Normally, Secure Boot prevents the UEFI from running all subsequent files unless they bear a digital signature certifying those files are trusted by the device maker. The exploit bypasses this protection by injecting shell code stashed in a malicious bitmap image displayed by the UEFI during the boot-up process. The injected code installs a cryptographic key… Read More »
“Remove some entries due to various compliance requirements. They can come back in the future if sufficient documentation is provided.” That two-line comment, submitted by major Linux kernel maintainer Greg Kroah-Hartman, accompanied a patch that removed about a dozen names from the kernle’s MAINTAINERS file. “Some entries” notably had either Russian names or .ru email… Read More »
Credit: haxrob Credit: haxrob The malware resides in the userspace portion of the interbank switch connecting the issuing domain and the acquiring domain. When a compromised card is used to make a fraudulent translation, FASTCash tampers with the messages the switch receives from issuers before relaying it back to the merchant bank. As a result,… Read More »
This Reddit comment posted to the CentOS subreddit is typical. An admin noticed that two servers were infected with a cryptocurrency hijacker with the names perfcc and perfctl. The admin wanted help investigating the cause. “I only became aware of the malware because my monitoring setup alerted me to 100% CPU utilization,” the admin wrote… Read More »
Enlarge / Cutting metal with lasers is hard, but even harder when you don’t know the worst-case timings of your code. Getty Images reader comments 45 As is so often the case, a notable change in an upcoming Linux kernel is both historic and no big deal. If you wanted to use “Real-Time Linux” for… Read More »
Enlarge / Rust never sleeps. But Rust, the programming language, can be held at bay if enough kernel programmers aren’t interested in seeing it implemented. Getty Images reader comments 143 The Linux kernel is not a place to work if you’re not ready for some, shall we say, spirited argument. Still, one key developer in… Read More »
Getty Images reader comments 26 You have to read the headline on Nvidia’s latest GPU announcement slowly, parsing each clause as it arrives. “Nvidia transitions fully” sounds like real commitment, a burn-the-boats call. “Towards open-source GPU,” yes, evoking the company’s “first step” announcement a little over two years ago, so this must be progress, right?… Read More »
Getty Images reader comments 40 The US Cybersecurity and Infrastructure Security Agency has added a critical security bug in Linux to its list of vulnerabilities known to be actively exploited in the wild. The vulnerability, tracked as CVE-2024-1086 and carrying a severity rating of 7.8 out of a possible 10, allows people who have already… Read More »
reader comments 16 Infrastructure used to maintain and distribute the Linux operating system kernel was infected for two years, starting in 2009, by sophisticated malware that managed to get a hold of one of the developers’ most closely guarded resources: the /etc/shadow files that stored encrypted password data for more than 550 system users, researchers… Read More »
Enlarge / Cans of Tab diet soda on display in 2011. Tab was discontinued in 2020. There has never been a soda named “Spaces” that had a cult following. Getty Images reader comments 57 Anybody can contribute to the Linux kernel, but any person’s commit suggestion can become the subject of the kernel’s master and… Read More »