Language Selection

English French German Italian Portuguese Spanish

Security: Microsoft Holes, Nitrokey, YubiKey and Location Privacy With Geoclue2

Filed under
Security
  • Security Flaw Found In Microsoft JET Database Engine by ZDE – Patch Expected In Windows October Update

    Zero Day Initiative or ZDI, a division of the Japanese multinational cyber security and defense company recently found a serious security flaw in Microsoft’s JET Database Engine which is inculcated and used in various different Microsoft products.

    ZDI reported that this vulnerability will allow potential attackers to execute an arbitrary code in Microsoft’s JET Database Engine, which is an underlying component of a database, a collection of information stored on a computer in a systematic way, this acts as the groundwork for many of Microsoft’s product, including the most widely used Microsoft Office. ZDI stated this to be an “out-of-bounds (OOB)” write in the JET, “An attacker could leverage this vulnerability to execute code under the context of the current process, however it does require user interaction since the target would need to open a malicious file,” ZDI further added in their report.

  • The Librem Key Makes Tamper Detection Easy

    From the beginning we have had big plans for the Librem Key. When we first announced our partnership with Nitrokey to produce the Librem Key all we could talk about publicly was the standard USB security token features it would have and some of the integration possibilities between the Librem laptop and Librem Key that would make security easier for the average person. What we couldn’t say at the time was that we were also working toward making the Librem Key do something that doesn’t exist anywhere else–integrate it with the tamper-evident Heads BIOS to make it incredibly easy to tell whether your BIOS has been tampered with. In this post I’m going to talk about why we wanted to add this feature, some of the work that went into it, and dive into some of the technologies that are working behind the scenes to help you understand how it works.

  • YubiKey 5 Series Launched, Google Chrome's Recent Questionable Privacy Practice, PlayOnLinux Alpha Version 5 Released, Android Turns Ten, and Fedora 29 Atomic and Cloud Test Day

    Yubico announced the launch of the YubiKey 5 series this morning, which are the first multi-protocol security keys to support FIDO2/WebAuthn and allow you to replace "weak password-based authentication with strong hardware-based authentication". You can purchase them here for $45.

  • Yubico Launches YubiKey 5 Series, the Industry’s First Multi-Protocol Security Keys Supporting FIDO2

    Yubico, the leading provider of hardware authentication security keys, today announced the launch of the YubiKey 5 Series, the industry’s first multi-protocol security keys supporting FIDO2/WebAuthn. With this new addition, the YubiKey 5 Series has the capability to replace weak password-based authentication with strong hardware-based authentication.

  • Recently in Geoclue

    Since people's location is a very sensitive piece of information, security of this information had been the core part of Geoclue2 design. The idea was (and still is) to only allow apps access to user's location with their explicit permission (that they could easily revoke later). When Geoclue2 was designed and then developed, we didn't have Flatpak. Surely, people were talking about the need for something like Flatpak but even with those ideas, it wasn't clear how location access will be handled.

    Hence we decided for geoclue to handle this itself, through an external app authorizing agent and implemented such an agent in GNOME Shell. Since there is no reliable way to identify an app on Linux, there were mixed reactions to this approach. While some thought it's good to have something rather than nothing, others thought it's better to wait for the time when we've the infrastructure that allows us to reliably identify apps.

  • Why I’m done with Chrome

    When Google launched Chrome ten years ago, it seemed like one of those rare cases where everyone wins. In 2008, the browser market was dominated by Microsoft, a company with an ugly history of using browser dominance to crush their competitors. Worse, Microsoft was making noises about getting into the search business. This posed an existential threat to Google’s internet properties.

    In this setting, Chrome was a beautiful solution. Even if the browser never produced a scrap of revenue for Google, it served its purpose just by keeping the Internet open to Google’s other products. As a benefit, the Internet community would receive a terrific open source browser with the best development team money could buy. This might be kind of sad for Mozilla (who have paid a high price due to Chrome) but overall it would be a good thing for Internet standards.

YubiKey 5 Series Brings FIDO2 Support, NFC Capability

  • YubiKey 5 Series Brings FIDO2 Support, NFC Capability

    While last week Purism entered into the hardware security space with the Librem Key as a USB-based smart card, industry veteran Yubico today announced their YubiKey 5 Series.

    The YubiKey 5 Series is the industry's first multi-protocol security keys with support for FIDO2, the new open authentication standard for passwordless logins. Among the other supported protocols are OpenPGP, FIDO U2F, OATH-HOTP, and others. In addition to USB-C and USB-A interfaces, YubiKey 5 also has near-field communication (NFC) support.

More on Chrome

  • Google secretly logs users into Chrome whenever they log into a Google site

    This system, Sync, allows users to log in with their Google accounts inside Chrome and optionally upload and synchronize local browser data (history, passwords, bookmarks, and other) to Google's servers.

    Sync has been present in Chrome for years, but until now, the system worked independently from the logged-in state of Google accounts. This allowed users to surf the web while logged into a Google account but not upload any Chrome browsing data to Google's servers, data that may be tied to their accounts.

  • Here’s How Chrome’s New Auto-Login Puts Your Privacy At Massive Risk

    Google brought in a bunch of new features in the new Chrome 69 version. While many of them were much appreciated, some didn’t go well with the users. Apparently, there is another less advertised tweak that people are not happy about.

A Seemingly Small Change to Chrome Stirs Big Controversy

More Android

  • Pete Zaitcev: Huawei UI/UX fail

    It turned out that it's possible to reset the blasted thing merely by holding it. If someone grabs it and pays no attention to what's on the screen, then it's easy to press and hold the edge power button inadvertently. That brings up a dialog that has 2 touch buttons for power off and reset. The same hand that's holding the power touches the screen and causes the reset (a knuckle where the finger meets the palm does that perfectly).

  • Samsung’s Foldable Galaxy F Will Be A Limited Edition Smartphone

Chrome 69 secretly logs you in to Chrome Sync

  • Chrome 69 secretly logs you in to Chrome Sync when you visit a Google site

    A number of reports have highlighted that Chrome 69 - the one that made your tabs all curvy - is automatically logging people in as soon as they hit a Google-owned site. In other words, if you use Google, Gmail, YouTube, Google Docs, Google Maps and are logged in, then Chrome will also follow suit.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.