Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Gumtree users' locations were visible by pressing F12 • The Register

    UK online used goods bazaar Gumtree exposed its users' home addresses in the source code of its webpages, and then tried to squirm out of a bug bounty after infosec bods alerted it to the flaw.

    British company Pen Test Partners (PTP) spotted the data leakage, which meant anyone could view a Gumtree user's name and location (either postcode or GPS coordinates) by pressing F12 in their web browser.

    In both Firefox and Chrome, F12 opens the "view page source" developer tools screen, showing the code that generates the webpage you see. This meant that anyone could view the precise location of any of the site's 1.7 million monthly sellers.

    PTP claimed it encountered a brick wall of indifference in its first attempts to alert Gumtree to the data breach.

  • Attacking Natural Language Processing Systems With Adversarial Examples - Unite.AI

    The paper is titled Bad Characters: Imperceptible NLP Attacks, and comes from three researchers across three departments at the University of Cambridge and the University of Edinburgh, and a researcher from the University of Toronto.

  • How Building a Solid Foundation Will Help Grow Your Cybersecurity Program

    Cybersecurity is such a broad subject that many times, an organization can become stifled when trying to develop a full cybersecurity program. Some organizations that have already put a cybersecurity program in place can also unpleasantly discover gaps in their efforts, making the entire venture seem moot. One way to effectively get started, as well as to prevent gaps, is to build a good foundation upon which a cybersecurity program can grow and mature.

    I recently had the opportunity to speak with David O’Leary, Sr. Director of Security Solutions for SHI/StrataScale. David’s experience dates back to the inception of network and cybersecurity, so he has a lot of real-world experience that can be drawn from to assist any organization in starting, scaling, and maturing their cybersecurity program. David, can you tell us a bit about your history and where your journey to cybersecurity began?

  • Cryptominers aren't just a headache – they're a big neon sign that Bad Things are on your network

    Cryptominer malware removal is a routine piece of the cybersecurity landscape these days. Yet if criminals are hijacking your compute cycles to mine cryptocurrencies, chances are there's something worse lurking on your network too.

    So warned Sophos threat researcher Sean Gallagher, in a recent interview with The Register as the antivirus organisation launches a report into the Tor2Mine cryptominer.

  • In The Lab: 6-port $3,000 pfSense Box - StorageReview.com

    We listened to our social media audience and went ahead and configured pfSense on the ThinkEdge SE50 to act as a firewall for our network.

  • LINE Pay leaks around 133,000 users' data to GitHub, of all places

    Smartphone payment provider LINE Pay announced yesterday that around 133,000 users' payment details were mistakenly published on GitHub between September and November of this year.

    Files detailing participants in a LINE Pay promotional program staged between late December 2020 and April 2021 were accidentally uploaded to the collaborative coding crèche by a research group employee.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.