Language Selection

English French German Italian Portuguese Spanish

Microsoft

Microsoft Interests Inside Linux and Upcoming Events

Filed under
Linux
Microsoft

Proprietary Software and Security

Filed under
Microsoft
Security
  • Microsoft warns attack could compromise Windows domain controllers and servers

    Microsoft has acknowledged a newly-discovered version of an attack on a long-vulnerable Windows single sign-on protocol called NTLM — short for New Technology LAN Manager — that is still used in the operating system as a backup to the newer Kerberos authentication protocol.

  • PlugwalkJoe Does the Perp Walk

    One day after last summer’s mass-hack of Twitter, KrebsOnSecurity wrote that 22-year-old British citizen Joseph “PlugwalkJoe” O’Connor appeared to have been involved in the incident. When the U.S. Justice Department last week announced O’Connor’s arrest and indictment, his alleged role in the Twitter compromise was well covered in the media.

  • South Africa Port Operator Declares Force Majeure Over Cyber Attack

    Transnet SOC Ltd., South Africa’s state-owned ports and freight-rail company, declared force majeure at the country’s key container terminals after disruptions caused by a cyber attack five days ago.

  • [Cr]ackers spreading malware through Discord: Report

    Leading cybersecurity firm Sophos on Monday warned users that popular chat platform Discord is being used by [cr]ackers for spreading malware.

    The firm said that the findings are based on analysis of more than 1,800 malicious files detected by Sophos telemetry on the Discord Content Management Network (CDN).

  • ‘Holy moly!’: Inside Texas’ fight against a ransomware hack [iophk: Windows TCO]

    Texas communities struggled for days with disruptions to core government services as workers in small cities and towns endured a cascade of frustrations brought on by the sophisticated cyberattack, according to thousands of pages of documents reviewed by The Associated Press and interviews with people involved in the response. The AP also learned new details about the attack’s scope and victims, including an Air Force base where access to a law enforcement database was interrupted, and a city forced to operate its water-supply system manually.

  • Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy [iophk: Windows TCO]

    Egregor has since disappeared, following an international sting in February. Now, though, more than 100 pages of Egregor negotiation transcripts — obtained and analyzed by IBM Security X-Force and its partner company Cylera, and reviewed by CyberScoop — shed light on the oft-opaque structure of a ransomware operation. The discussion records also demonstrate how victims proved most effective at convincing their extortionists to reduce the amount demanded to decrypt their systems, with one medical organization turning a $15 million ransom into a $2 million payment.

  • Paul E. Mc Kenney: Confessions of a Recovering Proprietary Programmer, Part XVIII: Preventing Involuntary Generosity

    I recently learned that all that is required for someone to take out a loan in some random USA citizen's name is that citizen's full name, postal address, email address, date of birth, and social security number. If you are above a certain age, all of these are for all intents and purposes a matter of public record. If you are younger, then your social security number is of course supposed to be secret—and it will be, right up to that data breach that makes it available to all the wrong people.

    This sort of thing can of course be a bit annoying to our involuntarily generous USA citizen. Fortunately, there are quite a few things you can do, although I will not try to reproduce the entirety of the volumes of good advice that are available out there. Especially given that laws, processes, and procedures are all subject to change.

  • OpenBSD full Tor setup

    If for some reasons you want to block all your traffic except traffic going through Tor, here is how to proceed on OpenBSD.

    The setup is simple and consists at installing Tor, running the service and configure the firewall to block every requests that doesn't come from the user _tor used by Tor daemon.

  • Dead Drops and Security Through Obscurity

    There’s massive confusion in the security community around Security Through Obscurity.

    In general, most people know it’s bad, but they can’t say exactly why. And because of this, people tend to think the “Obscurity” in “Security Through Obscurity” equates to secrecy, meaning if you hide anything, it’s Security Through Obscurity.

    This is incorrect, and Dead Drops are a great example.

  • Preventing Data Exfiltration with eBPF

    Consider a service invoking webhooks. It will be running with limited data access but must be able to communicate with the entire Internet. Contrast that to an SSH session that’s been opened for troubleshooting purposes. It will have access to the entire machine but does not egress to an arbitrary IP.

Microsoft, IBM, and Their Proprietary Software Front Groups

Filed under
Red Hat
Microsoft
  • Nathan Willis: Emojent behavior

    For starters, though, begging for a proprietary software vendor to re-license its product under FOSS terms is, at best, a wild misinterpretation of Why Vendors Do What They Do. Microsoft doesn’t re-license products on a whim...

  • Red Hat JBoss Enterprise Application Platform 7.4 brings new developer and operations capabilities | Red Hat Developer

    Red Hat JBoss Enterprise Application Platform (JBoss EAP) 7.4 is now in general availability (GA). JBoss EAP is an open source, Jakarta Enterprise Edition (Jakarta EE) 8-compliant application server that enables organizations to deploy and manage enterprise Java applications across hybrid IT environments, including bare-metal, virtualized, private, and public clouds. This release provides enhancements to operations on Red Hat OpenShift as well as several new improvements in security, management, and developer productivity.

    This article covers what's new in the JBoss EAP 7.4 GA. With this release, Red Hat continues its commitment to Jakarta EE support and enabling developers to extend existing application investments as they transition to emerging architectures and programming paradigms that require a lightweight, highly modular, cloud-native platform.

  • Services sessions from Red Hat Summit 2021 to catch on demand

    Red Hat Summit Virtual Experience brought a host of learning and networking opportunities to IT professionals globally in April and June this year. Red Hat experts, partners, and customers presented the latest and greatest on high-performing Linux, cloud, automation, management, containers, and Kubernetes technologies.

    Beyond technology, however, Red Hat Services sessions provided fundamental lessons to help enact widespread change within your organization. From solution implementation to enablement, Red Hat Services helps customers translate their technology investments into measurable and meaningful business outcomes. Services sessions included insights on process and culture, how to tackle digital transformation and valuable lessons learned during residencies with Red Hat Open Innovation Labs. Be sure to watch these informative sessions to gain tools to help evolve your business through enterprise open source.

  • Digital health pass developments worldwide: Canada, Slovenia, Linux Foundation [Ed: Linux Foundation as surveillance powerhouse for IBM and Microsoft. This is harming the Linux brand.]

    A year after its launch, Linux Foundation Public Health (LFPH) has become the neutral forum for public health authorities to seek advice about technology development, the organization says.
    The open-source group has launched five technical projects related to COVID exposure notification and credentials, and its dedication to keeping users’ medical data private has accelerated the response of public health authorities and tech companies alike. LFPH has advised more than 50 states and countries, and its community is now up to 1,600 regular contributors from nearly 30 countries, while formal membership has tripled.

Microsoft's Proprietary Software Ransom

Filed under
Microsoft
Security
  • Don’t Wanna Pay Ransom Gangs? Test Your Backups.

    Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective.

  • Microsoft Exchange email [cr]ack was caused by China, US says [iophk: Microsoft is getting help from the Biden administration in shifting the blame away from their own shoddy products and onto China.]

    The administration and allied nations also disclosed a broad range of other cyberthreats from Beijing, including ransomware attacks from government-affiliated [cr]ackers that have targeted companies with demands for millions of dollars. China’s Ministry of State Security has been using criminal contract [cr]ackers, who have engaged in cyber extortion schemes and theft for their own profit, according to a senior administration official. That official briefed reporters about the investigation on the condition of anonymity.

  • U.S. accuses China of abetting ransomware attack

    The announcement was part of a broader effort by the U.S. and a large group of allies, including the European Union, NATO, the U.K., Australia and Japan, to condemn China’s government for “malicious cyber activity,” a senior White House official told reporters on a call Sunday night. The official asked to not be identified as a condition of participating in the call.

Microsoft Propaganda and FUD

Filed under
Microsoft

Proprietary Software Leftovers

Filed under
Microsoft
Security
  • Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

    At 4:30 p.m. UTC, all within the same second, the compromised servers woke up and ran a command script that disabled a variety of security controls and sent malicious payloads to every system managed by those servers, according to an analysis conducted by Huntress Labs. While security firms are still sifting through the data, reverse engineering has revealed that the attack — from the first packets exploiting dozens of VSA servers, to the deployment of ransomware on the endpoints of hundreds to thousands of MSP customers — took less than two hours.

    The speed of automation gave managed service providers and their customers only a very narrow window in which to detect attacks and block them, says John Hammond, a senior threat researcher for Huntress Labs. Companies would have to run frequent monitoring and alerts to have caught the changes, he says.

    "Unfortunately, this form of hyperactive logging and detection is rare — managed service providers often don't have the resources, let alone the personnel to frequently monitor massive components of their software and stack," Hammond says. "With that said, the efficacy and potential for human-powered threat hunters is never something to be left out of the equation."

    The quick turnaround of the attack underscores the compressed timeline for defenders to respond to automated attacks. The REvil group and its affiliates, who are thought responsible for the attack, scanned for Internet-connected VSA servers and, when found, sent the initial exploit, which chained three vulnerabilities.

  • Ransomware attack hits Swiss consumer outlet Comparis

    Swiss online consumer outlet Comparis has filed a criminal complaint over a ransomware attack on Wednesday that blocked some of its information technology systems, it said on Friday.

  • Microsoft Office Users Warned on New Malware-Protection Bypass

    Word and Excel documents are enlisted to disable Office macro warnings, so the Zloader banking malware can be downloaded onto systems without security tools flagging it.

  • Jack Cable, Stanford student and cyber whiz, aims to crowdsource ransomware details

    Few people, if any, seem to grasp the breadth and cost of the scourge, as there are no legal requirements for victims to disclose when they pay hackers to unlock their network. That, combined with the suspicious that most victims don’t, report their digital extortion payments, makes it harder for law enforcement and security firms to combat attacks, or even understand how to fight them.

    That’s the impetus behind a project that Stanford University student and security researcher Jack Cable launched on Thursday, dubbed “Ransomwhere,” a plan to track payments to bitcoin addresses associated with known ransomware gangs.

  • Hancitor tries XLL as initial malware file

    XLL files are Excel add-in files. They're DLL files specifically designed to be run by Microsoft Excel. Think of an XLL file as an "Excel DLL."

  • DoD ends $10 billion deal with Microsoft for new cloud contract

    The statement did not directly mention that the Pentagon faced extended legal challenges by Amazon to the original $1 million contract awarded to Microsoft. Amazon argued that the Microsoft award was tainted by politics, particularly then-President Donald Trump’s antagonism toward Amazon founder, Jeff Bezos, who stepped down Monday as the company’s chief executive officer. Mr. Bezos owns The Washington Post, a newspaper often criticized by Mr. Trump.

    The Pentagon’s chief information officer, John Sherman, told reporters Tuesday that during the lengthy legal fight with Amazon, “the landscape has evolved” with new possibilities for large-scale cloud computing services. Thus it was decided, he said, to start over and seek multiple vendors.

  • With ransomware attacks multiplying, US moves to bolster defenses

    As the U.S. private sector scrambles to fend off a growing number of ransomware attacks, the federal government is stepping up its efforts as well. Last month, the Senate approved Chris Inglis, a former deputy director of the National Security Agency, as the nation’s first-ever national cyber director, tasked with coordinating the government’s cyber portfolio and digital defense strategy. A second key post, director of the primary domestic cybersecurity agency, is expected to be filled shortly.

    Officials are making clear they will seek not just to hold cybercriminals to account – but also companies whose inadequate cybersecurity measures have put them and their customers at risk.

Microsoft's Latest Attack on Free Software

Filed under
GNU
Microsoft
Legal

Proprietary Software: Microsoft Catastrophes and More

Filed under
Microsoft
  • Pentagon Scraps JEDI in Win for Amazon at Microsoft’s Expense

    Pentagon officials on Tuesday terminated the massive JEDI cloud-computing contract and said they would start fresh with a new project, capping a yearslong initiative that had become mired in litigation from Amazon.com Inc. and a barrage of objections from Congress.

    In terminating the contract with Microsoft Corp. , Department of Defense officials focused largely on technical reasons, saying advances in cloud computing and the Pentagon’s own evolving needs had made the Joint Enterprise Defense Infrastructure scheme obsolete.

