Language Selection

English French German Italian Portuguese Spanish

Security: E-Mail Vulnerability, Reproducible Builds, 'IoT', YouTube and Mythology About Security (Back Doors Intentional)

Filed under
Security
  • Obscure E-Mail Vulnerability

     

    I think the problem is more subtle. It's an example of two systems without a security vulnerability coming together to create a security vulnerability. As we connect more systems directly to each other, we're going to see a lot more of these. And like this Google/Netflix interaction, it's going to be hard to figure out who to blame and who -- if anyone -- has the responsibility of fixing it.

  • Reproducible Builds: Weekly report #154
  • A Long-Awaited IoT Crisis Is Here, and Many Devices Aren't Ready

     

    ou know by now that Internet of Things devices like your router are often vulnerable to attack, the industry-wide lack of investment in security leaving the door open to a host of abuses. Worse still, known weaknesses and flaws can hang around for years after their initial discovery. Even decades. And Monday, the content and web services firm Akamai published new findings that it has observed attackers actively exploiting a flaw in devices like routers and video game consoles that was originally exposed in 2006.

  • Feral Interactive Releases GameMode, YouTube Music Videos Hacked, Oregon Passes Net Neutrality Law and More

    YouTube was hacked this morning, and many popular music videos were defaced, including the video for the hit song Despacito, as well as videos by Shakira, Selena Gomez, Drake and Taylor Swift. According to the BBC story, "A Twitter account that apparently belongs to one of the hackers posted: 'It's just for fun, I just use [the] script 'youtube-change-title-video' and I write 'hacked'."

  • Despacito YouTube music video hacked plus other Vevo clips

    YouTube's music video for the hit song Despacito, which has had over five billion views, has been hacked.

    More than a dozen other artists, including Shakira, Selena Gomez, Drake and Taylor Swift are also affected. The original clips had been posted by Vevo.

    [...]

    Cyber-security expert Prof Alan Woodward, from Surrey University, said it was unlikely that the hacker was able to gain access so easily.

  • YouTube Hacked? Most Watched Video “Despacito” And Other Clips Deleted (And Restored)

    Just five days ago, Luis Fonsi’s viral Despacito music video earned the title of world’s most watched video on YouTube with more than 5 billion views. Apparently, YouTube hackers managed to delete the video, along with other Vevo clips.

    However, as per the latest development, the deleted videos have been restored on the website. Earlier, after the hack, Despacito video showed a thumbnail with masked people holding guns. After clicking the video, it said: “This video is unavailable.”

  • Mythology about security…

    Government export controls crippled Internet security and the design of Internet protocols from the very beginning: we continue to pay the price to this day.  Getting security right is really, really hard, and current efforts towards “back doors”, or other access is misguided. We haven’t even recovered from the previous rounds of government regulations, which has caused excessive complexity in an already difficult problem and many serious security problems. Let us not repeat this mistake…

More in Tux Machines

Linux and Open Source FAQs: Common Myths and Misconceptions Addressed

LinuxSecurity debunks some common myths and misconceptions regarding open source and Linux by answering a few Linux-related frequently asked questions. Open source and Linux are becoming increasingly well-known and well-respected because of the myriad benefits they offer. Seventy-eight percent of businesses of all sizes across all industries are now choosing open source software over alternative proprietary solutions according to ZDNet (https://zd.net/2GCrTrk). Facebook, Twitter and Google are are among the many companies currently using, sponsoring and contributing to open source projects. Although Linux and open source are widely recognized for the advantages they provide, there are still many myths and misconceptions that surround these terms. Here are some answers to frequently asked questions about Linux and open source: Question: What are the advantages of the open source development model? How can using and contributing to open source software benefit my business? Answer: Open source offers an array of inherent advantages which include increased security, superior product quality, lower costs and greater freedom and flexibility compared to other models. It also is accompanied by strong community values and high standards, which encourage the highest levels of creativity and innovation in engineering. Read more

Mozilla and Data Protection and Privacy Commissioners

  • Lessons from Carpenter – Mozilla panel discussion at ICDPPC
    The US Supreme Court recently released a landmark ruling in Carpenter vs. United States, which held that law enforcement authorities must secure a warrant in order to access citizens’ cell-site location data. At the upcoming 40th Conference of Data Protection and Privacy Commissioners, we’re hosting a panel discussion to unpack what Carpenter means in a globalised world.
  • The future of online advertising – Mozilla panel discussion at ICDPPC
    At the upcoming 40th International Conference of Data Protection and Privacy Commissioners, we’re convening a timely high-level panel discussion on the future of advertising in an open and sustainable internet ecosystem.

