The exploit, patched since April, only affects customers running on-premises versions of GitLab and doesn't affect GitLab.com.
Posts published in “Security”
The Electronic Frontier Foundation wants to protect you from warrantless searches by computer repair people and they’re looking for your help.
Roblimo’s Hideaway
Warrant? Hah! Did John Wayne ever get a warrant? Fourth Amendment, you say? We don’t need no stinking amendments around here. We’re Geek Squad and we’re on the side of THE LAW, so if we find anything illegal on your computer and hand it to the FBI, you have no right to complain, pilgrim, and we deserve a reward!
Robin “Roblimo” Miller is a freelance writer and former editor-in-chief at Open Source Technology Group, the company that owned SourceForge, freshmeat, Linux.com, NewsForge, ThinkGeek and Slashdot, and until recently served as a video editor at Slashdot. Now he’s mostly retired, but still works part-time as an editorial consultant for Grid Dynamics, and (obviously) writes for FOSS Force.
No one has ever been shot by a hacker who was breaking into their computer through the Internet. Not so for thieves coming in through the back door.
Roblimo’s Hideaway
I wrote a piece titled No, Evil Hackers Aren’t After You, and promptly had 17 zillion readers (by actual count) get mad at me for not taking their security concerns seriously. I still think the idea of a giant robot eyeball on a flexible stalk growing out of your microwave oven is still a little silly, and I believe there are many simple, down-to-Earth security problems to worry about before you try to spot rogue CIA agents watching your house from a grassy knoll in Dallas.
Robin “Roblimo” Miller is a freelance writer and former editor-in-chief at Open Source Technology Group, the company that owned SourceForge, freshmeat, Linux.com, NewsForge, ThinkGeek and Slashdot, and until recently served as a video editor at Slashdot. Now he’s mostly retired, but still works part-time as an editorial consultant for Grid Dynamics, and (obviously) writes for FOSS Force.
We certainly hope that FedEx shows more concern over the safety of its drivers and pilots than it shows to customers wanting to order printing online.
FedEx is making you an offer you can’t afford to accept. It’s offering to give you $5 (actually, it’s a discount on orders over $30) if you’ll just install Adobe Flash on your machine.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
Humankind has outgrown the need to have monsters hiding under our beds. Now we let them hide in our phones, computers and microwave ovens.
Roblimo’s Hideaway
OMG! I think I see a giant camera lens on a long stalk sticking out of my microwave oven! It uses X-rays in addition to visible light, so it can look through the kitchen wall into my home office and watch me type. That’s right. Type. Maybe pet the dog a little or something like that. No contact with the Russian government. No secret conversations with Barack Obama or other members of the Deep State who are bent on overthrowing America’s elected President.
Robin “Roblimo” Miller is a freelance writer and former editor-in-chief at Open Source Technology Group, the company that owned SourceForge, freshmeat, Linux.com, NewsForge, ThinkGeek and Slashdot, and until recently served as a video editor at Slashdot. Now he’s mostly retired, but still works part-time as an editorial consultant for Grid Dynamics, and (obviously) writes for FOSS Force.
No matter what you might have heard or read, it appears as if last week’s defacement of openSUSE’s news site didn’t affect download images of either openSUSE or SLES.
There’s a good chance you’ve already heard the news that a week ago today the openSUSE News site was defaced with an anti-ISIS message by a Kurdish group. Yup, that happened and was quickly fixed. You might also have heard that the hack went much deeper and that openSUSE, perhaps even SUSE, might have hosted hacked versions of their distros with a newly added backdoor. Nope. All indications are this never happened.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
In the technology age, there might be some before unknown advantages to living on the bottom rungs of the economic ladder. The question is, do they outweigh the disadvantages.
Roblimo’s Hideaway
Earlier this week I saw a ZDNet story titled Vizio: The spy in your TV by my friend Steven J. Vaughan-Nichols. Scary stuff. I had a vision of my wife and me and a few dozen of our closest friends having a secret orgy in our living room, except our smart TV’s unblinking eye was recording our every thrust and parry (you might say). Zut alors! In this day of Internet everywhere, we all know that what goes online, stays online. Suddenly our orgy wasn’t secret, and my hopes of becoming the next President were dashed.
Except… lucky me! I’m poor, so I have an oldie-but-goodie dumb TV that doesn’t have a camera. There’s no way my old Vizio can spy on us. As Mel Brooks didn’t quite say, “It’s good to be the poverty case.”
Robin “Roblimo” Miller is a freelance writer and former editor-in-chief at Open Source Technology Group, the company that owned SourceForge, freshmeat, Linux.com, NewsForge, ThinkGeek and Slashdot, and until recently served as a video editor at Slashdot. Now he’s mostly retired, but still works part-time as an editorial consultant for Grid Dynamics, and (obviously) writes for FOSS Force.
Evidently DevOps running MongoDB haven’t heard the word about the latest round of ransomware targeting the database, as the numbers of deployments with data being held for ransom continues to rise.
Last week when the news started hitting the net about ransomware attacks focusing on unprotected instances of MongoDB, it seemed to me to be a story that would have a short life. After all, the attacks weren’t leveraging some unpatched vulnerabilities in the database, but databases that were misconfigured in a way that left them reachable via the Internet, and with no controls — like a password other than the default — over who had privileges. All that was necessary to get this attack vector under control was for admins to be aware of the situation and to be ready and able to reconfigure and password protect.
Guess what? It hasn’t gone down that way — at least not so far.
On Wednesday when I wrote about this there had been about 2,000 databases attacked. By this morning, according to eWeek, over 10,000 databases have been affected. What’s more, last week it appeared as if all of the attacks were being carried out by one person or organization. Now there are at least five organizations steadily working in an attempt to turn unprotected databases into bitcoins.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
After you get Linux up and running on your computer, there are still a few things left to do. Here’s a short list that newcomers might find helpful.
Linux for Newcomers
Those who are new to Linux might just go to work right away after installing, or having someone else install, GNU/Linux. However, there are a few things you should do first. Some of them, such as updating your system and activating the firewall, are essential. Others are just things you do to customize your Linux experience.
Here’s a short checklist of things to do after you get Linux up-and-running on your computer. You should consider the first two items on this list as being required, with all the other items being optional. The list is specific to Linux Mint 18.x Xfce Edition, so if you’re using another flavor of Linux, you’ll be better off searching for another list.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
Regardless of what you may have read elsewhere, the Linux Mint team takes security very seriously and wants you to keep your system up-to-date.
Swapnil Bhartiya gets it wrong.
Let me start by pointing out that Bhartiya is not only a capable open source writer, he’s also a friend. Another also: he knows better. That’s why the article he just wrote for CIO completely confounds me. Methinks he jumped the gun and didn’t think it through before he hit the keyboard.
The article ran with the headline Linux Mint, please stop discouraging users from upgrading. In it, he jumps on Mint’s lead developer Clement Lefebvre’s warning against unnecessary upgrades to Linux Mint.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
After announcing in September that 500 million accounts had been compromised in a 2014 security breach, the company announces today that an additional billion accounts have been hacked in a separate incident.
Breaking News
If you’re a Yahoo user, you should strongly consider closing your account. If you decide to keep your account open, you might as well post your username and password to Facebook and send them out in a tweet, for all the good Yahoo’s security precautions will do for you.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux