Security: Microsoft Holes, Nitrokey, YubiKey and Location Privacy With Geoclue2
-
Security Flaw Found In Microsoft JET Database Engine by ZDE – Patch Expected In Windows October Update
Zero Day Initiative or ZDI, a division of the Japanese multinational cyber security and defense company recently found a serious security flaw in Microsoft’s JET Database Engine which is inculcated and used in various different Microsoft products.
ZDI reported that this vulnerability will allow potential attackers to execute an arbitrary code in Microsoft’s JET Database Engine, which is an underlying component of a database, a collection of information stored on a computer in a systematic way, this acts as the groundwork for many of Microsoft’s product, including the most widely used Microsoft Office. ZDI stated this to be an “out-of-bounds (OOB)” write in the JET, “An attacker could leverage this vulnerability to execute code under the context of the current process, however it does require user interaction since the target would need to open a malicious file,” ZDI further added in their report.
-
The Librem Key Makes Tamper Detection Easy
From the beginning we have had big plans for the Librem Key. When we first announced our partnership with Nitrokey to produce the Librem Key all we could talk about publicly was the standard USB security token features it would have and some of the integration possibilities between the Librem laptop and Librem Key that would make security easier for the average person. What we couldn’t say at the time was that we were also working toward making the Librem Key do something that doesn’t exist anywhere else–integrate it with the tamper-evident Heads BIOS to make it incredibly easy to tell whether your BIOS has been tampered with. In this post I’m going to talk about why we wanted to add this feature, some of the work that went into it, and dive into some of the technologies that are working behind the scenes to help you understand how it works.
-
YubiKey 5 Series Launched, Google Chrome's Recent Questionable Privacy Practice, PlayOnLinux Alpha Version 5 Released, Android Turns Ten, and Fedora 29 Atomic and Cloud Test Day
Yubico announced the launch of the YubiKey 5 series this morning, which are the first multi-protocol security keys to support FIDO2/WebAuthn and allow you to replace "weak password-based authentication with strong hardware-based authentication". You can purchase them here for $45.
-
Yubico Launches YubiKey 5 Series, the Industry’s First Multi-Protocol Security Keys Supporting FIDO2
Yubico, the leading provider of hardware authentication security keys, today announced the launch of the YubiKey 5 Series, the industry’s first multi-protocol security keys supporting FIDO2/WebAuthn. With this new addition, the YubiKey 5 Series has the capability to replace weak password-based authentication with strong hardware-based authentication.
-
Recently in Geoclue
Since people's location is a very sensitive piece of information, security of this information had been the core part of Geoclue2 design. The idea was (and still is) to only allow apps access to user's location with their explicit permission (that they could easily revoke later). When Geoclue2 was designed and then developed, we didn't have Flatpak. Surely, people were talking about the need for something like Flatpak but even with those ideas, it wasn't clear how location access will be handled.
Hence we decided for geoclue to handle this itself, through an external app authorizing agent and implemented such an agent in GNOME Shell. Since there is no reliable way to identify an app on Linux, there were mixed reactions to this approach. While some thought it's good to have something rather than nothing, others thought it's better to wait for the time when we've the infrastructure that allows us to reliably identify apps.
-
Why I’m done with Chrome
When Google launched Chrome ten years ago, it seemed like one of those rare cases where everyone wins. In 2008, the browser market was dominated by Microsoft, a company with an ugly history of using browser dominance to crush their competitors. Worse, Microsoft was making noises about getting into the search business. This posed an existential threat to Google’s internet properties.
In this setting, Chrome was a beautiful solution. Even if the browser never produced a scrap of revenue for Google, it served its purpose just by keeping the Internet open to Google’s other products. As a benefit, the Internet community would receive a terrific open source browser with the best development team money could buy. This might be kind of sad for Mozilla (who have paid a high price due to Chrome) but overall it would be a good thing for Internet standards.
- Login or register to post comments
- Printer-friendly version
- 3916 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
YubiKey 5 Series Brings FIDO2 Support, NFC Capability
YubiKey 5 Series Brings FIDO2 Support, NFC Capability
More on Chrome
Google secretly logs users into Chrome whenever they log into a Google site
Here’s How Chrome’s New Auto-Login Puts Your Privacy At Massive Risk
A Seemingly Small Change to Chrome Stirs Big Controversy
A Seemingly Small Change to Chrome Stirs Big Controversy
More Android
Pete Zaitcev: Huawei UI/UX fail
Samsung’s Foldable Galaxy F Will Be A Limited Edition Smartphone
Chrome 69 secretly logs you in to Chrome Sync
Chrome 69 secretly logs you in to Chrome Sync when you visit a Google site