Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Mozilla Attack & Defense: Inspecting Just-in-Time Compiled JavaScript

    The security implications of Just-in-Time (JIT) Compilers in browsers have been getting attention for the past decade and the references to more recent resources is too great to enumerate. While it’s not the only class of flaw in a browser, it is a common one; and diving deeply into it has a higher barrier to entry than, say, UXSS injection in the UI. This post is about lowering that barrier to entry.

    If you want to understand what is happening under the hood in the JIT engine, you can read the source. But that’s kind of a tall order given that the folder js/ contains 500,000+ lines of code. Sometimes it’s easier to treat a target as a black box until you find something you want to dig into deeper. To aid in that endeavor, we’ve landed a feature in the js shell that allows you to get the assembly output of a Javascript function the JIT has processed. Disassembly is supported with the zydis disassembly library (our in-tree version).

    To use the new feature; you’ll need to run the js interpreter. You can download the jsshell for any Nightly version of Firefox from our FTP server – for example here’s the latest Linux x64 jsshell. Helpfully, these links always point to the latest version available, historical versions can also be downloaded.

  • Security updates for Tuesday

    Security updates have been issued by CentOS (dovecot), Debian (gnome-shell and teeworlds), Mageia (libetpan and zeromq), openSUSE (libxml2), Red Hat (chromium-browser and librepo), SUSE (compat-openssl098, firefox, kernel, openssl, and shim), and Ubuntu (gupnp).

  • Google Launches Confidential VMs, GKE Nodes, to Encrypt Data In-Use [Ed: The Linux Foundation is paying this publisher to participate in Google PR ploy, portraying servers controlled by Google as some sort of privacy magic]

    Google is hoping to make confidential computing — the encryption of data in-use — as easy as the click of a button for cloud native users. To this end, the company has released into general availability Confidential Virtual Machines (VMs), unveiled as a beta in July, as well as beta launched Google Kubernetes Engine (GKE) Confidential Nodes.

  • House approves bill to secure internet-connected federal devices against cyber threats

    The legislation would also require private sector groups providing devices to the federal government to notify agencies if the [Internet]-connected device has a vulnerability that could leave the government open to attacks.

    The bill is sponsored in the House by Reps. Robin Kelly (D-Ill.) and Will Hurd (R-Texas) and more than two dozen others.

  • Microsoft ends support for Office 2010: What you can do

    If the whole Microsoft thing is getting too complicated or too expensive for your pocketbook, we've reviewed the major alternative programs to Office, including Google's online application, LibreOffice, FreeOffice and more. Because they're all free, there's little risk to trying them.

More in Tux Machines

10 Open Source Static Site Generators to Create Fast and Resource-Friendly Websites

Technically, a static website means the webpages are not generated on the server dynamically. The HTML, CSS, JavaScript lie on the server in the version the end user receives it. The raw source code files are already prebuilt, the source code doesn’t change with the next server request. It’s FOSS is a dynamic website which depends on several databases and the web pages are generated and served when there’s a request from your browser. Majority of the web is powered by dynamic sites where you interact with the websites and there are plenty of content that often change. Read more

Today in Techrights

Richard Stallman: You can get arrested without a reason

The last few months have put data protection back in the spotlight. During a crisis of this kind, do we have to choose between safety and privacy? We talked about this with Richard Stallman, digital privacy activist and the founder of the Free Software Movement. Read more

7 Amazing Linux Distributions For Kids

Linux is a very powerful operating system and that is one of the reasons why it powers a lot of servers on the Internet. Though there have been concerns about its user-friendliness which has brought about the debate of how it will overtake Mac OSX and Windows on desktop computers, I think users need to accept Linux as it is to realize its real power. Today, Linux powers a lot of machines out there, from mobile phones to tablets, laptops, workstations, servers, supercomputers, cars, air traffic control systems, refrigerators, and many more. With all this and more yet to come in the near future, as I had already stated at the beginning, Linux is the operating system for future computing. Because the future belongs to the kids of today, then introducing them to technologies that will change the future is the way to go. Therefore they have to be introduced at an early stage to start learning computer technologies and Linux as a special case. One thing common to children is curiosity and early learning can help instill a character of exploration in them when the learning environment is designed to suit them. Having looked at some quick reasons why kids should learn Linux, let us now go through a list of exciting Linux distributions that you can introduce your kids to so that they can start using and learning Linux. Read more