Bonum Certa Men Certa

Leftover Links 05/08/2023: Rust Holes and More Layoffs



  • Leftovers

    • Education

      • Parents accuse Bellevue School District of favoring rich kids in school closures

        When the Bellevue School District (BSD) opened its newest, state of the art elementary school on pristine wetlands and powered by geothermal energy in 2018, at a cost of $49 million, its principal did a welcoming dance in a video to show off the school.

        As she led the camera through the Microsoft Showcase school, showing classrooms that could be converted to learning pods for smaller or larger groups, she also pointed to teachers in a large group, waiting to teach kids.

        Today, however, issues of equity are dampening the shining reputation of the school—and raising questions about the district’s commitment to fairness.

    • Hardware

    • Proprietary/Artificial Intelligence (AI)

      • Bruce SchneierPolitical Milestones for AI

        ChatGPT was released just nine months ago, and we are still learning how it will affect our daily lives, our careers, and even our systems of self-governance.

        But when it comes to how AI may threaten our democracy, much of the public conversation lacks imagination. People talk about the danger of campaigns that attack opponents with fake images (or fake audio or video) because we already have decades of experience dealing with doctored images.

    • Security

      • InfoSecurity MagazineThreat Actors Use AWS SSM Agent as a Remote Access Trojan

        Threat actors have been observed using Amazon Web Services ( AWS ) 's System Manager (SSM) agent as a Remote Access Trojan (RAT) on Linux and Windows machines.

      • Rust BlogThe Rust Programming Language Blog: Security advisory for Cargo (CVE-2023-38497)

        This is a cross-post of the official security advisory. The official advisory contains a signed version with our PGP key, as well.

        The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user.

      • SUSE's Corporate BlogSUSE and IBM: Enhancing Data Security (a Technical Reference Documentation Getting Started guide) [Ed: "confidential computing" is a sham that encourages companies and governments to outsource their operations and data based on false premises of confidentiality]

        The Essence of Confidential Computing At its core, confidential computing addresses the vital need of safeguarding data while it is in use. SUSE and IBM work together to deliver advanced technical capabilities, like confidential computing. IBM Z€® and LinuxONE systems provide key hardware capabilities for the trusted execution environment.

      • Bleeping ComputerHackers can abuse Microsoft Office executables to download malware

        The list of LOLBAS files – legitimate binaries and scripts present in Windows that can be abused for malicious purposes...

      • SANSFrom small LNK to large malicious BAT file with zero VT score, (Thu, Aug 3rd)

        Last week, my spam trap caught an e-mail with LNK attachment, which turned out to be quite interesting.

      • IT WireTenable chief says no way to verify Microsoft claims about fixing Azure flaw

        Microsoft claims it has completely fixed a critical security issue in its Azure cloud platform, found in March by researchers from security firm Tenable, who then told Microsoft about it. Tenable chief executive and chairman Amit Yoran had claimed in a blog post on Wednesday that it took more than 90 days for Microsoft to effect a partial fix.

      • SANSAre Leaked Credentials Dumps Used by Attackers, (Fri, Aug 4th)

        This is a classic problem: One day, you create an account on a website (ex: an online shop), and later, this website is compromised. All credentials are collected and shared by the attacker. To reduce this risk, a best practice is to avoid password re-use (as well as to not use your corporate email address for non-business-related stuff).

      • Security WeekExploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed

        Exploitation of the Ivanti EPMM flaw CVE-2023-35078 is picking up as a new critical vulnerability tracked as CVE-2023-35082 is disclosed.

      • Security WeekFive Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities

        Five Eyes government agencies have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.

      • Security Week670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis

        CISA disclosed 670 ICS vulnerabilities in the first half of 2023, but roughly one-third have no patches or mitigations from the vendor.

      • LWNSecurity updates for Friday

        Security updates have been issued by CentOS (bind and kernel), Debian (cjose, firefox-esr, ntpsec, and python-django), Fedora (chromium, firefox, librsvg2, and webkitgtk), Red Hat (firefox), Scientific Linux (firefox and openssh), SUSE (go1.20, ImageMagick, javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags, kernel, openssl-1_1, pipewire, python-pip, and xtrans), and Ubuntu (cargo, rust-cargo, cpio, poppler, and xmltooling).

      • USDOJNigerian National Pleads Guilty to $1.25 Million Business Email Compromise Scam Impacting U.S. Company

        Onwuchekwa Nnanna Kalu, 39, a Nigerian National from Rivers State, Nigeria, pleaded guilty today to stealing $1.25 million from an investment firm located in Boston, through a business email compromise (“BEC”) scam. The plea was announced by U.S. Attorney Matthew M. Graves and Acting Special Agent in Charge David Geist, of the FBI Washington Field Office's Criminal and Cyber Division.

