@mcepl@floss.social avatar

mcepl

@mcepl@floss.social

Engineer at SUSE … All your Python are belong to me! … Christian, geek, happy father of two!

#Christian #Linux #Python #European #Czech

This profile is from a federated server and may be incomplete. View on remote instance

dangoodin , to Random stuff
@dangoodin@infosec.exchange avatar

Infrastructure used to maintain and distribute the Linux operating system kernel was infected for two years, starting in 2009, by sophisticated malware that managed to get a hold of one of the developers’ most closely guarded resources: the /etc/shadow files that stored encrypted password data for more than 550 system users, researchers said Tuesday.

The unknown attackers behind the compromise infected at least four servers inside kernel.org, the Internet domain underpinning the sprawling Linux development and distribution network, the researchers from security firm ESET said. After obtaining the cryptographic hashes for 551 user accounts on the network, the attackers were able to convert half into plaintext passwords, likely through password-cracking techniques and the use of an advanced credential-stealing feature built into the malware. From there, the attackers used the servers to send spam and carry out other nefarious activities. The four servers were likely infected and disinfected at different times, with the last two being remediated at some point in 2011.

An infection of kernel.org came to light in 2011, when kernel maintainers revealed that 448 accounts had been compromised after attackers had somehow managed to gain unfettered, or “root,” system access to servers connected to the domain. Maintainers reneged on a promise to provide an autopsy of the hack, a decision that has limited the public’s understanding of the incident.

In 2014, ESET researchers said the 2011 attack likely infected kernel.org servers with a second piece of malware they called Ebury. The malware, the firm said, came in the form of a malicious code library that, when installed, created a backdoor in OpenSSH that provided the attackers with a remote root shell on infected hosts with no valid password required. In a little less than 22 months, starting in August 2011, Ebury spread to 25,000 servers. Besides the four belonging to the Linux Kernel Organization, the infection also touched one or more servers inside hosting facilities and an unnamed domain registrar and web hosting provider.

A 47-page report summarizing Ebury's 15-year history said that the infection hitting the kernel.org network began in 2009, two years earlier than the domain was previously thought to have been compromised. The report said that since 2009, the OpenSSH-dwelling malware has infected more than 400,000 servers, all running Linux except for about 400 FreeBSD servers, a dozen OpenBSD and SunOS servers, and at least one Mac.

https://arstechnica.com/security/2024/05/ssh-backdoor-has-infected-400000-linux-servers-over-15-years-and-keeps-on-spreading/

mcepl ,
@mcepl@floss.social avatar

@dangoodin

Interesting story, but just let it be emphasized, this has happened FIFTEEN YEARS AGO! Just so that people don’t start panicking.

mcepl ,
@mcepl@floss.social avatar

@dangoodin

Perhaps, but then the article should be about that not about fifteen years old vulnerability.

mcepl ,
@mcepl@floss.social avatar

@dangoodin

??? https://lwn.net/Articles/457142/ ???

mcepl ,
@mcepl@floss.social avatar

@dangoodin

I am absolutely NOT saying that they did nothing wrong! What I am saying is that you (at least for me) buried the lead on what was the article really about under the information which is long time known. “Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach” means nothing new to me, because I knew about that. So, when I read the first paragraph which I repeated what I knew from LWN, I dropped whole article.

mcepl ,
@mcepl@floss.social avatar

@dangoodin

I am not paid to read the whole discussion under https://lwn.net/Articles/461552/ , but I somehow assumed that the problem was there for some time, because kernel.org maintenance team was just one guy since 2008. But yes, re-reading the article now doesn’t show any dates when the compromise actually started.

And yes, we can certainly move on.

geekgrrl , to Random stuff
@geekgrrl@infosec.exchange avatar

💐 He is Risen! ✝️

mcepl ,
@mcepl@floss.social avatar

@geekgrrl

Skutečně vstal! (or if I want to cover wider area Вои́стинꙋ воскре́се!).

eunews , to Random stuff
@eunews@mastodon.social avatar

US urged Ukraine to halt strikes on Russian oil refineries

Washington told Kyiv that drone attacks risk driving up crude prices and provoking retaliation

https://www.ft.com/content/98f15b60-bc4d-4d3c-9e57-cbdde122ac0c

mcepl ,
@mcepl@floss.social avatar

@eunews

Did US say anything about Russian attack on Dneprostroi? When they stopped helping Ukraine, they have a nice opportunity to shut up. Pity they missed it.

