Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • McAfee and FireEye rename themselves ‘Trellix’ • The Register

    Newly combined security outfits McAfee and FireEye have revealed a new name: "Trellix".

    Readers may find the name familiar, as another tech company used the same name in the 1990s and early 2000s when it offered intranet and web published tools such as Trellix Web.

  • CISA Releases Final Version of Guidance: IPv6 Considerations for TIC 3.0

    CISA has released the final version of Internet Protocol version 6 (IPv6) Considerations for Trusted Internet Connections (TIC) 3.0. This guidance supports the federal government-wide deployment and use of the modernized network protocol. The final version includes feedback provided during the public comment period that ended in October 2021. See the fact sheet Response to Comments on Guidance: IPv6 Considerations for TIC 3.0 for a comprehensive analysis of comments received. This release is in accordance with Office of Management and Budget (OMB) Memorandum 21-07, which entrusts CISA with enhancing the TIC program to support IPv6 implementation in federal IT systems.

  • The price for software security and maintainer burnout / OSI News & Updates [Ed: OSI fails to note NPM is Microsoft and GitHub banned a developer for doing what he wanted with his code. Microsoft is the ‘boss’ of OSI.]

    The price for software security and maintainer burnout

    2022 started reminding us that software security is a problem not only for open source packages. At the same time, “how to remunerate open source maintainers?” is a question with impossibly numerous answers: we need focus to find different solutions for different problems.

    Lots of security issues packed in a few weeks: December 2021 saw the Log4j package knocked down by a nasty bug. In January 2022 we witnessed an act of self-sabotation by a maintainer of two NPM packages. On New Year's Day a bug in Microsoft Exchange ruined the celebrations for many system administrators. Very different scenarios that confirm how complex and fragile our IT infrastructure is. With open source software so popular, shipped in millions of software packages, the open source communities risk becoming a punching bag for problems it cannot necessarily solve.

  • Security updates for Thursday [LWN.net]

    Security updates have been issued by Debian (drupal7), Fedora (kernel, libreswan, nodejs, and wireshark), openSUSE (busybox, firefox, kernel, and python-numpy), Oracle (gegl, gegl04, httpd, java-17-openjdk, kernel, kernel-container, and libreswan), Red Hat (kernel, kernel-rt, and libreswan), Slackware (wpa_supplicant), SUSE (busybox, firefox, htmldoc, kernel, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container, openstack-monasca-agent, spark, spark-kit, zookeeper, and python-numpy), and Ubuntu (curl, linux, linux-aws, linux-aws-5.11, linux-aws-5.4, linux-azure, linux-azure-5.11, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.11, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oem-5.10, linux-oem-5.13, linux-oem-5.14, linux-oracle, linux-oracle-5.11, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, openvswitch, and qtsvg-opensource-src).

4 More warnings (CISA)

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Fedora Magazine: Five common mistakes when using automation

As automation expands to cover more aspects of IT, more administrators are learning automation skills and applying them to ease their workload. Automation can ease the burden of repetitive tasks and add a level of conformity to infrastructure. But when IT workers deploy automation, there are common mistakes that can wreak havoc on infrastructures large and small. Five common mistakes are typically seen in automation deployments. Read more

Security Leftovers

  • Reproducible Builds: Supporter spotlight: Jan Nieuwenhuizen on Bootstrappable Builds, GNU Mes and GNU Guix

    The Reproducible Builds project relies on several projects, supporters and sponsors for financial support, but they are also valued as ambassadors who spread the word about our project and the work that we do. This is the fourth instalment in a series featuring the projects, companies and individuals who support the Reproducible Builds project. We started this series by featuring the Civil Infrastructure Platform project and followed this up with a post about the Ford Foundation as well as a recent ones about ARDC and the Google Open Source Security Team (GOSST). Today, however, we will be talking with Jan Nieuwenhuizen about Bootstrappable Builds, GNU Mes and GNU Guix.

  • CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities [Ed: Proprietary software is a threat to national security]

    CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, vRealize Suite Lifecycle Manager.

  • Software Supply Chain: A Risky Time for Dependencies [Ed: This is a proprietary software problem too and it's not a new problem; the FUD patterns are newer and driven by special interests]

    The software supply chain is a critical element in the lifecycle of applications and websites. The interdependencies and components common in modern software development can increase the attack surface and sometimes allow hackers to bypass robust security layers you’ve added to your infrastructure.

Shows and Videos: FLOSS Weekly, Linux Out Loud, Bringing Windows Best Feature To Linux, and More

  • FLOSS Weekly 681: Yes, UCAN - James Walker, Fission.codes and UCAN

    User Controlled Authorization Networks (UCANs) are just one of the many new and useful approaches to decentralization that James Walker, of fission.codes, shares with Doc Searls and Dan Lynch. If you want a detailed dose of pure optimism about Web3 working for you and me, this is the episode for you on FLOSS Weekly.

  • 14: Back Stage Pass - Linux Out Loud - TuxDigital

    This week, Linux Out Loud chats about what it is like for us to be content creators on the Tux Digital Network. Welcome to episode 14 of Linux Out Loud. We fired up our mics, connected those headphones as we searched the community for themes to expound upon. We kept the banter friendly, the conversation somewhat on topic, and had fun doing it.

  • Bringing Windows Best Feature To Linux!! - Invidious

    Have you ever felt like Linux was just missing something but not sure what it was missing, well maybe it was missing a really annoying watermark telling you to activate your system everytime you use it.

  • Why Use The Terminal Instead of GUI Apps? - Invidious

    New Linux users often are confused with why more intermediate-to-advanced users gravitate to the terminal rather than just using GUI apps for the same task. There are reasons why newer users hate the terminal and longtime Linux users love the terminal.

  • Linux in the Ham Shack/LHS Episode #467: The Weekender XCI

    It's time once again for The Weekender. This is our departure into the world of hedonism, random topic excursions, whimsy and (hopefully) knowledge. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we're doing. We'd love to hear from you.

Android Leftovers