SHA-1 Breakage?

Users of GnuPG, OpenSSL and Git could be in danger from an attack that’s practical for ordinary attackers to carry out.


Info on California schools and Las Vegas attacks


Android flaw being exploited in the wild.
"..some Android devices, including the Pixel 2, Samsung S7-S9, Moto Z3, and Huawei P20, among others."


Hey, CheckPeople - your 22GB database containing 56 million US people's details is open for all, out of China.



LINUX

How to find high CPU consumption processes in linux
Or just install Glances, which gives you this and more.


5 favorite linux sysadmin tools

Wherefore Art Thou, Citrix?

Attackers are scanning for vulnerable Citrix servers. Secure yours NOW.


Firefox 0-day - Active Attacks
Update NOW.


5 ways to do serverless on Kubernetes
I have no idea what it means, but Kubernetes is a buzzword lately.


How to set up an anonymous ftp download server in Fedora

You Bomb - We'll Tech

Linksys routers, already able to sense movement, will soon be able to monitor your breathing.  I feel queasy.  Naturally this means they will sell millions to well-meaning idiots, who will then complain when their health info and movement history gets into the hands of the insurance industry and hackers.


REvil ransomware exploiting VPN flaws made public last April.


DHS warns of Iranian cyber threat.


Remember - Windows end of support for Windows 7 ends 1/14/2020.
Does it matter? 7 will keep operating. Have you gotten 10 yet? Should you?
-abandon ship.... move to a different OS.


3 Google Play apps exploit android Zero-Day used by NSO group.


City of Las Vegas got breached. No info about severity, method, or backups.



LINUX

How to delete a directory in linux - several different ways.

How to use apparmor: restrict programs' capabilities with per-program profiles



EDITORIAL

Diversity - why open source needs to work on it in 2020

I call BS.

Diversity is like Affirmative Action - discriminatory, demeaning, divisive, and possibly damaging.  I am not restricting this to any business or group: it's all inclusive.

Ask yourself, if you were doing the hiring, do you hire the minority because they're a minority, or do you hire the right person for the job, minority or not?

As someone who did a bit of hiring, in the end, I hired the most competent for the job. In addition to being the only smart decision, I'd have to deal with a less than spectacular hire when they couldn't do their job. No one has the time to train then retrain. I don't have the patience. I want the right person for the job. Someone who is smart enough to figure out what they don't know. Their color, ethnicity, gender, or what they identify as, is a non-starter. It also doesn't matter after they get hired. The fact that they're good at their job will be noticed and appreciated.

In spite of my horrible attitude, all my hires stuck.

It's Tuesday. It could be worse. It could be Monday

More malicious Google Play apps.


An unpatched government website just got pwned by an Iranian script-kiddie.
Hey, at least we bombed them.



iPhone ios13 keeps reminding you an app is tracking you. For each app.



Placed over lock screen, fake Win10 desktop tries to scam by pretending to be police, locking your screen for illegal activity


Apparently getting breached over 20 times upsets the FTC. InfoTrax Systems only detected the last breach when the servers went over capacity and has settled with the FTC. Now you know where to go when you need back-end ops systems and MLM software. Be prepared for neck injuries from shaking your head when you read this.


An IT executive embezzled $6 million and just got caught by Word doc metadata.
Microsoft comes through again!


Travelex, an international foreign currency exchange company, got hit with ransomware, demanding $3 million.

Ladies and Gentlemen, this is a business opportunity. Gather a sheaf of papers (or usb drive) with each significant breach listed. Explain backups. Sell them backups and installation. None of these breaches had backups, reliable or otherwise. Also include a patching service, which is another way the ransomware can get in. As for employee clicking, perhaps a flamethrower. Start small.


EA boots linux users of Battlefield V.
F them with fire.

Today's News

I just stepped in to say that, in today's news, there is no news.
Therefore there will be no blog entry.
Except this one.

Sue the Ransomware - How's That Workin Out for Ya?

Maze ransomware has been sued for publishing victim's stolen data.
They're suing John Doe for injunctive relief and damages.
The anonymous John Doe.
I want to sue the anonymous IRS.

In related news, ransomware attackers are offering holiday discounts and greetings. This makes Black Friday even funnier.

Hey, Kids, it's us - the guys who encrypted your network and stopped business for a few weeks. We noticed that you haven't paid the ransom, and wanted to extend a 25% holiday discount! (and if you act now, we'll throw in the name of a reliable backup company)


While I'm chaining these together (very loosely), Starbucks devs left the API key in GitHub public repo.

The Happy New Year News

Landry's, a popular restaurant owner, was hit by credit card stealing malware.
They own 60 well known brands and own over 600 restaurants.  You have to give them credit - the malware was on their systems from March 13 to October 17. They got right on it. Naturally they are very sorry.


Virus types - take a look.


All Caterpillar padlocks use the same key.
We're doomed.





LINUX

5 New Years resolutions for linux folk
#4 confuses me to no end


Commands: Random one-liners
"Take my CLI, please."


Key considerations when choosing a robot's operating system:
that it not be Windows


8 quick file searching tools
Haven't tried all of them yet, but I like AngrySearch. Just for the name.