Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • People Think Their Passwords Are Too Awesome For Two Factor Authentication. They’re Wrong.
  • Security updates for Thursday
  • Let's Encrypt Now Trusted by All Major Root Programs

    Now, the CA’s root is directly trusted by almost all newer versions of operating systems, browsers, and devices. Many older versions, however, still do not directly trust Let’s Encrypt.

    While some of these are expected to be updated to trust the CA, others won’t, and it might take at least five more years until most of them cycle out of the Web ecosystem. Until that happens, Let’s Encrypt will continue to use a cross signature.

  • WPA2 flaw lets attackers easily crack WiFi passwords

    The security flaw was found, accidentally, by security researcher Jens Steube while conducting tests on the forthcoming WPA3 security protocol; in particular, on differences between WPA2's Pre-Shared Key exchange process and WPA3's Simultaneous Authentication of Equals, which will replace it. WPA3 will be much harder to attack because of this innovation, he added.

  • ​Linux kernel network TCP bug fixed

    Another day, another bit of security hysteria. This time around the usually reliable Carnegie Mellon University's CERT/CC, claimed the Linux kernel's TCP network stack could be "forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (DoS)."

  • State of Security for Open Source Web Applications 2018

    ach year, we publish a set of statistics summarizing the vulnerabilities we find in open source web applications. Our tests form part of Netsparker's quality assurance practices, during which we scan thousands of web applications and websites. This helps us to add to our security checks and continuously improve the scanner's accuracy.

    This blog post includes statistics based on security research conducted throughout 2017. But first, we take a look at why we care about open source applications, and the damage that can be caused for enterprises when they go wrong.

  • New Actor DarkHydrus Targets Middle East with Open-Source Phishing [Ed: Headline says "Open-Source Phishing," but this is actually about Microsoft Windows and Office (proprietary and full of serious bugs)]

    Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign.

    Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign, mounted by a newly-named threat group known as DarkHydrus. In a twist on the norm, the group is leveraging the open-source Phishery tool to carry out its dark work.

    The attacks follow a well-worn pattern, according to Palo Alto Networks’ Unit 42 group: Spear-phishing emails with attached malicious Microsoft Office documents are leveraging the “attachedTemplate” technique to load a template from a remote server.

More in Tux Machines

Android Leftovers

An Initial Look At The Intel Iris Gallium3D Driver Performance

One of the most exciting developments in the open-source Intel driver space this year was the Iris Gallium3D driver taking shape as what's destined to eventually succeed their "classic" i965 Mesa driver. With Iris Gallium3D maturing, here's a look at how the performance currently stacks up to their mature OpenGL driver. The Intel Iris Gallium3D driver is designed for Skylake (potentially Broadwell too) support and newer generations while being a forward-looking driver and utilizes their mature NIR compiler support. Iris holds much more performance potential than their classic Mesa driver albeit the developers haven't really taken to performance optimizations yet but rather getting the driver up and running, eliminating test suite failures, and getting to the point of feature parity with the i965 driver. Read more

Games Leftovers

  • Epic Store influences developers to pull Steam releases
    Some game developers are pulling their upcoming releases from the Steam page entirely, or choosing to make their titles a timed exclusive with the Epic Games Store.
  • DiRT 4 Coming to macOS and Linux in 2019
    Feral Interactive today announced that DiRT 4, the acclaimed off-road and rally racing game, will be released on macOS and Linux in 2019. Originally developed and published by Codemasters for PC and consoles, DiRT 4 is the latest of the studio's world-renowned racing games to be brought to macOS and Linux by Feral, following the success of DiRT Rally, GRID Autosport, and F1 2017.
  • Doom’s next expansion pack, made by John Romero, will be free—or cost up to $166

    John Romero—co-creator of the classic and influential 1990s first-person shooter Doom—has announced that he will release 18 new levels for the game for its 25th anniversary next year.

  • HEARTBEAT, a monster-filled RPG looks really sweet and it's getting a Linux version
    While it may not arrive for Linux at release, the developer of the sweet looking RPG HEARTBEAT has confirmed their intention to do a Linux build. Speaking on both itch.io and Steam, they seem rather positive about putting out a Linux version of their rather interesting adventure.
  • Jon Shafer's At the Gates to finally released next month, with Linux support
    After nearly seven years of development, the strategy game Jon Shafer's At the Gates is going to release next month with Linux support. For those who don't recognise the name, Shafer is the designer behind Civilization V. A game I completely lost track of, after previously highlighting it back in 2013. The developer announced on Twitter today, that the release is finally happening on January 23rd, 2019. After sending a quick message, the developer confirmed to us Linux will see support at release.
  • Rocket League updated with progression tweaks and a second Rocket Pass
    Rocket League, the insanely addictive rocket-powered sports game from Psyonix, Inc. has a few important tweaks released along with the second Rocket Pass. Firstly, let's quickly go over the progression changes. They're not overly dramatic, but there's some nice differences. From now, every time you touch the ball you will get two points (limited to one per second), the win bonus was doubled from 50 to 100, the Weekly Win Bonus was expanded from two to three games along with a max per week going up from 14 to 21 wins. On top of that, placement matches now count towards your Bronze Season Reward Level which is a nice tweak. Additionally, they've finally added some leaderboards for the new Ranked modes and there's also plenty of bug fixes that have come in this month.
  • The Odd Realm to enter Early Access on Steam with Linux support in January
    The Odd Realm, the simulation game where you will lead a group of settlers to a new home is coming to Steam next month. Get your calendar out, mark down January 11th, 2019 for when it will be up and ready for purchase on Steam. We recently highlighted this one, so it might sound familiar. However, we didn't know when it would be coming to Steam.
  • The developer of the retro FPS 'DUSK' has confirmed a Linux build is on the way
    While we knew DUSK would be getting a Linux version, it's always good to see confirmation that's up to date and positive. When asked this month on Steam, if it was coming to Linux the developer said "Yep! Linux / Mac builds are on the way! STAY TUNED" which is a rather clear-cut reply about it.
  • Battle Royale Tycoon has you designing and building arenas to watch the AI fight
    Now available with Linux support in Early Access, Battle Royale Tycoon flips the hype train upside down and has you building the arena rather than fighting in it. I must admit, I'm surprised. I was genuinely expecting this to see a wave of negative reviews. So far though, it seems players actually like it. I'm happy to see that, because it's actually quite an interesting idea for a building/tycoon style game. It's styled more like a theme park building game, with you setting up various battle arenas.

Mozilla Firefox 64.0