Press "Enter" to skip to content

Posts published in “Admin”

MongoDB Ransomware Attacks Grow in Number

Evidently DevOps running MongoDB haven’t heard the word about the latest round of ransomware targeting the database, as the numbers of deployments with data being held for ransom continues to rise.

MongoDB ransomware

Last week when the news started hitting the net about ransomware attacks focusing on unprotected instances of MongoDB, it seemed to me to be a story that would have a short life. After all, the attacks weren’t leveraging some unpatched vulnerabilities in the database, but databases that were misconfigured in a way that left them reachable via the Internet, and with no controls — like a password other than the default — over who had privileges. All that was necessary to get this attack vector under control was for admins to be aware of the situation and to be ready and able to reconfigure and password protect.

Guess what? It hasn’t gone down that way — at least not so far.

On Wednesday when I wrote about this there had been about 2,000 databases attacked. By this morning, according to eWeek, over 10,000 databases have been affected. What’s more, last week it appeared as if all of the attacks were being carried out by one person or organization. Now there are at least five organizations steadily working in an attempt to turn unprotected databases into bitcoins.

Securing SourceForge With HTTPS

SourceForgeSourceForge

SourceForge says, “With a single click, projects can opt-in to switch their web hosting from HTTP to HTTPS.”

SourceForge has added a feature that gives project websites the opportunity to opt-in to using SSL HTTPS encryption. Project admins can find this option in the Admin page under “HTTPS.”

Opting-in will also trigger a domain name change, from http://name.sourceforge.net to https://name.sourceforge.io. Visitors using the old domain will automatically redirect to the new domain.

SCALE 14X Thursday: New Morning in Pasadena

SCALE 14X Thursday

Starting today, the Southern California Linux Expo — SCALE 14X in this year’s 14th annual iteration — moves from being hotel-based event busting at the seams to hold all the exhibitors and sessions to being a full-fledged, freewheeling convention center-based event with wide-open spaces and widespread talks.

The setup is done for today, with exhibitors readying their booths for the opening of the floor tomorrow after Cory Doctorow gives his Friday keynote. But let’s not get ahead of the story for Thursday.

The schedule is posted online, if you’re at the event. If not, you can still follow along at the link.

Larry CafieroLarry Cafiero

Larry Cafiero, a.k.a. Larry the Free Software Guy, is a journalist and a Free/Open Source Software advocate. He is involved in several FOSS projects and serves as the publicity chair for the Southern California Linux Expo. Follow him on Twitter: @lcafiero

Linux Foundation’s Deal With the Devil

Last week when Microsoft and the Linux Foundation separately announced a partnership that would see Redmond issuing a Linux certification called Microsoft Certified Solutions Associate Linux (MCSA), Steven J. Vaughan-Nichols felt the need to add the words “not a typo” to the headline of his coverage on ZDNet. A couple of days later, when the story made the pages of The Register the headline included, “Do not adjust your set. This is not an error.”

Linux Foundation LogoWe were just as surprised here at FOSS Force, and Larry Cafiero pulled no punches when breaking the story in Friday’s Week in Review. “There’s the argument that because Microsoft ‘loves’ Linux…we should be more inclusive,” he wrote, “but this is the company that considered Linux a cancer and has fought FOSS for decades. Rather than throw the Microsoft that is treading water a life preserver, I still think throwing it an anchor would be more fitting.”

Christine HallChristine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

phpMyAdmin Bids SourceForge Farewell

phpMyAdmin, the popular free and open source web based tool for administering MySQL databases, has left the SourceForge building.

In a blog post on Saturday, the project’s infrastructure coordinator, Michal Čihař, announced that a migration from Sourceforge is all but complete. The few remaining items left on the SourceForge server will be “hopefully handled in upcoming days as well.”

phpMyAdmin logoA popular web based application for administering MySQL databases, phpMyAdmin is the preferred tool of many webmasters for working with MySQL when used to power websites and is installed by default with most web hosting packages. The app can be used to perform a variety of tasks, including creating, modifying or deleting databases, tables, fields or rows; executing SQL statements; and managing users and permissions.

Christine HallChristine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Using the New iproute2 Suite

For years, even in 2015, web tutorials, college textbooks and lab simulators have all been teaching the traditional networking utilities, such as arp, ifconfig, netstat and route. Whether you know it or not, most of these commands were deprecated years ago. They were replaced with commands from the iproute2 suite of utilities. Most Linux distros have continued to install the traditional tools, but CentOS, Arch and now openSUSE (among others), are moving to put them into deprecated status. That means we’ll need to start getting used to the new tools.

For those not familiar, the 2.2 Linux kernel revision (way back in the olden days) brought about some changes to the way the kernel handled networking. New features were introduced back then that had not been implemented anywhere else. The old tools use the /proc interface, while the newer tools use the newer kernels’ netlink interface. At least some of the older tools are no longer in active development. The bottom line is that the iproute2 suite offers some definite advantages over the old tools.

Don ParrisDon Parris

Don Parris wears a Facility Services cape by day, and transforms into LibreMan at night. He has written numerous articles about free tech, and hangs out with the Cha-Ha crowd, learning about computer security. He also enjoys making ceviche with his wife, and writing about his travels in Perú.

Unicorn Media
Latest FOSS News: