NEWS
Bad Trojan Threatens Two Thirds of All Android Devices
A malicious Android ransomware attack, which was first discovered in 2014, has returned with some new tactics that are succeeding in infecting Android devices around the world. According to a recent post at the Symantec site, the Android.Lockdroid.E attack affects all Android versions before Android 5 "Lollipop," which means it threatens around 67 percent of all Android phones.
The new version of Android.Lockdroid.E offers to install a package for the user in order to obtain admin privileges for the device. Once it has admin privileges, it can do anything to the device, including locking or deleting the data or even changing the device PIN.
Most versions of the attack eventually lead to the trojan encrypting the user data and insisting that the user pay a "penalty" for accessing forbidden materials online.
Critical Linux Kernel Bug Discovered
Security researchers at Perception Point Software have identified a 0-day privilege escalation vulnerability in the Linux kernel. According to the report, the problem has existed since 2012. The report states that the vulnerability "could affect tens of millions of Linux PCs and servers and 66 percent of all Android devices."
The problem, which has the CVE number CVE-2016-0728, is related to the keyring facility in the Linux kernel, which is "… a primary way for drivers to cache security data, authentication keys, encryption keys, and other data in the kernel."
All Linux users are urged to install the necessary patches as they become available. Refer to the security bulletin for your Linux distro. For more information, see the full report at the Perception Point website.
One Third of All IT Infrastructure Expenditure is Going to Cloud
According to a report from IDC, one third of all IT infrastructure money is now spent on the cloud. The Worldwide Quarterly Cloud IT Infrastructure Tracker says a total of $7.6 billion was spent in the third quarter of 2015. The total cloud expenditure was up 23 percent since this time a year ago. The report does not track direct cloud space allocations but measures server, disk storage, and Ethernet switch spending for cloud environments. In other words, the study shows how much companies are investing in building data centers to support public and private cloud operations.
Dell sold the most cloud infrastructure, with a little over 15 percent share of the total vendor revenue, followed by Dell, Cisco, EMC, and NetApp. Unlike in some areas of high tech, the big players didn't own the whole market. Original Design Manufactures (ODMs) had 29.4 percent of the market share, and 17.5 percent went to smaller vendors grouped together into the "Other" category.
See the report in the Register for more information: http://www.theregister.co.uk/2016/01/15/idc_third_of_it_spend_going_cloud/
Linux Magazine
Off the Beat * Bruce Byfield
Security's Weakest Link Is People
A few years ago, a neighbor asked me to help secure their computer. I'm not an expert on Windows, but I told them to run non-administrative accounts except when doing maintenance, and set passwords for their regular accounts.
Open Hardware, Free Software, and Crowdfunding
Open hardware is finally coming of age. Thanks to the combination of free software and crowdfunding, dozens of small projects and businesses are producing innovative and useful examples of open hardware.
11 Free-Licensed Sans Serif Fonts
Of the 708 free-licensed fonts currently available on Google Fonts, 191 are categorized as sans serif. That's not surprising, because sans serifs are among the most versatile of modern fonts.
Markdowned: Markdown Editor in a Single HTML File
Markdowned editor indeed consists of a single editable HTML file, which is rather nifty if you think about it. There is no need to install anything, and you can use the editor on any device with a browser.
WordPress Desktop App for Linux
Not so long ago, Automattic released the WordPress desktop app for all major platforms, including Linux. The idea of using a website via a dedicated desktop app instead of a browser may sound silly, but after having used the app for a while, I must admit that it makes a lot of sense.
KeeWeb: A Better Desktop and Web App for KeePass Databases
KeePass is one of the best password managers out there, but let's face it: the KeePass 2.x application written in Mono installs a huge number of dependencies and it looks anything but sleek on the Linux desktop.
Host Media Content with Linx-Server
Another week, another file hosting web application. This time it's linx-server, an app written in Go that has several things going for it. For starters, linx-server can handle mixed content: besides images, it can be used to host videos and publish text snippets.
ADMIN HPC
http://hpc.admin-magazine.com/
How Persistent Memory Will Change Computing Jeff Layton
The same data storage hierarchy paradigm has been used for many years, and seemi ngly it works quite well. However, a new kind of data storage is coming that will completely disrupt this hierarchy and force the developer, user, and admin, to rethink how and where they store data.
ADMIN Online
http://www.admin-magazine.com/
Develop your own Scripts for Nmap
Holger Reibold
Nmap does a great job with standard penetration testing tasks, but for specific security analyses, you will want to develop your own test scripts. The Nmap Scripting Engine makes this possible.
Setting up Google Apps for Work
Sandro Lucifora
We show how to set up Google Apps for Work and how to configure them for company use.
Using the MQTT IoT protocol for unusual but useful purposes * Jan-Piet Mens
Although the MQTT protocol is usually associated with the Internet of Things, it also works in some very different situations, such as monitoring, for example.
VM and Cloud Management with OpenQRM
Thomas Zeller
OpenQRM is a web-based, open source, data center management and cloud platform that offers many popular Linux tools with no major configuration overhead. We show you how to use it.
Improving Docker Security Now and in the Future
Sebastian Meyer
The focus for container solutions such as Docker is increasingly shifting to security. Some vulnerabilities have been addressed, with plans to take further steps in the future to secure container virtualization.
Magnum: Exploring OpenStack's Container API Udo Seidel
The Magnum project brings Docker container technology to the OpenStack cloud.
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs