WINE 6.17 vuelve a mejorar el soporte para DPI e introduce casi 400 cambios

WINE 6.17

WineHQ ha vuelto a cumplir puntual con su calendario y, tras la anterior v6.16, hoy ha lanzado WINE 6.17. Se trata de una nueva versión Staging, etiqueta que reciben las versiones de desarrollo en las que van añadiendo novedades cada dos semanas, pero las cosas no están tan pulidas como para que la etiqueta sea Estable. Como casi siempre en esta fase del desarrollo, el equipo del proyecto ha aprovechado para introducir muchos cambios.

En WINE 6.17 se han corregido 12 bugs, pero han realizado 375 cambios en total. Entre ellos, esta semana han vuelto a destacar algo relacionado al DPI junto a otros cuatro puntos, siendo el último el habitual corrección de errores. La lista de novedades que han considerado lo suficientemente importantes como para separarlas del resto es la siguiente.

Novedades más destacadas de WINE 6.17

  • Programa WineCfg convertido a PE.
  • Mejor soporte de alta DPI en las aplicaciones incorporadas.
  • Más trabajo de preparación para la interfaz GDI syscall.
  • Soporte mejorado del depurador en modo Wow64.
  • Varias correcciones de errores.

WINE 6.17, del que tenemos que volver a recordar que es una versión Staging o de desarrollo y no estable, ya se puede descargar desde este o este otro enlace. El proyecto también aporta información para descargar esta y futuras actualizaciones añadiendo el repositorio oficial para Linux aquí, pero también se puede instalar en macOS y Android. Si se añade el repositorio se puede elegir entre las versiones estable, Staging o Dev.

En este punto del desarrollo, ya nos estamos acercando al momento en el que empezarán a llegar las Release Candidates, pero lo más probable es que la próxima versión sea WINE 6.18 y que sea lanzada el próximo 24 de septiembre. En WINE 5.x se lanzaron 22 versiones Staging, momento en el que ya pasaron a lanzar las Release Candidates semanalmente. Si se confirma la nueva versión Staging, volverán a introducir cientos de retoques.

from Linux Adictos https://ift.tt/38UdMOG
via IFTTT

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from “Meris,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer.

Cloudflare recently wrote about its attack, which clocked in at 17.2 million bogus requests-per-second. To put that in perspective, Cloudflare serves over 25 million HTTP requests per second on average.

In its Aug. 19 writeup, Cloudflare neglected to assign a name to the botnet behind the attack. But on Thursday DDoS protection firm Qrator Labs identified the culprit — “Meris” — a new IoT monster that first emerged at the end of June 2021.

Qrator says Meris has launched even bigger attacks since: A titanic and ongoing DDoS that hit Russian Internet search giant Yandex last week is estimated to have been launched by roughly 250,000 malware-infected devices globally, sending 21.8 million bogus requests-per-second.

While last night’s Meris attack on this site was far smaller than the recent Cloudflare DDoS, there were likely many times more IoT bots involved than were responsible for the Mirai DDoS attack in 2016 that held KrebsOnSecurity offline for nearly four days.

Also, the traffic deluge from Thursday’s attack on this site was was more than four times what Mirai threw at this site five years ago. This latest attack involved more than two million requests-per-second. By comparison, the 2016 Mirai DDoS generated approximately 450,000 requests-per-second.

According to Qrator, which is working with Yandex on combating the attack, Meris appears to be made up of Internet routers produced by MikroTik. Qrator says the United States is by far the largest country with MikroTik routers that are potentially vulnerable to compromise by Meris — with more than 42 percent of the world’s MikroTik systems connected to the Internet (followed by China — 18.9 percent– and a long tail of one- and two-percent countries).

The darker areas indicate larger concentrations of potentially vulnerable MikroTik routers. Qrator says there are about 328,000 MikroTik devices currently responding to requests from the Internet. Image: Qrator.

It’s not immediately clear which security vulnerabilities led to these estimated 250,000 MikroTik routers getting hacked by Meris.

“The spectrum of RouterOS versions we see across this botnet varies from years old to recent,” the company wrote. “The largest share belongs to the version of firmware previous to the current stable one.”

Qrator’s breakdown of Meris-infected MikroTik devices by operating system version.

It’s fitting that Meris would rear its head on the five-year anniversary of the emergence of Mirai, an IoT botnet strain that was engineered to out-compete all other IoT botnet strains at the time. Mirai was extremely successful at crowding out this competition, and quickly grew to infect tens of thousands of IoT devices made by dozens of manufacturers.

And then its co-authors decided to leak the Mirai source code, which led to the proliferation of dozens of Mirai variants, many of which continue to operate today.

The biggest contributor to the IoT botnet problem — a plethora of companies white-labeling IoT devices that were never designed with security in mind and are often shipped to the customer in default-insecure states — hasn’t changed much, mainly because these devices tend to be far cheaper than more secure alternatives.

The good news is that over the past five years, large Internet infrastructure companies like Akamai, Cloudflare and Google (which protects this site with its Project Shield initiative) have heavily invested in ramping up their ability to withstand these outsized attacks [full disclosure: Akamai is an advertiser on this site].

More importantly, the Internet community at large has gotten better at putting their heads together to fight DDoS attacks, by disrupting the infrastructure abused by these enormous IoT botnets, said Richard Clayton, director of Cambridge University’s Cybercrime Centre.

“It would be fair to say we’re currently concerned about a couple of botnets which are larger than we have seen for some time,” Clayton said. “But equally, you never know they may peter out. There are a lot of people who spend their time trying to make sure these things are hard to keep stable. So there are people out there defending us all.”

from Krebs on Security https://ift.tt/3z3qgxQ
via IFTTT

El Asistente de Google divide los ajustes de ‘Voice Match’ y ‘Resultados personales’ por tipo de dispositivo

El Asistente de Google divide los ajustes de 'Voice Match' y 'Resultados personales' por tipo de dispositivo

Mientras esperamos a que lleguen las ‘frases rápidas’ para evitar tener que decir siempre “Hey Google” vemos como el Asistente de Google ha renovado dos de sus ajustes: ‘Voice Match’ y ‘Resultados personales’.

En concreto, lo que ha hecho la aplicación de Google es poner más orden, separando estos ajustes por tipo de dispositivo, para tener a mano los ajustes de teléfono y por otro lado del resto de dispositivos del hogar.


Continue reading

Cómo tener un acceso directo al Tiempo de Google en tu móvil

Cómo tener un acceso directo al Tiempo de Google en tu móvil

Probablemente, dentro de las aplicaciones móviles que pueden ayudarnos en nuestro día a día, las relacionadas con el pronóstico del tiempo sean unas de las más útiles. Entre ellas, podemos encontrar alternativas para todos los gustos: desde las más completas como WeatherPro o Shadow Weather a otras tan curiosas como Appy Weather o Ventusky.

Y no nos olvidemos del Tiempo de Google, que está presente en todos los móviles Android, aunque muchos desconozcan su existencia. No esperes encontrarla en el cajón de apps de Google, en el listado de apps instaladas en tu teléfono o en Google Play; se trata de una web-app que puedes anclar en tu escritorio mediante un acceso directo.


Continue reading