Corona Malware

This blog has been suspended for a bit because it's practicing social distancing.
Or no one reads it.
Or I'm too lazy.
Or the stripper stories go on the other blog.

See you soon.

COVIDCOVIDCOVIDCOVID

Now that we have that our of our system....


Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records

MISconfigured or NOT configured?

Attack Surface, Vulnerabilities Increase as Orgs Respond to COVID-19 Crisis

Top 5 Open Source Serverless Security Tools

Open-source project spins up 3D-printed ventilator validation prototype in just one week

Rogers Data Breach Exposed Customer Info in Unsecured Database

Tools to Access The Linux File System from Windows

Open Source Cloud Storage: 14 Top Tools

What do you not want right now? A bunch of Cisco SD-WAN, Webex vulnerabilities? Here are a bunch of them

Surge in home working highlights Microsoft licensing issue: if you are not on subscription, working remotely is a premium feature

Thought you'd go online to buy better laptop for home working? Too bad, kid. So did everyone. Laptops, monitors and WLANs fly off shelves

The lesson here is to always have a high performance laptop. Presenting it to your spouse is your own business.

IT Security Report Finds 97 Percent Have Suspicious Network Activity

SHOCKING!

LINUX

How to Install OwnCloud on Ubuntu 18.04

How to Check Bad Sectors or Bad Blocks on Hard Disk in Linux

Using Keepalived for managing simple failover in clusters

How To Sync Browser Profile Into Tmpfs (RAM) In Linux

Browser Privacy Wars

TrueFire Guitar Tutoring Website Suffers Magecart-style Credit Card Breach

ahem... go ahead and piss off a group of people with very heavy guitars, who can't count past 4.  

1...2...3...4...


Well, it's not exactly a war. It's not even a friendly competition.
In fact, it's not even a topic.
Here's a study that ranks the privacy of major browsers.

I disagree with some of it - form your own opinion.



Surveillance Company Says It's Deploying 'Coronavirus-Detecting' Cameras in US

U.S. government, tech industry discussing ways to use smartphone location data to combat coronavirus

Pervasive digital surveillance of citizens deployed in COVID-19 fight, with rules that send genie back to bottle

Sense a theme here?

LINUX   

Exploring the Linux /proc filesystem

it's like spelunking without all that being outside and exertion  

How To Disable Unattended Upgrades On Ubuntu

Viewing and configuring password aging on Linux

How Red Hat tackles security

very carefully, so it doesn't get traumatic brain injury  

Brave Goes After Google

Brave browser delivers on promise, files GDPR complaint against Google.
Should be interesting...


Windows 10 now runs on 1 billion devices

What do you expect? The 10,000lb gorilla cornered the market.

Now we must suffer.

Fake Coronavirus Quarantine Text Messages May Be Result of Cyberattack

I know we need the rule of law, but if the actor is found and his name released, maybe nature will take care of itself...

LINUX

Restic – A Fast, Secure And Efficient Backup Application

How to Install R on CentOS 8

I prefer Q

CentOS 8 set up WireGuard VPN server

Open source alternative for multi-factor authentication: privacyIDEA

The $199 Pinebook Pro Gets Even Better With New Manjaro KDE Version

at this price, but a few

How to Install RPM on CentOS

New Webpage Intros the Benefits to using Ubuntu and WSL on Windows 10

We built a castle on the moors and it sank. We built another castle and IT sank [Monty Python]

New Ubuntu Linux Security Updates Arrive for All Supported Releases

Coronavirus Ate My RAM

List of Free Software and Services During Coronavirus Outbreak

Research Finds Microsoft Edge Has Privacy-Invading Telemetry

we're shocked... SHOCKED

Microsoft Teams goes down just as Europe logs on to work remotely

Senate bill would ban TikTok from government phones

seriously? Drunk AND asleep at the wheel

Princess Cruises Confirms Data Breach

these guys couldn't sneeze without screwing it up

Microsoft: WSL2's Linux kernel will be delivered to Windows 10 users via Windows Update

Satan called, requested blankets and a heater.

Smart home developers raise concerns about Alexa and Google Assistant security  What security?

Live Coronavirus Map Used to Spread Malware

Data of millions of eBay and Amazon shoppers exposed

BUCKETS - surprise!

LINUX

Vim Tips – Edit Remote Files With Vim On Linux

Tails 4.4 Anonymous OS Released with Tor Browser 9.0.6

How to Set Up NFS Server and Client on CentOS 8

How to Install Perl Modules Using CPAN on CentOS 8

MS Delivers Patch to Save You from Last Patch

Microsoft delivers emergency patch to fix wormable Windows 10 flaw

Modern RAM used for computers, smartphones still vulnerable to Rowhammer attacks      They said they'd get right on it - what the hell do you want from them?  

Say hello to your new best friend 'LVI' - another security flaw in CPUs for Intel

WordPress Plugin Bug Allows Malicious Code Injection on 100K Sites

it's been a while since the last WordPress bug.. earlier in the week, I think.  

Office 365 ATP To Block Email Domains That Fail Authentication

of course you'd have to use Office 365 to get this feature. I don't think it's worth it.

New CoronaVirus Ransomware Acts as Cover for Kpot Infostealer

Data of millions of eBay and Amazon shoppers exposed

LINUX   

Regular Expressions in Grep (Regex)

I prefer exclamatory expressions  

Sysadmin tools: exa, a modern alternative to ls in Linux

Coronavirus Crosses to Computers

Crafty Web Skimming Domain Spoofs “https”
What WHO calling the coronavirus outbreak a pandemic means

it means more headlines to beat the dead horse. It also means a ton of people working from home. Is your infrastructure up to it?


Federal report warns U.S. is unready for a cyberattack
I could have produced this report at a cost of $1 million and 6 minutes.






LINUX


How to Install and Configure an NFS Server on Ubuntu 18.04

How To Disable Touchpad While Typing In Ubuntu Using Syndaemon Program

Introduction to the alternatives command in Linux

3 ways to configure a network interface in Linux

5 Ways To Repeat Your Last Command In Linux

Told You So

The Internet of Things is a security nightmare reveals latest real-world analysis: unencrypted traffic, network crossover, vulnerable OSes

And the best part of it? Hospitals are most at risk

US telcos tossed yet another extension to keep going with Huawei kit despite America's 'security threat' concerns   Yes, we're damn serious about security.

This after we gave them $1 billion to help them change gear.

Anonymous secret sharing app Whisper left sensitive profile data exposed for years   The database was not password protected and anyone could search and download it

Who are they hiring to do this stuff?

Nobody. Bob the janitor did it for free.

Some mobile ad-blockers and VPNs siphoning user data, report finds

Who coulda seen that coming? It's just an analytics company....

L1ght Looks to Protect Internet Users from Toxic and Predatory Behavior

I can guarantee no good will come of this. But it's for the children......

LINUX  

How to Start Linux Command in Background and Detach Process in Terminal

You-Get – downloader that scrapes the web

How to Enable Nested Virtualization in VirtualBox on Linux

Would that be a swallow's nest? Swallows are non-migratory

Automatically Optimize CPU Speed And Power With Auto-cpufreq In Linux

7 tips to speed up your Linux command line navigation

Your spouse yelling "HURRY UP" is not one of them

Symantec Won't Defend Against Coronavirus

7 Cloud Attack Techniques You Should Worry About

US Govt Shares Tips to Defend Against Coronavirus Cyber Scams

AMD Ryzen 4000 Laptops Will Allegedly Last up to 18 Hours

provided you don't turn it on.....

New AMD Side Channel Attacks Discovered, Impacts Zen Architecture (AMD Responds)

'Unfixable' boot ROM security flaw in millions of Intel chips could spell 'utter chaos' for DRM, file encryption, etc

McAfee doesn't protect against coronavirus

Coronavirus warning spreads computer virus

Zynga faces class action suit over massive Words With Friends hack

Windows Explorer Used by Mailto Ransomware to Evade Detection

Carnival Cruise Line Operator Discloses Potential Data Breach

The Linux Foundation is Sometimes Against Linux and Its Official Blog Posts Come From Microsoft Veterans This Month (Nowadays It's Not Even Shocking)

You can now jailbreak an iPhone with an Android phone

Open Snitching

Let's (not) Encrypt discovers CAA bug, must revoke customer certificates






LINUX

Are you ready?
Open Snitch is available, forked from the original, which went tits-up.
It monitors outgoing traffic, like a firewall. You can control connections per app.

Ubuntu shortcuts everyone should know
except, possibly, non-Ubuntu users


Bash script to check how long the high CPU/memory consumption processes runs


Pkill command
killall is much more satisfying


Wine 5.3 released.
Comes with much stuff


Watching activity with watch and tail commands

Set Up the Jails!

WireGuard - fast, modern and secure VPN tunnel


How to set up chroot jails


How to create and launch Ubuntu VMs with Multipass


Android-x86 9.0 released - run Android 9 Pie on your pc


Hiding Windows file extensions is a security risk - enable now
This title was brought to you by 1998


Windows 10 1909 starts getting Microsoft's fluent icons
Users who have updates turned off will get these first


Hackers can use ultrasonic waves to secretly control voice assistant devices
If these things murdered family members, people wouldn't unplug them...


GhostCat - high risk vuln affects servers running Apache Tomcat

Internet of Shit Strikes Again

New wifi vulnerability only affects over a billion devices. Not to worry.

Unpatched security flaws open connected vacuum to takeover

Internet of Flaws for me, please. A huge frickin slow motion train wreck.

Hackers scanning for vulnerable MS Exchange Servers - patch now

Or, you know, use linux





LINUX


How to recover a root password in Red Hat based systems

How to clear swap memory

swap it out.

How to create a user that cannot log in

Sysadmins - your troubles are over  

Red Hat enterprise 7 and CentOS 7 receive important kernel security update

Microsoft wants to do away with Windows 10 local accounts.
Suggestion: do away with Windows 10.


Multiple WordPress plugin vulnerabilities actively being attacked
I feel safe with WordPress because it gets patches out quickly.
I'd rather not patch WordPress every week.


How to install PHP7 on CentOS 7
very carefully


MySQL create user accounts and grant privileges


Firefox now getting its own sandbox
In which you cannot play




LINUX

Top 48 linux interview questions and answers

1. Do you use linux?
2. Ever see a server?
3. HIRED!

Wait command with examples
Nah -I don't wait well.

Leak in Secure White House Communications

No, seriously... the Defense Information Systems Agency exposed personal info of government employees, including social security numbers.    Feel safe, with this bunch securing us.


Firefox turns on DNS over HTTPS (by default)
With their upcoming VPN, data goes through Cloudflare.
With this, you have a choice of Cloudflare or NextDNS.
Tough choice.


Raccoon malware steals data from nearly 60 apps, including popular browsers.


Mozart Malware uses DNS to communicate with remote attackers.


Credit card skimmer running on 13 sites, despite notification. Includes list.

there is enough crap to worry about with insecure design or no thought to security, 'unsophisticated' users, and now companies that ignore active breach warnings. I wonder what would happen if the credit card companies 'forgot' to renew their access.....


Critical RCE bug in OpenBSD SMTP server threatens linux distros



LINUX

How to use restricted shell to limit user access

Pit it in the Cloud - What Could Go Wrong?

TOLD YOU SO:

NRC health ransomware attack prompts patient data concerns.


Emotet still around, renews itself


7 Tips to improve employees' mobile security
take away their phones


How to install Google Chrome on Kali linux
Pt 2: How to install Windows on Kali linux


Microsoft Brings Defender Antivirus for Linux, Coming Soon for Android and iOS    That same great performance - on other platforms!

Privacy concerns raised over new Google Chrome feature
found in file chrome.exe


Win 10 gets temp patch for critical flaw fixed in buggy update
temporary fix for problem in regular update on buggy platform...

Tricking the Tesla

Hackers can trick a Tesla into accelerating by 50 miles per hour

Driverless cars are not ready for prime time - you can do all sorts of things to distract them. Like I said quite a while back.

Microsoft Quadrifecta  

Subdomain hijacking problem

Microsoft Rolls Out New Windows 10 Optional Update Experience

You get the experience that you can choose updates. But you can't.

Windows 10 KB4532693 Update Bug Reportedly Deletes User Files

Microsoft rolls out colorful new Windows 10 icons

Colorful new icons, same shitty performance

MGM Grand Breach Leaked Details of 10.6 Million Guests Last Summer

unauthorized access to cloud server   - but it was only 10.6 mil - why so upset?

LINUX  

Limit The Number Of SSH Logins Per User/Group/System

Surviving a security audit with enterprise Linux

Is Linux Foundation a Microsoft Branch Now?

4 ways to kill unresponsive apps in Debian 10

YES - a hammer will work. NO - hardware is expensive.

It's the Bucket Lady!

That's Boo-KAY.


Private photos leaked by PhotoSquare's unsecured cloud storage.
By this, of course I mean open buckets.



US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility

Ummm.... yeah.. it makes sense (to me) to secure infrastructure. Maybe I'm alone.

BingWall is —Yes, a Bing Wallpaper App for Ubuntu

As South Park says, Jesus Tapdancing Christ, was the dev drunk?

Firefox 73.0.1 released with fixes for Win, Mac, and linux.

But we're not going to tell you what they are 

ISPs sue Maine - web privacy law violates their free-speech rights

because customers would have to opt-in before the ISPs can share your data

LINUX   

How to create new groups with groupadd command

groupadd Led Zeppelin  

Give your firewall a security boost  

with new Security Meth!  

Is your HOSTS file over 16G too?

Post Valentine's Day Massacre

As the result of a Freedom of Information Act (FOIA) request, you can now take the NSA's course on python, for beginners. They describe the training materials as lightly redacted. Even training materials contain information you aren't cleared for. State secrets. Espionage aids. Venom with Python - a free course.

I wouldn't download any training materials, if I were you.




8 things users do that make security pros miserable.

1. breathe
2. touch computers

The Free Software Foundation sent Microsoft an empty hard drive, demanding the source code to Windows 7. Microsoft responded immediately, saying they were sending the source code down via Santa Claus.

Lenovo, HP, Dell periphals face unpatched firmware bugs

10 "Sweyntooth" Bluetooth bugs found

Microsoft Confirms Windows 10 KB4524244 Issues and Pulls the Update

Windows 10 users affected by new shutdown bug - how to fix

del c:\*.*

Linux   

4 ways to generate a strong pre-shared key

How to set up IPsec-based VPN with Strongswan on Debian and Ubuntu

Useful console services

Practical example of du and awk commands

Put hands under armpits. Run around saying AWK AWK

How to zoom tmux panes for better text visibility

Intel's Clear Linux kicking butt in tests

How to chown recursively

Cod

Dell SupportAssist bug exposes business, home PCs to attacks

"preinstalled on most of all new Dell devices running Windows"

Will automatically update if if auto upgrades are enabled.


Windows Server 2008 servers don't boot after KB4539602 (wallpaper bug)


Docker registries expose hundreds of orgs to malware, data theft


South Korea's government explores upgrading to linux






Linux


Cod: new command line autocomplete daemon for bash and zsh that detects --help usage


How to change the time limit for a sudo session


How to encrypt and decrypt files from CLI with OpenSSL on Mac and linux


How to ping a specific port


OpenShot video editor just got a massive update


Stuff in linux 5.6 kernel

Intel Beats Ubuntu?

Emotet now hacks nearby insecure wi-fi networks


Google Chrome will block a number of file downloads over non-secure connections.  I so love helpful software.


Win 7 won't shut down
I don't even have to make this stuff up


Win 10 users PISSED over search failure
MS issues lame, incorrect excuse


Why you can't bank on backups to fight ransomware anymore
Because the thieves are stealing info and ransoming it.


RobbinHood ransomware successful because deprecated driver signing


Why is the healthcare industry still so bad at cybersecurity?


Estee LKauder exposes 440M records, with email addresses, network info.





Linux


Linux OS from Intel beating Win 10 and Ubuntu, on AMD hardware
Intel Clear Linux        [using Phoronix test]


How fast are your disks? Find out using fio


How to install Seafile to syn and share files on Ubuntu


How to add and delete static route using IP command


8 ways to check memory usage


What's the difference between grep, egrep, fgrep
the spelling


How to run single command on multiple remote systems at once


Ubuntu 20.04 will ship with linux 5.4


Linux access control lists


for people who like self-torture, undo and redo in vim/vi


Limit the impact of a security intrusion with systemd security directives.


Python if.else statement


Disable swap



The (#*@ing spellchecker spontaneously disappeared. This is not a good thing.

Exfiltrating Data by Semaphore

Researchers transmit data by altering screen brightness


Laser-assisted hard drives
with frickin sharks


Betcha didn't know Wacom drivers monitor 3rd party software....
will also tell you when you need a shower


Critical android Bluetooth flaw exploitable without user intervention.
Fixed by Google


Latest Win 10 update problems and how to fix them
del c:\*.*




Have a fun weekend.
If you can't have a fun weekend, have a weekend.

Meh-dicaid

Oregon Medicaid breach.
Never mind that a transportation vendor has PHI...


Mailto/NetWalker ransomware targets enterprise networks





LINUX

Browse the web with Vim using Vimium
Vim isn't enough torture by itself?


lsmod command



Bash command line exit codes demystified

Moving fast in your shell
fzf - Fuzzy Find - brings up my picture

Shoot/Shot Your Screen

15 notable open source apps

Your Philips Hue light bulbs can still be hacked — and until recently, your network

Ring lets users opt out of receiving police video requests


Trivial backdoor found in firmware for Huawei products
Who would've trivially thought?




Linux

8 ways to take a screenshot


Make your scripts executable everywhere


Wireguard VPN comes to linux
VPNs will change forever with arrival of WireGuard into linux

CLI Wireshark?

Wireshark-based Termshark 2.1
Not 100% sure why CLI, but here it is. Faster than a GUI-laden packet capture, more powerful than CAT, able to leap tall stack heaps in a single keypress....

Written in Go
(so it won't stop?)


Free Software (as in Copyleft/GPL) Will Eventually Win for the Same Reasons GNU/Linux Did

New ransomware doesn’t just encrypt data. It also meddles with critical infrastructureYes, kids, it triple encrypts and goes after hardcoded industrial systems.


Google may have shared your videos with strangers
And Twitter gave a person's account to his school.




LINUX  


How to use Nginx as an HTTP load balancer in linux
I'm more interested in how to pronounce Nginx


How to zip folder

1. take folder
2. zip

How to Monitor Log Files with Graylog v3.1 on Debian 10

Dogs, Cats, and Ransomware Living Together!

The Sodinokibi ransomware group is sponsoring a hacking contest.
The future is NOW.


Trello info found in Google, boards left open.
Trello's default is closed, so do the math


Speaking of which, 200k WordPress sites vulnerable to plugin flaw.
From observation, the only change here is which vulnerability


The UN was hacked because of an unpatched SharePoint server.
That's it - kick them out.



Know why Gentoo is known as a secure distro?
Because most humans can't install it, no less work it.


Trickbot uses new Win10 UAC bypass to launch quietly
Overall, I'd say the UAC has been a real success


MS detects new Evil Corp malware attacks
C'mon - like they're really separate entities...


Top 14 open source web development tools
No, it doesn't come with instructions on how to leave your buckets open 

LINUX 

You can't stream Picard on linux w/o this workaround
more DRM crap


Snowflake is the SSH GUI you didn't know you needed


Bash break and continue
break and continue is my M.O.


How to install software through Flatpak on Debian 10
I was right! I was right! You have to install Flatpak first!

UK Solves IoT Security Issues

Yes, the UK has come through for its citizens, and the citizens of the world, with legislation that IoT devices cannot have default passwords. No longer will they have any IoT issues!

Government never met a thing they couldn't make worse with legislation.


In a race with Microsoft, Sprint exposed their support portal to the world.






LINUX


How to encrypt partitions with VeraCrypt on Debian 10


Basic network troubleshooting with nmap


Kali first release of 2020  (ethical hacking OS)


CBS All Access serves ads, but not content, to linux users.
What's that phrase?  "Perhaps a hot poker up the old wazoo will help them see reason."


32 bit linux will keep going, into the future
I just resurrected an old laptop with 32 bit. This is good news.





Everybody has problems. Even blog authors. Even me!
One of my old laptops was so old (how old was it?) it was so old, it had a dual boot with linux and Win XP. I made an account for Mrs lefty and it was 'her' laptop. After noticing it gathered more dust than my tech gadgets, I decided to update it and make it ready to act as a spare, for the next time something stupid happened to my other laptop. And by something stupid, I mean something I did.

It booted with its usual efficiency and I noticed the boot option screen was very much Not There. Then I noticed it booted into a GRUB rescue prompt. I decided right away that I didn't like this and rebooted. Like all bad news, it repeated itself.

Naturally, I cannott remember a single GRUB rescue command.
The internet had several suggestions, or rather several hundred suggestions. Most were based upon the same 2 suggestions: use a very confusing set of command line inputs, or some other thing I probably should've written down. I tried 'Some Other Thing,' largely because it required much less typing.  It failed miserably, making assumptions about what I wanted. Method #1, with tons of input and 2 variations was tried. It was a boot repair, so it looked pretty good, and I was advised it was safe - I couldn't hurt anything. They obviously don't know me.  The results were not correct and not even predictable: the machine booted right into XP. This was not handy, convenient, or even correct. It was the least important thing on the entire hard drive.

Another option was this BOOT REPAIR image, which I downloaded and put on a usb stick. Booted up, hit the SAFEr option, and rebooted. It guessed completely wrong. The 2nd time, it was even more wrong. People raved about this option, so I guess they, like me, just like to see the world burn.

Speaking of hard drives, I had about 7 partitions and needed to remember what they all contained. XP was not helping, and I still didn't have my boot choice screen. To make things even more amusing, my bootup partition was different from my root partition, which did not exist in any help document or suggestion. I am a very special person, with very special options.

So I typed more commands and reinstalled GRUB. This actually worked!
And when I say 'worked,' I mean it installed a fresh copy of GRUB, which merely booted to the GRUB (not rescue) prompt. Some would scream. Some would pull out their own hair. Some would pull out someone else's hair. I laughed maniacally.

If this were Windows, I'd put in an install cd, do a REPAIR, and be done with it.
Since this is a multi-boot system, they would nuke every partition that wasn't Windows. I'm having a good time here.

I decided on the high yield nuclear option (no, not to reinstall each OS): I'd get out my linux install disk and bloody fix it that way. I'd be up to date, and I could spend the next 10 hours setting it up, hopefully undisturbed.

Install I did. gparted helped me remember which partition was which, and off I was. Really far off. I use a different partition for HOME, so I made sure Xubumtu knew it was the HOME partition. When I rebooted, there was the bloody GRUB selection menu! I could boot into whatever I wanted! The sun had come out. I could hear the cherubim singing outside, warbling horribly out of tune on some current song I've never heard. Supermodels kept calling and coming to the door.

So there I was, with a current laptop, needing just a short 10 hours to customize it to my liking. I had to look through the Xubuntu archives for a 32 bit version, as this laptop must be from 1975 and had an unthinkable amount of RAM (2G). Fortunately 32 will continue, per the above.

As my 10 hours uninterrupted started, I discovered there would be a slight modification to uninterrupted, this being Wife, who had all the sudden gotten chatty, and needed to be reminded ever hour or so that this was Uninterrupted Time.

"HI how are you did I tell you about my day Guess where I went - guess Wrong HAHA - I went to visit your mother She's in rare form, but at least she tried to cook her steak before eating it cuz you remember what happened last time What are we having for dinner No, I'm not hungry now but what if I need to get something from the store I stopped at a major anchor store and looked at shoes but it was only a look because I already have most of them The sales staff all liked my jewelry like normal I really have to get some new jewelry Since most of it came from Arizona anyway we should take a trip OMG they won't let the dog sit with us shes too big to fit under the seat and if we tell them she's a helper dog, she'll probably bark the entire plane flight and you know you can't stop her when she starts....

Hi. Hello. HELLO. HHHHEEELLLLOOOOO???

Oh, I'm sorry, was I talking too much?

Only when your mouth was moving. Why do you speak in paragraphs?

My mom does that It's not the first time anybody said that to me Are you working on my laptop What happened What's wrong Why did it happen Do you mean your MAIN laptop..

HELLOOOOOOOOO????

Oh, sorry.

Remember I said I was configuring the laptop?

Why?

I said I needed some quality, uninterrupted time with it.

Oh, I'm sorry. I'll shut up now [tv turns on]

[5 minutes]

Do you need anything from the store I'm going food shopping later What are you doing Why...

UNINTERRUPTED.

Oh, sorry.

[5 minutes]

Oh I love this show What did you want for dinner I thought of a good slaughterhouse we can tour tomorrow...

STILL uninterrupted.

I'm sorry (makes zipping up lip motion)

[5 minutes]

I'm going on the back steps I have to pay some bills.

STILL uninterrupted.

I know, I'm just saying..

You're ALWAYS just saying.

Well, I'm just saying...

STOP saying. I really need to get this done. If I don't, the zombies will eat me.

OOH! I love those zombie movies I know I said I would be quiet but just one thing My favorite Z-level movie is coming on at 8:30 You don't mind missing all your shows tonight so I can watch it I'm going to visit my mom this weekend No you can not have Emilia Clarke babysit you so don't ask You think you're so funny...

When I die, will you still be talking? Will you dig my body up and regale it with what you found on sale today? We can get you permission to dig me up regularly. Yes, they'll let you run the Caterpillar. Yes, you can put your 8' pink Barbie flag on it.

Ubiquiti Hears You on the Toilet

Ubiquiti UniFi routers will beam performance data back to mothership automatically. You just try opting out....


Win 10 update fixes file explorer bugs


OOPS - Wawa breach breach - possibly more than 30 million cards
Wawa is assuring people they'll help




LINUX

How to use iptables


What's new in Ubuntu 20.04 LTS?
exotic Gnome theme! How Exciting!
And so much more!
Ok, one thing more.


Ubuntu invites Win 7 users with linux switch guides
very smart, imho


How to install Yii PHP framework on CentOS 8
$5* to anyone who can explain what this means.

*not really

How to use when conditionals in Ansible playbook
$10* for this one

*not really also

Monday Malware

Microsoft's IE Zero Day Fix is breaking some Windows Printing
This is a mess. Many other symptoms.

10% of all Macs have Schlayer malware

UK proposal mandates IoT security



Linux

How to resume partially transferred files over ssh using rsync


How to prepare for the Red Hat Certified Processional (RHCP) exam


Linux on laptops: sometimes later is better

scrcpy added to Debian testing: allows controlling android devices from the desktop

pidof will print the PIDs of all running programs that match with the given name

You Picked a Bay Day to Be in IT

Microsoft Search Office 365 ProPlus Bing Force
These are all very bad keywords. Read at your own peril.


German car renter Buchbinder exposed a 10T MSSQL backup.
How?  Unsecured.


Critical unpatched bugs in hospital devices
Please don't fuck with the patients. Telling them they're dead might sound like fun, but you probably shouldn't.


How to secure Apache with Let's Encrypt SSL cert on CentOS 8
Otherwise, Let's NOT Encrypt


Looking for silver linings in the CVE-2020-0601 crypto vuln


Cisco warns of critical network security tool flaw


LINUX

How to find broken symlinks and delete them


tcpdump


How to check and kill zombies (processes) in Debian 10


Terminal Phase - space shooter game that runs in terminal


Set up passwordless logins using public/private keys




FRIDAY THOUGHTS  

• Be green (it looks really funny)
• Over the weekend, treat yourself to some really good stuff: ice cream, bbq, sleep
• Just say NO to clicking anything
• Touch yourself (if no one else will)

Pay Pay Pay the Ransomware

In a recent survey, 33% of ransomware victims are paying.
In other news, there is a severe shortage of backup systems people.


Google researchers find serious privacy risks in Safari's anti-tracking protections.

This is the most irony you'll see this month.

