Hi everyone
We have a meeting coming up next Monday:
"Virtualization has been become commonplace nowadays, with lots of
different implementations. Docker provides an as-thin-as-possible
approach, making use of the kernel's functionality of resource
isolation, eliminating the need for installing an operating system for
the guest system.
Andrew Parnasov will give an introduction to Docker, how to set it up,
how to use and what it can be used for."
http://www.meetup.com/WaikatoLinuxUsersGroup/events/197652482/
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
Not quite Linux, but interesting (scary?) nonetheless...
"Security researcher Mordechai Guri with the guidance of Prof. Yuval
Elovici from the cyber security labs at Ben-Gurion University in
Israel presented at MALCON 2014 a breakthrough method ("AirHopper")
for leaking data from an isolated computer to a mobile phone without
the presence of a network. In highly secure facilities the assumption
today is that data can not leak outside of an isolated internal
network. It is called air-gap security. AirHopper demonstrates how the
computer display can be used for sending data from the air-gapped
computer to a near by smartphone. The published paper and a
demonstration video are at the link."
-- source: http://it.slashdot.org/story/14/10/31/141207
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
"The critical Shellshock vulnerabilities found last month in the Bash
Unix shell have motivated security researchers to search for similar
flaws in old, but widely used, command-line utilities. Two remote
command execution vulnerabilities were patched this week in the
popular wget download agent and tnftp client for Unix-like systems
[also mentioned here]. This comes after a remote code execution
vulnerability was found last week in a library used by strings,
objdump, readelf and other command-line tools."
-- source: http://it.slashdot.org/story/14/10/30/2130248
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
"Reglue is an organization that has been placing Linux computers in
the homes of financially disadvantaged kids since 2005. The program
started in central Texas and we'd love to see it grow [...].
Using Linux as the operating system has not been a matter of religion
or partisanship. Not even a matter of personal choice. It's a matter
of pragmatic necessity. To give you a better picture of why, here's
the story of Ricky.
In short: We installed a computer for a financially-disadvantaged kid.
We taught that kid how to use the computer. That kid was supremely
happy with his new Linux computer. We left. The end."
-- source: http://opensource.com/life/14/10/reglue-program-linux-computers-kids
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
'A critical flaw has been found and patched in the open source Wget
file retrieval utility that is widely used on UNIX systems. The
vulnerability is publicly identified as CVE-2014-4877. "It was found
that wget was susceptible to a symlink attack which could create
arbitrary files, directories or symbolic links and set their
permissions when retrieving a directory recursively through FTP,"
developer Vasyl Kaigorodov writes in Red Hat Bugzilla. A malicious FTP
server can stomp over your entire filesystem, tweets HD Moore, chief
research officer at Rapid 7, who is the original reporter of the bug.'
-- source: http://tech.slashdot.org/story/14/10/29/1333216
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
Apologies if you received this already.
Cheers, Peter
---------- Forwarded message ----------
From: Bevan Rudge
Date: Thu, Oct 30, 2014 at 8:37 AM
Subject: [NZOSS-Openchat] Your Drupal website has a backdoor
If you administer a Drupal website or know anyone who does, please
make sure they see this:
Drupal Core - Highly Critical - Public Service announcement - PSA-2014-003
https://www.drupal.org/PSA-2014-003
The short version is; if a Drupal website was not patched within 7
hours of the announcement of Dupal-core-SA-2014-005 (aka Drupageddon)
on 16 October (NZ time), it probably has backdoors, and data should be
assumed to be compromised.
The only safe and certain recovery is to get a new server and restore
from backups from before that date.
In many ways this is worse than Heartbleed because it is so easy much
easier to exploit, and the attacker can get any data they ask for
(with Heartbleed, I believe an attacker didn't know what data they
were looking at) and control all of Drupal.
Most attacks seem to be installing backdoors for sending spam or
future amplification of other attacks. But there are many different
types of exploits, so assume anything and everything.
Cheers,
Bevan/
http://Drupal.geek.nzhttp://Twitter.com/BevanR
Sent from Auckland, New Zealand
_______________________________________________
Openchat mailing list
Openchat(a)lists.nzoss.org.nz
http://lists.nzoss.org.nz/mailman/listinfo/openchat
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
"The OpenBSD developers have decided to remove support for loadable
kernel modules from the BSD distribution's next release. Several
commits earlier this month stripped out the loadable kernel modules
support. Phoronix's Michael Larabel has not yet found an official
reason for the decision to drop support. He wagers that it is due to
security or code quality/openness ideals."
-- source: http://bsd.slashdot.org/story/14/10/28/1852214
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
"Mozilla plans to build a version of its Firefox OS for use in the
Raspberry Pi. Plans are afoot to build a version capable of (1) being
run on the Pi hardware and (2) eventually achieving parity with
Raspbian and (3) enable easy development for robotics."
-- source: http://tech.slashdot.org/story/14/10/27/2348204
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
"Oculus, creator of the Rift VR headset, has released a new version of
their SDK which brings with it long sought-after support for Linux,
which the company says is "experimental." Linux support was previously
unavailable since the launch of the company's second development kit,
the DK2. The latest SDK update also adds support for Unity Free, the
non-commercial version of the popular game authoring engine.
Previously, Unity developers needed the Pro version—costing $1,500 or
$75/month—to create experiences for the Oculus Rift."
-- source: http://linux.slashdot.org/story/14/10/25/1725224
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
'In a post at the Free Software Foundation, lawyer Marco Ciurcina
reports that the Italian Supreme Court has ruled the practice of
forcing users to pay for a Windows license when they buy a new PC is
illegal. Manufacturers in Italy are now legally obligated to refund
that money if a buyer wants to put GNU/Linux or another free OS on the
computer. Ciurcina says, "The focus of the Court's reasoning is that
the sale of a PC with software preinstalled is not like the sale of a
car with its components (the 4 wheels, the engine, etc.) that
therefore are sold jointly. Buying a computer with preinstalled
software, the user is required to conclude two different contracts:
the first, when he buys the computer; the second, when he turns on the
computer for the first time and he is required to accept or not the
license terms of the preinstalled software. Therefore, if the user
does not accept the software license, he has the right to keep the
computer and install free software without having to pay the
'Microsoft tax.'"'
-- source: http://tech.slashdot.org/story/14/10/25/1443210
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174