An anonymous reader writes: A trojan that targeted Drupal sites on Linux servers last May that was incredibly simplistic and laughable in its attempt to install (and fail) web ransomware on compromised websites, has now received a major update and has become a top threat on the malware scene. That trojan, named Rex, has evolved in only three months into an all-around threat that can: (1) compromise servers and devices running platforms like Drupal, WordPress, Magento, Jetspeed, Exarid, AirOS; (2) install cryptocurrency mining in the background; (3) send spam; (4) use a complex P2P structure to manage its botnet; and (5) install a DDoS agent which crooks use to launch DDoS attacks. Worse is that they use their DDoS capabilities to extort companies. The crooks send emails to server owners announcing them of 15-minute DDoS tests, as a forewarning of future attacks unless they pay a ransom. To scare victims, they pose as a known hacking group named Armada Collective. Other groups have used the same tactic, posing as Armada Collective, and extorting companies, according to CloudFlare.
A long-time loyal KDE user "always felt that it was the more complete and integrated of the many Linux desktop environments...thus having the most potential to win over new Linux converts." And while still using KDE exclusively without any major functional issues, now Slashdot reader fwells shares concerns about the future of desktop development, along with a personal opinion -- that KDE is becoming stale and stagnant:
KDE-Look.org, once a fairly vibrant and active contributory site, has become a virtual ghost town... Various core KDE components and features are quite broken and have been so for some time... KDEPIM/KMail frankly seems targeted specifically at the poweruser, maintaining over many years its rather plain and arguably retro interface. The Konqueror web browser has been a virtual carcass for several years, yet it mysteriously remains an integral component...
So, back to my opening question... Is KDE Dying? Has innovation and development evaporated in a development world dominated by the mobile device? And, if so, can it be reinvigorated? Will the pendulum ever swing back? Can it? Should it?
The original submission has some additional thoughts on Windows 10 and desktop development -- but also specific complaints about KDE's Recent Items/Application Launcher History and the KDE theming engine (which "seems disjointed and rather non-intuitive".) The argument seems to be that KDE lacks curb appeal to fulfill that form-over-function preference of the larger community of users, so instead it's really retaining the practical appeal of "my 12 year old Chevy truck, feature rich for its time... Solid and reliable, but definitely starting to fade and certainly lacking some modern creature comforts."
So leave your own thoughts in the comments. Does desktop development need to be reinvigorated in a world focused on mobile devices -- and if so, what is its future? And is KDE slowly dying?
Around 65% of the internet's one zettabyte of global traffic uses SSL/TLS encryption -- but Slashdot reader River Tam shares an article recalling last August when 910 million web browsers were potentially exposed to malware hidden in a Yahoo ad that was hidden from firewalls by SSL/TLS encryption:
When victims don't have the right protection measures in place, attackers can cipher command and control communications and malicious code to evade intrusion prevention systems and anti-malware inspection systems. In effect, the SSL/TLS encryption serves as a tunnel to hide malware as it can pass through firewalls and into organizations' networks undetected if the right safeguards aren't in place. As SSL/TLS usage grows, the appeal of this threat vector for hackers too increases.
Companies can stop SSL/TLS attacks, however most don't have their existing security features properly enabled to do so. Legacy network security solutions typically don't have the features needed to inspect SSL/TLS-encrypted traffic. The ones that do, often suffer from such extreme performance issues when inspecting traffic, that most companies with legacy solutions abandon SSL/TLS inspection.