Language Selection

English French German Italian Portuguese Spanish

Security: Intel, Cisco, Apple, FBI

Filed under
  • How Much Slower Will My PC Become After Meltdown And Spectre Patches?
  • Intel's Microcode Update for Spectre Exploit Is Now Available in Ubuntu's Repos

    Canonical announced a few moments ago that Intel's latest microcode update for the Spectre security vulnerability is now available from the software repositories of all supported Ubuntu Linux releases.

    After releasing earlier this week new kernel updates to mitigate the Meltdown and Spectre security exploits that put billions of devices at risk of attacks by allowing a local, unprivileged attacker to obtain sensitive information from kernel memory, Canonical now released the updated microcode from Intel for supported Intel CPUs.

  • Cisco can now sniff out malware inside encrypted traffic

    Cisco has switched on latent features in its recent routers and switches, plus a cloud service, that together make it possible to detect the fingerprints of malware in encrypted traffic.

    Switchzilla has not made a dent in transport layer security (TLS) to make this possible. Instead, as we reported in July 2016, Cisco researchers found that malware leaves recognisable traces even in encrypted traffic. The company announced its intention to productise that research last year and this week exited trials to make the service – now known as Encrypted Traffic Analytics (ETA) - available to purchasers of its 4000 Series Integrated Service Routers, the 1000-series Aggregation Services Router and the model 1000V Cloud Services Router 1000V.

    Those devices can’t do the job alone: users need to sign up for Cisco’s StealthWatch service and let traffic from their kit flow to a cloud-based analytics service that inspects traffic and uses self-improving machine learning algorithms to spot dodgy traffic.

  • MacOS High Sierra security bug lets you unlock App Store System Preferences with any random password

    According to the bug report, users can simply open System Preferences, go to App Store settings and check the padlock icon. If it is unlocked, lock it and then try unlocking it using your username and any password.

  • Intel tells select customers not to use its bug fixes

    Processor giant Intel has told some of its customers that the microcode patches it issued to fix the Meltdown and Spectre flaws in its products are buggy and that they should not install them.

  • Canonical reissues Meltdown and Spectre patches for Ubuntu after borkage
  • A Step in the Right Direction: House Passes the Cyber Vulnerability Disclosure Reporting Act

    The House of Representatives passed the “Cyber Vulnerability Disclosure Reporting Act” this week. While the bill is quite limited in scope, EFF applauds its goals and supports its passage in the Senate.

    H.R. 3202 is a short and simple bill, sponsored by Rep. Sheila Jackson Lee (D-TX), that would require the Department of Homeland Security to submit a report to Congress outlining how the government deals with disclosing vulnerabilities. Specifically, the mandated report would comprise two parts. First, a “description of the policies and procedures developed [by DHS] for coordinating cyber vulnerability disclosures,” or in other words, how the government reports flaws in computer hardware and software to the developers. And second, a possibly classified “annex” containing descriptions of specific instances where these policies were used to disclose vulnerabilities in the previous year, leading to mitigation of the vulnerabilities by private actors.

    Perhaps the best thing about this short bill is that it is intended to provide some evidence for the government’s long-standing claims that it discloses a large number of vulnerabilities. To date, such evidence has been exceedingly sparse; for instance, Apple received its first ever vulnerability report from the U.S. government in 2016. Assuming the report and annex work as intended, the public’s confidence in the government’s ability to “play defense” may actually increase.

  • FBI Says Device Encryption Is 'Evil' And A Threat To Public Safety

    The FBI continues its anti-encryption push. It's now expanded past Director Christopher Wray to include statements by other FBI personnel. Not that Chris Wray isn't taking every opportunity he can to portray personal security as a threat to the security of the American public. He still is. But he's no longer the only FBI employee willing to speak up on the issue.

    Wray expanded his anti-encryption rhetoric last week at a cybersecurity conference in New York. In short, encryption is inherently dangerous. And the FBI boss will apparently continue to complain about encryption without offering any solutions.