Apple addresses iDevice 11 location problem
that wasn't a problem when asked initially






LINUX  


How to compare local and remote files


Zorin OS 15.1 review


s-tui CPU monitoring/stress testing tool


Wine 5.0 released - multi monitor support


bandwich - bandwidth tool for lin and macOS

Beware of Tomato(es)

Routers running Tomato are being probed for default credentials and remote administration, attempting to add it to the Muhstik botnet.

I'm hoping that anyone smart enough to use alternative firmware is smart enough not to use default credentials and leave remote admin on. We shall see.


Recognizing router problems


Final Win7 update gives some users wallpaper problems: installs a black wallpaper. Can you imagine the horrors? All network staff pulled off updates to see to floor staff about this horrendous side effect. All other work stopped, weekend hours authorized. Emergency protocols in effect. Therapists brought in to talk to the users down.


The German government has to pay $887,000 for Win 7 support because they didn't move to Win 10.  As much as I hate MS, it wasn't like they didn't provide notice of end-of-life for Win 7. This really shouldn't have been a shock to anybody.

Speaking of which....
Microsoft discloses security breach of customer support database.
Let's face it - they couldn't get much.




LINUX

The userdel command. It (hold on...) deletes users

dnf-automatic: install security updates automatically in Cent)S 8

Put Passwords in the Cloud. What's the worst that could happen?

Lastpass has been down for days. Staff is hard to reach or denying there's an issue on Twitter.


Citrix ships patch for VPN vuln



600 computers taken down in Volusia County Public Library system cyberattack.
50 back up.


Hans Andersson online payment portal hacked, info stealer injected for 2 months.


More than 500k telnet credentials for IoT devices leaked.
This is a biggie.


Apple is genuinely concerned about your privacy. Except if the FBI asks.




LINUX


Official Kubuntu laptop goes on sale.
Starting at $2395, I'd buy a good laptop and load Xubuntu, as I've done since my first laptop.


Locking and unlocking accounts

Yet Another Win10 Vuln to be Patched

A new RDP vulnerability included in the WIN10 EMERGENCY PANIC PATCH!


Critical Cisco flaws now have PoC exploit


Satan ransomware born again
I love this title.


A comprehensive view of pen testing


So those thermal paste syringes?
No, parents, your kids aren't on drugs.
Keep one on your desk - people go mad






LINUX

df vs du commands

How to mount a drive

broot is an interactive treeview directory navigation tool for the CLI
inspired by tree

11 linux browsers
no, Goog Chrome, Opera are not open source
Falkon is pretty good, fast
(Web) Epiphany is a little silly and doesn't have many options, but this blog is put together on it
Links is the Stuff!

Trust No One

A Practical Guide to Zero-Trust Security


Online pharmacy PlanetDrugsDirect discloses breach


Critical WordPress but leaves 320,000 sites open to attack
it's like MS: Gee, what's wrong this week?


Hey, all the hoo-ha over the Win10 bug?  A researcher used it to Rickroll the NSA and Github
The good news? Firefox may be exempt.
The bad news? NSA employees can't get "Never Gonna Give You Up" out of their heads.




LINUX


systemd service sandboxing and security handling 101


How to get your IP address on linux

Patch em if you Got em

Patch Win10 and Server now because certificate validation is broken
They're not kidding
This discovery was per NSA.
They probably installed it.


The patch fixes 50 security holes (Krebs)

Oracle previous all time patch high (300+)





LINUX

How to completely delete a file

How to use the ss command

How to temporarily drop admin privs to admins using delayed admin

6 best CCleaner alternatives for Ubuntu

It's Only 200 Million Cable Modems

JS Vulnerability affects 200 million cable modems


Never before-seen virus in China kills one, spreads to Thailand.
McAfee won't fix.


First 2020 Patch Tuesday grumbling


Microsoft spots malicious npm package stealing data from UNIX systems.
Not widespread but notable.
Have I mentioned the world is ending?



LINUX

You can now run android 10 on your PC with AndEX10, an android-x86 fork, Also in a VM. It's $9.
Of course most of us can't run android 10 on our phones....


How much education do you need to be a linux sysadmin

Citrix, Cisco, whatever....

Citrix ADC CVE-2019-19781 Exploits Released, Fix Now!

PoC exploits released for Citrix ADC and Gateway RCE vulns

Cisco webex bug allows remote code execution.

Sodinokibi ransomware publishes stolen data for the first time

not only stolen, but published

LINUX 

How AppArmor can protext your linux system

Microsoft proprietary software that spies on everyone 'does an AWS' on free software

10 methods to view different file formats in linux

Linus Torvalds says "Don't use ZFS" - but doesn't seem to understand it

SHA-1 Breakage?

Users of GnuPG, OpenSSL and Git could be in danger from an attack that’s practical for ordinary attackers to carry out.


Info on California schools and Las Vegas attacks


Android flaw being exploited in the wild.
"..some Android devices, including the Pixel 2, Samsung S7-S9, Moto Z3, and Huawei P20, among others."


