to relocate a Soviet-era war memorial from central Tallinn to a military cemetery sparked a diplomatic spat with its neighbor and former overlord. There were protests and angry statements from Russian diplomats. And just as the removal works started, Estonia became the target of what was at the time the biggest cyberattack against a single country.

    The Estonian government called the incident an act of cyberwarfare and blamed Russia for it. Moscow has denied any involvement.

    The attack made Estonia realize that it needed to start treating cyber threats in the same way as physical attacks.

  • Most Businesses That Pay Off After Ransomware Hack Hit With Second Attack: Study [iophk: Windows TCO]

    The study surveyed nearly 1,300 security professionals around the world and found that 80 percent of businesses that paid after a ransomware attack suffered a second attack. Of those hit a second time, 46 percent believed it came from the same group that did the first attack.

    Censuswide, which performed the study on behalf of the international cybersecurity company Cybereason, found that 25 percent of organizations hit by a ransomware attack were forced to close. In addition, 29 percent were forced to eliminate jobs.

Kernel: Oracle, UPower, and Linux Plumbers Conference

  • Oracle Sends Out Latest Linux Patches So Trenchboot Can Securely Launch The Kernel - Phoronix

    Trenchboot continues to be worked on for providing boot integrity technologies that allow for multiple roots of trust around boot security and integrity. Oracle engineers on Friday sent out their latest Linux kernel patches so it can enjoy a "Secure Launch" by the project's x86 dynamic launch measurements code. The latest kernel patches are a second revision to patches sent out last year around the Trenchboot launch support for enhancing the integrity and security of the boot process. This kernel work goes along with Trenchboot support happening for GRUB.

  • Nearly A Decade Later, UPower Still Working Towards 1.0 Release

    For nearly one decade there has been talk of UPower 1.0 while in 2021 that still has yet to materialize for this former "DeviceKit-Power" project but at least now there is UPower v0.99.12 as the first release in two years. UPower 1.0 has yet to materialize and it certainly isn't advancing these days like it was in the early 2010s. With Thursday's UPower 0.99.12 release the key changes to land over the past two years are supporting more device types and power reporting for newer Apple iPhone smartphones like the iPhone XR, XS, and other newer models.

  • Linux Plumbers Conference: Tracing Microconference Accepted into 2021 Linux Plumbers Conference

    We are pleased to announce that the Tracing Microconference has been accepted into the 2021 Linux Plumbers Conference. Tracing in the Linux kernel is constantly improving. Tracing was officially added to Linux in 2008. Since then, more tooling has been constantly added to help out with visibility. The work is still ongoing, with Perf, ftrace, Lttng, and eBPF. User space tooling is expanding and as the kernel gets more complex, so does the need for facilitating seeing what is going on under the hood.