Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Internet Explorer zero-day lets hackers steal files from Windows PCs [Ed: Microsoft Windows has back doors, so this is "small potatoes"]

    A security researcher has published today details and proof-of-concept code for an Internet Explorer zero-day that can allow hackers to steal files from Windows systems.

  • MicroBriefly: The tiniest firewall I have seen – Firewalla

    ...BSD Unix, and about the size of a paperback novel (small by standards of those days). Now, solid state storage (SSD) and low power CPUs are tiny, enough to easily fit in a matchbox or lighter sized device.

  • 'World's First Smart Contract Firewall' for EOS Launched By SlowMist

    Developers of EOSIO, an initiative supported by Block.one, a Cayman Islands-registered open-source software development firm with $4 billion in total funding (to date), have published a blog post, noting they’ve carefully looked into improving smart contract security on EOS.

    According to EOSIO’s blog, published on April 11th, FireWall.X provides an effective set of tools for “protecting smart contracts built” on EOS from “malicious hacks.” As explained by Zhong Qifu, a product manager at SlowMist Technology Co., the firm that developed FireWall.X, the “world’s first firewall” system for smart contracts aims to ensure the security of all EOS-based decentralized applications (dApps).

  • Bootstrap supply chain attack is another attempt to poison the barrel [Ed: Happens in proprietary software but we don't hear about it. Full of back doors.]

    Somebody smuggled something bad into the vast third-party, open-source supply chain we all depend upon.

  • Framing supply chain attacks

    The increase in the demand for innovative software has effectively reshaped the software development industry itself. Today, speed and agility are paramount and development teams are pushed to deliver highly advanced applications in record time — which means that writing every single line of code from the ground up is often not a sustainable practice. As the NIST puts it, “This ecosystem has evolved to provide a set of highly refined, cost-effective, reusable ICT solutions.”.

  • Apache Axis servers vulnerable to RCE due to expired domain
  • Building a data pipeline to defend New York from cyber threats
  • Linux Foundation aims to improve the sustainability and security of open source projects [Ed: Zemlin PAC pushing a Microsoft-led proprietary software effort]
  • Why AV companies are making their technology open source

    Some AV developers are opening source code for their technology, a strategy they can use to collect data and tech from anyone using their code, and which could help bring products to market faster.

    Why it matters: Open source providers are experimenting with how much of their technology to share, while protecting their intellectual property to stay competitive. Their decisions will have lasting implications for how AV technology develops.

  • Open Source Web Application SSO
  • Magento sites under attack through easily exploitable SQLi flaw

    A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is being actively exploited by attackers, so if you haven’t implemented the provided security update or patch, now is the time to do it.

  • A security researcher with a grudge is dropping Web 0days on innocent users

    Over the past three weeks, a trio of critical zeroday vulnerabilities in WordPress plugins has exposed 160,000 websites to attacks that allow criminal hackers to redirect unwitting visitors to malicious destinations. A self-proclaimed security provider who publicly disclosed the flaws before patches were available played a key role in the debacle, although delays by plugin developers and site administrators in publishing and installing patches have also contributed.

    Over the past week, zeroday vulnerabilities in both the Yuzo Related Posts and Yellow Pencil Visual Theme Customizer WordPress plugins—used by 60,000 and 30,000 websites respectively—have come under attack. Both plugins were removed from the WordPress plugin repository around the time the zeroday posts were published, leaving websites little choice than to remove the plugins. On Friday (three days after the vulnerability was disclosed), Yellow Pencil issued a patch. At the time this post was being reported, Yuzo Related Posts remained closed with no patch available.

More in Tux Machines

Graphics: Vulkan and Mesa

  • RLSL Allows Running A Subset Of Rust On Vulkan/SPIR-V Enabled GPUs

    There was a recent Khronos meet-up in Munich where Maik Klein of Embark Studios talked about their work on bringing a sub-set of the Rust programming language to Vulkan (SPIR-V) enabled GPUs. RLSL is the project being worked on by the Swedish game studio for opening up Rustlang use for GPUs to benefit from the language's same design advantages, provide a unified front-end, and being able to leverage the existing Rust ecosystem with the likes of Cargo/crates.

  • Raspberry Pi 4's V3D Driver Lands OpenGL ES 3.1 Bits In Mesa 19.3-devel

    The Broadcom "V3D" Gallium3D driver that is most notably used by the new Raspberry Pi 4 boards now is effectively at OpenGL ES 3.1 support within the newest Mesa 19.3 code. We've known that Igalia has been ironing out OpenGL ES 3.1 for V3D after taking over the work from Eric Anholt who left Broadcom earlier this year to go work for Google. Merged this past week was the OpenGL compute shader bits as the main blocker that prevented the V3D open-source Gallium3D driver from exposing GLES 3.1. Following that was a memory violation fix and then explicitly exposing OpenGL ES Shading Language 3.1. That merge request does note that a few more fixes are still needed before V3D will officially pass all of the OpenGL ES 3.1 conformance tests, but at least Mesa 19.3's code is good enough along to enable the support.

today's howtos

Ubuntu: AMD Support, NVIDIA GPU Operator and More

  • Ubuntu 19.10 Doesn't Ship With AMD Navi / Radeon RX 5700 Support Working, But Easy To Enable

    While last week's release of Ubuntu 19.10 "Eoan Ermine" is new enough for Radeon RX 5700 series support with the Linux 5.3 kernel and Mesa 19.2, it doesn't actually work out-of-the-box for these Navi graphics cards. While the principal driver components of the Linux kernel and Mesa3D (for RadeonSI OpenGL and RADV Vulkan) are new enough with Navi support, Ubuntu 19.10's support isn't rounded out because its linux-firmware package isn't new enough for containing the necessary Navi firmware binaries required for the open-source driver usage. So if booting a clean Ubuntu 19.10 install with Radeon RX 5700, you are likely to just see a blank screen.

  • NVIDIA GPU Operator – Simplifying AI/ML Deployments on the Canonical Platform

    Leveraging Kubernetes for AI deployments is becoming increasingly popular. Chances are if your business is involved in AI/ML with Kubernetes you are using tools like Kubeflow to reduce complexity, costs and deployment time. Or, you may be missing out! With AI/ML being the tech topics of the world, GPUs play a critical role in the space. NVIDIA, a prominent player in the GPU space is one of the top choices for most stakeholders in the field. Nvidia takes their commitment to the space a step ahead with the launch of the GPU Operator open-source project at Mobile World Congress LA.

  • Ubuntu Weekly Newsletter Issue 601

    Welcome to the Ubuntu Weekly Newsletter, Issue 601 for the week of October 13th – 19th, 2019.

Audiocasts/Shows: Linux Headlines, Ohio Linux Fest, GNU World Order and Extras