  • Canonical Says It'll Release New Ubuntu Kernels to Further Mitigate Spectre Bugs

    Canonical's Dean Henrichsmeyer published today an update on the Ubuntu patches for the Meltdown and Spectre security vulnerabilities and what they plan on doing next to mitigate these critical bugs.

    By now, most of you have probably updated your Ubuntu Linux computers to the new kernel versions Canonical released earlier this week, as well as the new Nvidia proprietary graphics driver and Firefox web browser, both including patches to mitigate the Meltdown and Spectre exploits affecting billions of devices powered by modern processors from Intel, AMD, and ARM.

More in Tux Machines

LG/webOS Coverage Today

Red Hat News

  • Report: Red Hat could be a Google takeover target – a deal wouldn’t be cheap
    Is Red Hat on the shopping list for Google? Could be. But the cost would not be cheap with Red Hat’s stock having nearly doubled in price over the past year. A takeover would likely cost more than $30 billion and spark a bidding war. At that price a deal would rank among the most expensive ever in tech. A top executive for the cloud behemoth tells Bloomberg News that Google is “constantly on the lookout for a major acquisition.” Growing Google’s cloud business is the responsibility of Diane Greene as chief executive of Google Cloud. And Raleigh-based Red Hat (NYSE: RHT) is a cloud player, providing technology services and support for a growing number of clients. In fact, CNBC’s Jim Cramer just days ago cited Red Hat as one of his “cloud kings.”
  • Big 10 open source companies give users a licence reprieve
    The companies aim to extend additional rights to cure open source licence non-compliance which, according to Red Hat, will lead to greater cooperation with distributors of open source software to correct errors and increased participation in open source software development.
  • The ability to correct errors in GPLv2 compliance: the right thing to do
    Today, six more technology companies – CA Technologies, Cisco, HPE, Microsoft, SAP and SUSE -- have all committed to offering the GPLv3 cure approach to licensees of their GPLv2, LGPLv2.1 and LGPLv2 licensed code (except in cases of a defensive response to a legal proceeding). The GPLv3 cure approach offers licensees of GPLv2 code a period of time to come into compliance before their licenses are terminated but does not involve the relicensing of the code under GPLv3.
  • Single Sign-On Made Easy with Keycloak / Red Hat SSO
    On the Red Hat Developer blog there have been a number of recent articles that cover various aspects Keycloak/RH-SSO integration.  A recent DevNation Live Tech Talk covered Securing Spring Boot Microservices with Keycloak. This article discusses the features of Keycloak/RH-SSO that you should be aware of.
  • Getting Started with Red Hat Decision Manager 7
    The all new and shiny Red Hat Decision Manager 7 has been recently released. Decision Manager 7 is the successor to Red Hat JBoss BRMS, our business rules and decision management platform. In this post we will have a look at the primary new features and provide instructions on how to get started with the new platform, either on your local machine or in an OpenShift Container Platform. Red Hat Decision Manager 7 focuses on four main themes: Fit & Finish, Cloud-Native, Decision Model and Notation (DMN), and Business Optimizer.
  • [Podcast] PodCTL #30 – 2018 Kubernetes Trends
  • Red Hat Price Target Hiked On Growing Cloud-Computing Clout
  • Hot Stock in Focus – Red Hat Inc (NYSE: RHT)
  • Segall Bryant & Hamill LLC Sells 6,404 Shares of Red Hat Inc (RHT)
  • Red Hat Inc (RHT) Position Reduced by Profund Advisors LLC

Android Leftovers spins AI format tapped by new Arrow, HiSilicon, Rockchip, and Avnet SBCs

Linaro and unveiled a “” initiative along with several Linux-based hacker boards that comply with it: Arrow’s DragonBoard 820C, HiSilicon’s Hikey970, Rockchip’s Rock960, Avnet’s Ultra96, and an upcoming Socionext board. At Linaro Connect in Hong Kong, Linaro announced yet another variation on its open source 96Boards spec called The Linux-supported platform is designed for open source, Arm-based SBCs with “high performance real-time computer vision and intelligent audio processing, supported by machine learning algorithms and deep learning technology,” says Linaro. Read more