Language Selection

English French German Italian Portuguese Spanish

Security and Proprietary Software

Submitted by Roy Schestowitz on Sunday 25th of April 2021 05:02:50 AM Filed under
Software
Security
  • New cryptomining malware builds an army of Windows, Linux bots [Ed: reminder never to put SSH keys on Windows machines and other back-doored OSes]

    After hacking [sic] into a server and killing competing cryptocurrency miners, the malware will also spread over the network in brute force attacks using SSH private keys collected from various locations on infected servers

  • Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux [Ed: This is a Microsoft (GitHub, proprietary software) issue, not "macOS and Linux". Microsoft loves blaming the victims for its own failures.]

    A recently identified security vulnerability in the official Homebrew Cask repository could have been exploited by an attacker to execute arbitrary code on users' machines that have Homebrew installed.

    [...]

    The researcher also submitted a proof-of-concept (PoC) pull request demonstrating the vulnerability, following which it was reverted. In light of the findings, Homebrew has also removed the "automerge" GitHub Action as well as disabled and removed the "review-cask-pr" GitHub Action from all vulnerable repositories.

  • HashiCorp is the latest victim of Codecov supply-chain attack [Ed: Microsoft's close partners (in crime) cannot do security]

    The company states that as a result of this, the GPG key used by HashiCorp to sign and verify software releases was exposed.

    Codecov provides software testing and code coverage services to over 29,000 customers.

    On April 1st, Codecov had learned that due to a flaw in their Docker image, threat actors had obtained credentials to the Bash Uploader scripts used by their customers.

  • How Not To Run A Vulnerability Disclosure Program

    AmEx has now twice refused my free donation of security information: first when they handed me off to some third-party service bot which demanded I agree totally to their terms or fuck directly off, and second when the third-party service they picked turned out to be run by idiots that have decided that graceful degradation in the face of feature incompatibility, one of the core foundational tenets of the world wide web since its invention, despite a nice two-decade run simply isn’t important anymore in 2021, and that serving blank pages to… you know, security professionals with javascript disabled (pretty much browser security tip #1), is totally fine.

  • How racism found my son on Fortnite

    Fortnite is a wildly popular free third-person shooter video game. For [Internet] babies like Waylon, Generation Alpha — kids born after 2012 — mastering the [Internet] and related technology like Fortnite is their rite of passage. These tech-savvy children navigate technology that makes them far more advanced than children of my era. Artificial Intelligence, facial recognition, and VR stand no chance with an Internet Baby. Once they get the hang of it, it's a wrap. What Fortnite offers to these highly advanced yet still impressionable children and teens is it allows them to bond with other children of different races and cultures while hooking them on the same poisonous pop culture we're all exposed to, all via video game play.

    In Fortnite, a player in survival mode gathers resources, weapons and tools to create bridges and forts as a means of survival. Sorta like The Simms times Final Fantasy on steroids, and the 100-player Battle Royale is similar to a last man standing match in pro wrestling. It has a colorful cartoon scheme that is constantly updated with celebrity skins, trending themes and music. It's addictive, and no wonder — for [Internet] babies, Fortnite is like their Instagram newsfeed.

  • Convicted Post Office workers have names cleared

    The clearing of the names of 39 people follows the overturning of six other convictions in December, This means more people have been affected than in any other miscarriage of justice in the UK.

  • [Old] IFLA and The Gates Foundation: Merry Bedfellows. But For How Long?

    The composition of the board and the descriptions of the board members’ backgrounds suggest that it might not be entirely wrong to call the Bill and Melinda Gates Foundation (BMGF) and the IFLA Global Libraries Foundation merry bedfellows. It thus seems to be the case that the latter has been founded in order to be able to conveniently channel money and influence from the former to IFLA.

    This impression was significantly strengthened when I studied the annual accounts of IFLA’s finances over the past four years. These are found at Ifla.org. To get an overview, I compiled the following table: [...]

    [...]

    Many of us must have noticed that Bill Gates and Mrs. Melinda, through their BMGF and its huge capital, exercise a significant influence in the present world. But who could have guessed that they have taken such a firm grip on the entire global library development?

»

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6