Language Selection

English French German Italian Portuguese Spanish

Security: Mozilla, FOSS Updates, Microsoft Holes and Securing Email for an Organisation

Filed under
Security
  • Mozilla Open Policy & Advocacy Blog: EU takes major step forward on government vulnerability disclosure review processes

    We’ve argued for many years that governments should implement transparent processes to review and disclose the software vulnerabilities that they learn about. Such processes are essential for the cybersecurity of citizens, businesses, and governments themselves. For that reason, we’re delighted to report that the EU has taken a crucial step forward in that endeavour, by giving its cybersecurity agency an explicit new mandate to help European governments establish and implement these processes where requested.

    The just-adopted EU Cybersecurity Act is designed to increase the overall level of cybersecurity across the EU, and a key element of the approach focuses on empowering the EU’s cybersecurity agency (‘ENISA’) to play a more proactive role in supporting the Union’s Member States in cybersecurity policy and practices. Since the legislative proposal was launched in 2017, we’ve argued that ENISA should be given the power to support EU Member States in the area of government vulnerability disclosure (GVD) review processes.

    Malicious actors can exploit vulnerabilities to cause significant harm to individuals and businesses, and can cripple critical infrastructure. At the same time, governments often learn about software vulnerabilities and face competing incentives as to whether to disclosure the existance of the vulnerability to the affected company immediately, or delay disclosure so they can use the vulnerability as an offensive/intelligence-gathering tool. For those reasons, it’s essential that governments have processes in place for reviewing and coordinating the disclosure of the software vulnerabilities that they learn about, as a key pillar in their strategy to defend against the nearly daily barrage of cybersecurity attacks, hacks, and breaches.

  • Security updates for Tuesday
  • Microsoft March Patch Tuesday comes with fixes for two Windows zero-days [Ed: 17 critical flaws in Microsoft Windows and code out there to exploit these; the platform is designed for back doors.]
  • Securing Email for an Organization

More in Tux Machines

New features in OpenStack Neutron

OpenStack is the open source cloud infrastructure software project that provides compute, storage, and networking services for bare-metal, container, and VM workloads. To get a sense of the core functionality and additional services, check out the OpenStack map. The platform has a modular architecture that works across industry segments because infrastructure operators can choose the components they need to manage their infrastructure in the way that best supports their application workloads. The modules are also pluggable to provide further flexibility and make sure they can be used with a specific storage backend or software-defined networking (SDN) controller. Neutron is an OpenStack project to provide a de-facto standard REST API to manage and configure networking services and make them available to other components such as Nova. Read more

today's leftovers

  • Full Circle Weekly News #125
  • Why Open19 Designs Matter for Edge Computing [Ed: Openwashing Microsoft without even any source code]
    On the opening day of this year's Data Center World in Phoenix, Yuval Bachar, LinkedIn's principal engineer of data center architecture, was on hand to explain why the social network's Open19 Project will be an important part of data centers' move to the edge.
  • Course Review: Applied Hardware Attacks: Rapid Prototying & Hardware Implants
    Everyone learns in different ways. While Joe is happy to provide as much help as a student needs, his general approach probably caters most to those who learn by doing. Lecture is light and most of the learning happens during the lab segments. He gives enough space that you will make mistakes and fail, but not so badly that you never accomplish your objective. If you read the lab manual carefully, you will find adequate hints to get you in the right direction. On the other hand, if you’re a student that wants to site in a classroom and listen to an instructor lecture for the entire time, you are definitely in the wrong place. If you do not work on the labs, you will get very, very, little out of the course. The rapid prototyping course is a good introduction to using the 3D printer and pcb mill for hardware purposes, and would be valuable even for those building hardware instead of breaking it. It really opened my eyes to the possibilities of these technologies. On the other hand, I suspect that the hardware implants course has limited application. It’s useful to learn what is possible, but unless you work in secure hardware design or offensive security that would use hardware implants, it’s probably not something directly applicable to your day to day.
  • Nulloy – Music Player with Waveform Progress Bar
    I’ve written a lot about multimedia software including a wide range of music players, some built with web-technologies, others using popular widget toolkits like Qt and GTK. I want to look at another music player today. You may not have heard of this one, as development stalled for a few years. But it’s still under development, and it offers some interesting features. It’s called Nulloy. The software is written in the C++ programming language, with the user interface using the Qt widget toolkit. It’s first release was back in 2011.
  • A Complete List of Google Drive Clients for Linux

Security Leftovers

SmartArt and Contributors to LibreOffice

  • SmartArt improvements in LibreOffice, part 4
    I recently dived into the SmartArt support of LibreOffice, which is the component responsible for displaying complex diagrams from PPTX. I focus on the case when only the document model and the layout constraints are given, not a pre-rendered result. First, thanks to our partner SUSE for working with Collabora to make this possible.
  • Things to know if you are a new contributor to LibreOffice code
    When I began contributing code to LibreOffice, I faced some issues because I didn't know several facts that the other active contributors knew. This blog post summarizes some of those facts, and I hope it will be useful for other new contributors!