Language Selection

English French German Italian Portuguese Spanish

Security: Updates, Microsoft, Google, and Telegram

Filed under
Security
  • Security updates for Wednesday
  • Winter Olympics was hit by cyber-attack, officials confirm [Ed: This is a Microsoft Windows issue, but Bill Fates is paying The Guardian, so...]
  • Google Patches Chromebooks Against Meltdown/Spectre, Adds New Chrome OS Features

    Earlier this month, Google updated its Chrome OS computer operating system to stable version 64.0.3282.134 and platform version 10176.65.0, an update that's now available for most Chromebook devices.

    Besides the usual security improvements and bug fixes, the latest Chrome OS 64 release includes several new features that are worth mentioning, such as the ability to take screenshots by simultaneously pressing the Power and Volume Down buttons on your Chromebook with a 360-degree hinge.

  • Skype can't fix a nasty security bug without a massive code rewrite
  • Perfect Computer Security Is a Myth. But It’s Still Important [Ed: The "everything is broken" defeatism overlooks the coordinated vandalism done to put back doors in most things]

    Maybe you’ve heard it before: “Security is a myth.” It’s become a common refrain after a never-ending string of high-profile security breaches. If Fortune 500 companies with million dollar security budgets can’t lock things down, how can you?

    And there’s truth to this: perfect security is a myth. No matter what you do, no matter how careful you are, you will never be 100 percent safe from hackers, malware, and cybercrime. That’s the reality we all live in, and it’s important to keep this in mind, if only so that we can all feel more sympathy for victims.

  • Microsoft Fixes 50 Vulnerabilities In February’s Patch Tuesday Update

    Microsoft has released February’s cumulative updates for Windows 10, better known as Patch Tuesday. The reason why the update is worth getting is it comes with fixes for 50 vulnerabilities in various versions of Windows 10.

    As per the release notes, the software addressed as a part of the Patch Tuesday update are Windows OS, Microsoft Edge, Internet Explorer, Microsoft Office, Microsoft Office Services and Web Apps, and the JavaScript engine ChakraCore. In addition to security fixes, Microsoft has also made improvements to address minor glitches in Windows 10.

  • Telegram Zero-Day Vulnerability Lets Hackers Pwn Your PC to Mine Cryptocurrency

    A zero-day vulnerability was discovered by Kaspersky Lab in the Telegram Desktop app that could let hackers pwn your computer to mine for cryptocurrencies like Zcash, Monero, Fantomcoin, and others.

    Kaspersky Lab's security researchers say the zero-day vulnerability can be used to deliver multi-purpose malware to computer users using the Telegram Desktop app, including backdoors and crypto-cash mining software.

    The security company also discovered that hackers had actively exploited the vulnerability in the Telegram Desktop app, which is based on the right-to-left override Unicode method, since March last year, but only to mine cryptocurrencies like Fantomcoin, Monero, and Zcash.

More in Tux Machines

Release of KDE Frameworks 5.51.0

KDE Frameworks are 70 addon libraries to Qt which provide a wide variety of commonly needed functionality in mature, peer reviewed and well tested libraries with friendly licensing terms. For an introduction see the Frameworks 5.0 release announcement. This release is part of a series of planned monthly releases making improvements available to developers in a quick and predictable manner. Read more Also: KDE Frameworks 5.51 Released

Linux 4.19-rc8

As mentioned last week, here's a -rc8 release as it seems needed. There were a lot of "little" pull requests this week, semi-normal for this late in the cycle, but a lot of them were "fix up the previous fix I just sent" which implies that people are having a few issues still. I also know of at least one "bad" bug that finally has a proposed fix, so that should hopefully get merged this week. And there are some outstanding USB fixes I know of that have not yet landed in the tree (I blame me for that...) Anyway, the full shortlog is below, lots of tiny things all over the tree. Please go and test and ensure that all works well for you. Hopefully this should be the last -rc release. Read more Also: Linux 4.19-rc8 Released With A Lot Of "Tiny Things"

Kali Linux for Vagrant: Hands-on

I recently saw the announcement for Kali Linux on Vagrant. I have been a huge fan of Kali Linux for a very long time, and I am interested in virtualization (and currently using VirtualBox in an educational environment), so this was a very interesting combination to me. I have now installed it on a few of my systems, and so far I am quite impressed with it. The logical place to start is with a brief overview of Vagrant itself. What is Vagrant? According to their web page: Vagrant is a tool for building and managing virtual machine environments in a single workflow What Vagrant actually does is provide a way of automating the building of virtualized development environments using a variety of the most popular providers, such as VirtualBox, VMware, AWS and others. It not only handles the initial setup of the virtual machine, it can also provision the virtual machine based on your specifications, so it provides a consistent environment which can be shared and distributed to others. Read more

today's leftovers

  • Vulkan Cracks 2,500 Projects On GitHub
    After cracking 2,000 projects referencing Vulkan on GitHub earlier this year, this week it passed the milestone of having more than 2,500 projects. Granted, some of these projects referencing Vulkan are still in their primitive stages, but of the 2,500+ projects are a lot of interesting Vulkan-using projects from RenderDoc to countless game engine initiatives, various code samples, the AMDVLK driver stack, and countless innovative efforts like GLOVE for OpenGL over Vulkan to Kazan for a Rust-written CPU-based Vulkan implementation and a heck of a lot more.
  • GNOME's Geoclue 2.5 Brings Vala Support, WiFi Geolocation For City-Level Accuracy
    GNOME's Geoclue library that provides a D-Bus service for location information based on GPS receivers, 3G modems, GeoIP, or even WiFi-based geolocation has been baking a lot of changes.
  • Geoclue 2.5.0
    Here is the first release in the 2.5 series.
  •  
  • Wine-Staging 3.18 Released With Some New Patches While Other Code Got Upstreamed
    It has been a very exciting weekend for Linux gamers relying upon Wine for running Windows titles under Linux... There was the routine bi-weekly Wine 3.18 development release on Friday but yesterday brought transform feedback to Vulkan and in turn Stream Output to DXVK to fix up a number of D3D11 games. Today is now the Wine-Staging 3.18 release. Wine-Staging 3.18 doesn't incorporate any changes around the Vulkan code (there is a Wine patch needed by DXVK for this new functionality), but does include a lot of other stuff. Wine-Staging 3.18 implements more functions in the user32 code, including cascade windows, GetPointerType, and others. On the Direct3D front are a few additions to WineD3D, including the ability for the Direct3D 10 support to work with the legacy NVIDIA Linux driver. There is also a kernel fix for allowing Steam log-ins to work again with Wine Staging.