The sharing feature of the Jetpack plugin for WordPress is currently being exploited for the purpose of sending spam and possibly for DDOS attacks. FOSS…
Posts published in “News”
FOSS Week in Review
Java is the target for half of all exploits
We’ve been saying for a couple of years now that Java isn’t safe and have been urging everyone who will listen to disable Java in the browser. As we’ve been saying this, comments to our articles on Java security have filled with folks wagging a finger and “reminding” us that Java is only a threat in the browser, that otherwise Java is safe.
That is wrong. The only time Java is safe is when it’s in a cup. According to an article published on IT World, researchers say that Java is now responsible for fully half of the exploits discovered in December.
FOSS Week in Review
Cops tracking phones sans warrants
It appears that the police in Tallahassee, Florida have been busy tracking folks by their cell phones without bothering to show up before a judge and ask for a warrant. Why would they violate the constitutional rights of their citizens this way? Evidently because they were using technology on loan and had signed a non-disclosure agreement.
According to Wired, this information came to light in an appeal of a sexual battery case dating back to 2008 in which a suspect was tracked using the technology to locate a phone that had been stolen from the victim. The police have admitted using the device 200 times, with no judge or warrant involved, since 2010. In a blog post made Monday, the ACLU said the device is “likely a Stingray made by the Florida-based Harris Corporation.” Evidently, the ACLU has long suspected that Harris has been loaning the devices to Florida police departments.
There’s good news and bad news on the Linux and open source conference scene in the deep south.
First the bad news. For the first time since it started six years ago, there’ll be no POSSCON in Columbia, South Carolina this year. For six years, POSSCON has been an annual open source conference hosted by IT-oLogy, the folks behind All Things Open, the Raleigh, North Carolina based conference which made its debut in October. Not to worry, however, as I’ve been assured by Todd Lewis, Executive Director of IT-oLogy in Columbia, that POSSCON will return in 2015.
The good news is that in lieu of POSSCON, IT-oLogy is throwing what promises to be a big shindig of an enterprise level open source conference in Atlanta. Called Great Wide Open, the conference is less than a month away, scheduled to get cranked-up on April 2nd and 3rd at the 200 Peachtree Special Events & Conference Center in downtown Atlanta.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
FOSS Week in Review
Botnet steals bitcoins
We figure that any currency that can’t be safely tucked into a mattress isn’t secure, so we haven’t been too quick to jump on the bitcoin bandwagon. Needless to say, we weren’t surprised on Monday when Reuters reported that there’s a botnet on the loose with the aim of stealing the virtual currency.
According to the Chicago based security firm Trustwave, hundreds of thousands of computers have been infected with “Pony” malware to form a botnet going after bitcoin and other virtual currencies. So far, at least 85 virtual wallets have been stolen.
FOSS Week in Review
The day we fought back
Tuesday, February 11th, The Day We Fight Back, has come and gone. Whether the event was a success, failure or fell somewhere in between depends on whom you read.
Surprisingly, the biggest naysayer was probably the New York Times, which started an article. “The Day the Internet Didn’t Fight Back,” with the line, “So much for mass protest.” It appears as if the Times’ metric for this judgement was the lack of participation by some sites which took part in the online SOPA protest a couple of years back.
At about 1 p.m. this afternoon the security company behind the WordFence plugin for WordPress issued a security advisory via email informing users of their plugin that WordPress sites are currently under a brute force attack.
“As of 11am eastern time this morning we are monitoring the largest distributed brute force attack on WordPress installations that we’ve seen to date. The real-time attack map on www.wordfence.com became so busy that we’ve had to throttle the amount of traffic we show down to 4% of actual traffic.
“A brute force attack is when an attacker tries many times to guess your username password combination by repeatedly sending login attempts. A distributed brute force attack is when an attacker uses a large number of machines spread around the internet to do this in order to circumvent any blocking mechanisms you have in place.”
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
FOSS Week in Review
Canadians spy at airports
The more we see of the Snowden revelations the more we wonder, when did the English speaking world become a police state?
The latest news was reported January 30th by the Canadian Broadcasting Corporation (CBC), from which we learned that all the electronics eavesdropping hasn’t been being conducted solely by the U.S. and the Brits. The Canadians have had their hand in it too.
It seems that Communications Security Establishment Canada (CSEC), a Canadian spy agency, has been using the free Wi-Fi at “a major Canadian airport” to track wireless devices, which presumably would include laptops as well as phones and tablets. The surveillance would continue for days after visitors passed through the airport.
The fact that we don’t know Mr. Nadella’s exact age is telling, revealing a man who has spent his career keeping a low profile and evidently keeping his private life private. We do know that he was born in 1967, the year of the “Summer of Love” to us aging hippies, the same year the Beatles released the Sgt.Pepper’s album. After earning a bachelor’s degree in India, he came to the U.S. where he earned an MS in Computer Science from the University of Wisconsin–Milwaukee and an MBA from the University of Chicago Booth School of Business. He spent a brief period working for Sun before joining the staff at Microsoft in 1992.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux