December 3rd, 2016

New IoT Botnet, Attackers Target Tor, and More…

Also included, Flash on life support, Mageia’s new release, Ubuntu sets date for “Zesty Zapus” and our News Wire gets an RSS feed.

Tor logo

FOSS Week in Review

Outside of FOSS, the news becomes too depressing and repetitive to read. Gamergate has taken over our country and is set to move into the White House and to have free rein in the halls of congress. Roles are being reversed and it’s rapidly becoming politically incorrect to express concerns for our mother the earth or for the creatures who inhabit it, while it’s perfectly fine to label anyone who advocates for equality as a “social justice warrior” who should have no place within any organization.

If you think I’m bummed out, you’re right. At least for the time being, in the world of FOSS life goes on as usual…

Another nail in the coffin of Flash: It appears that Flash is nearing the end of its rope. With this week’s release of Chrome 55 (is that a version number or a speed limit?), we find that the browser defaults to HTML5 wherever it can. Sites that only support Flash are exempted for a year, as are ten of the most visited sites on the web, which gives Yahoo, Facebook and Amazon a bit of a reprieve. Users who visit a page that only supports Flash will be prompted to enable it.

I’m tempted to write “RIP” just to be nice, but I think I’ll write “good riddance” instead.

There’s a new Internet of things botnet: CloudFlare, one of the largest CDN service providers, has reported that since the day before Thanksgiving (that’s November 23 for those of you outside the U.S.) it’s been seeing DDOS attacks from a new botnet that’s been targeting undisclosed sites located mainly on the West Coast. Like Mirai, the IoT based botnet that’s been wrecking havoc since September or so, this new botnet is composed primarily of compromised IoT devices.

So far these attacks haven’t reached the terabyte size we’ve seen from Marai, with Ars Technica reporting Friday that the average size at about 400Gbps. Give them time to do a little more recruiting and that number is sure to rise.

Firefox’s emergency security patch: If you use Firefox at all, and I’m assuming that most of you do, you might want to run an update to get the latest security patch from Mozilla. The patch was rushed to market on November 30 to fix a zero day vulnerability that was being exploited in the wild to attack the Firefox based Tor browser.

In a blog post on Wednesday, Mozilla’s security head Daniel Veditz wrote, “The exploit in this case works in essentially the same way as the ‘network investigative technique’ used by FBI to deanonymize Tor users…. This similarity has led to speculation that this exploit was created by FBI or another law enforcement agency. As of now, we do not know whether this is the case. If this exploit was in fact developed and deployed by a government agency, the fact that it has been published and can now be used by anyone to attack Firefox users is a clear demonstration of how supposedly limited government hacking can become a threat to the broader Web.”

Quick takes: One of my favorite distros, the RPM and KDE based Mageia, has come out with a new release, version 5.1. According to the distro’s website, this one is basically a respin of Mageia 5, but “incorporating all updates to allow for an up to date installation without the need to install almost a year and a half worth of updates.” … Canonical has announced that Ubuntu 17.04 will be released April 13, 2017. This one is called “Zesty Zapus,” which has me wondering what letter comes after “Z.”

Parting shot: Last week I told you about the new and expanded coverage on the FOSS Force News Wire, but I neglected to mention that the news wire also has it’s own custom RSS feed.

That does it for this week. Time for me to get back to worrying about the state of the world. Until next time, may the FOSS be with you…

The following two tabs change content below.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Latest posts by Christine Hall (see all)

Comments are closed.