Hey, CheckPeople - your 22GB database containing 56 million US people's details is open for all, out of China.



LINUX

How to find high CPU consumption processes in linux
Or just install Glances, which gives you this and more.


5 favorite linux sysadmin tools

Wherefore Art Thou, Citrix?

Attackers are scanning for vulnerable Citrix servers. Secure yours NOW.


Firefox 0-day - Active Attacks
Update NOW.


5 ways to do serverless on Kubernetes
I have no idea what it means, but Kubernetes is a buzzword lately.


How to set up an anonymous ftp download server in Fedora

You Bomb - We'll Tech

Linksys routers, already able to sense movement, will soon be able to monitor your breathing.  I feel queasy.  Naturally this means they will sell millions to well-meaning idiots, who will then complain when their health info and movement history gets into the hands of the insurance industry and hackers.


REvil ransomware exploiting VPN flaws made public last April.


DHS warns of Iranian cyber threat.


Remember - Windows end of support for Windows 7 ends 1/14/2020.
Does it matter? 7 will keep operating. Have you gotten 10 yet? Should you?
-abandon ship.... move to a different OS.


3 Google Play apps exploit android Zero-Day used by NSO group.


City of Las Vegas got breached. No info about severity, method, or backups.



LINUX

How to delete a directory in linux - several different ways.

How to use apparmor: restrict programs' capabilities with per-program profiles



EDITORIAL

Diversity - why open source needs to work on it in 2020

I call BS.

Diversity is like Affirmative Action - discriminatory, demeaning, divisive, and possibly damaging.  I am not restricting this to any business or group: it's all inclusive.

Ask yourself, if you were doing the hiring, do you hire the minority because they're a minority, or do you hire the right person for the job, minority or not?

As someone who did a bit of hiring, in the end, I hired the most competent for the job. In addition to being the only smart decision, I'd have to deal with a less than spectacular hire when they couldn't do their job. No one has the time to train then retrain. I don't have the patience. I want the right person for the job. Someone who is smart enough to figure out what they don't know. Their color, ethnicity, gender, or what they identify as, is a non-starter. It also doesn't matter after they get hired. The fact that they're good at their job will be noticed and appreciated.

In spite of my horrible attitude, all my hires stuck.

It's Tuesday. It could be worse. It could be Monday

More malicious Google Play apps.


An unpatched government website just got pwned by an Iranian script-kiddie.
Hey, at least we bombed them.



iPhone ios13 keeps reminding you an app is tracking you. For each app.



Placed over lock screen, fake Win10 desktop tries to scam by pretending to be police, locking your screen for illegal activity


Apparently getting breached over 20 times upsets the FTC. InfoTrax Systems only detected the last breach when the servers went over capacity and has settled with the FTC. Now you know where to go when you need back-end ops systems and MLM software. Be prepared for neck injuries from shaking your head when you read this.


An IT executive embezzled $6 million and just got caught by Word doc metadata.
Microsoft comes through again!


Travelex, an international foreign currency exchange company, got hit with ransomware, demanding $3 million.

Ladies and Gentlemen, this is a business opportunity. Gather a sheaf of papers (or usb drive) with each significant breach listed. Explain backups. Sell them backups and installation. None of these breaches had backups, reliable or otherwise. Also include a patching service, which is another way the ransomware can get in. As for employee clicking, perhaps a flamethrower. Start small.


EA boots linux users of Battlefield V.
F them with fire.

Today's News

I just stepped in to say that, in today's news, there is no news.
Therefore there will be no blog entry.
Except this one.

Sue the Ransomware - How's That Workin Out for Ya?

Maze ransomware has been sued for publishing victim's stolen data.
They're suing John Doe for injunctive relief and damages.
The anonymous John Doe.
I want to sue the anonymous IRS.

In related news, ransomware attackers are offering holiday discounts and greetings. This makes Black Friday even funnier.

Hey, Kids, it's us - the guys who encrypted your network and stopped business for a few weeks. We noticed that you haven't paid the ransom, and wanted to extend a 25% holiday discount! (and if you act now, we'll throw in the name of a reliable backup company)


While I'm chaining these together (very loosely), Starbucks devs left the API key in GitHub public repo.

The Happy New Year News

Landry's, a popular restaurant owner, was hit by credit card stealing malware.
They own 60 well known brands and own over 600 restaurants.  You have to give them credit - the malware was on their systems from March 13 to October 17. They got right on it. Naturally they are very sorry.


Virus types - take a look.


All Caterpillar padlocks use the same key.
We're doomed.





LINUX

5 New Years resolutions for linux folk
#4 confuses me to no end


Commands: Random one-liners
"Take my CLI, please."


Key considerations when choosing a robot's operating system:
that it not be Windows


8 quick file searching tools
Haven't tried all of them yet, but I like AngrySearch. Just for the name.