eunews , to Random stuff
@eunews@mastodon.social avatar

Hungary stands up for peace at the UN General Assembly, but not for Palestine

Hungary continues to stand for peace, dialogue, Péter Szijjártó, the foreign minister said in New York on Monday, adding that the country opposed all forms of terrorism.

https://dailynewshungary.com/hungary-stands-up-for-peace-at-the-un-general-assembly-but-not-for-palestine/

mcepl ,
@mcepl@floss.social avatar

@eunews

Yeah, Orbán stands for peace and for whoever pays him most.

anneapplebaum , to Random stuff
@anneapplebaum@journa.host avatar

Donald Trump, who is not the president, is using a minority of Republicans to hand a victory to Russia, and to weaken American power and credibility. Why?
https://www.theatlantic.com/ideas/archive/2024/02/one-global-issue-trump-cares-about/677592/

mcepl ,
@mcepl@floss.social avatar

@anneapplebaum

I don't think Mr Johnson has to be frightened by Mr Trump, couldn't be just very plain that you have the best House speaker money can buy?

https://www.newsweek.com/who-konstantin-nikolaev-money-mike-johnson-1870600

eunews , to Random stuff
@eunews@mastodon.social avatar

Even the Serbian President reacted to the news of Navalny's death, but Orbán and Szijjártó did not

Among the EU member states only the members of the Hungarian government did not react to the news of the death of the Russian opposition politician and activist.

https://telex.hu/english/2024/02/20/even-the-serbian-president-reacted-to-the-news-of-navalnys-death-but-orban-and-szijjarto-did-not

mcepl ,
@mcepl@floss.social avatar

@eunews They are still ashamed to congratulate their controlling officers on their mission accomplished.

dangillmor , (edited ) to Random stuff
@dangillmor@mastodon.social avatar

Dear journalists who remain on Twitter:

You actively participate on a site operated by an extremist right-winger who promotes other extremists who want, among other things, to end democracy. The end of democracy means, in case you haven't grasped this yet, the end of freedom of expression.

This means you are actively supporting his business -- and you're doing it for free.

Please grow a spine, and stop helping the people who hate you and want to destroy what you do.

mcepl ,
@mcepl@floss.social avatar

@dangillmor

If we could just forward this toot to them: @snyder and many others.

ajsadauskas , (edited ) to Technology
@ajsadauskas@aus.social avatar

My real worry with Google's voyage into enshittification (thanks to Cory Doctorow @pluralistic the term) is YouTube.

Through YT, for the past 15 years, the world has basically entrusted Google to be the custodian of pretty much our entire global video archive.

There's countless hours of archived footage — news reports, political speeches, historical events, documentaries, indie films, academic lectures, conference presentations, rare recordings, concert footage, obscure music — where the best or only copy is now held by Google through YouTube.

So what happens if maintaining that archival footage becomes unprofitable?

#tech #technology #Google #enshittification #youtube #video @technology #capitalism #film #television #cinema #art #arts #SocialMedia #business #economics

mcepl ,
@mcepl@floss.social avatar

@ajsadauskas @pluralistic @technology

Why I am still buying music to own.

EU_Commission , to Random stuff Italian
@EU_Commission@social.network.europa.eu avatar

Sometimes you need to stand back a little to get a full picture 🌌

Look at some of our stellar EU capitals from our Copernicus Satellite. They are definitely photogenic!

Together with IRIS² and Galileo, Copernicus is one of our space programmes.

It collects data on climate, land and oceans to help fight climate change and is a key contributor in responding to emergencies by mapping the affected areas.

Do you recognise these capitals?

Photo of Lisbon from space
Photo of Copenhagen from space
Photo of Prague from space

mcepl ,
@mcepl@floss.social avatar

@EU_Commission I live in Prague, so that’s the one. Also, isn’t the third one Stockholm?

eunews , to Random stuff
@eunews@mastodon.social avatar

Why are so many Russians freezing in their homes?

Russia boasts a massive energy infrastructure, but a recent wave of heating system breakdowns has left many of its citizens scrambling to keep the frost outside.

https://www.dw.com/en/why-are-so-many-russians-freezing-in-their-homes/a-68025856

mcepl ,
@mcepl@floss.social avatar

@eunews Do you remember this one? https://youtu.be/Gl2FIqnLxAY (September 2022)

youronlyone , (edited ) to Random stuff
@youronlyone@c.im avatar

Q: If a literary work is in the or is licensed under an and/or license (like and ), is it still ?

