Tux Machines
Posted by Roy Schestowitz on Jan 19, 2025
=> Malware in Proprietary Software - 2024 Catch-up | Kodi 21.2 "Omega" - Release
=> ↺ Six vulnerabilities in rsync announced and fixed in a day
Don't panic. Yes, there were a bunch of CVEs, affecting potentially hundreds of thousands of users, found in rsync in early December – and made public on Tuesday – but a fixed version came out the same day, and was further tweaked for better compatibility the following day.
There are no known attacks exploiting the flaws in the wild.
=> ↺ 2025.01.18: As expensive as a plane flight
You'll be much more motivated to upgrade if you instead hear examples of post-quantum crypto already being deployed. It can't be that difficult if it's already working for millions of users.
The popular OpenSSH remote-administration tool rolled out post-quantum crypto in 2022. Google rolled out post-quantum crypto for its internal communications later the same year. Cloudflare, which hosts a considerable fraction of the Internet's web sites, reports that 33% of its connections are using post-quantum crypto as of January 2025.
I'll take a moment here to advertise some of my own work with various collaborators. If you're using Linux as a sysadmin or on the desktop, try our new easy-to-install PQConnect tool, which wraps end-to-end post-quantum cryptography around unmodified applications. If you're a developer, try out the simple API for libmceliece and libntruprime.
=> ↺ Microsoft stops using Bing to trick people into thinking they’re on Google
Microsoft has quietly killed off its spoofed Google UI that it was using to trick Bing users into thinking they were using Google. Earlier this month you could search for “Google” on Bing and get a page that looked a lot like Google, complete with a special search bar, an image resembling a Google Doodle, and even some small text under the search bar just like Google search.
=> ↺ Chinese hackers infiltrated US Treasury Secretary's PC — attackers had access to over 400 PCs
The perpetrators reportedly accessed files belonging to Secretary Janet Yellen and other high-ranking officials. Over 400 computers and over 3,000 unclassified files were compromised, exposing sensitive information related to sanctions, law enforcement, and international affairs. The scale of compromised systems and files far exceeds initial reports.
=> ↺ Biden signs 11th-hour cybersecurity executive order
This latest presidential mandate follows a year of unprecedented attacks by Chinese government spies who have been spotted lurking in federal and telecommunications networks and burrowing into critical infrastructure to prep for future destructive cyberattacks.
Additionally, ransomware criminals disrupted thousands of pharmacies and hospitals across the US and stole sensitive information belonging to around 100 million people after locking up Change Healthcare's systems in February.
=> gemini.tuxmachines.org This content has been proxied by September (3851b).Proxy Information
text/gemini;lang=en-GB