        Nnanna Kalu pleaded guilty in the District of Columbia to one count of wire fraud. U.S. District Court Judge Randolph D. Moss scheduled a sentencing hearing for November 29, 2023. Kalu was arrested in 2022 and has been detained by the Court as a risk of flight.

      • Gray Media GroupMassive data breach could impact many who attended or worked for public schools in Colorado

        A news release issued by the Colorado Department of Higher Education is notifying the public of a “data incident.”

        KKTV 11 News is working to learn more about the situation, but the release reads as follows:

        The Colorado Department of Higher Education (“CDHE”) is providing notice of a cybersecurity incident that may involve the personal information of certain individuals. CDHE is providing information about the measures it has taken in response to the incident, and steps impacted individuals may take to protect themselves against possible misuse of information.

    • Defence/Aggression

      • JURISTSingapore executes second prisoner in one week despite international outcry

        Singaporean authorities executed Mohamed Shalleh Bin Abdul Latiff, a 39-year-old former delivery driver, Thursday for trafficking 54.04 grams of diamorphine, a controlled drug, which is four times the amount required to trigger the mandatory death penalty under Singapore’s Misuse of Drugs Act. Shalleh is the second person executed by the country in the last week.

      • Federal News NetworkUS military may put armed troops on commercial ships in Strait of Hormuz to stop Iran seizures

        The U.S. military is considering putting armed personnel on commercial ships traveling through the Strait of Hormuz, in what would be an unheard of action aimed at stopping Iran from seizing and harassing civilian vessels. That's what five American officials told The Associated Press on Thursday. If implemented, it would be an extraordinary step by the Pentagon as it grapples with a renewed effort by Iran to harass and seize ships traveling in the strait, through which 20% of all the world’s crude oil passes. Iran’s mission to the United Nations did not immediately respond to a request for comment from the AP about the U.S. proposal.

      • War in Ukraine

    • Environment

    • Finance

      • AxiosHackerOne lays off 12% of workforce

        Popular bug bounty program HackerOne is laying off 12% of its workforce, CEO MÃ¥rten Mickos told employees earlier this week.

      • Daniel PocockDaniel Pocock: Conflicts of Interest: Extinction Rebellion & Rishi Sunak, Greenpeace & Donald Trump

        There have been many rumors about conflicts of interest in the Debian Google Summer of Code and Outreachy internships. The only case where evidence has appeared is the former leader himself, the very person who started rumors about other mentors and I included.

        Yet conflicts of interest can come in many forms. One of the most bizarre cases I've seen was a pensions industry meeting in the UK.

        Representatives of pension administrators and government officials gathered in the town of Swindon. Rishi Sunak, who has recently become Prime Minister, attended the meeting in his former role as local authorities minister.

      • AxiosThe lesson for the Fed in "early hiker" monetary policy

        One reason to be optimistic that U.S. inflation can fall without a recession: Many smaller nations that did move earlier than the Federal Reserve to hike interest rates have done exactly that.

        Why it matters: The unusual dynamics of a post-pandemic global economy appear to be making a so-called "immaculate disinflation" — one with minimal pain — more plausible than it once seemed based on the historical record.


        What they're saying: "There are other economies we can also look to to get some sense of what's likely to happen in the U.S. — other economies that were actually a lot faster in tightening monetary policy," Jan Hatzius, chief economist at Goldman Sachs, said on a call with reporters last month.

      • BloombergTech Giants Slash Marketing Budgets, Bruising Major Ad Firms

        After massive layoffs earlier this year, technology giants have found one more item to slash: marketing budgets.

        Several large advertising companies reported a sharp cutback in spending from US tech and telecom companies, which had recently become some of the largest marketers in the world.

      • Telus slashing 6,000 jobs in order to remain competitive

        According to news outlets, including CBC News, the company plans to cut approximately 6,000 jobs. 4,000 roles will be eliminated at Telus’ main business, with the remaining 2,000 affecting Telus International.

        President and CEO Darren Entwistle claimed that the reduction is being made with “a very heavy heart” and was prompted by the “evolving regulatory, competitive and macroeconomic environment.”

        “Against the backdrop of rapid transformation in our industry and the ways in which our customers want to engage with us, today we are announcing a significant investment in an extensive efficiency and effectiveness initiative across Telus,” Entwistle said in a news release obtained by CBC News.

      • Study after study shows that working from home leads to more efficiency and higher quality work — so why do companies want people back in the office? Here are 3 possible reasons

        Employees overwhelmingly love the option to work from home. More than nine in 10 prefer it exclusively or as a hybrid arrangement, a Gallup study shows.

