Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Voting By Cell Phone Is A Terrible Idea, And West Virginia Is Probably The Last State That Should Try It Anyway

    So we've kind of been over this. For more than two decades now we've pointed out that electronic voting is neither private nor secure. We've also noted that despite this several-decade long conversation, many of the vendors pushing this solution are still astonishingly-bad at not only securing their products, but acknowledging that nearly every reputable security analyst and expert has warned that it's impossible to build a secure fully electronic voting system, and that if you're going to to do so anyway, at the very least you need to include a paper trail system that's not accessible via the internet.

  • Dell EMC Data Protection Advisor Versions 6.2 – 6.5 found Vulnerable to XML External Entity (XEE) Injection & DoS Crash

    An XML External Entity (XEE) injection vulnerability has been discovered in Dell’s EMC Data Protection Advisor’s version 6.4 through 6.5. This vulnerability is found in the REST API and it could allow an authenticated remote malicious attacker to compromise the affected systems by reading server files or causing a Denial of Service (DoS crash through maliciously crafted Document Type Definitions (DTDs) through the XML request.

  • DeepLocker: Here’s How AI Could ‘Help’ Malware To Attack Stealthily

    By this time, we have realized how artificial intelligence is a boon and a bane at the same time. Computers have become capable of performing things that human beings cannot. It is not tough to imagine a world where you AI could program human beings; thanks to sci-fi television series available lately.

  • DeepLocker: How AI Can Power a Stealthy New Breed of Malware

    Cybersecurity is an arms race, where attackers and defenders play a constantly evolving cat-and-mouse game. Every new era of computing has served attackers with new capabilities and vulnerabilities to execute their nefarious actions.

  • DevSecOps: 3 ways to bring developers, security together

    Applications are the heart of digital business, with code central to the infrastructure that powers it. In order to stay ahead of the digital curve, organizations must move fast and deploy code quickly, which unfortunately is often at odds with stability and security.

    With this in mind, where and how can security fit into the DevOps toolchain? And, in doing so, how can we create a path for successfully deterring threats?

  • Top 5 New Open Source Security Vulnerabilities in July 2018 [Ed: Here is Microsoft's partner WhiteSource attacking FOSS today by promoting the perception that "Open Source" = bugs]
  • DarkHydrus Relies on Open-Source Tools for Phishing Attacks [Ed: I never saw a headline blaming "proprietary tools" or "proprietary back door" for security problems, so surely this author is just eager to smear FOSS]
  • If for some reason you're still using TKIP crypto on your Wi-Fi, ditch it – Linux, Android world bug collides with it [Ed: Secret 'standards' of WPA* -- managed by a corporate consortium -- not secure, still...]

    It’s been a mildly rough week for Wi-Fi security: hard on the heels of a WPA2 weakness comes a programming cockup in the wpa_supplicant configuration tool used on Linux, Android, and other operating systems.

    The flaw can potentially be exploited by nearby eavesdroppers to recover a crucial cryptographic key exchanged between a vulnerable device and its wireless access point – and decrypt and snoop on data sent over the air without having to know the Wi-Fi password. wpa_supplicant is used by Linux distributions and Android, and a few others, to configure the Wi-Fi for computers, gadgets, and handhelds.

  • Linux vulnerability could lead to DDoS attacks

More in Tux Machines

Flock 2018 Reports

Kernel: Linux 4.19 and Vega 20 PowerPlay

  • Power Management Updates Land In The Linux 4.19 Kernel
    Intel's Rafael Wysocki has submitted the ACPI and power management updates today for the Linux 4.19 kernel which were subsequently merged by Linus Torvalds.
  • Linux 4.19 Git Contains a lot of Performance Impacting Spectre Mitigation Updates
    Another round of commits regarding anti-Spectre security have landed up in the Linux 4.19 kernel git tree, which may have possible performance impacts for the kernel. While Spectre is still only a somewhat theoretical threat, as its entirely too slow to be used in a serious attack, many folks are taking its future potential quite seriously and arming up against it.
  • Linux 4.19 Kernel to Receive a Ton of Audio Hardware Updates for Improved Linux Sound Capabilities
    Linux audiophiles may have something to rejoice about, as a recent pull request from SUSE’s Takashi Iwai focuses on a plethora of sound subsystem updates for the Linux 4.19 kernel, including a lot of latest hardware support and overall improvements for Linux’s audio capabilities.
  • Updated Vega 20 Open-Source Driver Patches Posted, Including PSP & PowerPlay Support
    Back in May AMD posted initial open-source "Vega 20" patches and support for that yet-to-launch graphics processor was subsequently merged for the Linux 4.18 kernel. More of the Vega 20 AMDGPU kernel driver enablement has now been posted. This latest 69,910 lines of code -- before fretting, most of that is auto-generated header files for the GPU -- notably adds PSP (Platform Security Processor) and SMU (System Management Unit) for Vega 20. With the SMU enablement code, it's also now wired in to enable Vega 20 PowerPlay support as well as related power/clocking-functionality like OverDrive overclocking is also available.

today's howtos

Security: Disclose.io, Adobe, Apple and Instagram

,