Mark Shuttleworth, the founder of Ubuntu, wrote in his blog post that Ubuntu is "the leading cloud OS, running most workloads in public clouds today," whereas these homegrown images "are likely to behave unpredictably on update in weirdly creative and mysterious ways... We hear about these issues all the time, because users assume there is a problem with Ubuntu on that cloud; users expect that 'all things that claim to be Ubuntu are genuine', and they have a right to expect that...
"To count some of the ways we have seen home-grown images create operational and security nightmares for users: clouds have baked private keys into their public images, so that any user could SSH into any machine; clouds have made changes that then blocked security updates for over a week... When things like this happen, users are left feeling let down. As the company behind Ubuntu, it falls to Canonical to take action."
When the former ISP couldn't fix the issue, they asked Prugar to help. "During negotiations, instead of requesting money as payment, Prugar insisted that he'd be paid using the rights to the software and scripts he wrote while at the company, software which was now malfunctioning, a week after he left." This tipped off the company, who detected foul play, contacted the FBI and rebuilt its entire network.
Six years later, Prugar was found guilty after a one-week jury trial, and was ordered by the judge to pay $26,000 in restitution to the ISP (which went out of business in October of 2015). Prugar's two-year prison sentence begins December 27.
The group "seems to have been in existence for just a few months," writes Rolling Stone's Matt Taibbi, calling the Post's article an "astonishingly lazy report". (Chris Hedges, who once worked on a Pulitzer Prize-winning team at the New York Times, even found his site Truthdig on the group's dubious list of over 200 "sites that reliably echo Russian propaganda," along with other long-standing sites like Zero Hedge, Naked Capitalism, and the Ron Paul Institute for Peace and Prosperity.) "By overplaying the influence of Russia's disinformation campaign, the report also plays directly into the hands of the Russian propagandists that it hopes to combat," complains Adrian Chen, who in 2015 documented real Russian propaganda efforts which he traced to "a building in St. Petersburg where hundreds of young Russians worked to churn out propaganda."
The Post's article was picked up by other major news outlets (including USA Today), and included an ominous warning that "The sophistication of the Russian tactics may complicate efforts by Facebook and Google to crack down on 'fake news'."
According to a study published in the academic journal IEEE Security & Privacy, fraudsters could use computers to systematically fire different variations of security data at hundreds of websites simultaneously. Within seconds, by a process of elimination, the criminals could verify the correct card number, expiration date and the three-digit security number on the back of the card.
One of the researchers explained this attack combines two weaknesses into one powerful attack. "Firstly, current online payment systems do not detect multiple invalid payment requests from different websites... Secondly, different websites ask for different variations in the card data fields to validate an online purchase. This means it's quite easy to build up the information and piece it together like a jigsaw puzzle."
It's your chance to share useful information, recommendations, and your own experiences with various brands of laptop. So leave your best answers in the comments. What's the best Linux laptop?
Note that China has an extremely flexible definition of "national security". Additionally computer equipment will need to undergo mandatory certification, that could involve giving up source code, encryption keys, or even proprietary intellectual data, as Microsoft has been doing for some time.
The article suggests businesses like insurers "will likely see the cost of complying with this new action as a disincentive to conducting business in China."
Facebook: No answer. Twitter: "No," and a link to this blog post, which states as company policy a prohibition against the use, by outside developers, of "Twitter data for surveillance purposes. Period." Microsoft: "We're not going to talk about hypotheticals at this point," and a link to a company blog post that states that "we're committed to promoting not just diversity among all the men and women who work here, but [...] inclusive culture" and that "it will remain important for those in government and the tech sector to continue to work together to strike a balance that protects privacy and public safety in what remains a dangerous time." Google: No answer. Apple: No answer. IBM: No answer. Booz Allen Hamilton: Declined to comment. SRA International: No answer.