Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Internet Explorer zero-day lets hackers steal files from Windows PCs [Ed: Microsoft Windows has back doors, so this is "small potatoes"]

    A security researcher has published today details and proof-of-concept code for an Internet Explorer zero-day that can allow hackers to steal files from Windows systems.

  • MicroBriefly: The tiniest firewall I have seen – Firewalla

    ...BSD Unix, and about the size of a paperback novel (small by standards of those days). Now, solid state storage (SSD) and low power CPUs are tiny, enough to easily fit in a matchbox or lighter sized device.

  • 'World's First Smart Contract Firewall' for EOS Launched By SlowMist

    Developers of EOSIO, an initiative supported by Block.one, a Cayman Islands-registered open-source software development firm with $4 billion in total funding (to date), have published a blog post, noting they’ve carefully looked into improving smart contract security on EOS.

    According to EOSIO’s blog, published on April 11th, FireWall.X provides an effective set of tools for “protecting smart contracts built” on EOS from “malicious hacks.” As explained by Zhong Qifu, a product manager at SlowMist Technology Co., the firm that developed FireWall.X, the “world’s first firewall” system for smart contracts aims to ensure the security of all EOS-based decentralized applications (dApps).

  • Bootstrap supply chain attack is another attempt to poison the barrel [Ed: Happens in proprietary software but we don't hear about it. Full of back doors.]

    Somebody smuggled something bad into the vast third-party, open-source supply chain we all depend upon.

  • Framing supply chain attacks

    The increase in the demand for innovative software has effectively reshaped the software development industry itself. Today, speed and agility are paramount and development teams are pushed to deliver highly advanced applications in record time — which means that writing every single line of code from the ground up is often not a sustainable practice. As the NIST puts it, “This ecosystem has evolved to provide a set of highly refined, cost-effective, reusable ICT solutions.”.

  • Apache Axis servers vulnerable to RCE due to expired domain
  • Building a data pipeline to defend New York from cyber threats
  • Linux Foundation aims to improve the sustainability and security of open source projects [Ed: Zemlin PAC pushing a Microsoft-led proprietary software effort]
  • Why AV companies are making their technology open source

    Some AV developers are opening source code for their technology, a strategy they can use to collect data and tech from anyone using their code, and which could help bring products to market faster.

    Why it matters: Open source providers are experimenting with how much of their technology to share, while protecting their intellectual property to stay competitive. Their decisions will have lasting implications for how AV technology develops.

  • Open Source Web Application SSO
  • Magento sites under attack through easily exploitable SQLi flaw

    A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is being actively exploited by attackers, so if you haven’t implemented the provided security update or patch, now is the time to do it.

  • A security researcher with a grudge is dropping Web 0days on innocent users

    Over the past three weeks, a trio of critical zeroday vulnerabilities in WordPress plugins has exposed 160,000 websites to attacks that allow criminal hackers to redirect unwitting visitors to malicious destinations. A self-proclaimed security provider who publicly disclosed the flaws before patches were available played a key role in the debacle, although delays by plugin developers and site administrators in publishing and installing patches have also contributed.

    Over the past week, zeroday vulnerabilities in both the Yuzo Related Posts and Yellow Pencil Visual Theme Customizer WordPress plugins—used by 60,000 and 30,000 websites respectively—have come under attack. Both plugins were removed from the WordPress plugin repository around the time the zeroday posts were published, leaving websites little choice than to remove the plugins. On Friday (three days after the vulnerability was disclosed), Yellow Pencil issued a patch. At the time this post was being reported, Yuzo Related Posts remained closed with no patch available.

