Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Videoconferencing Malware, Vizom, Discovered [Ed: Wrong. Zoom itself is malware and they admit having back doors.]

    It was probably only a matter of time before the cyber attackers hit videoconferencing software in 2020. Apps such as Zoom had a bona fide boon this year because of the world health crisis. Researchers discovered a new form of malware that uses remote overlay attacks to hit Brazilian bank account holders who use videoconferencing software.

    [...]

    Phishing campaigns spread Vizom, disguising it as Zoom. Once the malware accesses a Windows computer, it hits the AppData directory to start infecting the system. Using DLL hijacking, it tries to force malicious DLLs to be loaded, using names the attackers believe are on the software directories for the Delphi-based variants.

  • Combating abuse in Matrix - without backdoors.

    Last Sunday, the UK Government published an international statement on end-to-end encryption and public safety, co-signed by representatives from the US, Australia, New Zealand, Canada, India and Japan. The statement is well written and well worth a read in full, but the central point is this:

    We call on technology companies to [...] enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight.

    In other words, this is an explicit request from seven of the biggest governments in the world to mandate a backdoor in end-to-end encrypted (E2EE) communication services: a backdoor to which the authorities have a secret key, letting them view communication on demand. This is big news, and is of direct relevance to Matrix as an end-to-end encrypted communication protocol whose core team is currently centred in the UK.

    Now, we sympathise with the authorities’ predicament here: we utterly abhor child abuse, terrorism, fascism and similar - and we did not build Matrix to enable it. However, trying to mitigate abuse with backdoors is, unfortunately, fundamentally flawed.

  • Security updates for Tuesday

    Security updates have been issued by Debian (python-flask-cors), Fedora (kleopatra, nextcloud, and phpMyAdmin), Gentoo (ark, libjpeg-turbo, libraw, and libxml2), openSUSE (bind, kernel, php7, and transfig), Red Hat (kernel, kernel-alt, kernel-rt, rh-python36, virt:8.1 and virt-devel:8.1, and virt:8.2 and virt-devel:8.2), and Ubuntu (collabtive, freetype, linux, linux-hwe, linux-hwe-5.4, linux-oem, linux-raspi, linux-raspi-5.4, linux-snapdragon, and linux-oem-osp1, linux-raspi2-5.3).

  • Reproducible Builds (diffoscope): diffoscope 161 released

    The diffoscope maintainers are pleased to announce the release of diffoscope version 161. This version includes the following changes:

    [ Chris Lamb ]
    * Fix failing testsuite: (Closes: #972518)
      - Update testsuite to support OCaml 4.11.1. (Closes: #972518)
      - Reapply Black and bump minimum version to 20.8b1.
    * Move the OCaml tests to the assert_diff helper.
    
    [ Jean-Romain Garnier ]
    * Add support for radare2 as a disassembler.
    
    [ Paul Spooren ]
    * Automatically deploy Docker images in the continuous integration pipeline.
    

More in Tux Machines

Qt Creator 4.14 RC released

We are happy to announce the release of Qt Creator 4.14 RC ! Please have a look at our Beta blog post for the higher level overview of what improvements are included in Qt Creator 4.14, and to our change log for the more fine-grained list. Read more

Support your work-life balance with this open source productivity tool

Super Productivity is a to-do app for people that spend a lot of their time working from a computer. Its philosophy is that disciplined, focused work and cutting yourself some slack benefit from each other, rather than being on opposite sides of the spectrum. The app offers everything you would expect from a modern to-do app. It adds various little (optional) helpers to nudge you in the right direction to establish good work routines—whether you're working way too much without taking a break or leaning too hard on your dirty little procrastination habits and not getting done what you need to do. Read more

9 Open Source Forum Software That You Can Deploy on Your Linux Servers

Just like our It’s FOSS Community forum, it is important to always build a platform where like-minded people can discuss, interact, and seek support. A forum gives users (or customers) a space to reach out for something that they cannot easily find on the Internet for the most part. If you are an enterprise, you may hire a team of developers and build your own forum the way you want but that adds a lot of cost to your budget. Fortunately, there are several impressive open source forum software that you can deploy on your server and you’re good to go! You will save a lot of money in the process and still get what you need. Read more

Linux Kernel 5.10 LTS Top Features (RC-6 is out now)

Linux Kernel 5.10 is planned for LTS (long term support) Kernel release. Kernel 5.10 is the 21st stable release following the current Kernel 5.4 LTS. And the Kernel 5.10 RC6 is out now. Read more