Linux By Example Sat, 18 Sep 2021 02:36:23 +0000 en-US hourly 1 Linux By Example 32 32 Software issues are blamed for Oregon’s sluggish rollout of rental assistance Fri, 17 Sep 2021 23:02:42 +0000

Renters who live in Multnomah County and can provide proof of having submitted an application will be eligible for protection until September 25th

PORTLAND, Oregon. (KOIN) – Oregon continues to work to get rental support money into the hands of those who need it as eviction deadlines loom.

Only 13% of Oregon renters applying for rent through the state’s Emergency Relief Program got paid last week; on Friday it was up to 16%.

Of the $ 204 million Oregon Housing and Community Services (OHCS) has allocated to the program, just over $ 34 million has been paid out.

In a Friday meeting with the Oregon Housing Stability Council, OHCS said it estimates the backlog could be cleared in nine to 13 weeks.

The executive director of Neighbor Impact – a community action agency responsible for processing applications and curtailing checks in central Oregon – said they were slowed by ongoing technical problems with the Allita state’s software system.

“I don’t think the centralized system is worth sacrificing Oregonians’ peace of mind to pay their rent,” said Scott Cooper. “I think we got this money from the federal government to get the money into the hands of the people, and that’s what we should do, and whatever gets in the way, we have to plow over it, even when we’re not working. “Software systems that Oregon is famous for.”

Cooper said Neighbor Impact officially asked the state in April to drop Allita and go back to the old system, but they are still using it. He said the current system was working better now, but there were still big issues that needed to be fixed in order to get money out of it faster.

The executive director of Multifamily Northwest also told KOIN 6 News Oregon renters deserve better.

Source link

]]> 0
Yes, of course there is now malware for the Windows subsystem for Linux • The Register Fri, 17 Sep 2021 22:06:00 +0000

Linux binaries have been found to have attempted to take over Windows systems in what appears to be the first publicly identified malware to use Microsoft’s Windows Subsystem for Linux (WSL) to install unwanted payloads.

On Thursday, Black Lotus Labs, the threat research group at Networking biz Lumen Technologies, said it had discovered several malicious Python files compiled in the Linux binary format ELF (Executable and Linkable Format) for Debian Linux.

“These files acted as loaders running a payload that was either embedded in the sample or retrieved from a remote server and then injected into a running process using Windows API calls,” Black Lotus Labs said in a blog post.

In 2017, more than a year after WSL was launched, Check Point researchers proposed a proof-of-concept attack called Bashware that used WSL to execute malicious ELF and EXE payloads. Because WSL wasn’t enabled by default and Windows 10 didn’t come with a pre-installed Linux distribution, bashware wasn’t seen as a particularly realistic threat at the time.

Four years later, WSL-based malware arrived. The files act as a loader for a payload that is either embedded – possibly created using open source tools such as MSFVenom or Meterpreter – or retrieved from a remote command-and-control server and then fed into a running one via Windows API calls Process is inserted.

While the use of WSL is generally limited to power users, these users often have elevated privileges in an organization. This creates blind spots as the industry continues to break down barriers between operating systems

“Threat actors are always looking for new attack surfaces,” said Mike Benjamin, Lumen vice president of product security and head of Black Lotus Labs, in a statement. “While the use of WSL is generally limited to power users, those users often have elevated privileges in an organization. This creates blind spots as the industry continues to remove barriers between operating systems.”

If there is a positive side to this anticipated development, then this initial WSL attack is not particularly sophisticated, according to Black Lotus Labs. Nonetheless, the samples had a detection rate of one or zero in VirusTotal, suggesting that the malicious ELFs would have been overlooked by most antivirus systems.

Black Lotus Labs said the files were written in Python 3 and converted to an ELF executable using PyInstaller. The code calls various Windows APIs to get a remote file and add it to a running process, thereby gaining access to the infected computer.

Two variants have been identified. One was pure Python, the other mostly Python, but used the Python Ctypes library to connect to Windows APIs and run a PowerShell script. The researchers at Black Lotus Labs suspect that this second variant was still in development because it did not run on its own.

One of the PowerShell samples had a kill_av() Feature that tries to disable suspicious antivirus software using Python os.popen() Function in the sub-process module for managing sub-processes. It also included a reverseshell() Function that uses a sub-process to run a Base64-encoded PowerShell script every 20 seconds for an infinite amount of time while True: Loop to prevent other functions from being performed.

The one routable IP address (185.63.90[.]137) identified in the samples has been linked to targets in Ecuador and France communicating with the malicious IP on ports 39,000 to 48,000 in late June and early July, the researchers said. They theorize that whoever was behind the malware tested a VPN or proxy node.

Black Lotus Labs advises anyone who has activated WSL to ensure that logging is active in order to detect such intrusions. ®

Source link

]]> 0
Instabase Engineering Head Charts course on building modern business apps Fri, 17 Sep 2021 21:20:58 +0000

the The Transform Technology Summits begin on October 13th with Low-Code / No Code: Enabling Enterprise Agility. Join Now!

Instabase has developed a platform behind the scenes that enables developers to build complex business applications based on pre-built discrete building blocks that can, for example, break down a scanned document into a number of components that can be reused across multiple use cases.

VentureBeat recently named Yee Jiun Song as Senior Vice President of Engineering to gain a better understanding of how traditional business application development is evolving so that developers can more flexibly create modern business applications that run anywhere.

Previously, Song was Vice President of Engineering at Facebook.

This interview has been edited for brevity and clarity.

VentureBeat: What exactly does Instabase do?

Yee Jiun song: Instabase was trying to develop an operating system and I think it’s a little difficult to understand. It is a little easier when we explain the problem we are trying to solve. Typically, if you want to build an application for the consumer, build for iOS or Android, or if you’re trying to build a desktop app, build for Windows or macOS. However, if you want to build an application that will help businesses solve a problem, there is no platform that will allow you to do it. Our goal is to be the operating system that does this so that the application developer can focus on the application and the business problem and not worry as much about the environment the application is running in. In addition, we offer a base operating system that offers a range of services and toolkits that enable developers to quickly build applications together. Then we also offer a marketplace where developers can publish applications.

VentureBeat: That sounds like a universal platform for applications.

Song: If you want to automate the software development process, you can hire a team of software engineers to create a custom solution. However, this is expensive and takes a while and then the custom application needs maintenance and it would likely only work for a specific environment. Instabase enables our customers to build something very quickly by putting together state-of-the-art modules and writing very little or no code in the process. You also don’t have to worry about any of the infrastructure systems around it. What Instabase does is abstract away all of these challenges. There are a number of different technologies that are mature enough to make it possible to create something that works so well for developers that they can quickly build applications.

VentureBeat: Does this replace the need for the operating system?

Song: They certainly don’t replace Windows or Linux. The point here is that we don’t want customers to have to think about Windows or Linux. When we have to talk about Linux and Windows, the point has somehow been overlooked. The pieces Instabase built are high level abstractions. I don’t realize that people really understand what it takes to build applications that are widely spread across eight different platforms that they may need to deploy at any given time. Many of the customers we speak to want a solution up and running as quickly as possible and not have to invest too much in the underlying technology. Examples of companies that use [Instabase] include MetLife. The beauty of using something like Instabase is that customers don’t have to keep up with the latest in the underlying technology.

VentureBeat: How hard is it to set this up?

Song: To be honest, it still sounds a little bit more difficult than we’d like it to be. Usability is certainly something we are working on. At some point, we want to get to the point where customers can put applications together themselves without too much help on our part. We’re also trying to reduce the amount of code customers have to write to put together an application. But much of it is still in the works.

VentureBeat: What will be the biggest hurdle in the future?

Song: As with any fast growing company, I think one of the big challenges is growing our own teams. We are currently experiencing strong growth. One of the reasons Instabase brought me on board is to grow and scale our teams. On the product side, we want to ensure, among other things, that we can offer our customers a very stable product. We have to develop a product that is scalable and reliable.

VentureBeat: Why Leave Facebook for This?

Song: That’s a great question. I had a wild and phenomenal ride on Facebook; it was a lot of fun. But I have the feeling that there is a great team. I’m not sure if they need me anymore so I’m looking for something new and challenging. This is a completely different domain. It’s the right combination of an extremely ambitious goal. That’s exciting for me. In a way, this starts over.


VentureBeat’s mission is to be a digital marketplace for technical decision makers to gain knowledge of transformative technologies and transactions. Our website provides essential information on data technologies and strategies to help you run your organization. We invite you to become a member of our community to gain access:

  • current information on the topics of interest to you
  • our newsletters
  • closed thought leadership content and discounted access to our award-winning events such as Transform 2021: Learn more
  • Network functions and more

become a member

]]> 0 Apple and Google remove ‘Navalny’ voting app in Russia Fri, 17 Sep 2021 19:14:28 +0000

MOSCOW – Apple and Google removed an app that on Friday removed an app to coordinate protest votes in this weekend’s Russian election, a blow to President Vladimir V. Putin’s opponents and a demonstration of the borders of Silicon Valley when it comes to defending against dissent around the world.

The decisions came after Russian authorities, who deemed the app illegal, threatened to prosecute local Apple and Google employees – a sharp escalation in the Kremlin’s campaign to curb the country’s largely uncensored internet. A person familiar with Google’s decision said authorities had identified certain people who would be prosecuted and asked them to remove the app.

The person refused to be identified because they feared it would upset the Russian government. Google has more than 100 employees in the country.

Apple didn’t respond to phone calls, emails, or text messages asking for comments.

The app was developed and promoted by allies of opposition leader Aleksei A. Navalny, who hoped it would help consolidate the protest votes in each of Russia’s 225 constituencies. It disappeared from the two technology platforms when voting began in the three-day parliamentary elections, in which Putin’s United Russia party – in a carefully staged system – has a dominant advantage.