Language Selection

English French German Italian Portuguese Spanish

Microsoft

Microsoft and Proprietary Software

Filed under
Microsoft
Security
  • Microsoft silent about major flaw in Azure's Cosmos database

    The vulnerability allows outsiders to access keys that control entry to databases that are held by thousands of customers. The keys can only be changed by the customers.

  • EXCLUSIVE Microsoft warns thousands of cloud customers of exposed databases

    The vulnerability is in Microsoft Azure's flagship Cosmos DB database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies. Wiz Chief Technology Officer Ami Luttwak is a former chief technology officer at Microsoft's Cloud Security Group.

    Because Microsoft cannot change those keys by itself, it emailed the customers Thursday telling them to create new ones. Microsoft agreed to pay Wiz $40,000 for finding the flaw and reporting it, according to an email it sent to Wiz.

  • Microsoft ending Chromebook support for Office Android apps in September (Update: Google statement added)

    By the way: If you want a fully native productivity suite that does run locally on your Chromebook, there are other options. I wrote up documentation on how to install LibreOffice in Linux on your Chromebook right here. It’s not as painful as it looks and LibreOffice is fairly comparable to Microsoft’s Office suite.

Proprietary Software and Security

Filed under
Microsoft
Security
  • Microsoft’s Power Apps leaks data from 47 companies, report finds

    In June, UpGuard researchers submitted a vulnerability report to Microsoft Security Resource Center (MSRC), addressing the issue of OData feeds identification as it provides unidentified admission to a selection of data and URLs for accounts that were potentially exposing critical data.

  • Cyberattack Forces Memorial Health System to Divert Patients to Alternate Hospitals [iophk: Windows TCO]

    Memorial Health System operates three hospitals in Ohio and West Virginia, all of which have been affected by the attack. Since electronic health records were not accessible, patient safety was potentially put at risk, so the decision was taken to divert emergency patents.

  • Memorial Health System recovers from ransomware [iophk: Windows TCO]

    In a bulletin posted on its site, healthcare facility network Memorial Health System, based in West Virginia and Ohio, said it was beginning the process of recovery and restoration after being hit with a ransomware attack earlier in the week. The network reported on Sunday that it experienced an “information technology security incident” that caused it to suspend all online access across its 64 clinics, including hospitals Marietta Memorial, Selby General, and Sistersville General. Surgeries have been canceled, ambulances have been diverted, and clinic staff have had to work with paper charts. But on Wednesday, the network announced it had reached a “negotiated solution,” and that it is “beginning the process that will restore operations as quickly and as safely as possible.”

  • By Design: How Default Permissions on Microsoft Power Apps Exposed Millions

    We had discovered over a thousand anonymously accessible lists across a few hundred portals that needed to be analyzed and potentially notified. Ideally, Microsoft would have been involved in doing so, but our attempt to pursue this option thus far had been unsuccessful– though Microsoft would later take action after we had notified some of the most severe exposures. We spent the next few weeks analysing the data for indicators of sensitivity and reaching out to affected organizations. The notification timelines and data classes for some of the most significant exposures are described below to give a sense of the prevalence and impact of this design decision.

  • Cybersecurity company flags Microsoft Power Apps data leak of 38M records

    The types of data included names, email addresses, personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, Social Security numbers for job applicants and employee IDs.

  • Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up [iophk: Windows TCO]

    Two separate CEOs of major insurance giants remarked in recent weeks about a considerable jump in cyber insurance premium prices: AIG’s chief executive said rates increased by 40% for its clients, while Chubb’s chief executive said that company was charging more, too.

    Rather than welcoming the trend, Chubb CEO Evan Greenberg offered a warning. Those price increases, he said, still don’t reflect the grave risk that a catastrophic cyber event poses. “That is not addressing by itself the fundamental issue,” he said.

  • Healthcare provider expected to lose $106.8 million following ransomware attack [iophk: Windows TCO]

    The bulk of the losses, representing $91.6 million, came from lost revenues during the four weeks the organization needed to recover from the May ransomware attack.

    Scripps also lost $21.1 million in costs associated with response and recovery. While the company said it recovered $5.9 million through its insurance policy, the healthcare provider said it expects to lose an estimated $106.8 million by the end of the year.

    The losses stemming from the ransomware attack do not include potential losses due to litigation.

  • The pandemic revealed the health risks of hospital ransomware attacks [iophk: Windows TCO]

    The findings, which are still unpublished, should help push back on any groups hesitant to say that cyberattacks are dangerous for patients, says Josh Corman, a senior adviser to CISA, the federal agency that advises on government and private sector cybersecurity issues. “We should stop pretending that there is no harm to human life from cyber attacks,” he says.

