LinuxWebLog.com

Longtime Slashdot reader mspohr shares a report from Gizmodo: Hackers for the Chinese government were able to deeply penetrate U.S. telecommunications infrastructure in ways that President Joe Biden's administration hasn't yet acknowledged, according to new reports from the Washington Post and New York Times. The hackers were able to listen to phone calls and read text messages, reportedly exploiting the system U.S. authorities use to wiretap Americans in criminal cases. The worst part? The networks are still compromised and it may take incredibly drastic measures to boot them from U.S. systems. The hackers behind the infiltration of U.S. telecom infrastructure are known to Western intelligence agencies as Salt Typhoon, and this particular breach of U.S. equipment was first reported in early October by the Wall Street Journal. But Sen. Mark Warner, a Democrat from Virginia, spoke with the Washington Post and New York Times this week to warn the public that this is so much worse than we initially thought, dubbing it "the worst telecom hack in our nation's history." And those articles based on Warner's warnings were published late Thursday. Hackers weren't able to monitor or intercept anything encrypted, according to the Times, which means that conversations over apps like Signal and Apple's iMessage were probably protected. But end-to-end encryption over texts between Apple devices and Android devices, for instance, aren't encrypted in the same way, meaning they were vulnerable to interception by Salt Typhoon, according to the Times. The details about how the hackers were able to push so deeply into U.S. systems are still scarce, but it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.

Read more of this story at Slashdot.

Longtime Slashdot reader Geoffrey.landis writes: Economist Phillip Kobernick makes the case that the emphasis on fast-charging stations for electric vehicles in the U.S. is misplaced. According to an article from CleanTechnica, he argues that, from an economic standpoint, what we should be doing is installing more slow chargers. All thing equal, who wouldn't choose a 10-minute charge over a 3-hour charge or a 10-hour charge? But all things are not equal. Superfast chargers are far more expensive than Level 2 chargers, and Level 2 chargers are also significantly more expensive than Level 1 charging infrastructure, which consists of normal electricity outlets. He points out that we get 4-7 times more charging capability installed for the same cost by going with Level 1 charging instead of Level 2. And given that people often just plug in their electric vehicles overnight, Level 1 charging can more than adequately provide what is needed in that time. The case is examined in a podcast on the site.

Read more of this story at Slashdot.

"Steven Adair, of cybersecurity firm Veloxity, revealed at the Cyberwarcon security conference how Russian hackers were able to daisy-chain as many as three separate Wi-Fi networks in their efforts to attack victims," writes Longtime Slashdot reader smooth wombat. Wired reports: Adair says that Volexity first began investigating the breach of its DC customer's network in the first months of 2022, when the company saw signs of repeated intrusions into the customer's systems by hackers who had carefully covered their tracks. Volexity's analysts eventually traced the compromise to a hijacked user's account connecting to a Wi-Fi access point in a far end of the building, in a conference room with external-facing windows. Adair says he personally scoured the area looking for the source of that connection. "I went there to physically run down what it could be. We looked at smart TVs, looked for devices in closets. Is someone in the parking lot? Is it a printer?" he says. "We came up dry." Only after the next intrusion, when Volexity managed to get more complete logs of the hackers' traffic, did its analysts solve the mystery: The company found that the hijacked machine which the hackers were using to dig around in its customer's systems was leaking the name of the domain on which it was hosted -- in fact, the name of another organization just across the road. "At that point, it was 100 percent clear where it was coming from," Adair says. "It's not a car in the street. It's the building next door." With the cooperation of that neighbor, Volexity investigated that second organization's network and found that a certain laptop was the source of the street-jumping Wi-Fi intrusion. The hackers had penetrated that device, which was plugged into a dock connected to the local network via Ethernet, and then switched on its Wi-Fi, allowing it to act as a radio-based relay into the target network. Volexity found that, to break into that target's Wi-Fi, the hackers had used credentials they'd somehow obtained online but had apparently been unable to exploit elsewhere, likely due to two-factor authentication. Volexity eventually tracked the hackers on that second network to two possible points of intrusion. The hackers appeared to have compromised a VPN appliance owned by the other organization. But they had also broken into the organization's Wi-Fi from another network's devices in the same building, suggesting that the hackers may have daisy-chained as many as three networks via Wi-Fi to reach their final target. "Who knows how many devices or networks they compromised and were doing this on," says Adair. Volexity had presumed early on in its investigation that the hackers were Russian in origin due to their targeting of individual staffers at the customer organization focused on Ukraine. Then in April, fully two years after the original intrusion, Microsoft warned of a vulnerability in Windows' print spooler that had been used by Russia's APT28 hacker group -- Microsoft refers to the group as Forest Blizzard -- to gain administrative privileges on target machines. Remnants left behind on the very first computer Volexity had analyzed in the Wi-Fi-based breach of its customer exactly matched that technique. "It was an exact one-to-one match," Adair says.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Google has sued one of its former engineers in Texas federal court, accusing him of stealing trade secrets related to its chip designs and sharing them publicly on the internet. The lawsuit, filed on Tuesday (PDF), said that Harshit Roy "touted his dominion" over the secrets in social media posts, tagging competitors and making threatening statements to the company including "I need to take unethical means to get what I am entitled to" and "remember that empires fall and so will you." Google hired Roy in 2020 to develop computer chips used in Google Pixel devices like smartphones. Google said in the lawsuit that Roy resigned in February and moved from Bangalore, India to the United States in August to attend a doctorate program at the University of Texas at Austin. According to the complaint, Roy began posting confidential Google information to his X account later that month along with "subversive text" directed at the company, such as "don't expect me to adhere to any confidentiality agreement." The posts included photographs of internal Google documents with specifications for Pixel processing chips. The lawsuit said that Roy ignored Google's takedown requests and has posted additional trade secrets to X and LinkedIn since October. Google alleged that Roy tagged competitors Apple and Qualcomm in some of the posts, "presumably to maximize the potential harm of his disclosure." Google's complaint also said that several news outlets have published stories with confidential details about Google's devices based on the information that Roy leaked. Google asked the court for an unspecified amount of monetary damages and court orders blocking Roy from using or sharing its secrets.

Read more of this story at Slashdot.

The latest Steam client drops support for operating systems older than Windows 10 or macOS 10.15 Catalina. "That means Mac users can't run 32-bit games anymore, as all macOS versions from Catalina onward only run 64-bit binaries," reports The Register. From the report: [I]f you have a well-specified older Mac, here is another reason to check out Open Core Legacy Patcher. For now, macOS 10.15 Catalina will do but we suspect it won't for long. This version of Steam uses the equivalent to Chrome 126: "Updated embedded Chromium build in Steam to 126.0.6478.183." However, versions since Chrome 128 require macOS 11 or newer. For now, Catalina will work -- but the next significant Steam update will update Chromium as well, and there's a high probability that that will drop support for 10.15. So, if you're using OCLP to install a newer macOS, you should probably go directly to Big Sur. In The Reg FOSS desk's testing, we found that Big Sur ran reasonably well on a machine with Intel HD 520 graphics, although the same hardware ran very poorly with macOS 12 Monterey. Unfortunately, the inevitable end is in sight for older Macs. That said, the November 2024 Steam client update brings several "wins," including a built-in Game Recording feature, an upgraded Chromium browser engine, and the new "Scout" Linux runtime environment for improved compatibility and performance, especially on the Steam Deck and Linux distros. Additionally, it delivers bug fixes and enhancements for modern OS users.

Read more of this story at Slashdot.

Baidu's new Apollo Go robotaxi brings significant advances in affordability and scalability that should make U.S. competitors like Waymo a bit nervous, according to The Verge's Andrew J. Hawkins. From the report: The RT6 is the sixth generation of Apollo Go's driverless vehicle, which made its official debut in May 2024. It's a purpose-built, Level 4 autonomous vehicle, meaning it's built without the need for a human driver. And here's the thing that should make US competitors nervous: adopting a battery-swapping solution, the price for one individual RT6 is "under $30,000," Baidu CEO Robin Li said in an earnings call. "All the strengths just mentioned above are driving us forward, paving the way to validate our business model," Li added. [...] We still don't know the net effect of Baidu's cost improvements. But bringing down the upfront cost of each individual vehicle to below $30,000 will go a long way toward improving the company's unit economics, in which each vehicle brings in more money than it costs. There are still a lot of outstanding costs to consider, such as hardware depreciation and fleet maintenance, but from what Baidu is signaling, things are on the right track. From the looks of it, the company is passing those savings along to its customers. Base fares start as low as 4 yuan (around 55 cents), compared with 18 yuan (around $2.48) for a taxi driven by a human, according to state media outlet Global Times. Apollo Go said it has provided 988,000 rides across all of China in Q3 2024 -- a year-over-year growth of 20 percent. And cumulative public rides reached 8 million in October.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: DirecTV is pulling out of an agreement to buy its satellite rival Dish after bondholders objected to terms of the deal. DirecTV issued an announcement last night saying "it has notified EchoStar of its election to terminate, effective as of 11:59 p.m., ET on Friday, November 22nd, 2024, the Equity Purchase Agreement (EPA) pursuant to which it had agreed to acquire EchoStar's video distribution business, Dish DBS." In the deal announced on September 30, DirecTV was going to buy the Dish satellite TV and Sling TV streaming business from EchoStar for a nominal fee of $1. DirecTV would have taken on $9.75 billion of Dish debt if the transaction moved ahead. The deal did not include the Dish Network cellular business. Dish bondholders quickly objected to terms requiring them to take a loss on the value of their debt. DirecTV had said Dish notes would be exchanged with "a reduced principal amount of DirecTV debt which will have terms and collateral that mirror DirecTV's existing secured debt." The principal amount would have been reduced by at least $1.568 billion. DirecTV last night said it is now exercising its right to terminate the acquisition because noteholders did not accept the exchange offer. "The termination of the Agreement follows Dish DBS noteholders' failure to agree to the proposed Exchange Debt Offer Terms issued by EchoStar, which was a condition of DirecTV's obligations to acquire Dish under the EPA," the press release said. DirecTV CEO Bill Morrow indicated his company wasn't willing to change the deal to satisfy Dish bondholders. "We have terminated the transaction because the proposed Exchange Terms were necessary to protect DirecTV's balance sheet and our operational flexibility," Morrow said.

Read more of this story at Slashdot.

Weeks after federal regulators announced a "click-to-cancel" rule for subscription businesses, a New York judge has ruled that SiriusXM made it too difficult for customers to end their service. Deadline: New York State Supreme Court Justice Lyle Frank's ruling, issued Thursday, upheld elements of a lawsuit filed against the satellite audio firm in 2023 by New York Attorney General Letitia James. In a post on X after Frank's ruling, she wrote that the company "illegally forced people to go through a long and burdensome process to simply cancel their subscriptions. We sued SiriusXM to protect people's wallets, and now, SiriusXM must simplify its cancellation process and stop taking advantage of New Yorkers."

Read more of this story at Slashdot.

Netflix is looking toward Discord for help in figuring out who, exactly, is leaking unreleased footage from some of its popular shows. From a report: The Northern District of California court issued a subpoena on Thursday to compel Discord to share information that can help identify a Discord user who's reportedly involved in leaking episodes and images from Netflix shows like Arcane and Squid Game. Documents filed alongside the subpoena specifically call out an unreleased and copyrighted image from the second season of Squid Game, posted by a Discord user @jacejohns4n. In an interview linked on the user's now deleted X account, published on Telegram, the leaker claimed responsibility for the self-described "worst leak in streaming history," where episodes of Arcane, Heartstopper, Dandadan, Terminator Zero, and other shows were published online. Netflix confirmed in August that a post production studio was hacked.

Read more of this story at Slashdot.

Cyber Analyst with Kali Linux Installed on WSL  Medium

You need to use the smartctl command to display the hard disk (SSD) serial numbers in Linux. This is useful when changing your hard disk if it goes bad. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post How to find hard disk (SSD) serial numbers in Linux appeared first on nixCraft. 2024-11-16T21:38:35Z 2024-11-16T21:38:35Z Vivek Gite

The KVM-ok command command will tell you if your Debian or Ubuntu Linux-powered server can host hardware-accelerated KVM virtual machines. KVM (Kernel-based Virtual Machine) is a free and open-source virtualization technology that is used with every Linux kernel. In other words, KVM will make your Linux computer into a hypervisor, allowing you to run multiple isolated virtual machines (VMs) on a single physical machine. However, KVM depends upon CPU hardware virtualization extensions like Intel VT-x or AMD-V to provide high-performance virtual machines. This support must be enabled in the BIOS. Apart from that, some cloud service providers also allow nested virtualization that will help you to run VMs inside your instances. However, this may not be enabled in BIOS or instance configuration. Thus, you need to install the kvm-ok command to determine whether such support exists. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post How to install kvm-ok on Debian or Ubuntu Linux appeared first on nixCraft. 2024-11-16T06:54:11Z 2024-11-16T06:54:11Z Vivek Gite

Linux and Unix like operating systems comes with z* commands. These commands allow you to read gzip compressed text files using zless, zcat, zmore, and friends commands. The gzip command reduces the size of the files using Lempel-Ziv coding (LZ77). Whenever possible, each file is replaced by one with the extension .gz while keeping the same ownership modes, access, and modification times. z* commands have some cool usage too, such as display the current time in different zonename. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post zcommands: Read gzip Compressed Text Files On a Fly on Linux and Unix appeared first on nixCraft. 2024-11-01T20:34:07Z 2024-11-01T20:34:07Z Vivek Gite

I have lots of files in a directory called /disk2/images/. All files are in zip file format, so I am using the following command to extract zip files:      unzip *.zip The command result into an error which read as follows:      caution: filename not matched How do I unzip multiple or many zip files under a Linux/Unix-like system? Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post How do I unzip multiple / many files under Linux? appeared first on nixCraft. 2024-09-27T19:56:29Z 2024-09-27T19:56:29Z Vivek Gite

Most Linux and UNIX-like system configuration files are documented using comments, but sometimes I just need to see a line of configuration text in a config file. How can I view just the uncommented configuration file directives from squid.conf or httpd.conf file? How can I strip out comments and blank lines on a Linux or Unix-like system? Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post Linux / UNIX View Only Configuration File Directives ( Uncommented Lines of a Config File ) appeared first on nixCraft. 2024-09-21T12:33:38Z 2024-09-21T12:33:38Z Vivek Gite

The /etc/shadow file stores the actual password in encrypted format using a hash (salted) function for the user's account with additional properties related to the user passwords, such as password expiration date or password aging. The /etc/passwd stores usernames and their properties, such as home directory, login shell, and more. The password expiration information for a user is contained in the last six fields. The Linux password expiration for a select user can be disabled by editing the /etc/shadow file. However, I recommend using the chage command for safety reasons. The chage command changes the number of days between password changes and the last password change date. The Linux system uses this information to determine when users must change their passwords. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post Linux turn OFF password expiration / aging appeared first on nixCraft. 2024-09-20T11:46:01Z 2024-09-20T11:46:01Z Vivek Gite

How do I perform DNS lookup under Linux, UNIX, or Apple macOS (OS X) operating systems without using 3rd party websites for troubleshooting DNS usage? Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post Linux / UNIX: DNS Lookup Command appeared first on nixCraft. 2024-09-13T11:37:45Z 2024-09-13T11:37:45Z Vivek Gite

How can I copy one hard disk to another using the dd, ddrescue, or dcfldd commands? Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post Linux Copy One Hard Disk to Another Using dd Command appeared first on nixCraft. 2024-09-09T20:04:33Z 2024-09-09T20:04:33Z Vivek Gite

LXD or Incus is a Linux operating system-level container system. You can build over 25+ Linux distros for testing, fun, and profit. You can even run GUI apps inside those containers and get output displayed back to your X display easily. For example, you can run Firefox in one Linux container for banking needs with custom add-ons, including specific firewall rules just for allowing outgoing banking and nothing else. You can have another container to run Chromium/Edge/FF for social media. Of course, it is not a replacement for something like Qubes OS, but you can do many things in an isolated environment. You can try a new Linux distro without the VM's overheads and test new features offered by that distro. All Linux containers will share the same Linux kernel and hardware devices as your GPU. Here is a quick shell script to build a quick lab to test various Linux distros. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post Shell script to set up an LXD / Incus (Linux Containers) lab for testing purpose appeared first on nixCraft. 2024-08-16T12:06:18Z 2024-08-16T12:06:18Z Vivek Gite

Here is a quick and dirty shell script I put to check LXD or Incus container size and how much space they are taking on the BTRFS subvolume. Naturally, you must run the script as a root user, and LXD or Icnus must be configured with BTRFS storage backend on Linux operating systems. See how to set up and install LXD on Ubuntu 20.04 LTS or installing Incus on Debian 12/11 using the apt command. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post How To check LXD/Incus container BTRFS disk usage on Linux appeared first on nixCraft. 2024-08-15T21:42:09Z 2024-08-15T21:42:09Z Vivek Gite