Linux hardware vendor System76 announces the availability of a Pangolin Linux laptop powered by an AMD Ryzen 7 processor and DDR5 RAM. Pangolin Laptop will be powered by Pop!_OS 22.04 LTS or Ubuntu 22.04 LTS
System 76 Pangolin Laptop Full Specs 
Processor: AMD Ryzen™ 7 6800U: 2.7 up to 4.7 GHz – 8 Cores – 16 Threads
This simple tutorial shows how to install the latest version of TimeShift, to backup your Ubuntu system by creating ‘system store‘ points.
Timeshift is a popular system backup tool originally developed by Tony George. It’s now a project maintained by Linux Mint, though the original developer is still one of the top contributors.
And, he is maintaining a PPA repository contains the latest packages so far for Ubuntu 20.04, Ubuntu 22.04, Ubuntu 22.10 and their derivatives.
Timeshift is available in Ubuntu system repository, though it’s old! User can either choose to install the old package from Ubuntu Software, or run the commands below one by one to get the latest version from PPA.
1. First, press Ctrl+Alt+T on keyboard to open a terminal window. When it opens, run command to add its official PPA:
sudo add-apt-repository ppa:teejee2008/timeshift
Type user password (no asterisk feedback) when it asks and hit Enter to continue.
2. Then, either run command below to install the package:
sudo apt install timeshift
The sudo apt update command might be required to run first in some Ubuntu based systems to refresh package cache.
Or, use Software Updater to upgrade the tool if an old version was installed.
Backup your system (Create Restore points)
After installing the tool, search for and open it either from system start menu or ‘Activities’ overview depends on your desktop environments.
On the first launch, the setup wizard will ask you to choose snapshot type, destination location, setup daily backup, whether to backup user files (excluded by default). And, it’s OK to use Default options, since there’s ‘Settings’ page to re-configure them all.
After setup wizard, click on “Create” button on the main UI to start creating the first restore point!
The first backup can take quite a few minutes and dozens of GB disk space (Make sure you have enable free space for saving the first snapshot)! The 2nd, 3rd, … backups can be faster and smaller, because it shares common files between snapshots to save disk space.
After created backups, they are listed in the main UI window. Simply highlight one, then you can browse its content, copy and save it into another storage device if want.
And, just click ‘Restore‘ will revert your system to the status when you created that snapshot, without touching user documents, music, videos, etc, unless you included them in setup Wizard.
Before removing the software, you may choose to remove all the backup snapshots that you don’t need anymore to free up disk space.
Then, open terminal and run command to remove the app package:
Use Gnome Tweak tool and/or Extensions app frequently? You can add them into top-right corner system menu in Ubuntu 20.04 and Ubuntu 22.04.
Meaning you don’t have to search for and launch it every time from ‘Activities’ overview or ‘Show Applications’ screen. Like the built-in ‘Settings’ (Gnome Control Center), just click on top-right corner menu to launch your desired configuration tool.
Gnome Tweaks & Extensions app in system menu
This is implemented by an extension called “Tweaks & Extensions in System Menu”, which support GNOME version so far up to v42. Sadly, not updated at the moment for GNOME 43 which is default in Ubuntu 22.10 & Fedora 37.
Install the Extension to add system menu options
For Ubuntu 22.04, first search for and install ‘Extension Manager’ from Ubuntu Software.
Install Extension Manager in Ubuntu 22.04+
Then launch “Extension Manager” and use it to install the ‘Tweaks in system menu’ extension under ‘Browse’ tab.
Finally, switch back to ‘Installed’ tab, and click on gear button for that extension to open the configuration dialog. Where you can TURN ON/OFF either option and set its position.
For Ubuntu 20.04 and old Ubuntu 18.04 (not tested), first open terminal by press Ctrl+Alt+T shortcut key on keyboard. And, run command:
sudo apt install chrome-gnome-shell
Then, use the ON/OFF switch to install it via the link page below:
Of course, you must have Gnome Tweak tool and Extensions app installed from Ubuntu Software, to make them visible in the system menu.
For Ubuntu 22.10 and upcoming Fedora 37 with default GNOME 43 desktop, there’s now an extension to add user’s icon or figure (aka avatar) to the top-right corner system tray menu, which is also known as quick settings.
With it, the ‘Quick Settings’ menu will look like the screenshot below shows you. The avatar can be either in left or right. By clicking on it, will launch System Settings (Gnome Control Center) and automatically navigate to user settings page.
How to Install the Extension in Ubuntu 22.10
First, open Ubuntu Software app, search and and install ‘Extension Manager’.
