wlug October 2014

wlug@list.waikato.ac.nz

8 participants
55 discussions

by Peter Reutemann

Hi everyone We have a meeting coming up next Monday: "Virtualization has been become commonplace nowadays, with lots of different implementations. Docker provides an as-thin-as-possible approach, making use of the kernel's functionality of resource isolation, eliminating the need for installing an operating system for the guest system. Andrew Parnasov will give an introduction to Docker, how to set it up, how to use and what it can be used for." http://www.meetup.com/WaikatoLinuxUsersGroup/events/197652482/ Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

6 years, 8 months

Breaching Air-Gap Security With Radio

by Peter Reutemann

Not quite Linux, but interesting (scary?) nonetheless... "Security researcher Mordechai Guri with the guidance of Prof. Yuval Elovici from the cyber security labs at Ben-Gurion University in Israel presented at MALCON 2014 a breakthrough method ("AirHopper") for leaking data from an isolated computer to a mobile phone without the presence of a network. In highly secure facilities the assumption today is that data can not leak outside of an isolated internal network. It is called air-gap security. AirHopper demonstrates how the computer display can be used for sending data from the air-gapped computer to a near by smartphone. The published paper and a demonstration video are at the link." -- source: http://it.slashdot.org/story/14/10/31/141207 Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

6 years, 8 months

Vulnerabilities Found (and Sought) In More Command-Line Tools

by Peter Reutemann

"The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities. Two remote command execution vulnerabilities were patched this week in the popular wget download agent and tnftp client for Unix-like systems [also mentioned here]. This comes after a remote code execution vulnerability was found last week in a library used by strings, objdump, readelf and other command-line tools." -- source: http://it.slashdot.org/story/14/10/30/2130248 Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

6 years, 8 months

Linux computer program brings a smile where it's least expected

by Peter Reutemann

"Reglue is an organization that has been placing Linux computers in the homes of financially disadvantaged kids since 2005. The program started in central Texas and we'd love to see it grow [...]. Using Linux as the operating system has not been a matter of religion or partisanship. Not even a matter of personal choice. It's a matter of pragmatic necessity. To give you a better picture of why, here's the story of Ricky. In short: We installed a computer for a financially-disadvantaged kid. We taught that kid how to use the computer. That kid was supremely happy with his new Linux computer. We left. The end." -- source: http://opensource.com/life/14/10/reglue-program-linux-computers-kids Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

6 years, 9 months

Dangerous Vulnerability Fixed In Wget

by Peter Reutemann

'A critical flaw has been found and patched in the open source Wget file retrieval utility that is widely used on UNIX systems. The vulnerability is publicly identified as CVE-2014-4877. "It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP," developer Vasyl Kaigorodov writes in Red Hat Bugzilla. A malicious FTP server can stomp over your entire filesystem, tweets HD Moore, chief research officer at Rapid 7, who is the original reporter of the bug.' -- source: http://tech.slashdot.org/story/14/10/29/1333216 Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

6 years, 9 months

Fwd: [NZOSS-Openchat] Your Drupal website has a backdoor

by Peter Reutemann

Apologies if you received this already. Cheers, Peter ---------- Forwarded message ---------- From: Bevan Rudge Date: Thu, Oct 30, 2014 at 8:37 AM Subject: [NZOSS-Openchat] Your Drupal website has a backdoor If you administer a Drupal website or know anyone who does, please make sure they see this: Drupal Core - Highly Critical - Public Service announcement - PSA-2014-003 https://www.drupal.org/PSA-2014-003 The short version is; if a Drupal website was not patched within 7 hours of the announcement of Dupal-core-SA-2014-005 (aka Drupageddon) on 16 October (NZ time), it probably has backdoors, and data should be assumed to be compromised. The only safe and certain recovery is to get a new server and restore from backups from before that date. In many ways this is worse than Heartbleed because it is so easy much easier to exploit, and the attacker can get any data they ask for (with Heartbleed, I believe an attacker didn't know what data they were looking at) and control all of Drupal. Most attacks seem to be installing backdoors for sending spam or future amplification of other attacks. But there are many different types of exploits, so assume anything and everything. Cheers, Bevan/ http://Drupal.geek.nz http://Twitter.com/BevanR Sent from Auckland, New Zealand _______________________________________________ Openchat mailing list Openchat(a)lists.nzoss.org.nz http://lists.nzoss.org.nz/mailman/listinfo/openchat -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

6 years, 9 months

OpenBSD Drops Support For Loadable Kernel Modules

by Peter Reutemann

"The OpenBSD developers have decided to remove support for loadable kernel modules from the BSD distribution's next release. Several commits earlier this month stripped out the loadable kernel modules support. Phoronix's Michael Larabel has not yet found an official reason for the decision to drop support. He wagers that it is due to security or code quality/openness ideals." -- source: http://bsd.slashdot.org/story/14/10/28/1852214 Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

6 years, 9 months

Firefox OS Coming To Raspberry Pi

by Peter Reutemann

"Mozilla plans to build a version of its Firefox OS for use in the Raspberry Pi. Plans are afoot to build a version capable of (1) being run on the Pi hardware and (2) eventually achieving parity with Raspbian and (3) enable easy development for robotics." -- source: http://tech.slashdot.org/story/14/10/27/2348204 Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

6 years, 9 months

New Oculus SDK Adds Experimental Linux Support and Unity Free For Rift Headset

by Peter Reutemann

"Oculus, creator of the Rift VR headset, has released a new version of their SDK which brings with it long sought-after support for Linux, which the company says is "experimental." Linux support was previously unavailable since the launch of the company's second development kit, the DK2. The latest SDK update also adds support for Unity Free, the non-commercial version of the popular game authoring engine. Previously, Unity developers needed the Pro version—costing $1,500 or $75/month—to create experiences for the Oculus Rift." -- source: http://linux.slashdot.org/story/14/10/25/1725224 Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

6 years, 9 months

Italian Supreme Court Bans the 'Microsoft Tax'

by Peter Reutemann

'In a post at the Free Software Foundation, lawyer Marco Ciurcina reports that the Italian Supreme Court has ruled the practice of forcing users to pay for a Windows license when they buy a new PC is illegal. Manufacturers in Italy are now legally obligated to refund that money if a buyer wants to put GNU/Linux or another free OS on the computer. Ciurcina says, "The focus of the Court's reasoning is that the sale of a PC with software preinstalled is not like the sale of a car with its components (the 4 wheels, the engine, etc.) that therefore are sold jointly. Buying a computer with preinstalled software, the user is required to conclude two different contracts: the first, when he buys the computer; the second, when he turns on the computer for the first time and he is required to accept or not the license terms of the preinstalled software. Therefore, if the user does not accept the software license, he has the right to keep the computer and install free software without having to pay the 'Microsoft tax.'"' -- source: http://tech.slashdot.org/story/14/10/25/1443210 Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174

6 years, 9 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug October 2014