  • Microsoft cancels plans to deliver SQL Server on Windows Containers
  • Kaseya: Roughly 1,500 businesses hit by REvil ransomware attack
  • Protecting Your Online Privacy: Three Levels of Security

    Data leaks happen once every few months at least. Millions of users can have their phone number, address, and Social Security Number smeared across the internet in a matter of seconds. Your online browsing behavior is also sold legally by tech companies to the highest bidder. Ever seen an ad that is a little too specific? Most major tech companies rely on some form of data harvesting for revenue.

    As consumers, should we do anything? Can we do anything? The answer to both of these questions is resoundingly ‘yes.’ By using services geared towards privacy, we can jointly prevent both sources of danger to our private information – that is, data leaks and data harvesting.

    In this article, I will give a brief synopsis of data exploitation, and I will subsequently describe three different levels of increasing security we can do based on technical expertise.

Security and Proprietary Software

Filed under
Microsoft
Security

  • How Developers Can Protect Linux From Vulnerabilities [Ed: Sometimes it feels like the site "Linux Security" is mostly an amplifier of FUD in pursuit of sales (of products you do not really need and are connected to the site's owner)]

    Many of the kernel bugs present in the Linux system are potential security flaws. Hackers use the vulnerabilities inherent in the Linux kernel to gain privilege escalation or to create denial-of-service attack vectors.

  • REvil's Ransomware Success Formula: Constant Innovation [Ed: Windows TCO]

    On Friday, remote management software provider Kaseya was the latest victim to come to light, as REvil's ransomware disrupted operations for its 36,000 customers worldwide, leading U.S. President Joe Biden to order the launch of a full-scale federal investigation.

  • Microsoft suspends SQL Server on Windows Containers Beta, recommends Linux instead [Ed: This just means Microsoft admits that Windows sucks, it doesn't mean it "loves Linux" as Microsoft propaganda sites like to claim]

    Back in 2017, Microsoft announced the SQL Server on Windows Containers Beta program, enabling developers to connect to SQL Server instances from inside the same container or outside it. The benefits included facilitation of setting up and maximizing density of instances for development and test purposes, and to isolate and govern applications in a multi-tenant environment.

The Dangerous Liaisons Of Big Tech Companies

Filed under
Microsoft

I previously wrote about the nebulous relations of big techs with the American spy agencies, which, by itself, would be very worrisome. These agencies treat citizens as if they were criminals, violating everyone's privacy, listening to conversations, keeping pictures, archiving personal data, which, normally, would only be acceptable with warrants issued by judges. But no, they act clandestinely and outside of the law(s). This alone would be very bad. But research for writing is an interesting activity, as Forrest Gump would say, when you open a box of chocolates, you never know what you will find. And, research is like that, you start researching a subject, and, how the thing ends, you never know. Imagine my surprise when I found out that American companies, big tech companies, are involved with the Chinese government? Yes, and not that they are spying on the Chinese government. Far from it. But they are helping to perpetrate human rights abuses. Exactly the same government that is openly condemned for human rights abuses, is a first class customer of several US tech companies.

[...]

Oracle has always been close to the U.S. government, working with the CIA as one of its first customers, so much so that Oracle's work with the government (Safra Catz, Oracle's CEO, was in the Trump administration's transition cabinet in 2016) helped it and Walmart outmaneuver its rivals in an attempt to control U.S. operations for Chinese-owned social media company TikTok last year, after the Trump administration ordered TikTok to find a U.S. buyer for its American operations. The proposed deal, under challenge in court, was motivated by concerns that TikTok's Beijing-based parent company could pass on sensitive user data to Chinese authorities. But in a strange twist, the documents show that Oracle marketed the use of its software to those same authorities in an extreme example of putting profit above human rights.

[...]

This censorship and surveillance scheme was discovered by Jeffrey Knockel, a 27-year-old graduate student (at the time) at the University of New Mexico, who decoded and published a list of the words that cause Skype to block messages or forward them to Chinese servers.

In 2019, it came to light that Microsoft has been working with a military-run Chinese university on artificial intelligence research that could be used for surveillance and censorship, a revelation that has sparked outrage from China's opponents on Capitol Hill.

Three papers, published between March and November last year, were co-written by academics at Microsoft Research Asia in Beijing and researchers affiliated with China's National University of Defense Technology, which is controlled by China's top military body, the Central Military Commission.