        Employers, on the other hand, don't appear fully on board, as many are calling employees back into the office.

        In some ways, employers' resistance to remote work is a mystery. After all, eliminating commutes gives the average U.S. employee almost one extra hour to work each day, according to research from the University of Chicago’s Becker Friedman Institute. Plus, staff forced to work in-office are more likely to experience burnout and low engagement, per Gallup.

    • AstroTurf/Lobbying/Politics

    • Censorship/Free Speech

    • Freedom of Information / Freedom of the Press

    • Monopolies



Recent Techrights' Posts

The U.S. Patent and Trademark Office Hijacked Again by Patent Litigation Industry, as President Cheeto Prioritises Aggressors
The "mafia" has taken over the "industry" and the Federal system (justice and constitutions trampled upon)
Ubuntu Slop and FUD Manufactured With LLMs and Funded (by Oneself) 'Studies'
Slop and FUD are ruining the Web
Gemini Links 01/04/2025: Games and More
Links for the day
Why We're Reporting Brett Wilson LLP for Apparently Misusing Their Licence to Protect American Microsofters Who Attack Women
For those who have not been keeping abreast
Stefano Maffulli and His Microsoft-Funded OSI Staff Are Killing the OSI and Killing "Open Source" (All for Money!)
This is far from over
Techrights Headlines as Semaphore
"If you are hearing this, thank you"
 
Gemini Protocol Has Growing Appeal (the Web Got Too Bloated and Full of LLM Slop)
For any "data plan" with bandwidth limits or "tiers" it would be cheaper to use/browse Geminispace
The Web Can Survive LLM Slop, But Only If We Collectively Shun and Discourage Serial Sloppers
Doing nothing ought not be a possibility
Amid Secret Shut-downs and Mass Layoffs at Microsoft (4 Waves of Layoffs in 3 Months of 2025) Some Microsoft Staff Expected to Go On Strike
workers going on strike
Gemini Links 02/04/2025: No more on Mastodon and Gemini Mention Script in Go
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, April 01, 2025
IRC logs for Tuesday, April 01, 2025
My Motion Disbarring or “Striking Off” Brett Wilson LLP for Enabling Violent Americans Who Try to Crush Microsoft Critics in the United Kingdom by Multiple SLAPPs
"Guns for hire" (for Microsoft people who received Microsoft salaries)
Links 01/04/2025: Apple Fined $162M for Privacy Abuses, Disinformation Online a Growing Concern
Links for the day
Newer Press Reports Confirm That Microsoft Shuts Down 'Hey Hi' (AI) Labs Despite All the Hype
The "hey hi" (AI) bubble is not sustainable
Links 01/04/2025: Mass Layoffs at Eidos and "Microsoft Pulls Back on Data Centers" (Demand Lacking); "Racist and Sexist" Slop From Microsoft
Links for the day
Gemini Links 01/04/2025: XKCDpunk and worldclock.py
Links for the day
50 Years of Sabotage and a Gut Punch to Computer Science (and Science in General)
Will we get back to science-based computing rather than cult-like following?
3 Months in 2025, 4 Waves of Mass Layoffs at Microsoft, Now Offices Shut Down Permanently
"A recent visit by the South China Morning Post confirmed that the office was dark, unoccupied, and had its logo removed."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, March 31, 2025
IRC logs for Monday, March 31, 2025
Links 31/03/2025: China Tensions, Bombs Falling in Myanmar After Earthquake
Links for the day
Gemini Links 31/03/2025: Falling Out of Love With Tech, Sunsetting openSNP
Links for the day
R.T.O. at IBM in Texas and Atlanta (State of Georgia) Expected as "Soft Layoffs" Catalyst This Coming Year
It also sounds like more IBM layoffs are in the making
Law Firms Can Also Lose Their Licence for Clearly Misusing It
The bottom line is, never made the false assumption that because you can pile up SLAPPs in a docket you will not suffer from bad reputation or even get disbarred
Link between institutional abuse, Swiss jurists, Debianism and FSFE
Reprinted with permission from Daniel Pocock
LLM Slop Piggybacking News About GNU/Linux and Distorting It
new examples
Links 31/03/2025: Press and Democracy Under Further Attacks in the US, Attitudes Towards Slop Sour
Links for the day
Open Source Initiative (OSI) Privacy Fiasco in Detail: The OSI Does Not Respect Anybody's Privacy
The surveillance mafia that bans dissent or key people (even co-founders) with dissenting views
Gemini Links 31/03/2025: More X-Filesposting and Dreaming in Emacs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 30, 2025
IRC logs for Sunday, March 30, 2025