Games: Spearmint, Rise to Ruins, Depth of Extinction, Puzlogic, Never Split the Party, Godot Engine, DXVK

  • Ioquake3-Derived Spearmint 1.0 Engine Coming Next Month, But Ceasing Development
    Spearmint, an enhanced version of the open-source ioquake3 engine in turn derived from the id Tech 3 source code, will see the big "1.0" milestone in October. But that will also coincide with the developer and ioquake3 maintainer ceasing work on this engine now with an eighteen year lineage.
  • Village building god sim 'Rise to Ruins' had an absolutely massive update
    Rise to Ruins, a village builder that mixes in some god sim fun just went through a bit of an evolution with the latest patch, which really is absolutely massive. In terms of file-size the patch was relatively small, but good things come in small packages!
  • Roguelike RPG 'Depth of Extinction' is nearing release with a launch trailer
    I'm personally very excited about Depth of Extinction, a roguelike RPG with turn-based battles and an interesting setting. The release is closing in for this month and they have a new launch trailer. Note: This was a personal purchase for me.
  • Puzlogic combines elements from Sudoku and Kakuro to make an interesting puzzle game
    Puzlogic from developer Eduardo Barreto was released on Steam back in July and it just recently gained Linux support. It combines elements from Sudoku and Kakuro along with some lovely ambient music to create a pretty decent and relaxing experience. Currently in Early Access, the developer expects the full release to be available in the first part of 2019.
  • Never Split the Party, a free online team-based action-RPG is now on Linux
    Never one to pass up trying out a free game, today I tested out some of Never Split the Party, an "an ultra social rogue-like" and it's not bad. While the game is free to play, you only get given one single character. If you want access to the others, you need to buy the Fellowship DLC which will unlock the Cleric, Rogue, Mage, Ranger and Mercenary.
  • Godot Engine 3.1 will have support for simplex noise generation which looks incredibly useful
    Godot Engine 3.1 [Official Site], the big upgrade coming to the open source game engine has gained another exciting feature with simplex noise generation.
  • One of the fine folks in the Intel Mesa driver team has written up a post on their work improving games in DXVK
    Writing on their personal blog, Jason Ekstrand from the Intel Mesa team has written up some information on what they've been doing to improve the Intel drivers on Linux. What they're talking about isn't exactly new, since the fixes are already in Mesa but it's nice to get some information about how they came across the issues and what they did to solve them. Regardless of your feelings towards Wine, DXVK, Steam Play and so on, no one can ignore the benefits they bring to the people actually working on the drivers. Giving them so many more ways to test and push Linux graphics drivers is a good thing, as it means we can end up with much better drivers for all sorts of workloads (not just gaming!).

LLVM 7.0.0 Released

  • LLVM 7.0.0 released
    The release contains the work on trunk up to SVN revision 338536 plus work on the release branch. It is the result of the community's work over the past six months, including: function multiversioning in Clang with the 'target' attribute for ELF-based x86/x86_64 targets, improved PCH support in clang-cl, preliminary DWARF v5 support, basic support for OpenMP 4.5 offloading to NVPTX, OpenCL C++ support, MSan, X-Ray and libFuzzer support for FreeBSD, early UBSan, X-Ray and libFuzzer support for OpenBSD, UBSan checks for implicit conversions, many long-tail compatibility issues fixed in lld which is now production ready for ELF, COFF and MinGW, new tools llvm-exegesis, llvm-mca and diagtool. And as usual, many optimizations, improved diagnostics, and bug fixes.
  • LLVM 7.0 Released: Better CPU Support, AMDGPU Vega 20; Clang 7.0 Gets FMV & OpenCL C++
    As anticipated, LLVM release manager Hans Wennborg announced the official availability today of LLVM 7.0 compiler stack as well as associated sub-projects including the Clang 7.0 C/C++ compiler front-end, Compiler-RT, libc++, libunwind, LLDB, and others. There is a lot of LLVM improvements ranging from CPU improvements for many different architectures, Vega 20 support among many other AMDGPU back-end improvements, the new machine code analyzer utility, and more. The notable Clang C/C++ compiler has picked up support for function multi-versioning (FMV), initial OpenCL C++ support, and many other additions. See my LLVM 7.0 / Clang 7.0 feature overview for more details on the changes with this six-month open-source compiler stack update.