Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • People Think Their Passwords Are Too Awesome For Two Factor Authentication. They’re Wrong.
  • Security updates for Thursday
  • Let's Encrypt Now Trusted by All Major Root Programs

    Now, the CA’s root is directly trusted by almost all newer versions of operating systems, browsers, and devices. Many older versions, however, still do not directly trust Let’s Encrypt.

    While some of these are expected to be updated to trust the CA, others won’t, and it might take at least five more years until most of them cycle out of the Web ecosystem. Until that happens, Let’s Encrypt will continue to use a cross signature.

  • WPA2 flaw lets attackers easily crack WiFi passwords

    The security flaw was found, accidentally, by security researcher Jens Steube while conducting tests on the forthcoming WPA3 security protocol; in particular, on differences between WPA2's Pre-Shared Key exchange process and WPA3's Simultaneous Authentication of Equals, which will replace it. WPA3 will be much harder to attack because of this innovation, he added.

  • ​Linux kernel network TCP bug fixed

    Another day, another bit of security hysteria. This time around the usually reliable Carnegie Mellon University's CERT/CC, claimed the Linux kernel's TCP network stack could be "forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (DoS)."

  • State of Security for Open Source Web Applications 2018

    ach year, we publish a set of statistics summarizing the vulnerabilities we find in open source web applications. Our tests form part of Netsparker's quality assurance practices, during which we scan thousands of web applications and websites. This helps us to add to our security checks and continuously improve the scanner's accuracy.

    This blog post includes statistics based on security research conducted throughout 2017. But first, we take a look at why we care about open source applications, and the damage that can be caused for enterprises when they go wrong.

  • New Actor DarkHydrus Targets Middle East with Open-Source Phishing [Ed: Headline says "Open-Source Phishing," but this is actually about Microsoft Windows and Office (proprietary and full of serious bugs)]

    Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign.

    Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign, mounted by a newly-named threat group known as DarkHydrus. In a twist on the norm, the group is leveraging the open-source Phishery tool to carry out its dark work.

    The attacks follow a well-worn pattern, according to Palo Alto Networks’ Unit 42 group: Spear-phishing emails with attached malicious Microsoft Office documents are leveraging the “attachedTemplate” technique to load a template from a remote server.

More in Tux Machines

Programming Leftovers

  • C Programming Language - Introduction
    This tutorial is the first part of a C programming language course on Linux. C is a procedural programming language that was designed by American computer scientist Dennis Ritchie. Please note that we'll be using Linux for all our examples and explanation. Specifically, we'll be using Ubuntu 18.04 LTS.
  • DSF 2019 Board Election Results
    I'm pleased to announce the winners of our 2019 DSF Board of Directors election. [...] This year we had 17 great candidates and while not everyone can get elected each year I hope they all consider running again in the 2020 election. Another item of note with this election is that our Board is now comprised of two thirds women, which is a first for the DSF.
  • coloured shell prompt
  • Create multiple threads to delete multiple files with python

Security: Updates, Best VPNs for GNU/Linux, and Google+ Chaos Again

  • Security updates for Monday
  • Best VPNs for Linux
  • After a Second Data Leak, Google+ Will Shut Down in April Instead of August
    Back in October, a security hole in Google+’s APIs lead Google to announce it was shutting down the service. Now, a second data leak has surfaced, causing the company to move the shutdown up by four months. This new data leak is quite similar to the first one: profile information such as name, email address, age, and occupation was exposed to developers, even for private profiles. It’s estimated that upwards of 52 million users were affected by this leak. The good news is that while the first hole was open for three years, this one was only an issue for six days, from November 7th to the 13th, 2018.

Linux and Linux Foundation Leftovers

  • Initial i.MX8 SoC Support & Development Board Possibly Ready For Linux 4.21
    While the i.MX8 series was announced almost two years ago and the open-source developers working on the enablement for these new NXP SoCs hoped for initial support in Linux 4.17, the Linux 4.21 kernel that will be released in the early months of 2019 is slated to possibly have the first i.MX8 support in the form of the i.MX8MQ and also supporting its development/evaluation board.
  • AeonWave: An Open-Source Audio Engine Akin To Microsoft's XAudio2 / Apple CoreAudio
    An open-source audio initiative that's been in development for years but flying under our radar until its lead developer chimed in is AeonWave, which supports Windows and Linux systems while being inspired by Microsoft XAudio and Apple's CoreAudio.
  • Take Linux Foundation Certification Exams from Anywhere
    2018 has seen a new wave of popularity for the open source community and it has sparked more interest in potential engineers, system administrators, and Linux experts. 2019 is around the corner and now is a good time to look up Linux certification examinations that will enable you to progress in your career. The good news we have for you is that the Linux Foundation has made certification examinations available online so that IT enthusiasts can get certificates in a wide range of open source domains.

Games Leftovers

  • The Linux version of Civilization VI has been updated with cross-platform multiplayer support
    Just in time for the holidays, Linux gamers finally have version parity with other platforms. Expect to be able to spend just one more turn playing with friends on other operating systems.
  • John Romero has announced a free unofficial spiritual successor to The Ultimate DOOM's 4th episode
    John Romero, one of the co-founders of id Software has revealed he's been working on SIGIL, a free megawad for the original 1993 DOOM. [...] These boxes, will contain music from Buckethead, along with a custom song written expressly for SIGIL. A tempting purchase for any big DOOM fan, I especially love the sound of a 16GB 3-1/2-inch floppy disk-themed USB. You have until December 24, 2018 to order one and I imagine stock will go quite quickly.
  • Unvanquished Open-Source Game Sees Its First Alpha Release In Nearly Three Years
    Unvanquished had been easily one of the most promising open-source games several years back with decent in-game visuals/art, a continually improving "Daemon" engine that was a distant mod of ioquake3 while leveraging ETXReaL components and more, and all-around a well-organized, advancing open-source game project. Their monthly alpha releases stopped almost three years ago while today that's changed just ahead of Christmas. The Unvanquished developers announced Unvanquished Alpha 51 today as their first release in two years and eight months after having made fifty monthly alpha releases. While this is the fifty-first alpha, the developers say they should soon be ready for the beta drop.
  • Unvanquished, the free and open source shooter has a huge new release now out
    After being quiet for some time, the Unvanquished team is back and they have quite a lot to show off in the new release of their free and open source shooter. This is their first new release since April 2016, so the amount that's changed is quite striking! Hopefully, this will be the start of regular release once again, since they used to do monthly releases a few years ago and it was fun to watch it grow.
  • Valve adds even more gamepad support to their latest client beta
    Valve are continuing to support as many devices as possible with a new Steam client beta now available. Since there's no gamepad to rule them all, it makes sense for Valve to support as many as they can. Even though I love the Steam Controller, I do understand that it's not going to be a good fit for everyone. Now, Steam will support the PowerA wired/wireless GameCube Style controllers, PowerA Enhanced Wireless Controller and the PDP Faceoff Wired Pro Controller to boost their already rather large list of supported devices.
  • The turn-based tactical RPG Fell Seal: Arbiter's Mark is coming along nicely
    After a few months in Early Access, the tactical RPG Fell Seal: Arbiter's Mark has come along nicely and it's quite impressive. It became available on Steam back in August, this was with same-day Linux support as promised from developer 6 Eyes Studio after their successful Kickstarter.
  • Citra, the Nintendo 3DS emulator now has 'Accurate Audio Emulation'
    Citra, the impressive and quickly moving Nintendo 3DS emulator has a new progress report out and it sounds great. They've made some great progress on accurate audio emulation, with their new "LLE (Accurate)" option. They say this has enabled games like Pokémon X / Y, Fire Emblem Fates and Echoes and more to work. There's a downside though, that currently the performance does take quite a hit with it so they're still recommending the "HLE (Fast)" setting for now. They go into quite a lot of detail about how they got here, with plenty of bumps along the way. Most of the work towards this, was done by a single developer who suffered a bit of a burn-out over it.
  • Mindustry, an open source sandbox Tower Defense game that's a little like Factorio
    Available under the GPL, the developer originally made it for the GDL Metal Monstrosity Jam which happened back in 2017 and it ended up winning! Seems the developer didn't stop development after this, as they're currently going through a new major release with regular alpha builds.
  • Have graphical distortions in Unity games with NVIDIA? Here's a workaround
    It seems a lot of Unity games upgrading to later versions of Unity are suffering from graphical distortions on Linux with an NVIDIA GPU. There is a workaround available.