Install Extension Manager in Ubuntu 22.04+
After that, press Super key (the ‘Windows’ logo key) on keyboard to activate overview screen. Search for and launch “Extension Manager”.
Finally, search for and install the extension “User Avatar In Quick Settings” under ‘Browse’ tab.
For Fedora user, the extension is also available to install via ON/OFF switch in the web page below:
The link should also works in Ubuntu 22.10 now, though you have to install agent package by running command: sudo apt install chrome-gnome-shell in terminal and also install the browser extension if it asks.
To change the avatar position, go to ‘Installed’ tab in Extension Manager, click on the gear button to configure the extension and toggle on/off the option to show it either in left or right.
The goal of XDR systems is to detect and counter security threats at all stages of the cyber-attack, from the point of entry to data extraction. This system offers a universal approach to ensuring the entire security landscape is protected from threats that could cause considerable losses to the organization. The following are the main advantages of using XDR in your business:
#1. Enhanced Visibility
Sufficient visibility is vital in the cybersecurity sector. Having enough information about possible security threats helps the security expert to develop more robust defense mechanisms. This has been one of the key drivers of demand for XDR from many organizations. XDR is a security tool that integrates data from various sources, such as endpoint devices, email systems, and network traffic. This data helps the security expert build a profile of the organization’s environment and come up with ways of quickly detecting potential threats.
#2. Greater Control
Presently, data has proved highly vital for businesses globally. Therefore, businesses need reliable data protection systems to protect themselves from the loss or theft of company information. A good option is using XDR, which provides protection and flexible control of access to company information. XDR system enables a business to establish granular permissions that define which users have access to what information. In addition, XDR security enables the business to monitor and audit how company information is utilized.
#3. Advanced Perimeter Protection
Businesses that use XDR systems can benefit from having stronger perimeter security because XDR solutions offer a complete assessment of the activity happening across the network. Since XDR combines data from numerous security protocols and devices, it is easy for a security analyst to see everything that is happening with the network all the time.
#4. Shorter Response Time
As world processes are being digitized more and more, there is an increasing demand for faster solutions. For example, many businesses globally want all the necessary decisions to be made faster and operational glitches addressed as soon as they crop up. This has led to the widespread adoption of XDR solutions. This is because XDR can detect problems early and stop them from causing a lasting negative impact on the business.
#5. Improved Management Of Security Systems
XDR relies on machine learning and artificial intelligence to identify and counter threats as they occur in real-time. In addition, XDR allows for the automation of most of the manual processes that come with conventional security management systems, thereby lowering the overall cost of security risk management.
Issues Hampering Full Application Of XDR Systems
Despite the many benefits of using XDR systems, there are several challenges during the implementation phase of this security solution. For instance, deploying the system is somewhat complex and may not be appropriate for all organizations. Below are the significant challenges faced during the implementation of XDR:
#1. Conflict With Legal Systems
Before implementing a new security system like XDR, it is crucial to ensure it is compatible with all the legal requirements in that jurisdiction. The efficacy of the system depends on its ability to connect to and gather information from numerous legacy systems. This can be challenging, notably if the design of the legacy system lacks the necessary security features. For example, the system may lack the required APIs or could be configured in a manner that significantly limits data extraction.
#2. Integration Difficulties
You must implement a robust security system appropriately to offer an organization’s data maximum security. Nonetheless, it can be difficult to implement an XDR security system. This is because an XDR solution needs to combine and work with numerous existing security systems to function correctly to safeguard company data. To provide complete online protection, the XDR system must gather and correlate data from numerous and different sources.
#3. Getting Used To The New Security System
It can be difficult for the business staff to adapt and get used to the newly installed security system, especially if they have been using the traditional security system for some time. The business staff might need to be trained on the best ways of utilizing the new security system, while some extra measures may be necessary at this point to guarantee that business data is stored and accessed safely.
For Ubuntu 22.10 and other Linux with GNOME 43, it’s now easy to add Media Control, Notifications, or Volume Mixer to the top-right corner system status menu (aka Quick Settings), or remove useless buttons.
It’s ‘Quick Settings Tweaker‘, an extension for the new GNOME desktop. With it, your system menu can be configured to look like:
New items can be enabled or disabled separately and moved to top or bottom. And, it removes the corresponding items from date & time menu, so it will look like:
No media control & notifications in date time menu
As well, it allows to remove any button from the system menu that you don’t use via ON/OFF toggles. Differently, turn on a toggle will remove the corresponding button, while turn it off to leave it unchanged.
Remove useless buttons from top-right sy stem menu
Step 1: Install ‘Quick Settings Tweaker’
For Ubuntu 22.10, firstly search for and install ‘Extension Manager’ tool from Ubuntu Software.
Install Extension Manager in Ubuntu 22.04+
Then, search for and open the tool from ‘Activities’ overview screen.
Finally, use Extension Manager to search and install the extension under ‘Browse’ tab.
For other Linux with GNOME 43, go to extension website and install via on/off toggle.
Step 2: Configure Your Gnome System Menu
After installation, either switch back ‘Installed’ tab in Extension Manager, or install and use ‘Gnome Extensions’ app to open the configuration dialog.
And here are the screenshots of the ‘Quick Settings Tweaker’ configuration pages:
Policy Monitor, the London-based cybersecurity and risk management experts, will launch Cyber Security Policy Monitor (CSPM) at this year’s International Cyber Expo in London. CSPM is a simple and cost-effective cloud-based solution that helps measure, manage and monitor an organisation’s cyber security workflow and compliance. The information security management system gives cyber security peace of mind to organisations of all sizes, including SMEs.
Policy Monitor will be exhibiting and demonstrating the power of Cyber Security Policy Monitor in the IASME Pavilion at the International Cyber Expo at Olympia, London on September 27th and 28th. With cyber threats ever evolving and investment in the sector increasing to an estimated £8.9 billion, the UK is recognised as a leader in the field of cybersecurity and the event will showcase the latest research and innovations, providing an ideal setting to launch CSPM.
CSPM enables organisations to:
Locate relevant knowledge by consolidating relevant and useful sites into a single portal from which they can be accessed
Define their own security policy as a series of simple workflows covering cyber security awareness and training, preventative tasks and how to respond to incidents. The status of assets is listed in CSPM, which schedules regular tasks or initiates tasks in response to an event to implement the security policy
Run through the pre-loaded IASME questions, prepare a response and load it into the IASME portal for assessment by Policy Monitor’s consultants, who are an IASME certification body
Link IASME responses to the company’s security policy and prove that it complies with IASME throughout the year
Show an audit trail to prove compliance during the year
Integrate with external asset management and cyber security technology so that the risks identified are consolidated into a single picture visible on the dashboard
An at-a-glance KPI dashboard shows management a full cyber security status overview enabling the board to monitor compliance across the business and take action before policies are breached.
Cyber Essentials and IASME templates are pre-loaded to embed cyber security best practice and help define, implement and monitor security policies. There are also US, NIST and HIPAA templates and additional templates which can be created to meet customer needs.
Nick Denning, CEO, Policy Monitor said, “With cyber threats increasing, we want to ensure that the UK is the safest place to do business. Over 60% of SMEs* have reported a data breach in the last year and so Policy Monitor has developed CSPM to bring cyber security best practices, regulatory standards, policies and workflows to organisations of all sizes. CSPM brings support to every stage of the cyber security compliance process. We’ve made sure it is simple to use and easy to manage, removing cost and complexity. It is important for businesses and the UK economy that effective cyber security solutions are available to all so we offer CSPM with a range of affordable SME pricing options.”
Policy Monitor will be providing cyber security advice and demonstrating CSPM live at International Cyber Expo 2022 on stand B60 in the IASME Pavilion.
Unfortunately, I’ll have to start this month’s newsletter with sad news. The co-creator of Let’s Encrypt, Peter Eckersley, lost his battle with cancer at the age of 43. He was also the director of computer science at the Electronic Frontier Foundation and has worked on Certbot, Privacy Badger, HTTPS Everywhere and many other privacy-related projects. RIP, Peter.
💬 In this month’s issue:
Linux tips: A few tips on knowing your system
A few resources on securing Linux servers
And the usual newsletter elements like memes, deals and nifty tool
The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System — a national public warning system used to deliver important emergency information, such as severe weather and AMBER alerts. The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system.
A Digital Alert Systems EAS encoder/decoder that Pyle said he acquired off eBay in 2019. It had the username and password for the system printed on the machine.
The DHS warning was prompted by security researcher Ken Pyle, a partner at security firm Cybir. Pyle said he started acquiring old EAS equipment off of eBay in 2019, and that he quickly identified a number of serious security vulnerabilities in a device that is broadly used by states and localities to encode and decode EAS alert signals.
“I found all kinds of problems back then, and reported it to the DHS, FBI and the manufacturer,” Pyle said in an interview with KrebsOnSecurity. “But nothing ever happened. I decided I wasn’t going to tell anyone about it yet because I wanted to give people time to fix it.”
Pyle said he took up the research again in earnest after an angry mob stormed the U.S. Capitol on Jan. 6, 2021.
“I was sitting there thinking, ‘Holy shit, someone could start a civil war with this thing,”’ Pyle recalled. “I went back to see if this was still a problem, and it turns out it’s still a very big problem. So I decided that unless someone actually makes this public and talks about it, clearly nothing is going to be done about it.”
The EAS encoder/decoder devices Pyle acquired were made by Lyndonville, NY-based Digital Alert Systems (formerly Monroe Electronics, Inc.), which issued a security advisory this month saying it released patches in 2019 to fix the flaws reported by Pyle, but that some customers are still running outdated versions of the device’s firmware. That may be because the patches were included in version 4 of the firmware for the EAS devices, and many older models apparently do not support the new software.
“The vulnerabilities identified present a potentially serious risk, and we believe both were addressed in software updates issued beginning Oct 2019,” EAS said in a written statement. “We also provided attribution for the researcher’s responsible disclosure, allowing us to rectify the matters before making any public statements. We are aware that some users have not taken corrective actions and updated their software and should immediately take action to update the latest software version to ensure they are not at risk. Anything lower than version 4.1 should be updated immediately. On July 20, 2022, the researcher referred to other potential issues, and we trust the researcher will provide more detail. We will evaluate and work to issue any necessary mitigations as quickly as possible.”
But Pyle said a great many EAS stakeholders are still ignoring basic advice from the manufacturer, such as changing default passwords and placing the devices behind a firewall, not directly exposing them to the Internet, and restricting access only to trusted hosts and networks.
Pyle, in a selfie that is heavily redacted because the EAS device behind him had its user credentials printed on the lid.
Pyle said the biggest threat to the security of the EAS is that an attacker would only need to compromise a single EAS station to send out alerts locally that can be picked up by other EAS systems and retransmitted across the nation.
“The process for alerts is automated in most cases, hence, obtaining access to a device will allow you to pivot around,” he said. “There’s no centralized control of the EAS because these devices are designed such that someone locally can issue an alert, but there’s no central control over whether I am the one person who can send or whatever. If you are a local operator, you can send out nationwide alerts. That’s how easy it is to do this.”
One of the Digital Alert Systems devices Pyle sourced from an electronics recycler earlier this year was non-functioning, but whoever discarded it neglected to wipe the hard drive embedded in the machine. Pyle soon discovered the device contained the private cryptographic keys and other credentials needed to send alerts through Comcast, the nation’s third-largest cable company.
“I can issue and create my own alert here, which has all the valid checks or whatever for being a real alert station,” Pyle said in an interview earlier this month. “I can create a message that will start propagating through the EAS.”
Comcast told KrebsOnSecurity that “a third-party device used to deliver EAS alerts was lost in transit by a trusted shipping provider between two Comcast locations and subsequently obtained by a cybersecurity researcher.
“We’ve conducted a thorough investigation of this matter and have determined that no customer data, and no sensitive Comcast data, were compromised,” Comcast spokesperson David McGuire said.
The company said it also confirmed that the information included on the device can no longer be used to send false messages to Comcast customers or used to compromise devices within Comcast’s network, including EAS devices.
“We are taking steps to further ensure secure transfer of such devices going forward,” McGuire said. “Separately, we have conducted a thorough audit of all EAS devices on our network and confirmed that they are updated with currently available patches and are therefore not vulnerable to recently reported security issues. We’re grateful for the responsible disclosure and to the security research community for continuing to engage and share information with our teams to make our products and technologies ever more secure. Mr. Pyle informed us promptly of his research and worked with us as we took steps to validate his findings and ensure the security of our systems.”
The user interface for an EAS device.
Unauthorized EAS broadcast alerts have happened enough that there is a chronicle of EAS compromises over at fandom.com. Thankfully, most of these incidents have involved fairly obvious hoaxes.
According to the EAS wiki, in February 2013, hackers broke into the EAS networks in Great Falls, Mt. and Marquette, Mich. to broadcast an alert that zombies had risen from their graves in several counties. In Feb. 2017, an EAS station in Indiana also was hacked, with the intruders playing the same “zombies and dead bodies” audio from the 2013 incidents.
“On February 20 and February 21, 2020, Wave Broadband’s EASyCAP equipment was hacked due to the equipment’s default password not being changed,” the Wiki states. “Four alerts were broadcasted, two of which consisted of a Radiological Hazard Warning and a Required Monthly Test playing parts of the Hip Hop song Hot by artist Young Thug.”
In January 2018, Hawaii sent out an alert to cell phones, televisions and radios, warning everyone in the state that a missile was headed their way. It took 38 minutes for Hawaii to let people know the alert was a misfire, and that a draft alert was inadvertently sent. The news video clip below about the 2018 event in Hawaii does a good job of walking through how the EAS works.