Language Selection

English French German Italian Portuguese Spanish

Security: Curl, OpenSUSE, Equifax and Kubernetes

Filed under
Security
  • Report from the curl bounty program

    We announced our glorious return to the “bug bounty club” (projects that run bug bounties) a month ago, and with the curl 7.65.0 release today on May 22nd of 2019 we also ship fixes to security vulnerabilities that were reported within this bug bounty program.

  • OpenSUSE Adds Option To Installer For Toggling Performance-Hitting CPU Mitigations

    With the newly released openSUSE Leap 15.1 they have added an option to their installer for toggling the CPU mitigations around Spectre / Meltdown / Foreshadow / Zombieload to make it very convenient should you choose to retain maximum performance while foregoing the security measures. But it also allows disabling SMT/HT from the installer should you prefer maximum security.

    When installing openSUSE Leap 15.1 today, I was a bit surprised to see a "CPU mitigations" option that allows toggling the value similar to the mitigations= kernel command line option.

  • Equifax just became the first company to have its outlook downgraded for a cyber attack
  • Equifax just became the first company to have its outlook downgraded for a cyber attack

    Moody’s has just slashed its rating outlook on Equifax, the first time cybersecurity issues have been cited as the reason for a downgrade.

    Moody’s lowered Equifax’s outlook from stable to negative on Wednesday, as the credit monitoring company continues to suffer from the massive 2017 breach of consumer data.

    “We are treating this with more significance because it is the first time that cyber has been a named factor in an outlook change,” Joe Mielenhausen, a spokesperson for Moody’s, told CNBC. “This is the first time the fallout from a breach has moved the needle enough to contribute to the change.”

    Equifax could not immediately be reached for comment.

  • Kubernetes security: 4 strategic tips

    As with all things security-related, “fingers crossed!” isn’t exactly a confident posture. Kubernetes offers a lot of powerful security-oriented features, and the community has shown a strong commitment toward the security of the project. But it’s always best to be proactive, especially if you or your teams are still relatively new to containers and orchestration.

    The fundamentals of security hygiene still largely apply, as we noted in our recent article, Kubernetes security: 5 mistakes to avoid. There’s also some new learning to be done to ensure you’re proactively managing the risks inherent in any new system, especially once it’s running in production.

More in Tux Machines

Stable kernels 5.1.15, 4.19.56, and 4.14.130

  • Linux 5.1.15
    I'm announcing the release of the 5.1.15 kernel. All users of the 5.1 kernel series must upgrade. The updated 5.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...
  • Linux 4.19.56
  • Linux 4.14.130

Introducing people.kernel.org

Ever since the demise of Google+, many developers have expressed a desire to have a service that would provide a way to create and manage content in a format that would be more rich and easier to access than email messages sent to LKML. Today, we would like to introduce people.kernel.org, which is an ActivityPub-enabled federated platform powered by WriteFreely and hosted by very nice and accommodating folks at write.as. Read more

Statement by The Apache Software Foundation Board of Directors

It is with a mix of sadness and appreciation that the ASF Board accepted the resignations of Board Member Jim Jagielski, Chairman Phil Steitz, and Executive Vice President Ross Gardler last month. As an ASF co-founder, Jim has held every officer position since the Foundation’s incorporation, with the exception of a one-year break in 2018. He has played a substantial role in the development and success of the organization and is a recognized advocate of Open Source at the developer and corporate levels. An ASF Member since 2005, Phil was instrumental in the adoption, growth, and ubiquity of Apache Java projects across many industries, most visibly financial services. He served as Vice President Apache Commons for four years, and as ASF Chairman August 2017 - May 2019. Ross has been championing The Apache Way to governments, corporations, and educational institutions for nearly two decades. Since becoming an ASF Member in 2005, he served as Vice President of Community Development (2009-2012), ASF Director and President (2015-2016), and ASF Executive Vice President October 2016 - May 2019. We laud their contributions to many of the ASF's achievements over the past two decades [1]. Their motivation, vision, and passion is truly inspiring. Whilst we will greatly miss their day-to-day leadership at the executive level, we are heartened that the Foundation will continue to benefit through their participation as ASF Members. Read more

Android Leftovers