One of the papers described a new AI method for recreating detailed environmental maps by analyzing human faces, which experts say could have clear applications for surveillance and censorship.

The paper acknowledges that the system provides a better understanding of the surrounding environment "not seen by the camera," which could have a "variety of computer vision applications."

Samm Sacks, a senior fellow at think-tank New America and an expert on China technology policy, said the documents raised "red flags because of the nature of the technology, the author's affiliations, combined with what we know about how this technology is being deployed in China right now."

"The [Chinese] government is using these technologies to build surveillance systems and to detain minorities [in Xinjiang]," Ms. Sacks added.

The U.S. government is debating whether research collaborations, particularly in sensitive areas such as artificial intelligence and augmented reality, should be subject to stricter export controls.

Microsoft and Huawei, a happy marriage

President Donald Trump signed an executive order banning Huawei products in American homes. Huawei not only works closely with the Chinese government to monitor citizens through technology and AI, but is also under investigation for working to subvert the US-Iran nuclear weapons agreement. Huawei is blacklisted on the U.S. Department of Commerce's Export Administration Regulatory Entities List.

Read more

Also: If You Thought Google's Evilness Was Limited To The Internet, You'd Be Wrong

Syndicate content

More in Tux Machines

Proprietary Software and Security

  • Windows REvil ransomware gang taken down by US spies and allies: claim [iophk: Windows TCO]

    On Wednesday, the news surfaced that the REvil site on the dark web was offline. One Dmitry Smilyanets, who works for the threat intelligence firm Recorded Future and also writes for The Record, a website belonging to the company, claimed to have found a thread claiming to offer the reason for the disappearance of REvil. The CIA's investment arm, In-Q-Tel is an investor in Recorded Future.

  • Governments turn tables on ransomware gang REvil by pushing it offline [iophk: Windows TCO]

    According to three people familiar with the matter, law enforcement and intelligence cyber specialists were able to [crack] REvil’s computer network infrastructure, obtaining control of at least some of their servers.

    After websites that the [attacker] group used to conduct business went offline in July, the main spokesman for the group, who calls himself “Unknown,” vanished from the [Internet].

  • Company That Buys Zero-Day Hacks Now Wants Exploits for Popular VPNs

    Uh oh. An infamous company that pays thousands of dollars for iOS and Android hacking techniques is now out to acquire zero-day exploits for three popular VPN services. Zerodium today sent out a tweet calling for “zero-days” or publicly unknown attacks that work against ExpressVPN, NordVPN, or Surfshark. The attacks must be capable of leaking information from the VPNs, such as a computer’s IP address. Zerodium will also pay for exploits that can trigger a VPN to remotely execute computer code.

  • Verizon 'Visible' Wireless Accounts Hacked, Exploited To Buy New iPhones

    Wireless subscribers of Verizon's Visible prepaid service received a rude awakening after hackers compromised their account, then ordered expensive new iPhones on their dime. Last week a company statement indicated that "threat actors were able to access username/passwords from outside sources," then utilize that access to login to Visible customer accounts. Hacked users say the attackers then utilized that access to order expensive kit, and, initially, getting Visible to do anything about it was a challenge:

Android Leftovers

Stable vs. Bleeding-Edge Linux Distros: Which One Should You Choose?

Linux distributions have multiple ways of delivering software to their users. But which one should you go for—stability or the latest software? One of the major choices that many Linux users face when choosing a Linux distribution is its stability, or how much the software changes. Some distros favor stable, tried-and-true software while others will include newer software that may not be as reliable, also known as "bleeding-edge," a play on "cutting-edge." So, which one should you choose? Let's find out. Read more

This week in NeoChat

Last Saturday we had an improvised NeoChat mini development sprint in a small hotel room in Berlin in the occasion of the 25th anniversary of KDE. In a good KDE tradition, Carl spent this time on improving NeoChat settings. He ported both the NeoChat general settings and the specific room settings to the new Kirigami.CategorizedSetting component. Tobias fixed a lot of papercuts and now the power level should be fetched correctly, we show the number of joined users instead of joined+invited users in the room information pane, the user search is now case insensitive. Nicolas focused on fixing our Android build by making the spellchecking feature compile on Android. Read more