A: No.

Explanation:

You see, in the strictest sense, a fanfiction is an unlicensed/unauthorised derivative of a Copyrighted work.

Since the Public Domain, and the Attribution and ShareAlike licenses (provided you follow the license terms), allow for anyone to create a derivative work, then any and all works based on it are not fan fiction.

mcepl ,
@mcepl@floss.social avatar

@youronlyone That’s silly … say it to all those Pride & Prejudice fanfiction writers. Yes, they include P. D. James (“Death Comes to Pemberley”) and many other very distinguished writers, but the community is otherwise undistinguishable from the HP one, for example. And yes, more stories are on Amazon, because they can. Still not enough difference to others.

april , to Random stuff
@april@macaw.social avatar

clearly HR departments everywhere are scrambling to get employees to take their serious conversations to Signal as fast as possible

mcepl ,
@mcepl@floss.social avatar

@april Also, I don’t see logo there (and perhaps? no , so far?).

mcepl ,
@mcepl@floss.social avatar

@april And yes, I believe that in civilized countries (like whole EU), this is completely illegal.

malwaretech , to Random stuff
@malwaretech@infosec.exchange avatar

[Thread, post or comment was deleted by the author]

    •
    mcepl ,
    @mcepl@floss.social avatar

    @malwaretech I am know that USA is The Number One in believing that the Earth is flat, but don’t you think that That Site just so thoroughly compromised itself that its influence will be a little bit less?

    For good karma: https://youtu.be/wTjMqda19wk

    mcc , to Random stuff
    @mcc@mastodon.social avatar

    Fascinating both for what it says about dev & what it says about statistics:

    A gamedev realized Linux users were just 5.8% of their sales, but represented 38% of bug reports.

    Then they looked at those numbers closer, and realized. Linux users were not experiencing more bugs. Almost none of the Linux-user bugs were Linux-related. Linux users were simply more likely to file bugs.

    Their conclusion: A linux port pays for itself bc it nerdsnipes ppl into giving u free QA

    https://techhub.social/@ozone89/111337250473454154

    mcepl ,
    @mcepl@floss.social avatar

    @mcc IIRC, the same was long time ago conclusion by with bugs for . Which is the reason why they happily build binaries and do a lot to support Linux users even though they are tiny minority of their users. But they do file bugs and more often than others even reasonable and actionable bug reports.

    mastodonmigration , (edited ) to Random stuff
    @mastodonmigration@mastodon.online avatar

    Finding it is possible to rely almost entirely on Mastodon for news during this dynamic time, and that it delivers a much more sober coherent blend of information.

    Here's how...

    1. Create a List for "News"

    Click Lists on the right >>> Type "News" in the box >>> Click "Add list" >>>
    Click "News" below >>> Click on little slider bars top right >>>Toggle "Hide these posts from home"

    >>>> Edit: Added below from the replies a few more News and a large list of Media accounts.

    more...
    1/3

    mcepl ,
    @mcepl@floss.social avatar

    @mastodonmigration What about @bbcworld ?

    eunews , to Non Political Twitter
    @eunews@mastodon.social avatar

    Elon Musk is considering taking Twitter out of Europe amid EU compliance investigation

    In recent weeks Elon Musk has suggested Twitter could stop being accessible in Europe in order to avoid new regulation enacted by the European Commission.

    https://www.businessinsider.com/elon-musk-considering-taking-twitter-x-out-of-europe-dsa-2023-10

    #X

    mcepl ,
    @mcepl@floss.social avatar

    @eunews YESS!

  • All
  • Subscribed
  • Moderated
  • Favorites
  • supersentai
  • WatchParties
  • Rutgers
  • jeremy
  • Lexington
  • cragsand
  • mead
  • RetroGamingNetwork
  • loren
  • steinbach
  • xyz
  • PowerRangers
  • AnarchoCapitalism
  • kamenrider
  • Mordhau
  • WarhammerFantasy
  • itdept
  • AgeRegression
  • mauerstrassenwetten
  • MidnightClan
  • space_engine
  • learnviet
  • bjj
  • Teensy
  • khanate
  • electropalaeography
  • neondivide
  • fandic
  • All magazines
    •