Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • People Think Their Passwords Are Too Awesome For Two Factor Authentication. They’re Wrong.
  • Security updates for Thursday
  • Let's Encrypt Now Trusted by All Major Root Programs

    Now, the CA’s root is directly trusted by almost all newer versions of operating systems, browsers, and devices. Many older versions, however, still do not directly trust Let’s Encrypt.

    While some of these are expected to be updated to trust the CA, others won’t, and it might take at least five more years until most of them cycle out of the Web ecosystem. Until that happens, Let’s Encrypt will continue to use a cross signature.

  • WPA2 flaw lets attackers easily crack WiFi passwords

    The security flaw was found, accidentally, by security researcher Jens Steube while conducting tests on the forthcoming WPA3 security protocol; in particular, on differences between WPA2's Pre-Shared Key exchange process and WPA3's Simultaneous Authentication of Equals, which will replace it. WPA3 will be much harder to attack because of this innovation, he added.

  • ​Linux kernel network TCP bug fixed

    Another day, another bit of security hysteria. This time around the usually reliable Carnegie Mellon University's CERT/CC, claimed the Linux kernel's TCP network stack could be "forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (DoS)."

  • State of Security for Open Source Web Applications 2018

    ach year, we publish a set of statistics summarizing the vulnerabilities we find in open source web applications. Our tests form part of Netsparker's quality assurance practices, during which we scan thousands of web applications and websites. This helps us to add to our security checks and continuously improve the scanner's accuracy.

    This blog post includes statistics based on security research conducted throughout 2017. But first, we take a look at why we care about open source applications, and the damage that can be caused for enterprises when they go wrong.

  • New Actor DarkHydrus Targets Middle East with Open-Source Phishing [Ed: Headline says "Open-Source Phishing," but this is actually about Microsoft Windows and Office (proprietary and full of serious bugs)]

    Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign.

    Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign, mounted by a newly-named threat group known as DarkHydrus. In a twist on the norm, the group is leveraging the open-source Phishery tool to carry out its dark work.

    The attacks follow a well-worn pattern, according to Palo Alto Networks’ Unit 42 group: Spear-phishing emails with attached malicious Microsoft Office documents are leveraging the “attachedTemplate” technique to load a template from a remote server.

More in Tux Machines

today's howtos

Belated KDE/Akademy Development/Coverage

  • Kate projects and out-of-source builds
    During Akademy I once more was a bit disappointed how bad the project plugin of Kate can cope with out-of-source builds. At work, we use in-source-builds, as we normally only build in one configuration and have no issues with left-overs in the source directories locally. For this use-case, the project plugin works really well. You have your project local terminal view and that allows you all normal things you need during work, e.g. building + using the git command line client for the version control work. On the other side, with out-of-source builds, that no longer is that nice to use. Either you use the .kateproject generated by the “Kate – Ninja” or “Kate – Unix Makefiles” CMake generators, then your terminal defaults to the build directory, which allows building just fine, but no version control stuff, or you use the .kateproject (or auto-project creation) in the source directory, which doesn’t allow you to build nicely inside the terminal prompt of Kate. There are workaround for that, like having shell magic to switch between source and build directory with ease, but that all feels a bit unnatural. Therefore, I added today a very simple “fix” for the issue: If you have a .kateproject that has a different base directory (the toplevel “directory” entry) than the directory the .kateproject file is located in, you will get two terminal tabs in the project view.
  • Post Akademy
    So, it has been a busy week of Qt and KDE hacking in the beautiful city of Vienna. Besides getting quite some of the Viennese staple food, schnitzel, it was an interesting adventure of getting smarter.
  • My First Akademy!
    That day I also attended Plasma Mycroft BoF, in which Aditya told us about various new development and gave us High-Level Overview about working of Mycroft and also How can we make it easier for developers to make Mycroft skills!
  • Akademy retrospective
    I had an amazing time with the KDE community in Vienna this past week at Akademy. In fact it was my first Akademy despite contributing to KDE for so long, but Vienna was a great reason to make my first trip to Europe. [...] I led a BoF on this topic for kdesrc-build and participated in a few others as well. There’s a lot out there that we can do to improve our story here, in kdesrc-build and elsewhere, and I’m hopeful we can accomplish real improvement here over the next year. But it was also nice to see and hear a lot of the positive feedback our developers had about kdesrc-build.

GNOME: GNOME Shell, Shotwell, GNOME Asia 2018 in Taipei

  • Customing time and date formats in the GNOME top bar
    Do you want another time and date format in the GNOME top bar than what is set in your default locale? The Clock Override extension for GNOME gives you full control of what and how time and data information is display in the top bar. The GNOME Shell for Linux doesn’t provide a lot of customization options out of the box. GNOME really don’t believe that anyone would ever want to customize their beautiful desktop shell. They’ve taken their design-by-omitting-customization paradigm so far that they’ve even left out the ability to customize the date and time format. Fortunately, the GNOME Shell is quite extensible and users always do find a way to change things the way that they want them.
  • Face detection and recognition in shotwell
    After dabbling a bit with OpenFace, I wanted to add similar face detection and recognition abilities to a typical Linux desktop photo app. So I discovered Shotwell, which is a photo manager for Gnome. Shotwell had a partial implementation of face detection (no recognition) which was under a build define and not enabled in the releases. With that code as the starting point, I started integrating the ideas from OpenFace into Shotwell.
  • Shobha Tyagi: GNOME.Asia Summit 2018
    GNOME.Asia Summit 2018 was co-hosted with COSCUP 2018 and openSUSE.Asia Summit in Taipei, Taiwan 11-12 August 2018.
  • Umang Jain: GNOME Asia 2018, Taipei
    I am very pleased to attend to GNOME Asia(again!) that took place at National Taiwan University of Science and Technology, Taipei this year. Its always great to see GNOME folks around, hanging out and have a social side of things. GNOME Asia was co-hosted with OpenSUSE Asia summit and COSCUP. [...] We had a GNOME BoF to address couple of issues around conferences: Mostly around standardization of conference organization, budget, effect of local team presence at potential conference venues etc.

What’s New in Ubuntu Kylin 18.04 LTS

Ubuntu Kylin 18.04 LTS is the latest version of Ubuntu Kylin. As part of Ubuntu 18.04 Flavor, this release ships with UKUI desktop environment 1.0 series. Linux kernel has been updated to 4.15. Besides, all the special software and the jointly developed software are updated to the new version, including Kylin Assistant, Ubuntu Kylin Software Center, Kylin Video, Youker Weather, Sougou Pinyin and WPS Office. Especially, Electronic Wechat and Burner have been added to the default normal install for better user experience in work and entertainment. WPS Office is a suite of software which is made up of three primary components: WPS Writer, WPS Presentation, and WPS Spreadsheet. Ubuntu Kylin team is working with Kingsoft Corp to continue providing WPS for Ubuntu Kylin users for free. Foxit reader is based on the Foxit for Linux and designed for Chinese user to be simple during installation. It provides a way to view, create and sign PDF files, and add annotations to them. Read more