Language Selection

English French German Italian Portuguese Spanish

Security: Updates, Apple APFS Passwords, WordPress, Microsoft FUD, and Internet of Broken Things

Filed under
Security
  • Security updates for Friday
  • Apple fixes Keychain vulnerability, but only in macOS High Sierra

     

    The zero-day vulnerability in macOS's Keychain has been addressed by Apple, along with some other issues in High Sierra. But other recent versions of the operating system are still vulnerable.  

  • macOS High Sierra bug exposes APFS passwords in plain text

     

    A Brazilian software developer has uncovered a bug in Apple's macOS High Sierra software that exposes the passwords of encrypted Apple File System (APFS) volumes in plain text.

  • The September 2017 WordPress Attack Report

    This edition of the WordPress Attack Report is a continuation of the monthly series we’ve been publishing since December 2016. Reports from the previous months can be found here.

    This report contains the top 25 attacking IPs for September 2017 and their details. It also includes charts of brute force and complex attack activity for the same period, along with a new section revealing changes to the Wordfence real-time IP blacklist throughout the month. We also include the top themes and plugins that were attacked and which countries generated the most attacks for this period.

  • Step aside, Windows! Open source and Linux are IT’s new security headache [Ed: Microsoft propagandist Preston Gralla is back from the woods. The typical spin, lies. Deflection. Windows has back doors.]
  • Sex Toys Are Just As Poorly-Secured As The Rest Of The Internet of Broken Things

    At this point we've pretty well documented how the "internet of things" is a privacy and security dumpster fire. Whether it's tea kettles that expose your WiFi credentials or smart fridges that leak your Gmail password, companies were so busy trying to make a buck by embedding network chipsets into everything, they couldn't be bothered to adhere to even the most modest security and privacy guidelines. As a result, billions upon billions of devices are now being connected to the internet with little to no meaningful security and a total disregard to user privacy -- posing a potentially fatal threat to us all.

More in Tux Machines

today's leftovers

  • Linux Users Discuss DRM 1 on 1 – Unleaded Hangout
    Linux Users Discuss DRM. Today my Brandon and I discuss encrypted media extensions, digital rights management and our freedom on the Linux desktop. So join Brandon and I as we as Linux Users Discuss DRM.
  • i965 Shader Cache Revised As It Still Might Squeeze Into Mesa 17.3
    Intel's Jordan Justen has sent out his third revision to the recently renewed patches for allowing an OpenGL on-disk shader cache for the "i965" Mesa driver. Just a few days back Jordan sent out a revised Intel shader cache implementation for this code that's long been baking on the Intel side but yet to be merged for mainline Mesa while the RadeonSI shader cache and co has been present now for many months.
  • Sunday Linux Gaming Wrap-up
  • retro-gtk: The Future, Marty!
    Let's come back to retro-gtk. In the previous articles I explained how bad retro-gtk was, what I did to start improving it and more importantly what I did to prepare the terrain for further development. This article will detail the aforementioned planed improvements!
  • Ikea’s Open-Source Showrooms
    Ikea Group will also roll out a new digital platform called 'Co-Create Ikea' which mimics its IT division's open-source software development, where customers have the chance help develop and test new products.
  • Glibc Picks Up Some More FMA Performance Optimizations
    The GNU C Library, glibc, has picked up support for some additional functions as FMA-optimized versions. The newest functions now getting the fused multiply-add (FMA) support are powf(), logf(), exp2f(), and log2f(). The FMA instruction set is present since Intel Haswell and AMD Piledriver generations and like past FMA optimizations, the benefits can be quite noticeable.
  • Landmark release of Termination of Transfer tool from Creative Commons and Authors Alliance
    For more than a decade, Creative Commons has developed and stewarded legal tools that give creators the opportunity to share their work on open terms. We have focused on tools that empower sharing at the moment of publication, leaving out an important group of creators: what about those who previously signed away their rights to their works long ago, but who now want to share on open terms under a CC license or renegotiate unfavorable publishing terms?
  • The recent catastrophic Wi-Fi vulnerability was in plain sight for 13 years behind a corporate paywall
    The recent Wi-Fi “KRACK” vulnerability, which allowed anyone to get onto a secure network (and which was quickly patched by reputable vendors), had been in plain sight behind a corporate-level paywall for 13 years. This raises a number of relevant, interesting, and uncomfortable questions.

Events: openSUSE.Asia Summit 2017, GStreamer Conference 2017, FSFE Assembly During 34C3

  • openSUSE.Asia Summit 2017 in Tokyo
  • GStreamer Conference 2017 Videos
    Taking place this weekend in Prague has been the 8th annual GStreamer Conference, which is preceding next week's Linux Foundation Embedded Linux Conference Europe.
  • Call for sessions at the FSFE assembly during 34C3
    With the CCC moving from Hamburg to Leipzig, there are not only logistic changes to be done but also some organisational changes. We are still figuring out the details, but in the context of this call, one of the major changes will be the loss of free available rooms to book for self-organised sessions. Instead, assemblies that match with each other are asked to cluster around 1 of several stages and use that as a common stage for self-organized sessions together. To make the most of this situation, the FSFE will for the first time not join the Noisy Square this year but form a new neighbourhood with other freedom fighting NGOs – in particular with our friends from European Digital Rights. However, at this point of time, we do not yet have more information about the concrete or final arrangements.

Android Leftovers

GNOME 3.28 Linux Desktop Environment Development Kicks Off with First Snapshot

GNOME developer Javier Jardón is kicking off the development of the GNOME 3.28 desktop environment with the first snapshot, GNOME 3.27.1, which is now available for public testing. Read more