Feed aggregator

For now, GNU GPL is an enforceable contract, says US federal judge

LXer - Sun, 2017-05-14 12:08
A question mark over whether the GNU GPL – the widely used free-software license – is enforceable as a contract may have been resolved by a US federal judge.…

Security News, Notably Microsoft/NSA Catastrophe

TuxMachines - Sun, 2017-05-14 11:55
  • Major cyber attack hits companies, hospitals, schools worldwide

    Private security firms identified the ransomware as a new variant of "WannaCry" that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.

  • Massive cyberattack hits several hospitals across England
  • Rejection Letter

    We start with a shadowy US government agency, the NSA, systematically analyzing the software of the biggest American computer companies in search of vulnerabilities. So far, so plausible: this is one of the jobs of an intelligence and counter-espionage agency focussed on information technology. However, instead of helping Microsoft fix them, we are supposed to believe that the NSA hoard their knowledge of weaknesses in Microsoft Windows, a vitally important piece of their own nation's infrastructure, in case they'll come in handy againt some hypothetical future enemy. (I'm sorry, but this just won't wash; surely the good guys would prioritize protecting their own corporate infrastructure? But this is just the first of the many logical inconsistencies which riddle the back story and plot of "Zero Day".)

  • Microsoft issues ‘highly unusual’ Windows XP patch to prevent massive ransomware attack
  • Is it prudent to ask if Britain’s nuke subs, which also run Windows XP, have also been hit by ransomware?

    Let’s reword this to drive the point home. How likely is it that the United States NSA, through its persistent interest in keeping us unsafe, has managed to hand control of Britain’s nuclear weapons platforms to unknown ransomware authors, perhaps in Russia or Uzbekistan?

  • Current wave of ransomware not written by ordinary criminals, but by the NSA

    The lesson here is that the NSA’s mission, keeping a country safe, is in direct conflict with its methods of collecting a catalog of vulnerabilities in critical systems and constructing weapons to use against those systems, weapons that will always leak, instead of fixing the discovered weaknesses and vulnerabilities that make us unsafe.

  • Wana Decrypt0r Ransomware Outbreak Temporarily Stopped By "Accidental Hero"

    A security researcher that goes online by the nickname of MalwareTech is the hero of the day, albeit an accidental one, after having saved countless of computers worldwide from a virulent form of ransomware called Wana Decrypt0r (also referenced as WCry, WannaCry, WannaCrypt, and WanaCrypt0r).

  • DDOS attacks in Q1 2017

    In Q1 2017, the geography of DDoS attacks narrowed to 72 countries, with China accounting for 55.11% (21.9 p.p. less than the previous quarter). South Korea (22.41% vs. 7.04% in Q4 2016) and the US (11.37% vs. 7.30%) were second and third respectively.

    The Top 10 most targeted countries accounted for 95.5% of all attacks. The UK (0.8%) appeared in the ranking, replacing Japan. Vietnam (0.8%, + 0.2 p.p.) moved up from seventh to sixth, while Canada (0.7%) dropped to eighth.

  • Applied Physical Attacks and Hardware Pentesting

    This week, I had the opportunity to take Joe Fitzpatrick’s class “Applied Physical Attacks and Hardware Pentesting”. This was a preview of the course he’s offering at Black Hat this summer, and so it was in a bit of an unpolished state, but I actually enjoyed the fact that it was that way. I’ve taken a class with Joe before, back when he and Stephen Ridley of Xipiter taught “Software Exploitation via Hardware Exploitation”, and I’ve watched a number of his talks at various conferences, so I had high expectations of the course, and he didn’t disappoint.

  • SambaXP 2017: John Hixson’s Reflection

    The next talk was given by Jeremy Allison on the recent symlink CVE. Jeremy explained how it was discovered and the measures that were taken to fix it.

read more

[not tech support] Official Channels for Getting Help & Info on Linux.

Reddit - Sun, 2017-05-14 10:46

Not sure what I'm expecting here.
It's the morning after the night before.
As such, I am a little hazy at the moment...

I hope I'm not breaking any sort of etiquette by highlighting a particular reddit user, and the post he's made.
This is, after all, a public forum, and all posts are viewable by anyone.

Even so, I'm not 100% sure if posting this is a good idea,
But anyway...

According to various news sources, the recent Windows malware outbreak pretty much brought the UK National Health Service (NHS) to it's knees.
The NHS is known for running large parts of it's critical infrastructure on Windows XP.
They were paying MS a large amount of money to continue to support XP, even though it's supposed to be completely EOL.
However, due to government pressure to cut costs, this support contract was terminated some time ago.

It's not beyond the realm of possibility that people have died due to this malware outbreak, as it crippled that critical infrastructure across the UK for much of the day.

A day after the outbreak, this thread popped up in /r/linux4noobs
https://www.reddit.com/r/linux4noobs/comments/6axau2/this_malware_wave_is_a_great_teaching_opportunity/

I just assumed that this guy was an ordinary Windows user who'd seen the malware stuff on the news.
I provided an answer that I completely stand by.

However, further down the thread, there's this gem

This has a actually happened to me in the operating room on my EMR computer

https://www.reddit.com/r/linux4noobs/comments/6axau2/this_malware_wave_is_a_great_teaching_opportunity/dhif48b/

I know nothing about health care or hospitals, and I maybe jumping to conclusions here.
But he mentions operating rooms, and EMR (which I take to mean "electronic medical records")
To my mind, this is OP confirming he's (at least in some way) part of the NHS.

Someone who was at ground zero of this whole malware mess, is reaching out to try to understand why Linux is not affected.

And I realised that I don't know if there's any official channels for getting help & info on Linux.
Is this something the Linux Foundation caters for?
Is there some other organisation, some other avenue for people to get information?
The commercial vendors maybe (Redhat, Canonical, etc.)

If someone asks for help,
not in any official capacity, but just casually,
yet it's evident that they're part of a Windows-centric organisation that's possibly looking to migrate.
Where should they be sent to get the help they need?

submitted by /u/amauk
[link] [comments]

Pages

Subscribe to LinuxInsight aggregator