Language Selection

English French German Italian Portuguese Spanish

Security: Updates, ZombieLoad, FTP, Hack.lu, Hacking SETI, and Microsoft Chaos

Filed under
Security
  • Security updates for Thursday
  • ZombieLoad Mitigation Costs For Intel Haswell Xeon, Plus Overall Mitigation Impact

    With tests over the past week following the disclosure of the Microarchitectural Data Sampling (MDS) vulnerabilities also known as "Zombieload", we've looked at the MDS mitigation costs (and now the overall Spectre/Meltdown/L1TF/MDS impact) for desktop CPUs, servers, and some laptop hardware. I've also begun doing some tests on older hardware, such as some Phoronix readers curious how well aging Intel Haswell CPUs are affected.

  • How to enhance FTP server security [Ed: It just needs to be abandoned]
  • Hack.lu 2019 Call for Papers, Presentations and Workshops

    The purpose of the hack.lu convention is to give an open and free playground where people can discuss the implication of new technologies in society. hack.lu is a balanced mix convention where technical and non-technical people can meet each others and share freely all kind of information. The convention will be held in the Grand-Duchy of Luxembourg in October (22-24.10.2019). The most significant new discoveries about computer network attacks and defenses, commercial security solutions, and pragmatic real world security experience will be presented in a three days series of informative tutorials. We would like to announce the opportunity to submit papers, and/or lightning talk proposals for selection by the hack.lu technical review committee. This year we will be doing workshops on the first day PM and talks of 1 hour or 30 minutes in the main track for the three days.

  • Hacking SETI
  • Legal Threats Make Powerful Phishing Lures

    On or around May 12, at least two antivirus firms began detecting booby-trapped Microsoft Word files that were sent along with some various of the following message: [...]

  • US officials say foreign election [cracking] is inevitable

    "Systems that are connected to the Internet, if they're targeted by a determined adversary with enough time and resources, they will be breached," Hickey said. "So, we need to be focusing on resilience."

  • Why a Windows flaw patched nine days ago is still spooking the Internet

    The vulnerability resides in Microsoft’s proprietary Remote Desktop Protocol, which provides a graphical interface for connecting to another computer over the Internet. Exploiting the vulnerability—which is present in older versions of Windows but not the much better secured Windows 8 and 10—requires only that an attacker send specific packets to a vulnerable RDP-enabled computer. In a testament to the severity, Microsoft took the highly unusual step of issuing patches for Windows 2003, XP, and Vista, which haven’t been supported in four, five, and seven years, respectively.

  • Serial publisher of Windows 0-days drops exploits for 2 more unfixed flaws

    In Tuesday’s disclosure, SandboxEscaper wrote that the Task Scheduler vulnerability works by exploiting a flaw in the way the Task Scheduler processes changes to discretionary access control list permissions for an individual file. An advisory published Wednesday by US Cert confirmed that the exploit worked against both 32-bit and 64-bit versions of Windows 10.

More in Tux Machines

Games: vkBasalt, Ikey Doherty, Crusader Kings II, Sunless Skies

  • vkBasalt, an open source Vulkan post processing layer for Contrast Adaptive Sharpening

    This is an interesting open source project! vkBasalt is a new Vulkan post processing layer that currently supports Contrast Adaptive Sharpening. Unlike Radeon Image Sharpening, vkBasalt supports Linux and works with both NVIDIA and AMD. This isn't entirely reinventing the wheel though, as it's partly based upon the ReShade port of AMD's CAS. Still, it's fun to see what hackers are able to do with little layers like this, especially when we don't have official support.

  • Ikey Doherty Launches Open-Source Focused Game/Software Development Company

    Well known open-source figure Ikey Doherty who rose to prominence for his work on the Solus Linux distribution and then went on to work on Intel's Clear Linux project is now having his hand at game engine development. Ikey shared with us that he left Intel back in May to begin his new adventure: Lispy Snake. Lispy Snake is a UK software development firm that at least initially is working on a game engine and games. Given Ikey's experience, the firm is focused on leveraging open-source technologies.

  • After making Crusader Kings II free, Paradox are now giving away The Old Gods expansion

    It's been a bit of a whirlwind of Paradox news recently and we have even more to share. With a tiny amount of effort, you can get The Old Gods expansion for Crusader Kings II free. This is after Crusader Kings II was set free to play and Crusader Kings III was announced just like I suggested it would be.

  • Failbetter Games are upgrading owners of Sunless Skies to the Sovereign Edition next year

    Failbetter Games have announced that Sunless Skies is getting a bit of an upgrade with the Sovereign Edition and it's going to be free to existing purchasers when it's release next year. Part of the reason, is that it will be releasing on Consoles so they're polishing the experience up some more. It's not just a special console edition though, it's coming with a bunch of new content and various improvements to the flow of it. To release on PC at the same time as Consoles, free for existing players.

What To Do After Installing Ubuntu 19.10 Eoan Ermine

In this traditional article special for Ubuntu 19.10 Eoan Ermine you will find my suggestions and recommendations in 3 parts, work (including date/time adjustments, productivity tools), non-work (including extensions, podcasts, RSS, codecs), and system maintenance (including CPU-X, repository setup, auto-backup). I also have suggestion for you wanting Global Menu on this Eoan Ermine OS at the end. Adjust it once and use freely everyday. Finally, I hope Ubuntu 19.10 will be your best tool you could imagine to use without worry. Happy working! Read more

Python Programming Leftovers

  • Pylint: Making your Python code consistent

    Pylint is a higher-level Python style enforcer. While flake8 and black will take care of "local" style: where the newlines occur, how comments are formatted, or find issues like commented out code or bad practices in log formatting. Pylint is extremely aggressive by default. It will offer strong opinions on everything from checking if declared interfaces are actually implemented to opportunities to refactor duplicate code, which can be a lot to a new user. One way of introducing it gently to a project, or a team, is to start by turning all checkers off, and then enabling checkers one by one. This is especially useful if you already use flake8, black, and mypy: Pylint has quite a few checkers that overlap in functionality.

  • PyDev of the Week: Sophy Wong

    This week we welcome Sophy Wong (@sophywong) as our PyDev of the Week! Sophy is a maker who uses Circuit Python for creating wearables. She is also a writer and speaker at Maker events. You can see some of her creations on her Youtube Channel or her website. Let’s take a few moments to get to know her better!

  • Erik Marsja: Converting HTML to a Jupyter Notebook

    In this short post, we are going to learn how to turn the code from blog posts to Jupyter notebooks.

Proper Linux Screen Sharing Coming to Chromium & Electron Apps like Discord

A patch to add ‘screen enumeration’ to the Chromium browser is currently pending merge upstream. Once this fix is accepted Chromium and Chromium-based apps (like Discord) will finally support full screen sharing on Linux in a manner similar to that on Windows and macOS. Not being a multi-monitor user, or someone who shares their screen often, I wasn’t aware of this particular limitation until recently. So I’ll explain. Read more