Hackers Plant Malicious Code on Gentoo Linux GitHub Page

Gentoo Linux GitHub account hacked

Developers of the Gentoo Linux distribution warned users on Thursday that one of the organization’s GitHub accounts was compromised and that malicious code had been planted by the attackers.

“Today 28 June at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of repositories as well as pages there. We are still working to determine the exact extent and to regain control of the organization and its repositories. All Gentoo code hosted on GitHub should for the moment be considered compromised,” Gentoo said on its website.

According to Gentoo developer Francisco Blas Izquierdo Riera, the attacker replaced the portage and musl-dev trees with malicious ebuilds designed to remove all files from a system. However, the developer says the code doesn’t actually work as intended in its current form.

Ebuilds are bash scripts used by Gentoo Linux for its Portage software management system.

Gentoo pointed out that code hosted on its own infrastructure is not impacted and the Gentoo repository mirrors are hosted in a separate GitHub account that does not appear to be affected by the breach.

“Since the master Gentoo ebuild repository is hosted on our own infrastructure and since Github is only a mirror for it, you are fine as long as you are using rsync or webrsync from gentoo.org,” users have been told.

Gentoo users have been advised not to utilize any ebuilds obtained from the compromised GitHub account prior to 18:00 GMT on June 28, 2018. GitHub has suspended the hacked account.

“All Gentoo commits are signed, and you should verify the integrity of the signatures when using git,” Gentoo said.

Related: Compromised GitHub Account Spreads Malicious Syscoin Installers

Related: Hackers Can Use Git Repos for Stealthy Attack on Developers

Related: GitHub Exposed Passwords of Some Users

Eduard Kovacs (

@EduardKovacs

) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Previous Columns by Eduard Kovacs:

Tags:

via SecurityWeek RSS Feed http://bit.ly/2IHry7S

Advertisements

5 Reasons Why Kanban Works Well in the Technology Industry

In the world of technology, things are always moving at an extremely fast pace and there is always a new and exciting project just around the corner. While this is, of course, a great problem to have, it can be quite stressful at times trying to keep track of your business workflow and the speed at which everyone is working at.

However, if you are looking to run a successful business, this is vital information that you will need to know. In the technology industry, there are lots of different methods and tools for you to choose from that will help you get things done and help keep your team on track but by far the most popular tool is . You will most likely have heard of the Kanban board or you may even have used it in a previous job role. This work management tool has been around for a very long time, proving it is definitely not a fad and that it is here to stay. It will help you to prioritise your workflow and simply help to get things done.

As we live in a world now overrun with technology, there is no escaping it. However, it has given us the opportunity to be more creative and productive than ever before. Kanban boards allows us to manage work and life visually and here we are taking you through five reasons why Kanban works well in the technology industry and exactly what is a Kanban board.

Works Well Within Agile Teams

Does your company operate as an agile team? An agile team is simply a team that empowers each other, speaks with customers, involves stakeholders and the people who are doing the work are also the ones who are planning it. Agile teams absolutely love Kanban as it allows the team to visualise their work flow and provides transparency across all aspects of the business.

Works Well in the Lean Approach

Across the technology industry, and software development in particular, the Lean work approach is usually taken and Kanban fits in extremely well with this. When we speak about Lean, what we are referring to is the Lean manufacturing and product development process. With this process, you can create a scheduling process and this also shows you how much you need to produce. A Kanban board will allow you to visually see your scheduling process and the areas where production is going well, as well as the areas which may need more investment.

Be Smart in Your Workplace

In the technology industry, there will be certain expectations of you. This will include being smart, reliable, a team player and productive. Not only, that managers and organisations will face similar pressures to be as productive as they possibly can, while maintaining a competitive edge. This is why Kanban boards are great for the technology industry!

With these boards, you will be able to provide visual management to all levels of the team and give up-to-date information about the progress of projects. This will give you an idea of where there are bottlenecks in the system so you can solve this and make your workflow more efficient. This board makes it easier for you focus on the right tasks, prioritise work and become a more efficient team.

Better Management

With Kanban Boards, they will help your team to engage with each other better and promote better communication. Part of the Kanban concept is that this also helps managers to effectively keep control of their teams. Using this method allows you to successfully optimise resources and improve communication so that you can better accomplish business goals with the resources you have. Your team should feel empowered by a Kanban board and will help them to get the job done, so to speak. As managers are being more engaging with the tech team, this promotes a much better working environment.

Furthermore, Kanban is especially helpful when you are managing a mobile workforce. You need trustworthy tools that provide real-time collaboration and it is perfect for those situations where people are working remotely.

Being Tech Savvy

As you are working in the tech industry, you should have absolutely no problems trying to use a Kanban board. Smart phones make it incredibly easy for us to access this information and you can access your Kanban boards anytime, anywhere. Rather than having lots of different spreadsheets filled with information, why not compile it all into one place to make the whole process easier.

Technology is an industry that is driven by productivity and collaboration, making it perfect for Kanban board management software. Try it out in your tech business today.

via Social Barrel http://bit.ly/2N2Dxjo

Magento Hackers Using Simple Evasion Trick to Reinfect Sites With Malware

Security researchers have been warning of a new trick that cybercriminals are leveraging to hide their malicious code designed to re-introduce the infection to steal confidential information from Magento based online e-commerce websites.

So, if you have already cleaned up your hacked Magento website, there are chances your website is still leaking login credentials and credit card details of your customers to hackers.

More than 250,000 online stores use open-source Magento e-commerce platform, which makes them an enticing target for hackers, and therefore the security of both your data and your customer data is of the utmost importance.

According to the researchers at

Sucuri

, who have previously spotted several

Magento malware

campaigns in the wild, cybercriminals are currently using a simple yet effective method to ensure that their malicious code is added back to a hacked website after it has been removed.

To achieve this, criminals are hiding their ‘credit card stealer reinfector’ code inside the default configuration file (config.php) of Magento website, which gets included on the main index.php and loads with every page view, eventually re-injecting the stealer code into multiple files of the website.

Since config.php file gets automatically configured while installing Magento CMS, usually it is not recommended for administrators or website owners to change the content of this file directly.

Here’s How Magento’s Reinfector Code Works

The reinfector code spotted by researchers is quite interesting as it has been written in a way that no security scanner can easily identify and detect it, as well as it hardly looks malicious for an untrained eye.

Hackers have added 54 extra lines of code in the default configuration file. Here below, I have explained the malicious reinfector code line-by-line, shown in the screenshots, written inside the default config.php file.

At line no. 27, attackers set error_reporting() function to false in an attempt to hide errors messages that could reveal the path of the malicious module to site admins.

From line no. 31 to 44, there’s a function called patch() that has been programmed to append the malicious code for stealing confidential information into legitimate Magento files.

This patch() function uses 4 arguments, values of which defines the path of a folder, name of a specific file resides in that path needs to be infected, file size required to check if it is necessary to reinfect the given file, a new file name to be created, and a remote URL from where the malicious code will be downloaded in real-time and injected into the targeted file.

From line 50 to 51, attackers have smartly split up the base64_decode() function in multiple parts in order to evade detection from security scanners.

The line 52 includes a base64 encoded value that converts to “http://bit.ly/2tnNgYJ” after getting decoded using the function defined in line 50-51.

The next four sets of variables from line 54 to 76 define the four values required to pass arguments to the patch() function mentioned above.

The last line of each set includes a random eight character value that concatenated with the link variable encoded in line 52, which eventually generates the final URL from where the patch() function will download the malicious code hosted on remote Pastebin website.

From line 78 to 81, attacker finally executes patch() function four times with different values defined in line 54-76 to reinfect website with the credit card stealer.

“As a rule of thumb, on every Magento installation where a compromise is suspected to have taken place, the /includes/config.php should be verified quickly,” researchers advise.

It should be noted that similar technique can also be used against websites based on other content management system platforms such as Joomla and WordPress to hide malicious code.

Since attackers mostly exploit known vulnerabilities to compromise websites at the very first place, users are always recommended to keep their website software and servers updated with the latest security patches.

via The Hacker News http://bit.ly/2lqxzw9

Fuck Scooters

Maybe one day I’ll try an e-scooter, but for now, after spending weeks reading about their sudden emergence in cities across the U.S., with writers everywhere gushing about how, actually they’re cool, and that they could develop into a viable business and ease congestion, I’ve concluded that I absolutely hate them. Fuck scooters.

Is this an annoying take from someone who hasn’t experienced the joys of zipping down the road at 15 mph, like my pro-scooter west coast colleague Andrew Collins got to experience?

Maybe it is, for you. I’m content with my perspective.

For me, it boils down to championing new-age tech ideas, like ride-hailing, bike-sharing, fucking scooters as a solution for public transportation failures. Time and again, ever since Uber barged into the room but probably before that, Silicon Valley has trotted out some form of the argument that so-called “mobility” options will be more environmental-friendly than transportation systems of yesterday, and, more notably, rein in soul-sucking congestion.

None of this, to date, has been proven true. And now with e-scooters barreling into the public limelight, scooter-renting startups are offering up the same ham-fisted official line. Instead of adequately funding public transportation, they’re effectively saying, try this shiny new toy.

In a recent piece about his transformation into a scooter devotee, Kevin Roose, a writer for The New York Times, tossed in this line (emphasis mine):

They’re lightweight and emission-free. They don’t require bulky docks or parking lots, and they’re perfect for trips that are too long to walk but too short to justify driving or hailing a car. If they take off, they could alleviate congestion and become a low-cost way of getting around cities without robust public transportation systems.

Holy shit, do I ever disagree. It reminded me of a story I heard a couple years back while I was living in Detroit.

In the general election that year, voters headed to the polls to cast ballots not just for the president, but a measure that would’ve created Metro Detroit’s first ever regional transit authority. If passed, it would’ve commenced the creation of a robust Bus Rapid Transit network, established more cohesion between the city and suburban bus systems, and, finally, put the region on some sort of path to beefing up its historically god-awful public transit system.

Voters shot it down. A friend shared their story about a voter in an outer-lying community who explained why they rejected it: It’s not just a waste of taxes, this person said. Low-income folks could just use Uber, they said.

Mind you, a bus pass there costs roughly $50 per month, and while Detroit’s transit system is a disaster, that’s a more affordable fare than daily roundtrips via Uber. Hell, you could hit $50 in a day or two taking Ubers and cabs. And I find it highly doubtful that subsidies for Uber and Lyft could lower the price enough for a low-income resident.

That’s the thing: Scooters cannot beef up transit options in places like Detroit. No Detroit resident’s going to pick up an electric scooter to get to their job in the suburbs. (Though imagining David Tracy picking up a scooter at the airport and riding along the I-75 service drive for two hours, backpack full of Jeep parts, to his home in the suburbs, is funny to consider.)

I’m not offering this up as some lame Luddite response to a new mode of transportation—there should be a platter of options to get around town. But my chief concern is that mobility solutions, like e-scooters, are being used and championed as an excuse to not adequately fund public transportation, which can actually move a mass of people at a high rate of speed.

Maybe that’s a very basic criticism, but the implicit premise of Mobility, certainly as Silicon Valley has been using it, is anything but actual public transit. Tech is the savior, the solution, the gospel, but when it comes down to it, if public transportation was adequately funded, a robust network of trains and buses could actually alleviate congestion and cost issues.

And here’s the thing. I can’t find a reasonable argument one way or another if e-scooters will one day turn a profit—which is a common criticism levied against the idea of governments funding the operations of public transit systems. Instead of the government, now we have rich venture capitalists bankrolling, controlling and subsidizing Mobility, and I’m not sure how to view that as being anything but a detriment to, uh, a much, much larger swath of the population.

Can e-scooters make money? Typically that’s something a business takes into consideration as a long-term goal. So I posed the question on Twitter yesterday, after news broke that e-scooter renter Bird reached a valuation of $2 billion, about whether it has the ability to eventually make a profit. The answers I got in return were all over the place.

Someone pointed me to Brad Stone in Bloomberg, for example. After running some rosy numbers, he concluded:

If you can deploy 10,000 scooters in a city, per our math, you have a business easily generating $100,000 a day in revenue, $3 million a month or $40 million a year—per city!

Seems optimistic, when you consider there’s numerous players vying for the e-scooter market right now.

And in Bloomberg, not even a week prior, a separate writer concluded:

If you figure that Bird might make around $2.50 per ride in revenue, there are some estimates that Bird might make $14 million a year. But after paying for maintenance, charging and overhead, there might only be $1 million left.

Not such a pretty picture!

Here’s another response:

And another:

All over the goddamn board. Everyone can put together a model, but the upshot is, it’s a total guess, just like Uber guessed it could artificially suppress the prices of taxi rides with its massive amount of funding, and snap up enough market share to start turning a profit. But nearly a decade after launching, it’s still just bleeding cash.

Could scooters work inside a wealthy Bay Area city like San Francisco? Maybe; I’m not arguing against that. But it’s so tiresome to see Silicon Valley ideas placed on a pedestal, when in reality, you could fund a standard set of public transit options—trains, buses, subways—and benefit more of the living, breathing public.

I’m sure someone’s winding up right now to point to New York City’s subway and all the bitching we do about it, but the complaints stem from the fact that an objectively sound, effective, good public transit system is falling apart from poor funding and management. When it works (and it does work!), it’s a marvelous achievement to behold. Other countries can do it. There is no reason America cannot.

Rather than float solid proposals to beef up and improve existing public transit systems, though, policymakers and the tech-adoring public flock to the possibilities of our mobility future. So, we get scooters—or, another example, projects like Elon Musk’s new hyper-speed train for Chicago, which won an actual contract to build a system that’ll be able to move as many people in total in a single hour as one train on the New York subway train. Musk has never built or operated a public transit system in his career.

Are scooters fun? That’s what everyone seems to think. That’s cool. Is it an actual solution to ease congestion and provide more affordable modes of transportation to people across the U.S.? No.

Fuck scooters.

via Gizmodo http://bit.ly/2ld36BF

The Last of Us 2’s kiss was a beautiful way to open Sony E3 2018

Ellie shares a memorable, moving kiss

Sony’s E3 2018 press conference is hardly under way, but it’s already brought us one of our favorite moments of the whole event thus far. And it was just a simple, lovely kiss.

The event opened up with a gameplay trailer for The Last of Us Part 2, which looked bloody and beautiful and a whole mess of other things. All well and good, but the cutscene that preceded and succeeded all the action is what really did it for us, because Ellie shared a loving kiss rarely seen in game trailers.

The scene features Ellie standing at a party, looking slightly awkward, hanging by the wall. But a woman — her partner, presumably — pulls her onto the dancefloor. They chat, they swirl, they look into each other’s eyes … and then they kiss.

It’s a sweet kiss, even a realistic one; and it’s between two women, which we hardly ever see highlighted in games as major as The Last of Us Part 2. And as the opening of an E3 press conference, no less!

It’s a kiss that literally transports Ellie somewhere else. The trailer then cuts away into gameplay, and the romance is shattered by a whole bunch of death. By the end of it, though, we’re back in that kiss.

We hope to see many more of those kisses in the otherwise brutal, bleak The Last of Us Part 2. And if you want to rewatch Ellie enjoying one of those rare tender moments, Dorkly’s Tristan Cooper threaded both scenes together without that depressing cutaway. That’s below.

via Polygon – Full http://bit.ly/2JGory2

Eric Schmidt Says Elon Musk Is ‘Exactly Wrong’ About AI

At the VivaTech conference in Paris, Alphabet CEO Eric Schmidt was asked about Elon Musk’s warnings about AI. He responded by saying: "I think Elon is exactly wrong. He doesn’t understand the benefits that this technology will provide to making every human being smarter. The fact of the matter is that AI and machine learning are so fundamentally good for humanity." TechCrunch reports: He acknowledged that there are risks around how the technology might be misused, but he said they’re outweighed by the benefits: "The example I would offer is, would you not invent the telephone because of the possible misuse of the telephone by evil people? No, you would build the telephone and you would try to find a way to police the misuse of the telephone."
After wryly observing that Schmidt had just given the journalists in the audience their headlines, interviewer (and former Publicis CEO) Maurice Levy asked how AI and public policy can be developed so that some groups aren’t "left behind." Schmidt replied that government should fund research and education around these technologies. "As [these new solutions] emerge, they will benefit all of us, and I mean the people who think they’re in trouble, too," he said. He added that data shows "workers who work in jobs where the job gets more complicated get higher wages — if they can be helped to do it." Schmidt also argued that contrary to concerns that automation and technology will eliminate jobs, "The embracement of AI is net positive for jobs." In fact, he said there will be "too many jobs" — because as society ages, there won’t be enough people working and paying taxes to fund crucial services. So AI is "the best way to make them more productive, to make them smarter, more scalable, quicker and so forth."



Share on Google+

Read more of this story at Slashdot.

https://slashdot.org/slashdot-it.pl?op=discuss&id=12153442&smallembed=1

via Slashdot http://bit.ly/2ILGmmI

7 Negative Effects of Social Media on People and Users

Advertisement

If you can’t imagine your life without social media, that’s a sign that you’ve fallen a victim to the evil power of social networking. It also means that you’ve experienced one (or more) of the negative effects of social media on society.

Don’t pretend you’ve never heard of these. While social media can have a positive impact too


The Positive Impact of Social Networking Sites on Society




The Positive Impact of Social Networking Sites on Society

Social networking isn’t for everyone, but it’s now such a massive part of all our lives, whether we embrace or reject the notion, that it can no longer be ignored. But are social networking sites…
Read More

, that doesn’t mean it’s all hearts and flowers.

How Social Media Is Bad for You

Let’s explore the darker side of social media and exactly how (and why) it’s bad for you. You’ll be surprised to learn the negative effects of social media are both physical and mental. It can change your perception of the world and yourself, and not always for the better.

Don’t believe us? Then read on to find out some of the negative effects of social media. And if you recognize any of them as your own symptoms it may be time to consider stop using social media altogether.

1. Depression and Anxiety

Do you spend more than two hours per day on social media? Spending too long on social networking sites could be adversely affecting your mood. In fact, you’re more likely to report poor mental health, including symptoms of anxiety and depression.

So how to use social media without causing yourself psychological distress


5 Ways Technology Might Be Feeding Your Depression




5 Ways Technology Might Be Feeding Your Depression

Technology can worsen depression. With tech enveloping our lives, we should be more aware of technology’s potential impact on us. There are some things you can do to lessen the burden.
Read More

? If you turn to the same research (and common sense), the recommended amount of time you should spend on social networks is half an hour per day. So, as with so many things in life, it’s all about moderation.

2. Cyberbullying

Before social media, bullying was something only done face-to-face. However, now, someone can be bullied online anonymously. Today everyone knows what cyberbullying is, and most of us have seen what it can do to a person.

While social media made making friends easier, it also made it easier for predators to find victims. The anonymity that social networks provide can be used by the perpetrators to gain people’s trust and then terrorize them in front of their peers.

These online attacks often leave deep mental scars and even drive people to suicide in some cases. You’ll be surprised to find out that cyberbullying isn’t just affecting kids, but also full grown adults.

If you are being harassed online


What You Should Actually Do When Harassed Online




What You Should Actually Do When Harassed Online

The Internet has changed bullying. Let’s take a look at what has changed, and what you can do if you find yourself on the receiving end of cyber harassment.
Read More

, it’s important to know that you’re not alone, and that you can take steps in order to get back your dignity


Abused, Bullied & Harassed On Facebook: 6 Ways To Get Back Your Dignity [Weekly Facebook Tips]




Abused, Bullied & Harassed On Facebook: 6 Ways To Get Back Your Dignity [Weekly Facebook Tips]

Facebook isn’t a safe haven. A recent study by GMI revealed that one in ten Facebook users have experienced some form of abuse. Among 18 – 24 year olds, one in four were affected. Offenders…
Read More

.

3. FOMO (Fear of Missing Out)

Fear of Missing Out (FOMO) is a phenomenon that was born at the same time as Facebook—and it’s one of the most common negative effects of social media. FOMO is basically a form of anxiety that you get when you’re scared of missing out on a positive experience or emotions that someone else is getting.

This fear is constantly fueled by your social media engagement. The more you use social networks, the more likely you are to see that someone is having more fun that you are right now. And that’s exactly what causes FOMO.

4. Unrealistic Expectations

This one probably comes as no surprise, but social media helps you to form unrealistic expectations of life and friendships. The networks that do it most are Facebook, Instagram, and Snapchat. Those are the social media platforms that severely lack online authenticity.

One simple way out of this is for everyone to quit lying on social media. But in the era of Instagram celebrities and YouTubers who earn millions


The Top 10 Most Popular YouTube Channels: Should You Subscribe?




The Top 10 Most Popular YouTube Channels: Should You Subscribe?

Have you ever wondered who has the most subscribers on YouTube? In this article we take a look at the most popular YouTube channels and help you decide whether to subscribe to them.
Read More

, that isn’t going to happen anytime soon.

5. Negative Body Image

Speaking of Instagram celebrities, if you look at the most-followed accounts on Instagram, you’ll find beautiful people wearing expensive clothes on their perfect bodies.

Today, body image is an issue for many people of both sexes. Of course, seeing those perfect in accordance with the society standards people on a daily basis makes you conscious about how different you look from those pictures. And not everyone comes to the right conclusions in this situation.

6. Unhealthy Sleep Patterns

On top of increased rates of anxiety and depression, spending too much time on social media can lead to poor sleep. Numerous studies have shown that increased use of social media has a negative effect on your sleep quality.

If you feel like your sleep patterns have become irregular and that this is affecting your productivity, try and avoid spending a significant amount of time on social media. If you still have trouble sleeping, here are some more tricks to help you to sleep peacefully


9 Gadgets to Help You Fall Asleep, Stay Asleep, and Wake Up Happier




9 Gadgets to Help You Fall Asleep, Stay Asleep, and Wake Up Happier

The quality of sleep you get each night directly impacts your mood, health, and productivity the next day. Get better sleep than ever before using one of these smart gadgets!
Read More

.

7. General Addiction

using smartphone

Social media is often described as being more addictive than cigarettes and alcohol. With the worst social media apps being Facebook, Instagram, and Snapchat when it comes to addiction.

Don’t know if you’re addicted to your social networks? Think when was the last time you went a full day without checking your social media accounts? What if your favorite social networks completely disappeared tomorrow; would it make you feel empty and depressed?

If you just realized you’re addicted to social media, don’t worry, as most of us are there with you in varying degrees. And it’s not necessarily a reason to go and wipe yourself off all those social networking platforms.

However, if you think quitting is the best solution for you, we won’t stop you. In fact, one of our writers tried quitting social media


What Happens When You Quit Social Media? I Found Out




What Happens When You Quit Social Media? I Found Out

Quitting social media is easy. The hard part is handling what comes after this “extreme” step. I should know. I deleted all my social media accounts mid 2013.
Read More

once, and it was an interesting experience.

Social Media: Is It Time to Quit or Detox?

As with everything else, social media brings both good and bad things into our lives. At the end of the day, you’re the one who decides whether there’s more help or harm in it for you.

Maybe all you need is find the right site for you. Perhaps switching from Facebook to Twitter, or from Instagram to YouTube. Or maybe you’re done with all of them altogether and are ready to delete your entire social media presence for good


Go Anonymous: How to Delete Your Entire Social Media Presence




Go Anonymous: How to Delete Your Entire Social Media Presence

From traditional avenues to new tools, here’s an in-depth look at how to delete your social media presence.
Read More

.

And if that feels a little too extreme consider doing a social media detox


How to Do a Social Media Detox (and Why You Should Right Away)




How to Do a Social Media Detox (and Why You Should Right Away)

A social media detox might sound like a punishment; but if it does, there’s a really good chance you need one. Here are the signs you need a detox and how to do it.
Read More

every once in a while instead. Because the non-nuclear option should always be your first choice.

0 comments

Write a Comment

via MakeUseOf http://bit.ly/2ksTXVw