Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security Researchers Find Several Bugs in Nest Security Cameras

    Researchers Lilith Wyatt and Claudio Bozzato of Cisco Talos discovered the vulnerabilities and disclosed them publicly on August 19. The two found eight vulnerabilities that are based in the Nest implementation of the Weave protocol. The Weave protocol is designed specifically for communications among Internet of Things or IoT devices.

  • Better SSH Authentication with Keybase

    With an SSH CA model, you start by generating a single SSH key called the CA key. The public key is placed on each server and the server is configured to trust any key signed by the CA key. This CA key is then used to sign user keys with an expiration window. This means that signed user keys can only be used for a finite, preferably short, period of time before a new signature is needed. This transforms the key management problem into a user management problem: How do we ensure that only certain people are able to provision new signed SSH keys?

  • Texas ransomware attacks deliver wake-up call to cities [iophk: Windows TCO]

    The Texas Department of Information Resources has confirmed that 22 Texas entities, mostly local governments, have been hit by the ransomware attacks that took place late last week. The department pointed to a “single threat actor” as being responsible for the attacks, which did not impact any statewide systems.

  • Texas Ransomware Attack

    On Security Now, Steve Gibson talks about a huge ransomware attack. 23 cities in Texas were hit with a well-coordinated ransomware attack last Friday, August 16th.

  • CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry

    Apache Tapestry uses HMACs to verify the integrity of objects stored on the client side. This was added to address the Java deserialization vulnerability disclosed in CVE-2014-1972. In the fix for the previous vulnerability, the HMACs were compared by string comparison, which is known to be vulnerable to timing attacks.

More in Tux Machines

6 Best Free and Open Source Linux Anti-Spam Tools

Email is one of the primary communication channels among users. The Radicati Group is an organization which publishes quantitative and qualitative research on business and consumer usage for email, instant messaging, social networking, wireless email, and unified communications. Their research estimates that the total worldwide emails in 2020 is 306 billion. The cost of spam is frightening, estimated to be approximately $50 billion each year. The tide of the daily spam is a continual thorn in the side for both providers and users. Spam is a waste of valuable network bandwidth, disk space and takes up users’ valuable time to declutter their mailboxes. Many spam messages contain URLs to a dubious website or websites, peddling fake pharmaceutical products, replicas, enhancers, or gambling. Alternatively, the URLs may be phishing attacks, for example taking an unwitting victim to a site which seeks to steal private information such as bank account login data. Read more

Stable Kernels: 5.8.11, 5.4.67, 4.19.147, 4.14.199, 4.9.237, and 4.4.237

I'm announcing the release of the 5.8.11 kernel.

All users of the 5.8 kernel series must upgrade.

The updated 5.8.y git tree can be found at:
	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.8.y
and can be browsed at the normal kernel.org git web browser:
	https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...

thanks,

greg k-h
Read more Also: Linux 5.4.67 Linux 4.19.147 Linux 4.14.199 Linux 4.9.237 Linux 4.4.237

today's howtos

KaOS 2020.09

KaOS is pleased to announce the availability of the September release of a new stable ISO. With almost 60 % percent of the packages updated since the last ISO and the last release being over two months old, a new ISO is more than due. News for KDE Applications 20.08 included Dolphin adding thumbnails for 3D Manufacturing Format (3MF) files, you can also see previews of files and folders on encrypted file systems such as Plasma Vaults now remembers and restores the location you were viewing, as well as the open tabs, and split views you had open when you last closed it.Yakuake now lets you configure all the keyboard shortcuts that come from Konsole and there is a new system tray item that shows you when Yakuake is running. Elisa now lets you display all genres, artists, or albums in the sidebar, below other items. As always with this rolling distribution, you will find the very latest packages for the Plasma Desktop, this includes Frameworks 5.74.0, Plasma 5.19.5 and KDE Applications 20.08.1. All built on Qt 5.15.1. Read more