Who’s Lying About Whisper?


Threats to our Civil Liberties, how Big Brother keeps snooping on us!

Originally posted on Uncrunched:

Separately, Whisper has been following a user claiming to be a sex-obsessed lobbyist in Washington DC. The company’s tracking tools allow staff to monitor which areas of the capital the lobbyist visits. “He’s a guy that we’ll track for the rest of his life and he’ll have no idea we’ll be watching him,” the same Whisper executive said. – The Guardian

As far as I can tell from what The Guardian has alleged, and from Whisper’s denials, what happened is this:

1. When talking to potential partners, Whisper hypes its ability to track users so that those partners will know who the anonymous sources are and then write stories based on the data. The screenshot of the Whispers being written from (or near) the White House supports this (below), as does the quote above.


2. But when Whisper talks to the public, they say different things and deny that…

View original 98 more words

CAINE Linux Distribution Helps Investigators With Forensic Analysis


There is no shortage of Linux distributions to serve specific markets and use cases. In the security market, a number of Linux distributions are widely used, including Kali Linux, which is popular with security penetration testers. There’s also CAINE Linux, which is focused on another area of security. CAINE, an acronym for Computer Aided INvestigative Environment, is a Linux distribution for forensic investigators. Instead of penetration testing tools, CAINE is loaded with applications and tools to help investigators find the clues and data points that are required for computer security forensics. Among the tools included in CAINE are memory, database and network analysis applications. CAINE is built on top of the Ubuntu Linux 14.04 distribution that was released in April. Rather than use the Ubuntu Unity desktop environment, CAINE uses the MATE desktop. The CAINE 6.0 “Dark Matter” operating system was first released on Oct. 7 and includes new and updated applications to help forensics investigators. CAINE can be run as a live image from a CD or USB memory stick and can also be installed onto a user’s hard drive.


Read more at: http://www.eweek.com/security/slideshows/caine-linux-distribution-helps-investigators-with-forensic-analysis.html

Munich Library offers free Ubuntu 12.04 CD’s for Windows Users!


, , , , , , , , , ,

The city of Munich is now providing free Ubuntu 12.04 LTS (Precise Pangolin) CDs for the citizens of the city, in an effort to increase the adoption of open source software.
Munich has been at the center of a very heated debate this past couple of months, after the media picked up some statements made by a couple of people from the mayor’s office regarding a switch to back to Windows from Linux.

In case you are not up to speed with everything, you have to know that the administration of the city has switched from Windows to a Linux operating system. The implementation of an open source solution took years, but in the end the Munich authorities said that they had managed to save millions of dollars, a sum that has been disputed by Microsoft on a number of occasions.

The latest heated debate regarding this migration was all about nothing. The LiMux project that is now running in Munich is quite successful and it’s safe from any kind of lobbying or political interference from the local government. Its creators made sure that no one could interfere with it, unless there was a good reason to do it.

Now, it looks like Munich is also trying to educate its citizens in the use of open source and the Munich City Library is providing free Ubuntu 12.04 LTS (Precise Pangolin) CDs to anyone who wants one, free of charge. This is not the first time that the Library had this initiative, but it seems that the new one was announced soon after the Microsoft and Windows debacle in the news.

Read more at: http://news.softpedia.com/news/Munich-Library-Now-Offers-Free-Ubuntu-12-04-CDs-for-People-with-Windows-Systems-457939.shtml

Mission to Mars – Powered by Linux


, , ,

ISRO Control Centre“India’s Mars Orbiter Mission successfully entered Mars’ orbit last Wednesday, becoming the first nation to arrive on its first attempt and the first Asian country to reach the Red Planet.

“We have gone beyond the boundaries of human enterprise and human imagination,” declared India’s Prime Minister Narendra Modi, who watched from the space agency’s nerve center in Bangalore. “We have accurately navigated our spacecraft through a route known to a very few.”

The staff at the Indian Space Research Organization erupted into applause and cheers after learning that the Mars Orbiter Mission, also known as Mangalyaan, reached the planet’s orbit and made history.

Before Wednesday, only the United States, Europe and the Soviets have successfully sent spacecraft to Mars.

“The odds were stacked against us,” Modi said. “Of the 51 missions attempted so far, a mere 21 had succeeded. But we have prevailed.”

And India reached Mars with significantly less money.

With a price tag of $74 million, the Mars Orbiter Mission cost a mere fraction of the $671 million NASA spent on its MAVEN spacecraft, which arrived to Mars earlier this week.

Red_Hat_ISRO screenshot

CNN reports …

Firejail – A Security Sandbox for Mozilla Firefox


Security, a growing problem everywhere ( even on Linux ); but this sandbox for Firefox  looks to be useful!

Originally posted on l3net - a layer 3 networking blog:

We often find ourselves running applications we received in binary format. These include not only traditional software installed on our computers, but also unauthenticated programs received over the network and run in web browsers. Most of the time these applications are too complex to be bug-free, or can come from an adversary trying to get access to our system.

Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications. The core technology behind Firejail is Linux Namespaces, a virtualization technology available in Linux kernel. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table, IPC space.

Introducing Firejail

The program is written in C and only needs libc and POSIX threads (libpthreads), available by default on any Linux platform. The

View original 659 more words

Shellshock hits Linux – via bash


, ,

A “deadly serious” bug potentially affecting hundreds of millions of computers, servers and devices has been discovered.

The flaw has been found in a software component known as Bash, which is a part of many Linux systems as well as Apple’s Mac operating system.

The bug, dubbed Shellshock, can be used to remotely take control of almost any system using Bash, researchers said.

Some experts said it was more serious than Heartbleed, discovered in April.

“Whereas something like Heartbleed was all about sniffing what was going on, this was about giving you direct access to the system,” Prof Alan Woodward, a security researcher from the University of Surrey, told the BBC.

“The door’s wide open.”

Some 500,000 machines worldwide were thought to have been vulnerable to Heartbleed. But early estimates, which experts said were conservative, suggest that Shellshock could hit at least 500 million machines.

The problem is particularly serious given that many web servers are run using the Apache system, software which includes the Bash component.

Patch immediately

Bash – which stands for Bourne-Again SHell – is a command prompt on many Unix computers. Unix is an operating system on which many others are built, such as Linux and Mac OS.

The US Computer Emergency Readiness Team (US-Cert) issued a warning about the bug, urging system administrators to apply patches.

However, other security researchers warned that the patches were “incomplete” and would not fully secure systems.

Of particular concern to security experts is the simplicity of carrying out attacks that make use of the bug.

Shellshock rates a 10 on the scale of vulnerabilities. As bugs go, it’s about as bad as it gets.

Except that the last big bad bug, Heartbleed, rated an 11, according to one expert.

That should mean Shellshock isn’t as bad. Right?

Maybe. It’s too early to tell.

With Heartbleed, more work had been done by the folks that found it so it was easier to estimate who was at risk. There were lots of big targets, many of which had large user populations.

With Shellshock, the sheer number of potential victims is higher. And we do know that an exploit has been produced and some folks are scanning sites to see which are vulnerable to attacks based around that code.

So far, what’s keeping servers safe is the fact that cyber thieves are lazy and tend to copy what has already worked. Finding exploits is specialised, hard work so they only tend to pile in once that appears. With that code already in circulation, the early news about Shellshock may just be the first tremor of a much bigger quake.

Read more at:    http://www.bbc.co.uk/news/technology-29361794

Apache Storm Graduates to a Top-Level Project

On September 17, the Apache Software Foundation (ASF) voted to graduate Apache Storm to a top-level project (TLP). This represents a major step forward for the project and represents the momentum built by a broad community of developers from not only Hortonworks, but also Yahoo!, Alibaba, Twitter, Microsoft and many other companies.

What is Apache Storm and why is it useful?

Apache Storm is a distributed, fault tolerant, and highly scalable platform for processing streaming data. Storm supports a wide range of use cases, including real-time analytics, machine learning, and continuous computation. It is also extremely fast, with the ability to process over a million records per second per node on a cluster of modest size.

With the explosion of data sources in recent years, many Apache Hadoop users have recognized the necessity to process data in real time while also maintaining traditional batch and interactive data workloads. Apache Storm fills that real-time role and (through YARN, the data operating system of Hadoop) it can be tightly integrated with many of the tools and technologies commonly found in the Hadoop ecosystem.

Apache Storm is deployed in production by hundreds of organizations including Twitter, Yahoo!, Cisco, Spotify, Xerox PARC, and WebMD where it forms the backbone of the company’s real-time data processing architecture. When combined with other Hadoop components and YARN as the architectural center that manages resources across all of those components, Storm represents an integral part of any big data strategy.
What does “graduation” mean for Apache Storm?

Ultimately, an open source project is only as good as the community that supports it. The community improves the quality of the project and adds features needed by end users. The ASF has been established to do exactly this: to set governance frameworks and build communities around open source software projects. Further, the ASF believes that the real life and future of a project lies in the vibrancy of its community of developers and users.

