Security: SELinux, Dirk Hohndel, Gentoo, Arch Linux AUR Package Repository
-
Lukas Vrabec: Why do you see DAC_OVERRIDE SELinux denials?
-
With So Many Eyeballs, Is Open Source Security Better? [Ed: Ask a FOSS company. Not VMware. VMware puts back doors in its proprietary software blobs.]
Back in 1999, Eric Raymond coined the term "Linus' Law," which stipulates that given enough eyeballs, all bugs are shallow.
Linus' Law, named in honor of Linux creator Linus Torvalds, has for nearly two decades been used by some as a doctrine to explain why open source software should have better security. In recent years, open source projects and code have experienced multiple security issues, but does that mean Linus' Law isn't valid?
According to Dirk Hohndel, VP and Chief Open Source Officer at VMware, Linus' Law still works, but there are larger software development issues that impact both open source as well as closed source code that are of equal or greater importance.
-
The aftermath of the Gentoo GitHub hack [Ed: What a bad choice of password leads to.]
Late last month (June 28), the Gentoo GitHub repository was attacked after someone gained control of an admin account. All access to the repositories was soon removed from Gentoo developers. Repository and page content were altered. But within 10 minutes of the attacker gaining access, someone noticed something was going on, 7 minutes later a report was sent, and within 70 minutes the attack was over. Legitimate Gentoo developers were shut out for 5 days while the dust settled and repairs and analysis were completed.
-
New Variant of Spectre Security Flaw Discovered: Speculative Buffer Overflows
Security researchers Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) have published a paper to disclose a new variant of the infamous Spectre security vulnerability, which creates speculative buffer overflows.
In their paper, the two security researchers explain the attacks and defenses for the new Spectre variant they discover, which they call Spectre1.1 (CVE-2018-3693), a new variant of the first Spectre security vulnerability unearthed earlier this year and later discovered to have multiple other variants.
The new Spectre flaw leverages speculative stores to create speculative buffer overflows. Similar to the classic buffer overflow security flaws, the new Spectre vulnerability is also known as "Bounds Check Bypass Store" or BCBS to distinguish it from the original speculative execution attack.
-
AT&T acquires open-source threat intelligence firm
As AT&T continues down its network virtualization efforts using the open-source Open Networking Automation Platform (ONAP), the operator has acquired cybersecurity firm AlienVault, which uses open-source software to provide what the companies call “threat intelligence.” Financial details of the transaction were not disclosed; AT&T expects the deal to close in Q3 this year.
-
Malware Found in Arch Linux AUR Package Repository
Malware has been discovered in at least three Arch Linux packages available on AUR (Arch User Repository), the official Arch Linux repository of user-submitted packages.
The malicious code has been removed thanks to the quick intervention of the AUR team.
-
Amateur bid to add code to Arch Linux packages found and squashed
- Login or register to post comments
- Printer-friendly version
- 4991 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago