Language Selection

English French German Italian Portuguese Spanish

Security: Windows Ransomware, Cortana Holes, Google Play Protect and More

Filed under
Security
  • The worst types of ransomware attacks
  • Patched Cortana Bug Let Hackers Change Your Password From the Lock Screen
  • What is Google Play Protect and How Does it Keep Android Secure?
  • ​Another day, another Intel CPU security hole: Lazy State

    Once upon a time, when we worried about security, we worried about our software. These days, it's our hardware, our CPUs, with problems like Meltdown and Spectre, which are out to get us. The latest Intel revelation, Lazy FP state restore, can theoretically pull data from your programs, including encryption software, from your computer regardless of your operating system.

    Like its forebears, this is a speculative execution vulnerability. In an interview, Red Hat Computer Architect Jon Masters explained: "It affects Intel designs similar to variant 3-a of the previous stuff, but it's NOT Meltdown." Still, "It allows the floating point registers to be leaked from another process, but alas that means the same registers as used for crypto, etc." Lazy State does not affect AMD processors.

  • Eric S. Raymond on Keeping the Bazaar Secure and Functional
  • Purple testing and chaos engineering in security experimentation

    The way we use technology to construct products and services is constantly evolving, at a rate that is difficult to comprehend. Regrettably, the predominant approach used to secure design methodology is preventative, which means we are designing stateful security in a stateless world. The way we design, implement, and instrument security has not kept pace with modern product engineering techniques such as continuous delivery and complex distributed systems. We typically design security controls for Day Zero of a production release, failing to evolve the state of our controls from Day 1 to Day (N).

    This problem is also rooted in the lack of feedback loops between modern software-based architectures and security controls. Iterative build practices constantly push product updates, creating immutable environments and applying complex blue-green deployments and dependencies on ever-changing third-party microservices. As a result, modern products and services are changing every day, even as security drifts into the unknown.

More in Tux Machines

It Turns Out RISC-V Hardware So Far Isn't Entirely Open-Source

While they are trying to make it an open board, as it stands now Minnich just compares this RISC-V board as being no more open than an average ARM SoC and not as open as IBM POWER. Ron further commented that he is hoping for other RISC-V implementations from different vendors be more open. Read more

Perl 5.28.0 released

Version 5.28.0 of the Perl language has been released. "Perl 5.28.0 represents approximately 13 months of development since Perl 5.26.0 and contains approximately 730,000 lines of changes across 2,200 files from 77 authors". The full list of changes can be found over here; some highlights include Unicode 10.0 support, string- and number-specific bitwise operators, a change to more secure hash functions, and safer in-place editing. Read more

Today in Techrights

Will Microsoft’s Embrace Smother GitHub?

Microsoft has had an adversarial relationship with the open-source community. The company viewed the free Open Office software and the Linux operating system—which compete with Microsoft Office and Windows, respectively—as grave threats. In 2001 Windows chief Jim Allchin said: “Open source is an intellectual-property destroyer.” That same year CEO Steve Ballmer said “Linux is a cancer.” Microsoft attempted to use copyright law to crush open source in the courts. When these tactics failed, Microsoft decided if you can’t beat them, join them. It incorporated Linux and other open-source code into its servers in 2014. By 2016 Microsoft had more programmers contributing code to GitHub than any other company. The GitHub merger might reflect Microsoft’s “embrace, extend and extinguish” strategy for dominating its competitors. After all, GitHub hosts not only open-source software and Microsoft software but also the open-source projects of other companies, including Oracle, IBM, and Amazon Web Services. With GitHub, Microsoft could restrict a crucial platform for its rivals, mine data about competitors’ activities, target ads toward users, or restrict free services. Its control could lead to a sort of surveillance of innovative activity, giving it a unique, macro-scaled insight into software development. Read more