Apache Storm’s graduation is not only an indication of its maturity as a technology, but also of the robust, active community that develops and supports it. Apache Storm’s vibrant community ensures that Storm will continue to evolve to meet the demands of real-time stream processing and computation.

Read more at: http://hortonworks.com/blog/apache-storm-graduates-top-level-project/

Linux – Fedora 21 Alpha is finally here

Choosing a Linux distribution is much like choosing a car; there are many types. When people find a car company they like, there is a good chance that they will remain loyal. Believe it or not, I have only ever owned a Ford and I plan to keep it that way. My loyalty is not blind however, as I still demand a consistent quality product.


Much like my loyalty to Ford, I am also a Fedora loyalist as I love the foundation and yum package manager. Hell, I am also a huge fan of the GNOME environment, and Fedora is a great way to experience it in a pure state. Sadly, the Linux distro has been falling behind with version updates and we are approaching a year since the last one. Today however, Fedora 21 Alpha sees release, bringing us closer to a final product.

“The Fedora 21 Alpha release has arrived, with a preview of the latest free and open source technology under development. The Alpha release contains all the exciting features of Fedora 21’s products in a form that anyone can help test. This testing, guided by the Fedora QA team, helps us target and identify bugs. When these bugs are fixed, we make a Beta release available. A Beta release is code-complete and bears a very strong resemblance to the third and final release. The final release of Fedora 21 is expected in December”, says the Fedora Team.

Read more on: http://betanews.com/2014/09/23/fedora-21-alpha-is-finally-here-linux-fans-download-it-now/

Future KDE software will be simple by default, powerful when needed

KDE usability team lead Thomas Pfeiffer posted on the future roadmap of the KDE user interface and user experience on his blog. While he acknowledges that the great power and flexibility that comes with KDE Plasma and associated applications is the main reason behind its huge fanbase, in his opinion these are also the reasons why newbies get intimidated by the overwhelming number of features exposed at one place.

Thomas prefers a layered feature exposure so that users can enjoy certain advanced features at a later stage after they get accustomed to the basic functionality of the application. He quotes the earlier (pre-Plasma era) vision of KDE 4 – “Anything that makes Linux interesting for technical users (shells, compilation, drivers, minute user settings) will be available; not as the default way of doing things, but at the user’s discretion.” And he goes ahead to remind the simplified form in KDE HIG (Human Interface Guidelines) – “Simple by default, powerful when needed.”

Thomas also explained how that goal can be reached. The first step should be a well defined target audience and relevant use cases of an application. Once those are available, the goals of the application can be determined. These goals need to be categorized based on the frequency of using that goal by the target users.

As a practical example of this idea, Thomas discusses the new KMail UI which had 3 categories of such goals – common, uncommon and rare. Only the common goals were exposed in the main UI of the application by default. The only two functionalities chosen were quick checking of mails or replying to them. This aligns with the idea of “Simple by default”. Separate UI flows were designed to do not so regular tasks like retrieving an email from an otherwise rarely used folder or tag or writing a new mail with HTML formatting and attachment adding options. These options are presented on demand in agreement with the “powerful when needed” part.

read more at: http://www.themukt.com/2014/09/20/soon-kde-software-will-soon-simple-default-powerful-needed/

Italian court strikes blow for free software – slams Microsoft

Italy’s High Court has struck a blow to the practice of forcing non-free software on buyers of PCs and laptops. According to La Repubblica, the court ruled on Thursday that a laptop buyer was entitled to receive a refund for the price of the Microsoft Windows license on his computer.

The judges sharply criticised the practice of selling PCs only together with a non-free operating system as “a commercial policy of forced distribution”. The court slammed this practice as “monopolistic in tendency”. It also highlighted that the practice of bundling means that end users are forced into using additional non-free applications due to compatibility and interoperability issues, whether they wanted these programs or not.

“This decision is both welcome and long overdue”, said Karsten Gerloff, President of the Free Software Foundation Europe. “No vendor should be allowed to cram non-free software down the throats of users.”

Free Software Foundation Europe has been long fought the “Windows tax”, as the involuntary payment to Microsoft is often called. The organisation maintains a wiki page with advice for consumers who want to avoid funding the development of non-free software, and accounts from people who have successfully returned the licenses they were forced to buy.

More on Free Software Foundation https://fsfe.org/news/2014/news-20140912-01.en.html


Get every new post delivered to your Inbox.