  • Microsoft Is Going to Make it Difficult for Chromebook Owners to Use Word Offline [Ed: Any excuses to hamper competition]

    About Chromebooks reminded me there is an Office Editing extension from Google that lets you download Word, Excel, and PowerPoint files to edit with Google Docs, Sheets, and Slides. It enables you to edit those files in Google Docs without the [Internet], and it stays dormant in the background until it senses an active connection, when it then uploads your changes. There are also open-source alternatives to opening and editing Office files, namely the Linux version of LibreOffice, a relatively easy install on the Chromebook if you’re not intimidated by Linux apps.

Servers and Ubuntu, Security/Penetration Testing

Filed under
Server
Microsoft
Security
Ubuntu
  • Scientists calculate value of Pi to 62 trillion digits, claim new world record [Ed: Running Ubuntu]

    A team of scientists from Switzerland’s University of Applied Sciences Graubünden claim they have broken the world record for calculating the value of Pi. The researchers used a supercomputer to calculate the value of Pi to 62 trillion digits, breaking previous records set by Google and Engineer Timothy Mullicon, who holds the current record for calculating Pi’s value to 50 trillion digits.

    “The calculation of the new pi-digit world record by the DAViS team at the University of Applied Sciences in Graubünden took 108 days and 9 hours. It is therefore almost twice as fast as the record that Google set in its cloud in 2019, and around 3.5 times as fast as the last world record from 2020," the researchers said in a statement.

  • Why safety-first connectivity has become business critical for the IoT [Ed: Self-serving puff pieces from Canonical]

    Not only can the financial risks associated with security breaches be significant, but further cost can come in the form of user trust, which in light of evolving use cases post-Covid-19, can be even more critical to businesses.

    With offices changing and transport networks set to adapt in line with new commuter behaviors, IoT solutions need to be safety-first to ensure they can guarantee positive user experiences that do not provoke alarm or concern. The customer confidence that is achieved through having a secure, user-friendly IoT device enables further development and investment. As the world moves into a ‘new normal’, it is vital that trust is at the heart of this, and safety-first IoT is the most effective means of achieving this.

    IoT device manufacturers of all sizes should review and commit to developing and executing a sound cybersecurity strategy for all new products. As the threat landscape becomes more complex, manufacturers should leverage trusted computing technologies to provide more agility and speed of deployment - to be safe in the knowledge that all layers of security are implemented to protect against the growing sophistication of the threats of the future.

  • August 2021 Web Server Survey [Ed: Microsoft continues to decline and decline and flounder in Web servers]

    In the August 2021 survey we received responses from 1,211,444,849 sites across 263,733,974 unique domains and 11,327,711 web-facing computers. This reflects a loss of 4.99 million sites, but a gain of 1.64 million domains and 67,600 computers.

    The number of unique domains powered by the nginx web server grew by more than a million this month, while Apache's count fell by 916,000. This has extended nginx's lead in the domains metric, giving it a 29.8% share compared with Apache's 25.5%.

    OpenResty gained 234,000 domains, but its market share remained static at 14.5%, while Cloudflare gained 726,000 domains and increased its market share to 7.72%.

    The number of web-facing computers using nginx has continued to increase, this month by 49,000 (+1.18%). There are now 4.19 million web-facing computers running nginx, compared with 3.52 million that run Apache. Microsoft follows in third place with 1.38 million computers.

    The web-facing computers metric has painted a remarkably stable trend over the past several years, as is evident in the graph below, with both Microsoft and Apache steadily falling while nginx has progressively climbed to first overtake Microsoft in 2017, and then Apache during 2020. There has also been a rise in "Other" web servers, which includes several nginx-based spinoffs such as OpenResty and Tengine.

  • Different Types of Hacking and Different Types of Hackers guide 2021

    Hacking and hackers are well-known terminologies in the world nowadays. When people hear these words, they adopt a false imagination related to crime.

  • Why Ethical Hacking Virtual Lab is important a guide for Beginner 2021

    As you know ethical hacking is a very sensitive area.

    When you join the ethical hacking class then You will have learned some advanced skills related to cybersecurity and finding the vulnerability, which is really good and appreciable but you can not practice these skills in the real world.

    Because doing any type of activity, for example scanning, finding vulnerability, compromise system are illegal.

    illegal activities will send you jail definitely.

