Language Selection

English French German Italian Portuguese Spanish

Proprietary Software and Security Leftovers

Filed under
Security
  • Major US pipeline halts operations after cyberattack [iophk: Windows TCO]

    One of the largest pipelines in the U.S. was forced to halt some of its operations Friday after a crippling cyberattack on its energy infrastructure.

    Colonial Pipeline, which funnels refined gasoline and jet fuel from Texas to New York, said in a statement late Friday that it was shuttering 5,500 miles of pipeline in an attempt to contain the breach.

    The company has already reached out to law enforcement and tapped a third-party company to conduct an investigation into the attack, though it did not reveal who it believes is behind the breach.

  • Colonial [Crackers] Stole Data Thursday Ahead of Shutdown [iophk: Windows TCO]

    The intruders, who are part of a cybercrime gang called DarkSide, took nearly 100 gigabytes of data out of the Alpharetta, Georgia-based company’s network in just two hours on Thursday, two people involved in Colonial’s investigation said.

    The move was part of a double-extortion scheme that is one of the group’s hallmarks. Colonial was threatened that the stolen data would be leaked to the [Internet] while the information that was encrypted by the hackers on computers inside the network would remain locked unless it paid a ransom, said the people, who asked not to be identified because the information isn’t public.

  • Ransomware Attackers Up Ante as White House Vows Crack Down [iophk: Windows TCO]

    A series of major cyber-attacks in recent weeks has underscored the brazenness of the attackers and the challenges of tackling the problem of ransomware, just as the Biden administration announced plans to take on the issue.

    In a matter of days, attacks were revealed against the police department in Washington, D.C. , where the [crackers] threatened to release information about police informants to criminal gangs; the Illinois Attorney General’s office, which had been warned about weak cybersecurity practices in a recent state audit; and San Diego-based Scripps Health, where medical procedures were canceled and emergency patients diverted to other hospitals.

    Then on Saturday, Colonial Pipeline confirmed that it had joined the list of recent ransomware victims in an attack that threatened to upend gasoline and diesel supplies on the East Coast. While few details about the attack are yet known, Colonial shut down the biggest gasoline pipeline in the U.S. as part of an effort to contain the threat.

  • Tracking One Year of Malicious Tor Exit Relay Activities (Part II)

    The entity attacking tor users, originally disclosed in August 2020, is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level (>27% of the tor network’s exit capacity has been under their control on 2021–02–02).

    The average exit fraction this entity controlled was above 14% throughout the past 12 months (measured between 2020–04–24 and 2021–04–26).

    The malicious actor actively reported non-malicious but poorly configured relays to the Tor Project’s bad-relays mailing list to find viable victims to use for operator impersonation attacks.

    Most of the malicious tor exit capacity did not have any relay ContactInfo. Throughout the last 6 months the majority of tor exit capacity without ContactInfo was malicious.

    The attacker primarily uses servers at the hoster OVH. [...]

    Want to help with tor network safety? Consider implementing the non-spoofable ContactInfo on your tor relays.

  • YubiKey Not Working with GnuPG 2.3

    I’m a long time fan of USB security keys for SSH access and signig GitHub commits, currently using YubiKey ones on both my laptop and desktop.

    I did a semi-regular bulk upgrade of all the software packages managed on my desktop with Homebrew and then noticed a few days later that my YubiKey stopped working. It took me a few days to notice because I mostly worked on laptop (where things kept working) and also because my desktop has recently been upgraded - so I expected some instability.

    After a few reboots, restarts of GnuPG daemon and even resintall of all the relevant packages using Brew, YubiKey was still not working.

    Turns out it’s because GnuPG 2.3 and later releases (I’m using 2.3.1) stopped identifying YubiKey keys properly, and so CCID (it means Chip Card Interface Device protocol) way of accessing keys on the YubiKey device is not working.

    Apparently, the way to fix this for now is to disable CCID, forcing GnuPG to use other means of accessing the same keys on the same YubiKey device - PC/SC (Personal Computer/Smart Card) interface.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.