Language Selection

English French German Italian Portuguese Spanish

Security: Windows Problems, FOSS Updates, UEFI Lockdown, Snapchat Source Code Leak

Filed under
Security
  • Ring 0 Army Knife (r0ak) Read, Write, and Debugging Execution Tool Released ahead of Black Hat USA 2018
  • iPhone Chip Manufacturing Halts as TSMC’s Network is Hit by WannaCry Variant Virus

    TSMC was forced to shutdown its operations as many of its computer systems and manufacturing machines were caught in the grasp of a WannaCry variant ransomware according to a statement release. The company claims that its systems were not attacked remotely or locally, but the virus took its origin from when a supplier installed faulty software onto the company’s network without running a virus scan. The virus spread rapidly to over 10,000 of the company’s machines across its factories, impacting the plants that cater to Apple’s chip production heavily.

  • Security updates for Wednesday
  • US-CERT Warns of New Linux Kernel Vulnerability

    Denial-of-service attacks aren't just about external floods: A new US-CERT vulnerability note is a reminder that operating system kernel services can be used to effectively launch a DoS campaign against a system.

  • Good Lockdown vs. Bad

    The patch gave birth to an odd debate, but a familiar one by now. Matthew Garrett, ultimately the main proponent of the patch, kept defending it on technical grounds that Linus Torvalds felt were meaningless and dishonest, hiding a secret agenda that included helping companies like Microsoft lock users out of making changes to their own systems.

    Andy Lutomirski was another critic of Matthew's defense of the patch. The debate circled around and around, with Linus and Andy trying to get Matthew to admit the true motivation they believed he had and Matthew attempting to give solid reasons why the patch should go into the kernel. Things got ugly.

    James Morris initially accepted the patch, planning to send it up to Linus for inclusion, and Andy reviewed the code. Among his comments, Andy said the goal of the patch was not clearly stated. He said for the purpose of his code review he would assume the goal was to prevent the root user from either reading kernel memory or intentionally corrupting the kernel.

    But, he didn't think those were proper goals for a kernel, even a UEFI Secure Boot kernel. He said, "the kernel should try to get away from the idea that UEFI Secure Boot should imply annoying restrictions. It's really annoying and it's never been clear to me that it has a benefit." He singled out the idea of preventing the root user from accessing kernel memory as one of these annoying restrictions.

  • Snapchat Source Code Leaked and Posted to GitHub

    GitHub is often the go-to place for hackers or researchers to archive interesting code or data dumps. But sometimes affected companies do their best to remove exposed data from the code repository site.

    Earlier this year, Snap—the company behind social media network Snapchat—exposed some of the source code of the network’s iOS app, Snap confirmed to Motherboard on Tuesday. After someone archived that exposed code on GitHub, Snap told GitHub to remove the data with a copyright act request, Snap told Motherboard.

  • Snapchat’s Source Code Leaked Online, Archived on Github

    Hackers leave no chance of obtaining the source codes of popular apps as they aren’t public. However, in a recent incident, someone has archived Snapchat’s source code and posted it on Github.

    The incident was confirmed by the social networking app to Motherboard on Tuesday. The hackers got hold of the code after the app and exposed a portion of the source code of the network’s iOS app.

More in Tux Machines

Canonical/Ubuntu: Quirky Xerus 8.6, Snapcraft and More

  • Quirky Xerus 8.6 features latest DEBs from Ubuntu 16.04.x
    The independent Linux-based operating system, Quirky 8.6, a side project of Puppy Linux made with Woof, has just hit the market. According to an announcement by its creator, Barry Kauler, who retired from the Puppy Linux project to work on the Quirky Distro, the woofQ operating system is live for users to download and enjoy. The latest release mainly features bug fixes and minor improvements from previous Quirky OS 8.x versions. The release notes of Quirky’s Xerus version 8.6 explain that the update comes with a package upgrade to version 2.49.4 SeaMonkey and Kernel 4.14.63 with aufs patch. The new release is built with the latest DEBs from the Ubuntu 16.04.x range and features improvements for its EasyShare with specific improvements for Android connections. A Gxlat language translator has been introduced in this update and there are 10 architectural improvements and fixes as well. Several minor security bugs have also been patched since its predecessor.
  • Snapcraft at Europython 2018
    In July, several members of our advocacy and design teams went to Europython 2018 in Edinburgh. It was a really well-organised event, mixing great speakers from a vibrant community at a great location. The main reason for us to get closer to the Python developer community was to promote Snapcraft as the best way to publish on Linux, for app developers in general, and for Python developers in particular. As well as increasing awareness of Snapcraft, we gained a deeper understanding of the needs of Python developers and made contact with interesting products and engineers.
  • Cloud Native, Docker, K8s Summit
  • Ubuntu 18.04.1 Bionic Beaver Has Been Released (Download Links)

