Tux Machines
Posted by Roy Schestowitz on Apr 27, 2023,
updated Apr 27, 2023
=> Today in Techrights | Create a Great-Looking Static Blog From Your Linux Terminal With Bashblog
=> ↺ Security updates for Wednesday [LWN.net]
Security updates have been issued by Fedora (chromium, lilypond, and lilypond-doc), Oracle (java-1.8.0-openjdk), Red Hat (emacs, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, kernel-rt, pesign, and virt:rhel, virt-devel:rhel), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), Slackware (git), SUSE (fwupd, git, helm, and runc), and Ubuntu (firefox, golang-1.18, linux-hwe-5.15, and openssl, openssl1.0).
=> ↺ TOTP authentication with free software
One-time passwords (OTPs) are increasingly used as a defense against phishing and other password-stealing attacks, usually as a part of a two-factor authentication process. Perhaps the most commonly used technique is sending a numeric code to a phone via SMS, but SMS OTPs have security problems of their own. An alternative is to use time-based one-time passwords (TOTPs). The normal TOTP situation is to have all of the data locked into a proprietary phone app, but it need not be that way.
The TOTP approach is simple enough; it starts with a secret shared between the client and server sides. The algorithm used to generate an OTP starts by looking at the current time, usually quantized to a 30-second interval. That time is combined with the secret, hashed, and used to generate a six-digit code that is used as the password. Both the client and server sides will generate a code at authentication time; if the client can provide the same code that the server calculates, then authentication succeeds. The code can only be used once and, in any case, is only valid for a short period.
=> ↺ Nunn announces bipartisan plan to prevent school cyberattacks
Third District Congressman Zach Nunn is supporting federal legislation aimed at preventing school cyberattacks like the one that canceled classes for Des Moines students for two days earlier this year.
The measure would make federal officials available to advise school districts on ways to improve network security and respond to hacking attempts. Nunn described it as a 911 call center for school cyberattacks. The bill would also create a voluntary registry to gather information about attacks happening nationwide.
=> ↺ Jackson school gives update on November cyberattack
The November ransomware attack forced Jackson and Hillsdale schools to shut down for days.
At the time details were limited, but now officials say the ones behind the attacks were international, adding it was a Jackson technician that first discovered something wasn’t right. […]
With the investigation now complete officials believe the international group known as the ‘Hive’ found a window into the network and looked for personal information to sell on the dark web.
UPDATE
Some more stories:
=> ↺ Sen. Warner: AI firms should put security at the center of their work
The top Democrat on the Senate Intelligence Committee wants answers to questions ranging from supply chain security to privacy.
=> ↺ Microsoft removes LSA Protection from Windows settings to fix bug
Microsoft has fixed a known issue triggering Windows Security warnings that Local Security Authority (LSA) Protection is off by removing the feature's UI from settings.
=> ↺ Event Wrap: PITA Working Group Meeting on Cybersecurity and Protection Initiatives
Adli Wahid shares ways the Internet community can collaborate on cybersecurity at the PITA Working Group Meeting on Cybersecurity and Protection Initiatives, held online on 6 April 2023.
=> gemini.tuxmachines.org This content has been proxied by September (ba2dc).Proxy Information
text/gemini;lang=en-GB