    If You use your skills to hack a system without the owner’s permission, you could send you jail. So hacking is a very sensitive field.

8 Reasons to Switch from Windows to Linux

Filed under
GNU
Linux
Microsoft

As Windows 10 started to show a new face with a number of policy decisions that Microsoft made regarding its product, there’s been an observable upsurge in the number of people switching to Linux. This isn’t surprising as Linux has always been the perfect tool for privacy. If you are still on the fence, here are eight reasons why you should make the switch from Windows to Linux.

Read more

Your PC is not compatible with Windows 11? Here are your options!

Filed under
GNU
Linux
Microsoft

The second option that you have is to switch to Linux. It requires more work on your part, as you have to find a suitable Linux distribution, alternatives to programs that are not available on Linux, and get to know a new operating system.

Depending on the distribution, Linux may look and feel similar to Windows, or it may be a totally different experience.

Most Linux distributions support Live operating systems, which means that you may run them without installing them. Instructions are provided on the websites, e.g. Linux Mint.

Gamers find that most PC games work on Linux nowadays either directly or through applications such as Wine. Valve and its Steam service have pushed Linux compatibility significantly in recent time, and there are options to play games from other stores as well under Linux.

The advantage of this method is that you will have no trouble finding a suitable distribution, and that most programs and games will either run or have suitable alternatives.

Downside is that no programs or apps can be carried over, that it takes time to find a suitable distribution and get used to it. Some programs and apps are not available on Linux, and won't run using Wine or other methods.

Read more

Microsoft Interests Inside Linux and Upcoming Events

Filed under
Linux
Microsoft

Proprietary Software and Security

Filed under
Microsoft
Security
  • Microsoft warns attack could compromise Windows domain controllers and servers

    Microsoft has acknowledged a newly-discovered version of an attack on a long-vulnerable Windows single sign-on protocol called NTLM — short for New Technology LAN Manager — that is still used in the operating system as a backup to the newer Kerberos authentication protocol.

  • PlugwalkJoe Does the Perp Walk

    One day after last summer’s mass-hack of Twitter, KrebsOnSecurity wrote that 22-year-old British citizen Joseph “PlugwalkJoe” O’Connor appeared to have been involved in the incident. When the U.S. Justice Department last week announced O’Connor’s arrest and indictment, his alleged role in the Twitter compromise was well covered in the media.

  • South Africa Port Operator Declares Force Majeure Over Cyber Attack

    Transnet SOC Ltd., South Africa’s state-owned ports and freight-rail company, declared force majeure at the country’s key container terminals after disruptions caused by a cyber attack five days ago.

  • [Cr]ackers spreading malware through Discord: Report

    Leading cybersecurity firm Sophos on Monday warned users that popular chat platform Discord is being used by [cr]ackers for spreading malware.

    The firm said that the findings are based on analysis of more than 1,800 malicious files detected by Sophos telemetry on the Discord Content Management Network (CDN).

  • ‘Holy moly!’: Inside Texas’ fight against a ransomware hack [iophk: Windows TCO]

    Texas communities struggled for days with disruptions to core government services as workers in small cities and towns endured a cascade of frustrations brought on by the sophisticated cyberattack, according to thousands of pages of documents reviewed by The Associated Press and interviews with people involved in the response. The AP also learned new details about the attack’s scope and victims, including an Air Force base where access to a law enforcement database was interrupted, and a city forced to operate its water-supply system manually.

  • Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy [iophk: Windows TCO]

    Egregor has since disappeared, following an international sting in February. Now, though, more than 100 pages of Egregor negotiation transcripts — obtained and analyzed by IBM Security X-Force and its partner company Cylera, and reviewed by CyberScoop — shed light on the oft-opaque structure of a ransomware operation. The discussion records also demonstrate how victims proved most effective at convincing their extortionists to reduce the amount demanded to decrypt their systems, with one medical organization turning a $15 million ransom into a $2 million payment.

  • Paul E. Mc Kenney: Confessions of a Recovering Proprietary Programmer, Part XVIII: Preventing Involuntary Generosity

    I recently learned that all that is required for someone to take out a loan in some random USA citizen's name is that citizen's full name, postal address, email address, date of birth, and social security number. If you are above a certain age, all of these are for all intents and purposes a matter of public record. If you are younger, then your social security number is of course supposed to be secret—and it will be, right up to that data breach that makes it available to all the wrong people.

    This sort of thing can of course be a bit annoying to our involuntarily generous USA citizen. Fortunately, there are quite a few things you can do, although I will not try to reproduce the entirety of the volumes of good advice that are available out there. Especially given that laws, processes, and procedures are all subject to change.

  • OpenBSD full Tor setup

    If for some reasons you want to block all your traffic except traffic going through Tor, here is how to proceed on OpenBSD.

    The setup is simple and consists at installing Tor, running the service and configure the firewall to block every requests that doesn't come from the user _tor used by Tor daemon.

  • Dead Drops and Security Through Obscurity

    There’s massive confusion in the security community around Security Through Obscurity.

    In general, most people know it’s bad, but they can’t say exactly why. And because of this, people tend to think the “Obscurity” in “Security Through Obscurity” equates to secrecy, meaning if you hide anything, it’s Security Through Obscurity.

    This is incorrect, and Dead Drops are a great example.

  • Preventing Data Exfiltration with eBPF

    Consider a service invoking webhooks. It will be running with limited data access but must be able to communicate with the entire Internet. Contrast that to an SSH session that’s been opened for troubleshooting purposes. It will have access to the entire machine but does not egress to an arbitrary IP.

Microsoft, IBM, and Their Proprietary Software Front Groups

Filed under
Red Hat
Microsoft
  • Nathan Willis: Emojent behavior

    For starters, though, begging for a proprietary software vendor to re-license its product under FOSS terms is, at best, a wild misinterpretation of Why Vendors Do What They Do. Microsoft doesn’t re-license products on a whim...

  • Red Hat JBoss Enterprise Application Platform 7.4 brings new developer and operations capabilities | Red Hat Developer

    Red Hat JBoss Enterprise Application Platform (JBoss EAP) 7.4 is now in general availability (GA). JBoss EAP is an open source, Jakarta Enterprise Edition (Jakarta EE) 8-compliant application server that enables organizations to deploy and manage enterprise Java applications across hybrid IT environments, including bare-metal, virtualized, private, and public clouds. This release provides enhancements to operations on Red Hat OpenShift as well as several new improvements in security, management, and developer productivity.

    This article covers what's new in the JBoss EAP 7.4 GA. With this release, Red Hat continues its commitment to Jakarta EE support and enabling developers to extend existing application investments as they transition to emerging architectures and programming paradigms that require a lightweight, highly modular, cloud-native platform.

  • Services sessions from Red Hat Summit 2021 to catch on demand

    Red Hat Summit Virtual Experience brought a host of learning and networking opportunities to IT professionals globally in April and June this year. Red Hat experts, partners, and customers presented the latest and greatest on high-performing Linux, cloud, automation, management, containers, and Kubernetes technologies.

    Beyond technology, however, Red Hat Services sessions provided fundamental lessons to help enact widespread change within your organization. From solution implementation to enablement, Red Hat Services helps customers translate their technology investments into measurable and meaningful business outcomes. Services sessions included insights on process and culture, how to tackle digital transformation and valuable lessons learned during residencies with Red Hat Open Innovation Labs. Be sure to watch these informative sessions to gain tools to help evolve your business through enterprise open source.

  • Digital health pass developments worldwide: Canada, Slovenia, Linux Foundation [Ed: Linux Foundation as surveillance powerhouse for IBM and Microsoft. This is harming the Linux brand.]

    A year after its launch, Linux Foundation Public Health (LFPH) has become the neutral forum for public health authorities to seek advice about technology development, the organization says.
    The open-source group has launched five technical projects related to COVID exposure notification and credentials, and its dedication to keeping users’ medical data private has accelerated the response of public health authorities and tech companies alike. LFPH has advised more than 50 states and countries, and its community is now up to 1,600 regular contributors from nearly 30 countries, while formal membership has tripled.

Microsoft's Proprietary Software Ransom

Filed under
Microsoft
Security
  • Don’t Wanna Pay Ransom Gangs? Test Your Backups.

    Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective.

  • Microsoft Exchange email [cr]ack was caused by China, US says [iophk: Microsoft is getting help from the Biden administration in shifting the blame away from their own shoddy products and onto China.]

    The administration and allied nations also disclosed a broad range of other cyberthreats from Beijing, including ransomware attacks from government-affiliated [cr]ackers that have targeted companies with demands for millions of dollars. China’s Ministry of State Security has been using criminal contract [cr]ackers, who have engaged in cyber extortion schemes and theft for their own profit, according to a senior administration official. That official briefed reporters about the investigation on the condition of anonymity.