Graphics: Wayland/Weston, Mesa and AMD

  • Wayland 1.16 / Weston 5.0 RC2 Released To Fix Vulnerabilities
    Two release candidates of Wayland 1.16 / Weston 5.0 were not originally scheduled, but it's been necessitated due to some pressing issues both with Wayland and its reference compositor. Samsung's Derek Foreman issued these "RC2" releases on Friday rather than going straight to the official Wayland 1.16 and Weston 5.0 releases. On the Wayland front, Michael Srb found and fixed issues that could cause pointer overflows within Wayland's connection code. These overflow fixes are the only changes in this Wayland 1.15.94 (RC2) version.
  • RAGE & Doom Get Radeon Workarounds In Mesa 18.3-dev
    If you are looking to enjoy id Software's RAGE or Doom VFR games this weekend on Linux via Wine, they should be playing nicer with the latest open-source Mesa graphics driver code. Timothy Arceri at Valve has added a workaround to get RAGE working under Wine with RadeonSI. The workaround is a DRIRC configuration addition for allowing GLSL built-in variable redeclarations. This is enough to get RAGE working with RadeonSI on Mesa Git. Though only RadeonSI is working out currently since the game relies upon the OpenGL compatibility profile mode that is only supported currently by RadeonSI when it comes to the Mesa drivers. Thanks to Valve's developers and others, the OpenGL compatibility profile mode for RadeonSI has matured into great shape these past few months.
  • Adreno 600 Series Support Lands In Mesa 18.3 Gallium3D
    With the Adreno 600 series support going into Linux 4.19 for the kernel bits, the user-space OpenGL driver support for the latest-generation Qualcomm graphics has now been merged into Mesa. Kristian Høgsberg Kristensen of Google's Chrome OS graphics team (yes, Kristian of Wayland and DRI2 fame) has been working on the Gallium3D support for the Adreno 600 series hardware along with Freedreno founder Rob Clark. This A6xx support is being tacked onto the existing Freedreno Gallium3D driver and amounts to just over six thousand lines of new code. Keep in mind this A6xx Freedreno back-end must also be used with the supported MSM DRM driver in the Linux 4.19+ kernel.
  • AMDGPU-PRO 18.30 Radeon Linux Driver Released with Support for Ubuntu 18.04 LTS
    Featuring official support for the AMD Radeon PRO WX 8200 graphics cards and initial Wattman-like functionality, the Radeon Software for Linux 18.30 finally adds support for some of the most recent Ubuntu, Red Hat Enterprise Linux, and CentOS Linux distributions. These include Ubuntu 18.04.1 LTS (Bionic Beaver), Ubuntu 16.04.5 LTS (Xenial Xerus), Red Hat Enterprise Linux 7.5, Red Hat Enterprise Linux 6.10, CentOS 7.5, and CentOS 6.10. SUSE Linux Enterprise Desktop and Server (SLED/SLES) 12 Service Pack (SP) 3 is supported as well, but not the latest SUSE Linux Enterprise 15.
  • AMDVLK Vulkan Driver Update Fixes Witcher 3 Issue, Bug Fixes
    In addition to AMD releasing AMDGPU-PRO 18.30 on Friday, they also did their usual weekly source push of their newest "AMDVLK" open-source Radeon Vulkan driver code.

Kernel: Linux 4.19 Staging and Greg Kroah-Hartman's Very Many Stable Releases

  • Linux 4.19 Staging Brings EROFS File-System & Gasket Driver Framework
    Following the USB subsystem updates, Greg Kroah-Hartman sent in the kernel's staging area work for the Linux 4.19 merge window. This experimental/testing area of the Linux kernel is adding a new file-system with 4.19: EROFS. EROFS is developed by Huawei for possible Android device use-cases. EROFS stands for the Extendable Read-Only File-System and is developed to address shortcomings in other Linux read-only file-systems. EROFS features compression support and other features, but the on-disk layout format isn't 100% firm yet -- hence going into the staging area.
  • USB Patches Posted For Linux 4.19 Kernel, Including The New USB-C DisplayPort Driver
    Having wrapped up his latest stable kernel wrangling and the fallout from L1TF/Foreshadow, Greg Kroah-Hartman got around today to sending out the feature pull requests for the kernel subsystems he oversees. His first new batch of changes for Linux 4.19 today is the USB subsystem work.
  • One Week Past Linux 4.18.0, The Linux 4.18.3 Kernel Is Already Out
    Greg Kroah-Hartman had a fun Friday night issuing new point releases to the Linux 3.18 / 4.4 / 4.9 / 4.14 / 4.17 / 4.18 kernels only to have to issue new point releases minutes later. It was just on Thursday that Linux 4.18.1 was released along with updates to older stable branches for bringing L1TF / Foreshadow mitigation. Friday night then brought Linux 4.18.2, Linux 4.17.16, Linux 4.14.64, Linux 4.9.121, Linux 4.4.149, and Linux 3.18.119 with more patches. Those kernels brought various fixes, including in the x86 PTI code for clearing the global bit more aggressively, crypto fixes, and other maintenance work.

Trinity Desktop Environment R14.0.5

  • 2018.08.18: Trinity Desktop Environment R14.0.5 Released!
    The Trinity Desktop Environment (TDE) development team is pleased to announce the immediate availability of the new TDE R14.0.5 release. TDE is a complete software desktop environment designed for Unix-like operating systems, intended for computer users preferring a traditional desktop model, and is free/libre software. R14.0.5 is the fifth maintenance release of the R14.0 series, and is built on and improves the previous R14.0.4 version. Maintenance releases are intended to promptly bring bug fixes to users, while preserving overall stability through the avoidance of both major new features and major codebase re-factoring.
  • Trinity Desktop R14.0.5 Lets You Keep Enjoying The KDE 3 Experience In 2018
    For those that have fond memories of the K Desktop Environment 3, you can still enjoy a KDE3-derived experience in 2018 with the just-released Trinity Desktop R14.0.5. Trinity Desktop continues to see occasional updates as the fork of the KDE 3.5 packages. Trinity Desktop R14.0.5 is the new release this weekend and their first since R14.0.4 was released last November.