More in Tux Machines

Ubuntu Leftovers: Blobs, Snapcraft and Arronax

  • Ubuntu 19.10 To Bundle NVIDIA's Proprietary Driver Packages As Part Of Its ISO
    For Ubuntu 19.10 the developers are adding the NVIDIA driver packages onto the ISO. The NVIDIA binary drivers won't be activated by default, but will be present on the install media to make it easier to enable post-install. The open-source NVIDIA "Nouveau" drivers will remain the default for NVIDIA graphics on new Ubuntu installations, but this change is positioning the mainline and legacy NVIDIA proprietary drivers onto the Ubuntu ISO so that they can be easily obtained locally post-install. The main driver here is allowing users to enable the NVIDIA proprietary graphics on Ubuntu even if you don't have an Internet connection. NVIDIA has already okay'ed the distribution of their driver packages with the Ubuntu ISO.
  • Snapcraft parts & plugins
    Last week, we published Introduction to snapcraft, a tutorial that provided a detailed overview of the snap build process. We touched on the concepts like snap ecosystem components, snapcraft command line, snapcraft.yaml syntax, and more. We’d like to expand on the first lesson, and today, we are going to talk about parts and plugins, used in the build process of snaps.
  • Arronax – Graphical Tool to Create Desktop Launcher in Ubuntu
    For those who want to manually create desktop shortcut launcher in Ubuntu 16.04, Ubuntu 18.04, Ubuntu 19.04, Arronax is a good choice with graphical user interface. Other than creating .desktop file via Linux command, Arronax offers a graphical interface to create (and also edit) desktop shortcut for application, executable file, or URL.

Games: Wine, IRKALLA, Vambrace: Cold Soul, ZED, and art of rally

  • Valve's Proton Pulls In Latest DXVK, Steam Networking Updates, Controller Layout Fixes
    The Valve developers maintaining their Proton fork of Wine for use by Steam Play have outed a new update, version 4.2-5.
  • Wine & Mingw-w64 Might Tighten Up Their Relationship - Possible "WineSDK"
    Developers between the Wine and Mingw-w64 projects are discussing the potential for further embracing their relationship given the overlap in trajectory and both benefiting from close collaboration. This extended relationship could also involve Mingw-w64 potentially adopting Wine's branding. While all Phoronix readers should be aware of Wine, for those not familiar with Mingw-w64 it's the off-shoot of MinGW focused on 64-bit support and other features over the original MinGW for providing an open-source development toolchain for Microsoft Windows. Mingw-w64 remains quite active in working on its GCC-based compiler toolchain support for Windows.
  • Wine and mingw-w64 cooperation
  • IRKALLA, an incredibly stylish looking pixel-art tactical-action platformer is coming to Linux
    The developers behind IRKALLA emailed in today and it grabbed my interest right away with the supremely stylish art behind it. The odd setting has my curiosity too, with mechs versus demons! According to the developer, it's a "platform-tactic game" so it has elements of an action platformer with character progression and some form of base defence building. IRKALLA has been in development for quite a few years now with their TIGForum post dating all the way back to 2013. We've been emailed today, as it seems development on it has been picked back up as they told me it's "finally coming together" and a Linux release is also confirmed of course.
  • Roguelike fantasy adventure 'Vambrace: Cold Soul' has a new feature trailer ahead of release next week
    The release of Vambrace: Cold Soul on May 28th is getting close now, it's quite an impressive looking game that I've been playing and they have a new feature trailer. I won't say too much on it myself before release but since I've had access for a while, I can say it works great on Linux.
  • Surreal adventure game 'ZED' about an artist suffering from dementia is releasing in June
    ZED, a game that will tell the story of an artist suffering from dementia from Eagre Games and Cyan Ventures now has a release date and it's quite soon. The Windows version is now scheduled in for June 4th, with the Linux (and Mac) version to be "later in June". Great to see it continue to be confirmed and although there is a delay, it's not going to be long it seems. Good thing too, as I'm damn excited for this one.
  • art of rally is bringing a stylized racing experience to Linux later this year
    Funselektor Labs, the developer of Absolute Drift has announced their latest game, art of rally. It might look stylish but it's not just a pretty face, as the developer is also focused on how the cars handle too. While we have a few racing games now like Grid Autosport, DiRT Rally/4 and some F1 games (plus a few that work with Steam Play), they're all quite serious business. art of rally looks to be taking a slightly less realistic focus while still providing a challenge, especially with the top-down view you get a better picture of what's up ahead.

Announcing Rust 1.35.0

The Rust team is happy to announce a new version of Rust, 1.35.0. Rust is a programming language that is empowering everyone to build reliable and efficient software. Read more Also: Rust 1.35 Released With Support For Empty Debug Macro, ~4x Faster ASCII Case Conversions

GNU Guile 2.9.2 (beta) released

We are delighted to announce GNU Guile 2.9.2, the second beta release in preparation for the upcoming 3.0 stable series. See the release announcement for full details and a download link. This release extends just-in-time (JIT) native code generation support to the ia32, ARMv7, and AArch64 architectures. Under the hood, we swapped out GNU Lightning for a related fork called Lightening, which was better adapted to Guile's needs. Read more