  • U.S. accuses China of abetting ransomware attack

    The announcement was part of a broader effort by the U.S. and a large group of allies, including the European Union, NATO, the U.K., Australia and Japan, to condemn China’s government for “malicious cyber activity,” a senior White House official told reporters on a call Sunday night. The official asked to not be identified as a condition of participating in the call.

Microsoft Propaganda and FUD

Filed under
Microsoft
Syndicate content

More in Tux Machines

You Can Use Raspberry Pi 400 As a PC Keyboard and Mouse Combo

If you’re a fan of Pimoroni, you’re probably familiar with its software lead Phil Howard (aka Gadgetoid) and his developments in the Raspberry Pi community. Today we’re sharing an awesome project he put together using our favorite keyboard PC, the Raspberry Pi 400. Using the right cable and a bit of code, the Raspberry Pi 400 can function as a regular, USB HID keyboard. The best Raspberry Pi projects are easy to recreate and the only accessory you need to pull this project off is a USB Type-C to USB Type-A cable. Read more

today's leftovers

  • DearPyGui 1.0.0 user interface Toolkit Released - itsfoss.net

    Published edition Dear PyGui 1.0.0 (the DPG), a cross-platform toolkit for GUI development in Python. The most important feature of the project is the use of multithreading and outsourcing of operations to the GPU to speed up rendering. The key goal of shaping the 1.0.0 release is to stabilize the API. Compatibility-breaking changes will now be proposed in a separate “experimental” module. To ensure high performance, the bulk of the DearPyGui code is written in C ++ using the Dear ImGui library , designed for creating graphical applications in C ++ and offering a fundamentally different operating model. The Dear PyGui source code is licensed under the MIT license. Declared support for Linux, Windows 10 and macOS platforms.

  • Software testing - a 32-year-old message

    And then, after having tested hundreds of Linux distributions, thousands of applications, every release of Windows since 3.11, and then some, I can definitely say that the slow, steady erosion of professional testing in the software world is noticeable. And by that mean, in those scenarios it actually existed, because in some domains, it's never been there, and it shows. If anything, the longer I keep my hands on this or that application or program, the more I'm convinced that the new, casual approach to quality is simply not working. There will be a moment of reckoning.

  • Issue #373 - Robotic tickles

    We thought we’d lead with the weirdest Raspberry Pi-powered thing, purely because we couldn’t resist the bizarre visual. These robotic hands move according to actions taken on social media. And they’re creepy. We like creepy. Another robot from the blog this week can solve your Sudoku in seconds, and a hackathon-winning student project can photograph any object and automatically turn it into an NFT.

  • ODROID-H2+ SBC discontinued due to supply shortage - CNX Software

    Hardkernel has just discontinued ODROID-H2+ single board computer based on the Intel Celeron J4115 Gemini Lake Refresh processor, which followed ODROID-H2 SBC itself being discontinued shortly after Intel decided to phase out Intel J4105 and other Gemini Lake processors. The reason given is the “uncertain situation of main component supply”, which could mean Celeron J4115 processor is hard to get (or expensive), or the Realtek RTL8125B chipset provides 2.5GbE networking. That means Hardkernel does not offer any x86 SBC at this time. That’s a shame before ODROID-H2+ was a well-supported SBC running Linux or Windows, and great value for money at $119, especially for people interested in the two 2.5 Gbps Ethernet ports found on the board (and upgradeable to six), not to mention support for SO-DIMM memory and M.2 NVMe SSD.

  • Debian blocks VPN and Tor users from reading its Wiki. – BaronHK's Rants

    I understand that they don’t want VPN and Tor users messing up their Wiki anonymously, where it would be difficult to ban any one vandal, but to block people from even _reading it_ unless they unmask themselves is a bit heavy-handed. On Wikipedia, they block Tor and VPN users from editing, but you can read it all you want, and you can view the page’s source code if you are on a VPN. This is the right thing to do. I’m not sure why Debian is requiring us to de-anonymize ourselves just to read their Wiki. I wish that they would stop doing this.

  • Red Hat Announces Updates To Red Hat OpenShift And Red Hat Advanced Cluster Management For Kubernetes
  • How bare metal cloud is powering the telecommunications industry

    Bare metal clouds are gaining a lot of momentum in the telecommunications industry—but why? What is a bare metal cloud, and what are the benefits of using it? In this post, we answer these questions and more.

