Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Voting By Cell Phone Is A Terrible Idea, And West Virginia Is Probably The Last State That Should Try It Anyway

    So we've kind of been over this. For more than two decades now we've pointed out that electronic voting is neither private nor secure. We've also noted that despite this several-decade long conversation, many of the vendors pushing this solution are still astonishingly-bad at not only securing their products, but acknowledging that nearly every reputable security analyst and expert has warned that it's impossible to build a secure fully electronic voting system, and that if you're going to to do so anyway, at the very least you need to include a paper trail system that's not accessible via the internet.

  • Dell EMC Data Protection Advisor Versions 6.2 – 6.5 found Vulnerable to XML External Entity (XEE) Injection & DoS Crash

    An XML External Entity (XEE) injection vulnerability has been discovered in Dell’s EMC Data Protection Advisor’s version 6.4 through 6.5. This vulnerability is found in the REST API and it could allow an authenticated remote malicious attacker to compromise the affected systems by reading server files or causing a Denial of Service (DoS crash through maliciously crafted Document Type Definitions (DTDs) through the XML request.

  • DeepLocker: Here’s How AI Could ‘Help’ Malware To Attack Stealthily

    By this time, we have realized how artificial intelligence is a boon and a bane at the same time. Computers have become capable of performing things that human beings cannot. It is not tough to imagine a world where you AI could program human beings; thanks to sci-fi television series available lately.

  • DeepLocker: How AI Can Power a Stealthy New Breed of Malware

    Cybersecurity is an arms race, where attackers and defenders play a constantly evolving cat-and-mouse game. Every new era of computing has served attackers with new capabilities and vulnerabilities to execute their nefarious actions.

  • DevSecOps: 3 ways to bring developers, security together

    Applications are the heart of digital business, with code central to the infrastructure that powers it. In order to stay ahead of the digital curve, organizations must move fast and deploy code quickly, which unfortunately is often at odds with stability and security.

    With this in mind, where and how can security fit into the DevOps toolchain? And, in doing so, how can we create a path for successfully deterring threats?

  • Top 5 New Open Source Security Vulnerabilities in July 2018 [Ed: Here is Microsoft's partner WhiteSource attacking FOSS today by promoting the perception that "Open Source" = bugs]
  • DarkHydrus Relies on Open-Source Tools for Phishing Attacks [Ed: I never saw a headline blaming "proprietary tools" or "proprietary back door" for security problems, so surely this author is just eager to smear FOSS]
  • If for some reason you're still using TKIP crypto on your Wi-Fi, ditch it – Linux, Android world bug collides with it [Ed: Secret 'standards' of WPA* -- managed by a corporate consortium -- not secure, still...]

    It’s been a mildly rough week for Wi-Fi security: hard on the heels of a WPA2 weakness comes a programming cockup in the wpa_supplicant configuration tool used on Linux, Android, and other operating systems.

    The flaw can potentially be exploited by nearby eavesdroppers to recover a crucial cryptographic key exchanged between a vulnerable device and its wireless access point – and decrypt and snoop on data sent over the air without having to know the Wi-Fi password. wpa_supplicant is used by Linux distributions and Android, and a few others, to configure the Wi-Fi for computers, gadgets, and handhelds.

  • Linux vulnerability could lead to DDoS attacks

More in Tux Machines

Kernel: Qualcomm/Atheros "Ath10k", FUSE and Code of Conduct

  • Linux's Qualcomm Ath10k Driver Getting WoWLAN, WCN3990 Support
    The Qualcomm/Atheros "Ath10k" Linux driver coming up in the Linux 4.20~5.0 kernel merge window is picking up two prominent features. First up, the Ath10k driver is finally having WoWLAN support -- Wake on Wireless LAN. WoWLAN has been supported by the kernel for years and more recently is getting picked up by Linux networking user-space configuration utilities. Ath10k is becoming the latest Linux wireless driver supporting WoWLAN (WIPHY_WOWLAN_NET_DETECT) for automatically waking up the system when within range of an a known SSID.
  • FUSE File-Systems Pick Up Another Performance Boost With Symlink Caching
    FUSE file-systems in user-space are set to be running faster with the upcoming Linux 4.20~5.0 kernel thanks to several performance optimizations. The FUSE kernel code for this next Linux kernel cycle already has a hash table optimization and separately is copy file range support for efficient file copy operations. Staged today into the FUSE tree for the next cycle was yet another performance-boosting patch.
  • Another Change Proposed For Linux's Code of Conduct
    With the Linux 4.19-rc8 kernel release overnight, one change not to be found in this latest Linux 4.19 release candidate are any alterations to the new Code of Conduct. The latest proposal forbids discussing off-topic matters while protecting any sentient being in the universe. While some immediate changes to the Linux kernel Code of Conduct have been talked about by upstream kernel developers, for 4.19-rc8 there are no changes yet. We'll presumably see some basic changes land this week ahead of Linux 4.19.0 expected next Sunday as not to have an unenforceable or flawed CoC found in a released kernel version.

Plasma 5.14 – Phasers on stun

Linux is much like the stock market. Moments of happiness broken by crises. Or is the other way around? Never mind. Today shall hopefully be a day of joy, for I am about to test Plasma 5.14, the latest version of this neat desktop environment. Recently, I’ve had a nice streak of good energy with Linux, mostly thanks to my experience with Slimbook Pro2, which I configured with Kubuntu Beaver. Let’s see if we can keep the momentum. Now, before we begin, there are more good news woven into this announcement. As you can imagine, you do need some kind of demonstrator to test the new desktop. Usually, it’s KDE neon, which offers a clean, lean, mean KDE-focused testing environment. You can boot into the live session, try the desktop, and if you like it, you can even install it. Indeed, neon is an integral part of my eight-boot setup on the Lenovo G50 machine. But what makes things really interesting is that neon has also switched to the latest Ubuntu LTS base. It now comes aligned to the 18.04 family, adorned with this brand new Plasma. Proceed. Read more

today's howtos

Security: 'Cyber' Wars, IPFS, Updates and PHP FUD