Language Selection

English French German Italian Portuguese Spanish

Proprietary Software Leftovers

Filed under

  • Pentagon Cancels a Disputed $10 Billion Technology Contract

    The Defense Department said in a news release on Tuesday that the contract for the Joint Enterprise Defense Infrastructure, known as JEDI, “no longer meets its needs,” but it said it would solicit bids from Amazon and Microsoft on future cloud-computing contracts.

    The Pentagon statement made for a quiet end to years of legal wrangling and dueling technology claims over what many considered to be the marquee contract for providing cloud-computing services to the federal government.

    A senior administration official said that soon after the Biden administration took office, it began a review that quickly concluded that the costly arguments over JEDI had been so lengthy that the system would be outdated as soon as it was deployed.

  • Pentagon cancels $10bn 'Jedi' contract

    The Department of Defense (DoD) said in a statement on Tuesday: "With the shifting technology environment, it has become clear that the Jedi Cloud contract, which has long been delayed, no longer meets the requirements to fill the DoD's capability gaps."

    It added that it would seek new proposals "from a limited number of sources", including both Amazon and Microsoft.

  • Pentagon Moves to Split Cloud Deal Between Microsoft, Amazon

    The Pentagon scrapped a $10 billion cloud-computing contract awarded in 2019 to Microsoft Corp. after several years of wrangling between the government and some of the biggest U.S. tech companies over the deal, indicating it plans to divide the work between Microsoft and rival Inc. instead.

  • Pentagon cancels Microsoft JEDI contract, will ask for new cloud computing bids

    The release also announced a multi-vendor contract called the Joint Warfighter Cloud Capability contract to provide many of the services offered by JEDI. CNBC says the Defense Department considers Amazon and Microsoft the only companies capable of providing the necessary infrastructure, although it says it will perform market research to see if other competitors could fit the bill.

  • Pentagon cancels $10 billion JEDI cloud contract that Amazon and Microsoft were fighting over

    The fight over a cloud computing project does not appear to be completely over yet. The Pentagon said in the press release that it still needs enterprise-scale cloud capability and announced a new multivendor contract known as the Joint Warfighter Cloud Capability.

    The agency said it plans to solicit proposals from both Amazon and Microsoft for the contract, adding that they are the only cloud service providers that can meet its needs. But, it added, it will continue to do market research to see if others could also meet its specifications.

  • Full Impact Of Ransomware Attack Hard To Estimate, CEO Of Software Company Targeted Says [iophk: Windows TCO]
  • U.S. Senator Recommends Mandatory Breach Reporting for Companies [iophk: Windows TCO]

    King said he strongly advocates that such new rules should be a joint effort with the Geneva Convention for Cyber War. It’s the type of international cooperation that others have recommended between countries.

  • [iophk: Windows TCO]

    The hackers targeted US firm Kaseya, which provides remote software services to about 37,000 clients. Kaseya CEO Fred Voccola said the company believed that fewer than 40 of its customers had been affected. However, at least 20 of those were managed-service providers (MSPs). Companies hire MSPs to remotely manage their IT infrastructure. Attacks against MSPs are tricky because affected MSPs end up inadvertently passing the ransomware onto their clients, who can pass it onto their clients, in what is known as a "supply chain attack."

    "It's particularly insidious for all the customers because it spreads through a supposedly trusted channel," Miriam Föller-Nord, dean of the Department of Computer Sciences at Mannheim University of Applied Sciences, told DW.

  • Regarding the Kaseya Attack, Some Answers

    Firstly, how did Revel learn about the VSA exploit? This zero day vulnerability was in the process of being patched. The coordinated vulnerability disclosure process was being shepherded by Wietse Boonstra, the research at the Dutch Institute for Vulnerability Disclosure who discovered it. So how did it come to be used by a ransomware gang?

    There are a lot of interesting possibilities, but given how little we know it’s all pure speculation. Here are some of mine: it could be anything from a duplicate discovery, or a compromised researcher, or using already existing access to Kaseya to read the vulnerability reports.

  • Russian ransomware attack under way, Centre for Cybersecurity warns

    The current attack targets an ICT management tool known as Kaseya VSA, the CCB said. The software has certain vulnerabilities which allow it to be taken over, crippling not one machine but a whole network.

  • Microsoft Edge Translator contained uXSS flaw exploitable ‘on any web page’

    A universal cross-site scripting (uXSS) vulnerability in Microsoft Edge’s translation function left users open to attack, regardless of which website they visited, security researchers have claimed.

  • [Old] [Cr]ackers Tricked Microsoft Into Certifying Malware That Could Spy on Users

    On June 17, a security researcher found that Microsoft had signed a rootkit, a dangerous type of malware that has the ability to be persistent and capture practically all data on an infected computer. Whoever is behind this attack was able to make their malware look like a legitimate driver approved by Microsoft, giving them the ability to bypass most computers' protections.

  • Fallout continues from biggest global ransomware attack

    Thousands of organizations – largely firms that remotely manage the IT infrastructure of others – were infected in at least 17 countries in Friday’s assault. Kaseya, whose product was exploited, said Monday that they include several just returning to work.

    Because the attack by the notorious REvil gang came just as a long Fourth of July weekend began, more victims were expected to learn their fate when they return to the office Tuesday.

  • Kaspersky Password Manager's random password generator was about as random as your wall clock

    Last year, Kaspersky Password Manager (KPM) users got an alert telling them to update their weaker passwords. Now we've found out why that happened.

    In March 2019, security biz Kaspersky Lab shipped an update to KPM, promising that the application could identify weak passwords and generate strong replacements. Three months later, a team from security consultancy Donjon found that KPM didn't manage either task particularly well – the software used a pseudo-random number generator (PRNG) that was insufficiently random to create strong passwords.

    From that time until the last few months of 2020, KPM was suggesting passwords that could be easily cracked, without flagging the weak passwords for users.

  • Ransomware-hit law firm gets court order asking crooks not to publish the data they stole

    A barristers' chambers hit by a ransomware attack has responded by getting a court order demanding the criminals do not share stolen data.

    4 New Square chambers, which counts IT dispute experts among its ranks, obtained a privacy injunction from the High Court at the end of June against "person or persons unknown" who were "blackmailing" the firm.

    Those persons were said to be "responsible for engaging in a cyber-attack on [the barristers] on or about 12 June 2021 and/or who is threatening to release the information thereby obtained."

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.