Language Selection

English French German Italian Portuguese Spanish

Security: Updates, GNU/Linux, Spectre and DRM

Filed under
Security
  • Security updates for Wednesday
  • Another Linux distro poisoned with malware

    Last time it was Gentoo, a hard-core, source-based Linux distribution that is popular with techies who like to spend hours tweaking their entire operating sytem and rebuilding all their software from scratch to wring a few percentage points of performance out of it.

  • Arch Linux AUR packages found to be laced with malware

    Three Arch Linux packages have been pulled from AUR (Arch User Repository) after they were discovered to contain malware. The PDF viewer acroread and two other packages that are yet to be named were taken over by a malicious user after they were abandoned by their original authors.

  • ​The return of Spectre

    The return of Spectre sounds like the next James Bond movie, but it's really the discovery of two new Spectre-style CPU attacks.

    Vladimir Kiriansky, a Ph.D. candidate at MIT, and independent researcher Carl Waldspurger found the latest two security holes. They have since published a MIT paper, Speculative Buffer Overflows: Attacks and Defenses, which go over these bugs in great detail. Together, these problems are called "speculative execution side-channel attacks."

    These discoveries can't really come as a surprise. Spectre and Meltdown are a new class of security holes. They're deeply embedded in the fundamental design of recent generations of processors. To go faster, modern chips use a combination of pipelining, out-of-order execution, branch prediction, and speculative execution to run the next branch of a program before it's called on. This way, no time is wasted if your application goes down that path. Unfortunately, Spectre and Meltdown has shown the chip makers' implementations used to maximize performance have fundamental security flaws.

  • Mercury Security Introduces New Linux Intelligent Controller Line

    Mercury Security, a leader in OEM access control hardware and part of HID Global, announces the launch of its next-generation LP intelligent controller platform built on the Linux operating system.

    The new controllers are said to offer advanced security and performance, plus extensive support for third-party applications and integrations. The controllers are based on an identical form factor that enables seamless upgrades for existing Mercury-based deployments, according to the company.

  • Latest Denuvo Version Cracked Again By One Solo Hacker On A Personal Mission

    Denuvo is... look, just go read this trove of backlinks, because I've written far too many of these intros to be able to come up with one that is even remotely original. Rather than plagiarize myself, let me just assume that most of you know that Denuvo is a DRM that was once thought to be invincible but has since been broken in every iteration developed, with cracking times often now down to days and hours rather than weeks or months. Key in this post is that much if not most of the work cracking Denuvo has been done by a single person going by the handle Voksi. Voksi is notable not only for their nearly singlehandedly torpedoing the once-daunting Denuvo DRM, but also for their devotion to the gaming industry and developers that do things the right way, even going so far as to help them succeed.

    Well, Voksi is back in the news again, having once again defeated the latest build of Denuvo DRM.

  • Latest Denuvo Anti-Piracy Protection Falls, Cracker ‘Voksi’ On Fire

    The latest variant of the infamous Denuvo anti-piracy system has fallen. Rising crack star Voksi is again the man behind the wheel, defeating protection on both Puyo Puyo Tetris and Injustice 2. The Bulgarian coder doesn't want to share too many of his secrets but informs TorrentFreak that he won't stop until Denuvo is a thing of the past, which he hopes will be sooner rather than later.

More in Tux Machines

Software: Newsboat, FreeFileSync, Corebird, FileZilla, nomacs, RAV1E

  • Newsboat: A Snazzy Text-Based RSS Feed Reader
    Newsboat is a sleek, open source RSS/Atom feed reader for the text console. It’s a fork of Newsbeuter. RSS and Atom are a number of widely-used XML formats to transmit, publish and syndicate articles, typically news or blog articles. Newsboat is designed to be used on text terminals on Unix or Unix-like systems. It’s entirely controlled by the keyboard. The software has an internal commandline to modify configuration variables and to run commands.
  • FreeFileSync – Data Backup and File Synchronization App
    FreeFileSync is a free data backup and file synchronization app which is available in Linux systems enables you to seamlessly sync your backup data with the source data. When you take a backup of your HD, or any other disk drive, you should keep it in sync for the file changes you do from time to time. It is often difficult to remember which file/directories you have changed/deleted/updated since the last backup. FreeFileSync solves that problem and it can determine and sync only those changed/deleted/updated files in your backup.
  • Corebird Twitter Client – to Stop Working
    Corebird, the best native GTK+ Twitter client available for Linux desktops including Ubuntu will stop working on August 2018. This has been recently reported by the Corebird developer in patreon as well as in GitHub. This is mainly due to the policy change from Twitter which will remove UserStream API which is used by Corebird and other third party Twitter clients. In the patreon post, the developer stated that, the new API by Twitter named Accounts Activity API is too difficult to implement and he may not have much time available for development.
  • FileZilla – Best FTP Client for Linux, Ubuntu Releases version 3.34.0
    FileZilla is a free and open source FTP client available for Ubuntu, Mint and other Linux systems. FileZilla is the go-to software when you need a FTP client for your need. FileZilla is loaded with supports for FTP, SFTP, FTPS protocols and it is cross platform. It comes with nice user friendly and easy to use GUI.
  • nomacs 3.10.2
    nomacs is licensed under the GNU General Public License v3 and available for Windows, Linux, FreeBSD, Mac, and OS/2.
  • RAV1E: The "Fastest & Safest" AV1 Encoder
    Following the news about VP9 and AV1 having more room to improve particularly for alternative architectures like POWER and ARM, a Phoronix reader pointed out an effort that Mozilla is behind on developing the "rav1e" encoder. AV1 up to this point for encoding on CPUs has been - unfortunately - extremely slow. But it turns out Mozilla and others are working on RAV1E as what they are billing as the fastest and safest AV1 encoder. RAV1E has been in development for a while now but has seemingly flown under our radar.

today's howtos

Red Hat Looks Beyond Docker for Container Technology

While Docker Inc and its eponymous container engine helped to create the modern container approach, Red Hat has multiple efforts of its own that it is now actively developing. The core component for containers is the runtime engine, which for Docker is the Docker Engine which is now based on the Docker-led containerd project that is hosted at the Cloud Native Computing Foundation (CNCF). Red Hat has built its own container engine called CRI-O, which hit its 1.0 release back in October 2017. For building images, Red Hat has a project called Buildah, which reached its 1.0 milestone on June 6. Read more

Containers: The Update Framework (TUF), Nabla, and Kubernetes 1.11 Release

  • How The Update Framework Improves Software Distribution Security
    In recent years that there been multiple cyber-attacks that compromised a software developer's network to enable the delivery of malware inside of software updates. That's a situation that Justin Cappos, founder of The Update Framework (TUF) open-source project, has been working hard to help solve. Cappos, an assistant professor at New York University (NYU), started TUF nearly a decade ago. TUF is now implemented by multiple software projects, including the Docker Notary project for secure container application updates and has implementations that are being purpose-built to help secure automotive software as well.
  • IBM's new Nabla containers are designed for security first
    Companies love containers because they enable them to run more jobs on servers. But businesses also hate containers, because they fear they're less secure than virtual machines (VM)s. IBM thinks it has an answer to that: Nabla containers, which are more secure by design than rival container concepts. James Bottomley, an IBM Research distinguished engineer and top Linux kernel developer, first outlines that there are two kind of fundamental kinds of container and virtual machine (VM) security problems. These are described as Vertical Attack Profile (VAP) and Horizontal Attack Profile (HAP).
  • [Podcast] PodCTL #42 – Kubernetes 1.11 Released
    Like clockwork, the Kubernetes community continues to release quarterly updates to the rapidly expanding project. With the 1.11 release, we see a number of new capabilities being added across a number of different domains – infrastructure services, scheduling services, routing services, storage services, and broader CRD versioning capabilities that will improve the ability to not only deploy Operators for the platform and applications. Links for all these new features, as well as in-depth blog posts from Red Hat and the Kubernetes community are included in the show notes. As always, it’s important to remember that not every new feature being released is considered “General Availability”, so be sure to check the detailed release notes before considering the use of any feature in a production or high-availability environment.