Press "Enter" to skip to content

Posts published in “Security”

No, OpenSUSE and SUSE Downloads Haven’t Been Hacked

No matter what you might have heard or read, it appears as if last week’s defacement of openSUSE’s news site didn’t affect download images of either openSUSE or SLES.

openSUSE News WordPress
Screenshot courtesy Schestowitz.com

There’s a good chance you’ve already heard the news that a week ago today the openSUSE News site was defaced with an anti-ISIS message by a Kurdish group. Yup, that happened and was quickly fixed. You might also have heard that the hack went much deeper and that openSUSE, perhaps even SUSE, might have hosted hacked versions of their distros with a newly added backdoor. Nope. All indications are this never happened.

Poverty Helps You Keep Technology Safe and Easy

In the technology age, there might be some before unknown advantages to living on the bottom rungs of the economic ladder. The question is, do they outweigh the disadvantages.

Roblimo’s Hideaway

Poor Linux

Earlier this week I saw a ZDNet story titled Vizio: The spy in your TV by my friend Steven J. Vaughan-Nichols. Scary stuff. I had a vision of my wife and me and a few dozen of our closest friends having a secret orgy in our living room, except our smart TV’s unblinking eye was recording our every thrust and parry (you might say). Zut alors! In this day of Internet everywhere, we all know that what goes online, stays online. Suddenly our orgy wasn’t secret, and my hopes of becoming the next President were dashed.

Except… lucky me! I’m poor, so I have an oldie-but-goodie dumb TV that doesn’t have a camera. There’s no way my old Vizio can spy on us. As Mel Brooks didn’t quite say, “It’s good to be the poverty case.”

Robin "Roblimo" Miller

Robin “Roblimo” Miller is a freelance writer and former editor-in-chief at Open Source Technology Group, the company that owned SourceForge, freshmeat, Linux.com, NewsForge, ThinkGeek and Slashdot, and until recently served as a video editor at Slashdot. Now he’s mostly retired, but still works part-time as an editorial consultant for Grid Dynamics, and (obviously) writes for FOSS Force.

MongoDB Ransomware Attacks Grow in Number

Evidently DevOps running MongoDB haven’t heard the word about the latest round of ransomware targeting the database, as the numbers of deployments with data being held for ransom continues to rise.

MongoDB ransomware

Last week when the news started hitting the net about ransomware attacks focusing on unprotected instances of MongoDB, it seemed to me to be a story that would have a short life. After all, the attacks weren’t leveraging some unpatched vulnerabilities in the database, but databases that were misconfigured in a way that left them reachable via the Internet, and with no controls — like a password other than the default — over who had privileges. All that was necessary to get this attack vector under control was for admins to be aware of the situation and to be ready and able to reconfigure and password protect.

Guess what? It hasn’t gone down that way — at least not so far.

On Wednesday when I wrote about this there had been about 2,000 databases attacked. By this morning, according to eWeek, over 10,000 databases have been affected. What’s more, last week it appeared as if all of the attacks were being carried out by one person or organization. Now there are at least five organizations steadily working in an attempt to turn unprotected databases into bitcoins.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Eight Things to Do After Installing Linux Mint Xfce 18.x

After you get Linux up and running on your computer, there are still a few things left to do. Here’s a short list that newcomers might find helpful.

Linux Mint update policy

Linux for Newcomers

Those who are new to Linux might just go to work right away after installing, or having someone else install, GNU/Linux. However, there are a few things you should do first. Some of them, such as updating your system and activating the firewall, are essential. Others are just things you do to customize your Linux experience.

Here’s a short checklist of things to do after you get Linux up-and-running on your computer. You should consider the first two items on this list as being required, with all the other items being optional. The list is specific to Linux Mint 18.x Xfce Edition, so if you’re using another flavor of Linux, you’ll be better off searching for another list.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Dear CIO: Linux Mint Encourages Users to Keep System Up-to-Date

Regardless of what you may have read elsewhere, the Linux Mint team takes security very seriously and wants you to keep your system up-to-date.

Linux Mint 18.0 Update Manager

Swapnil Bhartiya gets it wrong.

Let me start by pointing out that Bhartiya is not only a capable open source writer, he’s also a friend. Another also: he knows better. That’s why the article he just wrote for CIO completely confounds me. Methinks he jumped the gun and didn’t think it through before he hit the keyboard.

The article ran with the headline Linux Mint, please stop discouraging users from upgrading. In it, he jumps on Mint’s lead developer Clement Lefebvre’s warning against unnecessary upgrades to Linux Mint.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Another Yahoo Security Breach Affects a Billion Accounts

After announcing in September that 500 million accounts had been compromised in a 2014 security breach, the company announces today that an additional billion accounts have been hacked in a separate incident.

Yahoo logo

Breaking News

If you’re a Yahoo user, you should strongly consider closing your account. If you decide to keep your account open, you might as well post your username and password to Facebook and send them out in a tweet, for all the good Yahoo’s security precautions will do for you.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

‘Refer a Friend’ Ransomware Program

A new, under development ransomware called Popcorn Time has a “refer a friend” option meant to appeal to the victim’s worst instincts.

Popcorn Time lock screen
All graphics in this article are courtesy Bleeping Computer, LLC. Used with permission.

Security

If you need any proof that malware is a business much like any other — with the big exception that it’s illegal — all you have to do is look at the latest ploy being used by the currently-in-development ransomware called Popcorn Time that was discovered December 7 by MalwareHunterTeam. The folks behind the malware are incorporating a scheme to drum up business that’s directly from a Marketing 101 textbook.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Users Told Disconnect Certain Netgear Routers

Some popular Netgear routers contain a security flaw that is evidently easy to exploit and can make users vulnerable to a CSRF attack.

security vulnerability

Breaking News

About this time I’m wondering if I’d even purchase a Netgear router.

You’d think that with all of the fuss recently about the insecure Internet of things, especially when it comes to routers, that any router maker would be on top of it and patching vulnerabilities as soon as they’re discovered.

Evidently not, as far as Netgear is concerned.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

New IoT Botnet, Attackers Target Tor, and More…

Also included, Flash on life support, Mageia’s new release, Ubuntu sets date for “Zesty Zapus” and our News Wire gets an RSS feed.

Tor logo

FOSS Week in Review

Outside of FOSS, the news becomes too depressing and repetitive to read. Gamergate has taken over our country and is set to move into the White House and to have free rein in the halls of congress. Roles are being reversed and it’s rapidly becoming politically incorrect to express concerns for our mother the earth or for the creatures who inhabit it, while it’s perfectly fine to label anyone who advocates for equality as a “social justice warrior” who should have no place within any organization.

If you think I’m bummed out, you’re right. At least for the time being, in the world of FOSS life goes on as usual…

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

What Malware Is on Your Router?

router

Mirai is exposing a serious security issue with the Internet of Things that absolutely must be quickly handled.

Until a few days ago, I had been seriously considering replacing the 1999 model Apple Airport wireless router I’ve been using since it was gifted to me in 2007. It still works fine, but I have a philosophy that any hardware that’s more than old enough to drive probably needs replacing. I’ve been planning on taking the 35 mile drive to the nearest Best Buy outlet on Saturday to see what I could get that’s within my price range.

After the news of this week, that trip is now on hold. For the time being I’ve decided to wait until I can be reasonably sure that any router I purchase won’t be hanging out a red light to attract the IoT exploit-of-the-week.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Breaking News: