TechBlog

You’ve heard it again and again: You need to use a password manager to generate strong, unique passwords and keep track of them for you. And if you finally took the plunge with a free and mainstream option, particularly during the 2010s, it was probably LastPass. For the security service’s 25.6 million users, though, the company made a worrying announcement last week: A security incident the firm previously reported on November 30 was actually a massive and concerning data breach that exposed encrypted password vaults—the crown jewels of any password manager—along with other user data. ...

Microsoft researchers found a cross-platform botnet that originates from malicious software downloads on Windows devices & succeeds in propagating to a variety of Linux-based devices by enumerating default credentials on internet-exposed SSH-enabled devices. Microsoft researchers observed that the initial infection points related to the botnet were devices infected through the installation of malicious cracking tools that purport to acquire illegal Windows licenses. The cracking tools contain additional code that downloads and launches a fake version of svchost.exe through a PowerShell command. In some cases, the downloaded file is named svchosts.exe. ...

What is WARP? The Cloudflare WARP client allows individuals and organizations to have a faster, more secure, and more private experience online. The WARP client sits between your device and the Internet, and has several connection modes to better suit different needs. Install Installing Warp Client (aka Cloudflare Zero Trust Client) is so easy, specially if your OS uses AUR. AUR Use your AUR helper to find and install cloudflare-warp-bin, for example I use yay here: ...

TL;DR Install zsh, then run the Oh My Zsh installer on Ubuntu, Manjaro, or Arch. Enable the vscode plugin, add Powerlevel10k, and install a Meslo Nerd Font. Point the VS Code integrated terminal or Cursor IDE terminal at /usr/bin/zsh in settings.json. On Manjaro, also see How to Install Cursor IDE on Manjaro Linux. If you use the simple Bash Terminal in your OS, you may want to give Zsh a try to use a faster and safer terminal with many more features. The simple Bash that exist in the common dist of Linuxes are not changed over years and just received some security fixes, but the community behind Zsh are improving it everyday and bring new useful plugins. ...

After switching from Gnome and Unity to KDE, I had a problem with SDDM and it was that it could not detect correct resolution for my UltraWide monitor and set it to Full HD instead of 2560×1080. I had a similar problem in Ubuntu with another old monitor. Anyway that solution is same in both cases. The solution for this problem is using Xrandr and Xsetup to set the correct resolution and make it permanent. ...

Recently I had problem with my Ubuntu, Whenever I tried to open a website my Chromium told me that a Network Change has been detected and after 1-2 reload that sites would load and sometimes failed to load fully. After looking up for that problem, I found out many other people had same problem and it has something to do with “avahi-daemon”. Solution According to the links I found in Ubuntu forums, this problem comes from IPv6 in Ubuntu and disabling that service will fix it, I tried it and it worked: ...

How it started A few days ago I just decided to give my Ubuntu a new look and experience. I thought KDE is not in a good situation and maybe Gnome 3 is a better option than Unity. The easiest option to try Gnome on Ubuntu (Without a clean install of OS) is to install it as a package: 1 sudo apt-get install ubuntu-gnome-desktop During the install process it asks for Display Manager, you have options to choose, gdm and lightdm, since I want to try Gnome, I select gdm: ...

Here’s how security vulnerabilities are supposed to be handled. One, a researcher discovers an issue. Two, the people who make the software find a solution. And three, the solution is then made available, ideally by automatic update. That’s what Windows does, and what Apple does. It isn’t always as fast as it should be, but at least once the fix exists it’s available almost instantly. Here’s how it works with Android. ...

Facebook has set the date: on September 30, the ancient and creaking SHA-1 hashing algorithm will make its tumbril trip and get the chop. SHA-1, designed by the NSA in 1995, is a one-way algorithm: a block of data is turned into a message digest. The digest can’t be turned back into the original message, but serves as a digital signature confirming the authenticity of (for example) the software you’ve downloaded. ...

The Intel Security Advanced Threat Research Team has discovered a critical signature forgery vulnerability in the Mozilla Network Security Services (NSS) crypto library that could allow malicious parties to set up fraudulent sites masquerading as legitimate businesses and other organizations. The Mozilla NSS library, commonly utilized in the Firefox web browser, can also be found in Thunderbird, Seamonkey, and other Mozilla products. Dubbed “BERserk”, this vulnerability allows for attackers to forge RSA signatures, thereby allowing for the bypass of authentication to websites utilizing SSL/TLS. Given that certificates can be forged for any domain, this issue raises serious concerns around integrity and confidentiality as we traverse what we perceive to be secure websites. ...