Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • People Think Their Passwords Are Too Awesome For Two Factor Authentication. They’re Wrong.
  • Security updates for Thursday
  • Let's Encrypt Now Trusted by All Major Root Programs

    Now, the CA’s root is directly trusted by almost all newer versions of operating systems, browsers, and devices. Many older versions, however, still do not directly trust Let’s Encrypt.

    While some of these are expected to be updated to trust the CA, others won’t, and it might take at least five more years until most of them cycle out of the Web ecosystem. Until that happens, Let’s Encrypt will continue to use a cross signature.

  • WPA2 flaw lets attackers easily crack WiFi passwords

    The security flaw was found, accidentally, by security researcher Jens Steube while conducting tests on the forthcoming WPA3 security protocol; in particular, on differences between WPA2's Pre-Shared Key exchange process and WPA3's Simultaneous Authentication of Equals, which will replace it. WPA3 will be much harder to attack because of this innovation, he added.

  • ​Linux kernel network TCP bug fixed

    Another day, another bit of security hysteria. This time around the usually reliable Carnegie Mellon University's CERT/CC, claimed the Linux kernel's TCP network stack could be "forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (DoS)."

  • State of Security for Open Source Web Applications 2018

    ach year, we publish a set of statistics summarizing the vulnerabilities we find in open source web applications. Our tests form part of Netsparker's quality assurance practices, during which we scan thousands of web applications and websites. This helps us to add to our security checks and continuously improve the scanner's accuracy.

    This blog post includes statistics based on security research conducted throughout 2017. But first, we take a look at why we care about open source applications, and the damage that can be caused for enterprises when they go wrong.

  • New Actor DarkHydrus Targets Middle East with Open-Source Phishing [Ed: Headline says "Open-Source Phishing," but this is actually about Microsoft Windows and Office (proprietary and full of serious bugs)]

    Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign.

    Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign, mounted by a newly-named threat group known as DarkHydrus. In a twist on the norm, the group is leveraging the open-source Phishery tool to carry out its dark work.

    The attacks follow a well-worn pattern, according to Palo Alto Networks’ Unit 42 group: Spear-phishing emails with attached malicious Microsoft Office documents are leveraging the “attachedTemplate” technique to load a template from a remote server.

More in Tux Machines

Intel Preparing The Linux Kernel For Cascade Lake AP Multi-Die Support

Intel developers have begun posting their Linux kernel patches for enabling multi-die/package topology support to the Linux kernel as part of their Cascade Lake AP upbringing. Cascade Lake "Advanced Performance" is a multi-chip package of multiple Cascade Lake dies, expected to be up to 48 cores / 96 threads per package and twelve DDR4 memory channels. Cascade Lake SP and Cascade Lake X Linux support already has been in order -- or at least appears to be based upon previous commit activity -- while Cascade Lake AP is taking some additional work due to the new multi-die design. Cascade Lake dies are connected via Ultra Path Interconnect (UPI) links. Read more Also: Linux Seeing Support For The HyperBus

Wayland 1.17 & Weston 6.0 Reach Alpha, Officially Releasing Next Month

Out today are the first alpha releases for Wayland 1.17 and the Weston 6.0 reference compositor. This alpha release is about two weeks behind schedule but the developers have updated their plans to now ship the beta releases on 5 March, release candidates begin on 12 March, and potentially releasing the stable versions of Wayland 1.17.0 and Weston 6.0.0 on 19 March. The Wayland 1.17 Alpha release adds to the protocol support for expressing an internal server error message as well as an updated wl_seat protocol. There are also memory leak fixes for the Wayland scanner and various test updates. Details on the 1.17 alpha via wayland-devel. Also out today is the Weston 6.0 Alpha. On the Weston compositor front they have shifted to using the Meson build system while deprecating Autotools, XDG-Shell stable support, FreeRDP 2.0 updates, IVI shell improvements, and many other changes. Read more

NVIDIA 418.31.03 Linux Driver

Linux-powered robot kit aims for sweet spot between pro and kid products

Vincross has launched a Kickstarter campaign for a modular “MIND Kit” robotics kit ranging from $89 for the Linux-driven, quad -A53 compute unit to $799 for a complete kit with servo controller, motors, battery, bases, sensors, lidar, and a mic array. Vincross, which was founded in 2014 by Tsinghua University AI scientist Tianqi Sun, went to Kickstarter last year to launch its six-legged, all-terrain HEXA robot, controlled by a Linux-based MIND SDK. Now, the company has returned with a smarter and more modular MIND Kit robotics kit with an updated MIND 2.0 SDK. The company also announced a $10 funding round led by Lenovo (see farther below). Read more