I performed a Linux Server upgrade from 12.04 LTS to 14.04 LTS last night. Disaster. Well, the upgrade wasn’t quite as seamless than I thought. Apache died. I was getting 500 error on all my websites. I wasn’t about to spend hours trying to fix Apache, and who knows what else was not working. I have several applications running on my Linode VPS server in addition to the standard LAMP. So, I started the image recovery 20 minutes after I found out things weren’t working as well as they should be. My only other option now is to create a new server from scratch with the latest Ubuntu Server release, and then migrate all my apps and data. I think I’ll wait for 16.04 LTS to come out in a couple of months.
Linuxmint.com got hacked today. Hackers were able to gain access to the website. They were able to direct users to download a modified ISO image that contains a backdoor. The hacked version potentially can steal user’s information. The hacked version only applies to the downloaded Linux Mint 17.3 Cinnamon edition. The Linux Mint blog say to always verify the checksum of the downloaded ISO file.
Canonical just released Ubuntu 14.04.4 LTS. This is the 4th update to the 14.04 series which was originally released back in April 2014. It’s probably the most stable Ubuntu to date, after being baked in the oven the last 2 years. I don’t think they will release another one with this series since Ubuntu 16.04 just around the horizon.
Millions of Linux servers and Android devices were hit with a zero-day flaw today.
What is zero-day flaw? From pctools.com:
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.
From zdnet.com. The issue today was:
A new, previously undiscovered flaw that allows an attacker to escalate local user privileges to the highest “root” level is said to hit “tens of millions” of Linux PCs and servers. Because some of the code is shared, the zero-day flaw also affects more than two-thirds of all Android devices. The flaw, said to date back to 2012, affects Linux kernel versions 3.8 and higher, which extends to devices running Android KitKat 4.4 and higher. The vulnerability is in the keyring facility, baked into the core of the Linux software. If exploited, an attacker would be able to execute code on the Linux kernel, and extract cached security data, which can include in some cases encryption and authentication keys.
Read the rest of the article from ZDNet.
VLC is considered by many as the swiss army knife of video players is finally coming to ChromeOS users. As you may well know, you can pretty much run VLC on any platform, from the PC, to Mac and Linux and to practically every mobile device. The last frontier was ChromeOS. The VideoLan team just made the popular player available now to ChromeOS users.