Language Selection

English French German Italian Portuguese Spanish

Security: Updates, Accenture, Microsoft and More

Filed under
Security
  • Security updates for Wednesday
  • Accenture left a huge trove of highly sensitive data on exposed servers

    Technology and cloud giant Accenture has confirmed it inadvertently left a massive store of private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys that could have inflicted considerable damage on the company and its customers.

  • Crypto Anchors: Exfiltration Resistant Infrastructure

    The obvious way to implement a tokenization service is to generate a random token and store a mapping of that token and a one-way hash of the sensitive piece of data.

    Unfortunately, the maximum number of possible SSNs is just under 1 billion, making it trivial for an attacker that downloads the database to brute-force them offline.

  • Detecting DDE in MS Office documents

    Dynamic Data Exchange is an old Microsoft technology that can be (ab)used to execute code from within MS Office documents. Etienne Stalmans and Saif El-Sherei from Sensepost published a blog post in which they describe how to weaponize MS Office documents.

  • Stack Overflow Considered Harmful?

    What proportion of Android apps in the Play store include security-related code snippets copied directly from Stack Overflow? Does the copied code increase or decrease application security?

  • ‘UK teen almost hacking US officials a serious concern for American security’

    It should be very concerning for the US security services that a teenager almost got to access to private information of top officials, including that of the CIA chief, as other hackers might actually do some real harm, Mark Chapman of the UK Pirate Party believes.

    British teenager Kane Gamble pleaded guilty to trying to hack top US officials’ personal computers.

    Gamble is autistic and was only 15 years old when he attempted to hack the computers of former CIA chief John Brennan and the head of security of the Obama administration. He was released on bail and is due to be sentenced by a British regional court in December.

More in Tux Machines

Updated Debian 8: 8.11 released

The Debian project is pleased to announce the eleventh (and final) update of its oldstable distribution Debian 8 (codename "jessie"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. After this point release, Debian's Security and Release Teams will no longer be producing updates for Debian 8. Users wishing to continue to receive security support should upgrade to Debian 9, or see https://wiki.debian.org/LTS for details about the subset of architectures and packages covered by the Long Term Support project. The packages for some architectures for DSA 3746, DSA 3944, DSA 3968, DSA 4010, DSA 4014, DSA 4061, DSA 4075, DSA 4102, DSA 4155, DSA 4209 and DSA 4218 are not included in this point release for technical reasons. All other security updates released during the lifetime of "jessie" that have not previously been part of a point release are included in this update. Read more Also: Debian 8.11 Released As The End Of The Line For Jessie

Today in Techrights

Red Hat Woes and Fedora 29 Plans

  • Shares of open-source giant Red Hat pounded on weaker outlook
  • Fedora 29 Aims To Offer Up Modules For Everyone
    The latest Fedora 29 feature proposal is about offering "modules for everyone" across all Fedora editions. The "modules for everyone" proposal would make it where all Fedora installations have modular repositories enabled by default. Up to now the modular functionality was just enabled by default in Fedora Server 28. The modular functionality allows Fedora users to choose alternate versions of popular software, such as different versions of Node.js and other server software components where you might want to stick to a particular version.

GNU Make, FSFE Newsletter, and FSF's BLAG Removal

  • Linux Fu: The Great Power of Make
    Over the years, Linux (well, the operating system that is commonly known as Linux which is the Linux kernel and the GNU tools) has become much more complicated than its Unix roots. That’s inevitable, of course. However, it means old-timers get to slowly grow into new features while new people have to learn all in one gulp. A good example of this is how software is typically built on a Linux system. Fundamentally, most projects use make — a program that tries to be smart about running compiles. This was especially important when your 100 MHz CPU connected to a very slow disk drive would take a day to build a significant piece of software. On the face of it, make is pretty simple. But today, looking at a typical makefile will give you a headache, and many projects use an abstraction over make that further obscures things.
  • FSFE Newsletter June 2018
  • About BLAG's removal from our list of endorsed distributions
    We recently updated our list of free GNU/Linux distributions to add a "Historical" section. BLAG Linux and GNU, based on Fedora, joined the list many years ago. But the maintainers no longer believe they can keep things running at this time. As such, they requested that they be removed from our list. The list helps users to find operating systems that come with only free software and documentation, and that do not promote any nonfree software. Being added to the list means that a distribution has gone through a rigorous screening process, and is dedicated to diligently fixing any freedom issues that may arise.