Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • People Think Their Passwords Are Too Awesome For Two Factor Authentication. They’re Wrong.
  • Security updates for Thursday
  • Let's Encrypt Now Trusted by All Major Root Programs

    Now, the CA’s root is directly trusted by almost all newer versions of operating systems, browsers, and devices. Many older versions, however, still do not directly trust Let’s Encrypt.

    While some of these are expected to be updated to trust the CA, others won’t, and it might take at least five more years until most of them cycle out of the Web ecosystem. Until that happens, Let’s Encrypt will continue to use a cross signature.

  • WPA2 flaw lets attackers easily crack WiFi passwords

    The security flaw was found, accidentally, by security researcher Jens Steube while conducting tests on the forthcoming WPA3 security protocol; in particular, on differences between WPA2's Pre-Shared Key exchange process and WPA3's Simultaneous Authentication of Equals, which will replace it. WPA3 will be much harder to attack because of this innovation, he added.

  • ​Linux kernel network TCP bug fixed

    Another day, another bit of security hysteria. This time around the usually reliable Carnegie Mellon University's CERT/CC, claimed the Linux kernel's TCP network stack could be "forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (DoS)."

  • State of Security for Open Source Web Applications 2018

    ach year, we publish a set of statistics summarizing the vulnerabilities we find in open source web applications. Our tests form part of Netsparker's quality assurance practices, during which we scan thousands of web applications and websites. This helps us to add to our security checks and continuously improve the scanner's accuracy.

    This blog post includes statistics based on security research conducted throughout 2017. But first, we take a look at why we care about open source applications, and the damage that can be caused for enterprises when they go wrong.

  • New Actor DarkHydrus Targets Middle East with Open-Source Phishing [Ed: Headline says "Open-Source Phishing," but this is actually about Microsoft Windows and Office (proprietary and full of serious bugs)]

    Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign.

    Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign, mounted by a newly-named threat group known as DarkHydrus. In a twist on the norm, the group is leveraging the open-source Phishery tool to carry out its dark work.

    The attacks follow a well-worn pattern, according to Palo Alto Networks’ Unit 42 group: Spear-phishing emails with attached malicious Microsoft Office documents are leveraging the “attachedTemplate” technique to load a template from a remote server.

More in Tux Machines

Mozilla: Privacy, R.I.P., and Consent Management at Mozfest 2018

  • Firefox collects data on you through hidden add-ons

    Mozilla, the organisation that produces the Firefox browser and makes a loud noise about its open source credentials, is quietly collecting telemetry data on its users by the use of hidden add-ons, even though publicly visible telemetry controls are not selected.

  • R.I.P., Charles W. Moore, a fine man who liked fine Macs
    A farewell and au revoir to a great gentleman in making the most of your old Mac, Charles W. Moore, who passed away at his home in rural Canada on September 16 after a long illness. Mr Moore was an early fan of TenFourFox, even back in the old bad Firefox 4 beta days, and he really made his famous Pismo PowerBook G3 systems work hard for it.
  • Consent management at Mozfest 2018
    Good news. It looks like we're having a consent management mini-conference as part of Mozfest next month. (I'm one of the organizers for the Global Consent Manager session, and plan to attend the others.)

Android Leftovers

LibreOffice: A history of document freedom

My reminiscing led me to reach out to the Document Foundation, which governs LibreOffice, to learn more about the history of this open source productivity software. The Document Foundation's team told me that "StarWriter, the ancestor of the LibreOffice suite, was developed as proprietary software by Marco Börries, a German student, to write his high school final thesis." He formed a company called Star Division to develop the software. In 1999, Sun Microsystems bought Star Division for $73.5 million, changed the software's name to OpenOffice.org, and released the code as open source. Anyone could download the office suite at no charge for personal use. The Document Foundation told me, "For almost 10 years, the software was developed under Sun stewardship, from version 1.0 to version 3.2. It started with a dual license—LGPL and the proprietary SISSL (Sun Industry Standard Software License)—but it evolved to pure LGPL from version 2.0." Read more

Learn the 37 most frequently used shortcuts in GIMP

GIMP is a fantastic artist's tool for editing digital images, especially with the bevy of impressive features in the recent release of version 2.10. Of course, like all creative applications, you can get working more quickly if you can make yourself familiar with the various keyboard shortcuts and hotkeys available. GIMP, of course, gives you the ability to customize these shortcuts to match what you're personally comfortable with. However, the default shortcuts that GIMP ships with are impressive and generally easy to get used to. This cheat sheet is not an exhaustive list of all of the defaults GIMP has available. Instead, it covers the most frequently used shortcuts so you can get to work as fast as possible. Plus, there should be a few in here that make you aware of a few features that maybe you weren't aware of. Read more