  • digiKam - digiKam Recipes 21.10.15 released

    It has been a while since the last update of digiKam Recipes. But that doesn’t mean I neglected the book. In the past few months, I’ve been doing a complete language review and adding new material. The new revision of digiKam Recipes features detailed information on how to move digiKam library and databases from one machine to another, how to access digiKam remotely from any machine, and how to import photos from an iOS device. The book now uses the Barlow font for better legibility along with a slightly improved layout.

  • October 2021 Web Server Survey [Ed: Microsoft became so irrelevant in Web servers that it is not even mentioned anymore and most tables don't even list Microsoft (it's miniscule, outside view)]

    In the October 2021 survey we received responses from 1,179,448,021 sites across 265,426,928 unique domains and 11,388,826 web-facing computers. This reflects a loss of 8.59 million sites, but a gain of 1.07 million domains and 20,800 computers. The number of unique domains powered by the nginx web server grew by 789,000 this month, which has increased its total to 79.5 million domains and its leading market share to 29.9%. Conversely, Apache lost 753,000 domains and saw its second-place share fall to 24.7%. Meanwhile, Cloudflare gained 746,000 domains – almost as many as nginx – but it stays in fourth place with an 8.15% share while OpenResty's shrank slightly to 14.5%. Cloudflare also made strong progress amongst the top million websites, where it increased its share by 0.24 percentage points to 18.2%. nginx is in second place with a 22.5% (+0.12pp) share but has closed the gap on Apache which still leads with 24.0% after losing 0.21pp. Apache also continues to lead in terms of active sites, where it has a total of 48.0 million. However, it was the only major vendor to suffer a drop in this metric, with a loss of 277,000 active sites reducing its share down to 23.9% (-0.29pp). In terms of all sites, nginx lost the most (-9.99 million) but remains far in the lead with a total of 412 million.

  • Chrome OS 94 Released - itsfoss.net

    The release of the operating system Chrome OS 94 has been published , based on the Linux kernel, the upstart system manager, the ebuild / portage build toolkit, open components and the Chrome 94 web browser . The user environment of Chrome OS is limited to a web browser, and instead of standard programs, web applications are used, however, Chrome OS includes a full-fledged multi-window interface, desktop and taskbar. Chrome OS 94 is available for most current Chromebooks. Enthusiasts have formed unofficial assemblies for ordinary computers with x86, x86_64 and ARM processors. Source texts are distributed under the free Apache 2.0 license.

Security Leftovers

  • Security updates for Friday

    Security updates have been issued by Debian (squashfs-tools, tomcat9, and wordpress), Fedora (openssh), openSUSE (kernel, mbedtls, and rpm), Oracle (httpd, kernel, and kernel-container), SUSE (firefox, kernel, and rpm), and Ubuntu (linux-azure, linux-azure-5.4).

  • Apache Releases Security Advisory for Tomcat   | CISA

    The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to cause a denial of service condition.

  • Security Risks of Client-Side Scanning

    Even before Apple made their announcement, law enforcement shifted their battle for back doors to client-side scanning. The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. It’s not a cryptographic back door, but it still a back door — and brings with it all the insecurities of a back door. I’m part of a group of cryptographers that has just published a paper discussing the security risks of such a system. (It’s substantially the same group that wrote a similar paper about key escrow in 1997, and other “exceptional access” proposals in 2015. We seem to have to do this every decade or so.) In our paper, we examine both the efficacy of such a system and its potential security failures, and conclude that it’s a really bad idea.

  • The Open Source Security Foundation receives $ 10 million in funding - itsfoss.net

    The Linux Foundation has announced a $ 10 million commitment to the OpenSSF (Open Source Security Foundation), an effort to improve the security of open source software. Funds raised through royalties from parent companies of OpenSSF, including Amazon, Cisco, Dell Technologies, Ericsson, Facebook, Fidelity, GitHub, Google, IBM, Intel, JPMorgan Chase, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk, and VMware …

Videos/Shows: Ubuntu 21.10, LHS, and Chris Titus

  • Ubuntu 21.10 - Full Review - Invidious

    Ubuntu 21.10 finally features the GNOME 40 desktop, better Wayland support, and more. In this video, I'll give you my thoughts on "Impish Idri" and we'll go over some of the new features. I'll talk about the installation process, Wayland changes,

  • LHS Episode #435: The Weekender LXXX

    It's time once again for The Weekender. This is our bi-weekly departure into the world of amateur radio contests, open source conventions, special events, listener challenges, hedonism and just plain fun. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we're doing. We'd love to hear from you.

  • Time to Rice and Make the Best Looking Desktop - Invidious

    We have our script that sets up the system... now we make our script to automatically make our desktop the best looking one out there!