Language Selection

English French German Italian Portuguese Spanish

Security: E-Mail Vulnerability, Reproducible Builds, 'IoT', YouTube and Mythology About Security (Back Doors Intentional)

Filed under
Security
  • Obscure E-Mail Vulnerability

     

    I think the problem is more subtle. It's an example of two systems without a security vulnerability coming together to create a security vulnerability. As we connect more systems directly to each other, we're going to see a lot more of these. And like this Google/Netflix interaction, it's going to be hard to figure out who to blame and who -- if anyone -- has the responsibility of fixing it.

  • Reproducible Builds: Weekly report #154
  • A Long-Awaited IoT Crisis Is Here, and Many Devices Aren't Ready

     

    ou know by now that Internet of Things devices like your router are often vulnerable to attack, the industry-wide lack of investment in security leaving the door open to a host of abuses. Worse still, known weaknesses and flaws can hang around for years after their initial discovery. Even decades. And Monday, the content and web services firm Akamai published new findings that it has observed attackers actively exploiting a flaw in devices like routers and video game consoles that was originally exposed in 2006.

  • Feral Interactive Releases GameMode, YouTube Music Videos Hacked, Oregon Passes Net Neutrality Law and More

    YouTube was hacked this morning, and many popular music videos were defaced, including the video for the hit song Despacito, as well as videos by Shakira, Selena Gomez, Drake and Taylor Swift. According to the BBC story, "A Twitter account that apparently belongs to one of the hackers posted: 'It's just for fun, I just use [the] script 'youtube-change-title-video' and I write 'hacked'."

  • Despacito YouTube music video hacked plus other Vevo clips

    YouTube's music video for the hit song Despacito, which has had over five billion views, has been hacked.

    More than a dozen other artists, including Shakira, Selena Gomez, Drake and Taylor Swift are also affected. The original clips had been posted by Vevo.

    [...]

    Cyber-security expert Prof Alan Woodward, from Surrey University, said it was unlikely that the hacker was able to gain access so easily.

  • YouTube Hacked? Most Watched Video “Despacito” And Other Clips Deleted (And Restored)

    Just five days ago, Luis Fonsi’s viral Despacito music video earned the title of world’s most watched video on YouTube with more than 5 billion views. Apparently, YouTube hackers managed to delete the video, along with other Vevo clips.

    However, as per the latest development, the deleted videos have been restored on the website. Earlier, after the hack, Despacito video showed a thumbnail with masked people holding guns. After clicking the video, it said: “This video is unavailable.”

  • Mythology about security…

    Government export controls crippled Internet security and the design of Internet protocols from the very beginning: we continue to pay the price to this day.  Getting security right is really, really hard, and current efforts towards “back doors”, or other access is misguided. We haven’t even recovered from the previous rounds of government regulations, which has caused excessive complexity in an already difficult problem and many serious security problems. Let us not repeat this mistake…

More in Tux Machines

From Trusty to Bionic - my Ultrabook story

I am happy with how the upgrade went, given that I've actually bumped the system two major releases. Apart from small issues, there was nothing cardinal in the move. No data loss, no complications, no crashes. All my stuff remains intact, and so does Windows 8, living happily together and sharing the disk with Ubuntu. Mission accomplished. But we ain't done. I need to make the system as usable as possible. Which means Unity testing - and Plasma testing, of course, duh! Indeed, this remains a productivity box, and as such, it must fulfill some very stringent requirements. It must be stable, fast and elegant. It must work with me every step of the way, and it must allow me to transparently and seamlessly use various programs that I need. On this particular machine, that would be video editing with Kdenlive, that would be image processing with GIMP, the use of encryption and VPN tools, tons of writing on the superbly ergonomic Asus keyboard. But all that and more - coming soon. For now, thank you Trusty for five sweet, loyal years. May you ReST in ethernet peace. Read more

Software: Avidemux, Cockpit and NVMe VFIO in Linux

  • Avidemux 2.7.3 Released with Various Decoder Fixes (Ubuntu PPA)
    Avidemux video editor released a new bug-fix version just 11 days after the last, with decoder fixes and misc small improvements
  • Cockpit Project: Cockpit 190
    Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 190.
  • NVMe VFIO Mediated Device Support Being Hacked On For Lower Latency Storage In VMs
    Maxim Levitsky of Red Hat sent out a "request for comments" patch series this week introducing NVMe VFIO media storage device support for the Linux kernel. Levitsky is pursuing faster virtualization of storage while striving for low latency and that led to the creation of a VFIO-based mediated device driver to pass an NVMe partition or namespace to a guest. This NVMe VFIO mediated device support would allow virtualized guests to run their unmodified/standard NVMe device drivers, including the Windows drivers, while still allowing the NVMe device to be shared between the host and guest.

Fedora: Parental Controls, FPgM, Ambassadors/Translation Sprint, Modularity Test Day and Delays

  • Allan Day: Parental Controls and Metered Data Hackfest
    This week I participated in the Parental Controls and Metered Data Hackfest, which was held at Red Hat’s London office. Parental controls and metered data already exist in Endless and/or elementary OS in some shape or form. The goal of the hackfest was to plan how to upstream the features to GNOME. It’s great to see this kind of activity from downstreams so I was very happy to contribute in my capacity as an upstream UX designer. There have been a fair few blog posts about the event already, so I’m going to try and avoid repeating what’s already been written…
  • FPgM report: 2019-12
    Fedora 30 Beta is No-Go. Another Go/No-Go meeting will be held on Thursday. I’ve set up weekly office hours in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else. The Fedora 30 Beta Go/No-Go and Release Readiness meetings are next week.
  • Not posting here means not there is nothing done
    I looking with fears to this strange ideas Mindshare has for the future of the Ambassadors. You can not write reports if you not have an event, so I telling here now how hard it is in this country to organize an event. Since October 2018 I search for a place which would host the next Translation Sprint. We have tons of co-working spaces or NGO’s which have space available. But is always the same I asked e.g. Open Institute, answer we can host you just on Saturday. And I had actually to write there several times and even make calls because I got no answer for the first contact. The same on The Desk, we can host you only on Saturday. This makes no sense in Cambodia, it is a regular working day, because they have 28 holidays. So most people have to work until 2pm. What sucked on this one, I was working on it since end of January. So first meeting was setup for 11th March, I went there but nobbody there to meet me. This is normal cambodian working style I dont tell I am busy and cant meet you and give you an alternative time. Well the promised mail with an alternative time never arrived, so I had to ask for it again. Second meeting was then this Monday, I spent an hour with them with the useless result of “just Saturday”. But there is light on the horizon OpenDevelopment might host us but here just on Sunday, which is for us better then just Saturday. So six months, hundreds of mails and several meetings and achieved nothing. How easy is it to setup a Fedora Womans Day in the Pune office, compared to this and then just travel around the world to visit other events and this is then called “active”
  • Fedora 30 Modularity Test Day 2019-03-26
  • Fedora 30 Beta Won't Be Released Next Week Due To Their Arm Images Lacking A Browser

Games: Lutris, Flux Caves, Cities: Skylines

  • Lutris 0.5.1 Brings Improved GOG Integration, Various Fixes
    Released at the start of February was the big Lutris 0.5 release with an enhanced GTK interface, GOG.com support, and much more for this open-source gaming platform. Lutris 0.5.1 is now available with some much needed fixes.
  • In the puzzle game Flux Caves you will be pushing around blocks to play with large marbles
    If you like puzzle games and marbles today is your lucky day as I came across Flux Caves, which merges them into one game. It's early-on in development but it has a pretty great idea. It's like piecing together an oversized marble-run, with each level having various tubes and other special blocks missing that you need to slot into place.
  • Cities: Skylines is another game having a free weekend on Steam right now
    As a reminder, it recently turned four years old and it's showing no signs of slowing down with multiple thousands on it every day. If you do decide to give it a go, I highly recommend the Clouds & Fog Toggler mod from the Steam Workshop to give you a really clear view. That's another thing that I love about Cities: Skylines, there's a huge amount of extra content available for it like maps, mods, scenarios and more. The mod selection is incredibly varied too from simple tools to automatically bulldoze abandoned or burned down buildings to adding in entirely new ways to play.