Language Selection

English French German Italian Portuguese Spanish

Gentoo Monthly Newsletter -- 31 August 2008

Filed under
Gentoo

1. Introduction

This month in the GMN

Welcome to the August issue of the Gentoo monthly newsletter!

As usual, you can discuss any aspect of this issue of the GMN in the corresponding forum thread. We look forward to hearing from you!

2. Gentoo News

PHP4 removed from the Portage tree

All work on PHP4 was been discontinued by upstream on August 8. No more security or bug fixes will be released. PHP4 has already been hardmasked in the Portage tree since October 2007 (for security reasons), and now it has finally been removed from the tree.

If possible, you should upgrade to PHP5, which is still supported with bug and security fixes.

3. Heard in the Community

Interview: Google Summer of Code Student Nandeep Mali

More Here




More in Tux Machines

Leftovers: Software

today's howtos

Leftovers: OSS

Security Leftovers

  • Secure Server Deployments in Hostile Territory, Part II
    There are a few other general security practices I put in place. First, as I mentioned before, because each host has a certificate signed by an internal trusted CA for Puppet, we take advantage of those certs to require TLS for all network communications between hosts. Given that you are sharing a network with other EC2 hosts, you want to make sure nobody can read your traffic as it goes over this network. In addition, the use of TLS helps us avoid man-in-the-middle attacks.
  • Hackers Can Disable a Sniper Rifle—Or Change Its Target
    At the Black Hat hacker conference in two weeks, security researchers Runa Sandvik and Michael Auger plan to present the results of a year of work hacking a pair of $13,000 TrackingPoint self-aiming rifles. The married hacker couple have developed a set of techniques that could allow an attacker to compromise the rifle via its Wi-Fi connection and exploit vulnerabilities in its software. Their tricks can change variables in the scope’s calculations that make the rifle inexplicably miss its target, permanently disable the scope’s computer, or even prevent the gun from firing. In a demonstration for WIRED (shown in the video above), the researchers were able to dial in their changes to the scope’s targeting system so precisely that they could cause a bullet to hit a bullseye of the hacker’s choosing rather than the one chosen by the shooter.
  • Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet
    Yosemite, aka version 10.10, is the latest stable release of the Mac operating system, so a lot of people are affected by this vulnerability. The security bug can be exploited by a logged-in attacker or malware on the computer to gain total unauthorized control of the Mac. It is documented here by iOS and OS X guru Stefan Esser. It's all possible thanks to an environment variable called DYLD_PRINT_TO_FILE that was added in Yosemite. It specifies where in the file system a component of the operating system called the dynamic linker can log error messages. If the environment variable is abused with a privileged program, an attacker can modify arbitrary files owned by the powerful user account root – files like the one that lists user accounts that are allowed administrator privileges.