In 1993/1994, at NASA’s Goddard Space Flight Center, Donald Becker and Thomas Sterling designed a Commodity Off The Shelf (COTS) supercomputer: Beowulf. Since they couldn’t afford a traditional supercomputer, they built a cluster computer made up of 16 Intel 486 DX4 processors, which were connected by channel bonded Ethernet. This Beowulf supercomputer was an instant success.
Source: Linux totally dominates supercomputers | ZDNet
Linux first appeared on the Top500 in 1998. Before Linux took the lead, Unix was supercomputing’s top operating system. Since 2003, the Top500 was on its way to Linux domination. By 2004, Linux had taken the lead for good.
The attack worked first by getting Bogner’s malicious file quarantined by the AV program running on the targeted computer. The pentester then exploited vulnerabilities in the AV programs that allowed unprivileged users to restore the quarantined files. He further abused a Windows feature known as NTFS file junction point to force the restore operation to put his malicious file into a privileged directory of Bogner’s choosing. The technique took advantage of another Windows feature known as Dynamic Link Library search order. With that, Bogner’s malware ran with full privileges.
Source: How AV can open you to attacks that otherwise wouldn’t be possible | Ars Technica
There are various ways to use parallel processing in UNIX
Source: Parallel processing with unix tools
So in order to trigger this behaviour, someone with root-level privileges needs to edit a Unit file and enter a “invalid username”, in this case one that starts with a digit.
But you need root level privileges to edit the file in the first place and to reload systemd to make use of that Unit file.
Source: Giving perspective on systemd’s “usernames that start with digit get root privileges”-bug
It’s an obvious bug (at least on RHEL/CentOS 7), since a valid username does not get accepted by systemd so it triggers unexpected behaviour by launching services as root.
However, it isn’t as bad as it sounds and does not grant any username with a digit immediate root access.
To exploit the flaw, Caballero says that an attacker can use server redirect requests combined with data URIs, which would allow him to confuse Edge’s SOP filter and load unauthorized resources on sensitive domains. The expert explains the attack step by step on his blog.
In the end, the attacker will be able to inject a password form on another domain, which the built-in Edge password manager will automatically fill in with the user’s credentials for that domain. Below is a video of the attack.
Source: Edge Security Flaw Allows Theft of Facebook and Twitter Credentials
Imagine running your favorite Windows applications and drivers in an open-source environment you can trust. That’s ReactOS. Not just an Open but also a Free operating system.
Source: Front Page | ReactOS Project
Ok, maybe not…but its very likely that if you are reading this and find yourself needing to SSH here and there, you also use GIT. Well many are unaware that git for windows bundles several Linux familiar tools. Many might use these in the git bash shell.
Source: Need an SSH client on Windows? Don’t use Putty or CygWin…use Git — Hurry Up and Wait!
That means that when Microsoft showed Windows 10 overtaking Windows 7, this apparently happened in August last year. Most other analysts don’t see that seismic shift happening globally until December 2017, at the earliest.
Source: Microsoft shows Windows 10 market share growing steadily, but the numbers are fake [Updated]
Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user’s device. If we determine that sensitive information has been inadvertently received, we delete the information.
Source: Configure Windows telemetry in your organization (Windows 10)
The CyanogenMod team has posted an update of their own, confirming the shutdown of the CM infrastructure and outlining a plan to continue the open-source initiative as Lineage, which we suspected was going to be the case last week.
Source: Cyanogen Inc shutting down CyanogenMod nightly builds and other services, CM will live on as Lineage [Updated]