At least 30 WordPress plugins are actively being exploited by a pair of similar trojans that put a backdoor on websites and redirect traffic to malware infected sites.
Posts published in “Security”
It appears that Erik Finman has been paying attention to the examples being set by a certain former president on how to run a successful business.
While the Open Source Security Foundation is active in all areas pertaining to open source security, developers might be most interested in OpenSSF’s free online Developing Secure Software certification program.
The exploit, patched since April, only affects customers running on-premises versions of GitLab and doesn't affect GitLab.com.
The Electronic Frontier Foundation wants to protect you from warrantless searches by computer repair people and they’re looking for your help.
Roblimo’s Hideaway
Warrant? Hah! Did John Wayne ever get a warrant? Fourth Amendment, you say? We don’t need no stinking amendments around here. We’re Geek Squad and we’re on the side of THE LAW, so if we find anything illegal on your computer and hand it to the FBI, you have no right to complain, pilgrim, and we deserve a reward!
Robin “Roblimo” Miller is a freelance writer and former editor-in-chief at Open Source Technology Group, the company that owned SourceForge, freshmeat, Linux.com, NewsForge, ThinkGeek and Slashdot, and until recently served as a video editor at Slashdot. Now he’s mostly retired, but still works part-time as an editorial consultant for Grid Dynamics, and (obviously) writes for FOSS Force.
No one has ever been shot by a hacker who was breaking into their computer through the Internet. Not so for thieves coming in through the back door.
Roblimo’s Hideaway
I wrote a piece titled No, Evil Hackers Aren’t After You, and promptly had 17 zillion readers (by actual count) get mad at me for not taking their security concerns seriously. I still think the idea of a giant robot eyeball on a flexible stalk growing out of your microwave oven is still a little silly, and I believe there are many simple, down-to-Earth security problems to worry about before you try to spot rogue CIA agents watching your house from a grassy knoll in Dallas.
Robin “Roblimo” Miller is a freelance writer and former editor-in-chief at Open Source Technology Group, the company that owned SourceForge, freshmeat, Linux.com, NewsForge, ThinkGeek and Slashdot, and until recently served as a video editor at Slashdot. Now he’s mostly retired, but still works part-time as an editorial consultant for Grid Dynamics, and (obviously) writes for FOSS Force.
We certainly hope that FedEx shows more concern over the safety of its drivers and pilots than it shows to customers wanting to order printing online.
FedEx is making you an offer you can’t afford to accept. It’s offering to give you $5 (actually, it’s a discount on orders over $30) if you’ll just install Adobe Flash on your machine.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
Humankind has outgrown the need to have monsters hiding under our beds. Now we let them hide in our phones, computers and microwave ovens.
Roblimo’s Hideaway
OMG! I think I see a giant camera lens on a long stalk sticking out of my microwave oven! It uses X-rays in addition to visible light, so it can look through the kitchen wall into my home office and watch me type. That’s right. Type. Maybe pet the dog a little or something like that. No contact with the Russian government. No secret conversations with Barack Obama or other members of the Deep State who are bent on overthrowing America’s elected President.
Robin “Roblimo” Miller is a freelance writer and former editor-in-chief at Open Source Technology Group, the company that owned SourceForge, freshmeat, Linux.com, NewsForge, ThinkGeek and Slashdot, and until recently served as a video editor at Slashdot. Now he’s mostly retired, but still works part-time as an editorial consultant for Grid Dynamics, and (obviously) writes for FOSS Force.
No matter what you might have heard or read, it appears as if last week’s defacement of openSUSE’s news site didn’t affect download images of either openSUSE or SLES.
There’s a good chance you’ve already heard the news that a week ago today the openSUSE News site was defaced with an anti-ISIS message by a Kurdish group. Yup, that happened and was quickly fixed. You might also have heard that the hack went much deeper and that openSUSE, perhaps even SUSE, might have hosted hacked versions of their distros with a newly added backdoor. Nope. All indications are this never happened.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
In the technology age, there might be some before unknown advantages to living on the bottom rungs of the economic ladder. The question is, do they outweigh the disadvantages.
Roblimo’s Hideaway
Earlier this week I saw a ZDNet story titled Vizio: The spy in your TV by my friend Steven J. Vaughan-Nichols. Scary stuff. I had a vision of my wife and me and a few dozen of our closest friends having a secret orgy in our living room, except our smart TV’s unblinking eye was recording our every thrust and parry (you might say). Zut alors! In this day of Internet everywhere, we all know that what goes online, stays online. Suddenly our orgy wasn’t secret, and my hopes of becoming the next President were dashed.
Except… lucky me! I’m poor, so I have an oldie-but-goodie dumb TV that doesn’t have a camera. There’s no way my old Vizio can spy on us. As Mel Brooks didn’t quite say, “It’s good to be the poverty case.”
Robin “Roblimo” Miller is a freelance writer and former editor-in-chief at Open Source Technology Group, the company that owned SourceForge, freshmeat, Linux.com, NewsForge, ThinkGeek and Slashdot, and until recently served as a video editor at Slashdot. Now he’s mostly retired, but still works part-time as an editorial consultant for Grid Dynamics, and (obviously) writes for FOSS Force.
Evidently DevOps running MongoDB haven’t heard the word about the latest round of ransomware targeting the database, as the numbers of deployments with data being held for ransom continues to rise.
Last week when the news started hitting the net about ransomware attacks focusing on unprotected instances of MongoDB, it seemed to me to be a story that would have a short life. After all, the attacks weren’t leveraging some unpatched vulnerabilities in the database, but databases that were misconfigured in a way that left them reachable via the Internet, and with no controls — like a password other than the default — over who had privileges. All that was necessary to get this attack vector under control was for admins to be aware of the situation and to be ready and able to reconfigure and password protect.
Guess what? It hasn’t gone down that way — at least not so far.
On Wednesday when I wrote about this there had been about 2,000 databases attacked. By this morning, according to eWeek, over 10,000 databases have been affected. What’s more, last week it appeared as if all of the attacks were being carried out by one person or organization. Now there are at least five organizations steadily working in an attempt to turn unprotected databases into bitcoins.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux