Language Selection

English French German Italian Portuguese Spanish

Security: Kromtech, Nginx, Equifax, Kickstarter, Microsoft Windows

Filed under
Security
  • [Older] The creepiest data breach till date: Passwords of 540,000 Car Tracking Devices Leaked Online

    Data breaches have become so common these days that every single day we get news about a data breach. We have seen data breaches from big to small, from dangerous to embarrassing, but this is one is the creepiest data breach of 2017, this leak of credentials of almost 540,000 Car Tracking Devices might take the biscuit.

    The Kromtech Security Center recently found over half a million login credentials belonging to SVR, a company specializes in “vehicle recovery”, is leaked online and is publicly accessible. SVR provides its customers with around-the-clock surveillance of cars and trucks, just in case those vehicles are towed or stolen.

  • Nginx 1.13.6 Patches Web Server for the Year 2038 Flaw

    Developers and organizations around the world rushed to fix the Y2K bug nearly 20 years ago as the calendar rolled over to the new millennium. There is also a similar bug that is resident in Unix/Linux systems known as the Year 2038 bug.

    The latest vendor to fix its software for the 2038 bug is open-source web application server vendor nginx. The new nginx 1.13.6 release debuts on Oct. 10, fixing 11 different bugs.

    "Bugfix: nginx did not support dates after the year 2038 on 32-bit platforms with 64-bit time_t," the nginx changelog noted.

  • Equifax: About those 400,000 UK records we lost? It's now 15.2M. Yes, M for MEELLLIOON

    Last month, US credit score agency Equifax admitted the personal data for just under 400,000 UK accounts was slurped by hackers raiding its database. On Tuesday this week, it upped that number ever-so-slightly to 15.2 million.

    In true buck-passing fashion, at the time of writing, Equifax hadn't even released a public statement on the matter. Instead it fell to Blighty's National Cyber Security Centre to reveal the bad news that a blundering American firm had put them at risk of phishing attacks.

    “We are aware that Equifax was the victim of a criminal cyber attack in May 2017," the NCSC said in a statement today.

    “Equifax have today updated their guidance to confirm that a file containing 15.2m UK records dating from between 2011 and 2016 was attacked in this incident. NCSC advises that passwords are not re-used on any accounts if you have been told by Equifax that any portion of your membership details have been accessed.”

  • Major Data Breach Left 15 Million Accounts from These Popular Sites Vulnerable

    In what seems like an ever-lengthening line of data breaches in recent weeks (This restaurant, this financial services company, and this supermarket have all been breached in the past month), Lifehacker has reported that information from 15 million Kickstarter and Bitly accounts are now available to the public due to a 2014 data breach. The breach itself isn’t new, much like the fresh news about Yahoo’s massive breach, but it’s much less disconcerting. Although the information is now public, it is still encrypted, and both Kickstarter and Bitly took swift action to notify users of the breach when it originally occurred, urging them to change their passwords and nullifying the breach ones if user action was not taken.

  • It's 2017... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too

    Microsoft today released patches for more than 60 CVE-listed vulnerabilities in its software. Meanwhile, Adobe is skipping October's Patch Tuesday altogether.

    Among the latest holes that need papering over via Windows Update are three vulnerabilities already publicly disclosed – with one being exploited right now by hackers to infect vulnerable machines. That flaw, CVE-2017-11826, is leveraged when a booby-trapped Microsoft Office document is opened, allowing malicious code within it to run with the same rights as the logged-in user, and should be considered a top priority to patch.

    Dustin Childs, of Trend Micro's Zero Day Initiative, noted today that users and administrators should also pay special attention to Microsoft's ADV170012, an advisory warning of weak cryptographic keys generated by Trusted Platform Modules (TPMs) on Infineon motherboards.

More in Tux Machines

PlayOnLinux For Easier Use Of Wine

PlayOnLinux is a free program that helps to install, run, and manage Windows software on Linux. It can also manage virtual C: drives (known as Wine prefixes), and download and install certain Windows libraries for getting some software to run on Wine properly. Creating different drives using different Wine versions is also possible. It is very handy because what runs well in one version may not run as well (if at all) on a newer version. There is PlayOnMac for macOS and PlayOnBSD for FreeBSD. Read
more

Linux Kernel: KPTI, SEV, CBS

  • Experimental KPTI Support For x86 32-bit Linux
    For the Kernel Page Table Isolation (KPTI) support currently within the Linux kernel for addressing the Meltdown CPU vulnerability it's currently limited to 64-bit on the x86 side, but for the unfortunate souls still running x86 32-bit operating systems, SUSE is working on such support.
  • AMD Secure Encrypted Virtualization Is Ready To Roll With Linux 4.16
    With the Linux 4.16 kernel cycle that is expected to begin immediately following the Linux 4.15 kernel debut on Sunday, AMD's Secure Encrypted Virtualization (SEV) technology supported by their new EPYC processors will be mainline. Going back to the end of 2016 have been Linux patches for Secure Encrypted Virtualization while with Linux 4.16 it will finally be part of the mainline kernel and supported with KVM (Kernel-based Virtual Machine) virtualization.
  • Deadline scheduler part 2 — details and usage
    Linux’s deadline scheduler is a global early deadline first scheduler for sporadic tasks with constrained deadlines. These terms were defined in the first part of this series. In this installment, the details of the Linux deadline scheduler and how it can be used will be examined. The deadline scheduler prioritizes the tasks according to the task’s job deadline: the earliest absolute deadline first. For a system with M processors, the M earliest deadline jobs will be selected to run on the M processors. The Linux deadline scheduler also implements the constant bandwidth server (CBS) algorithm, which is a resource-reservation protocol. CBS is used to guarantee that each task will receive its full run time during every period. At every activation of a task, the CBS replenishes the task’s run time. As the job runs, it consumes that time; if the task runs out, it will be throttled and descheduled. In this case, the task will be able to run only after the next replenishment at the beginning of the next period. Therefore, CBS is used to both guarantee each task’s CPU time based on its timing requirements and to prevent a misbehaving task from running for more than its run time and causing problems to other jobs.

Graphics: Mesa and AMDGPU

  • Mesa 17.3.3 Released With RADV & ANV Vulkan Driver Fixes
    Mesa 17.3.3 is now available as the latest point release for the Mesa 17.3 stable series. This bi-weekly point release to Mesa presents several RADV Vega/GFX9 fixes, various Intel ANV Vulkan driver fixes, a DRI3 fix, and random fixes to the OpenGL drivers like RadeonSI, Etnaviv, and even Swrast.
  • R600g "Soft" FP64 Shows Signs Of Life, Enabling Older GPUs To Have OpenGL 4 In 2018
    Most pre-GCN AMD graphics cards are still limited to OpenGL 3.3 support at this time due to not supporting FP64. Only the HD 5800/6900 series on R600g currently have real double-precision floating-point support working right now so at present they are on OpenGL 4.3 rather than 3.3, but those other generations may be catching up soon thanks to the "soft" FP64 code.
  • AMDGPU DC Gets More Raven Ridge Improvements, Audio Fixes
    Harry Wentland of AMD has sent out the latest batch of patches for the AMDGPU DC display code stack. Fortunately it lightens up the DRM driver by about six thousand lines thanks to removing some unused code. Besides gutting out a chunk of unused code, the DC code has a few audio fixes (no word yet on supporting newer audio formats with DC), fixes on driver unload, a "bunch" of continued Raven Ridge display updates, and various other code clean-ups.
  • AMDGPU Firmware Blobs Updated For Video Encode/Decode
    There are updated AMDGPU microcode/firmware files now available for recent Radeon GPUs. The updated firmware files now available via the main linux-firmware.git repository are centered around the video blocks: UVD video decoding, VCE video encode, and the new VCN video encode/decode block with Raven Ridge.

Games: DRAG, Geneshift, Balloonatics and More