Language Selection

English French German Italian Portuguese Spanish

some odds & ends:

Filed under
Linux
News
Gaming




More in Tux Machines

Red Hat General and Financial News

today's howtos

Tizen in Bolivia and India

Security Leftovers

  • Security updates for Wednesday
  • Microsoft says its best not to fiddle with its Windows 10 group policies (that don't work)

    On Monday, we revealed that a security researcher had used a packet sniffer to show that many settings designed to prevent access to the internet were being ignored with connections to a range of third party servers including advertising hubs.

  • What's got a vast attack surface and runs on Linux? Windows Defender, of course
    Google Project Zero's Windows bug-hunter and fuzz-boffin Tavis Ormandy has given the world an insight into how he works so fast: he works on Linux, and with the release of a personal project on GitHub, others can too. Ormandy's project is to port Windows DLLs to Linux for his vuln tests (“So that's how he works so fast!” Penguinistas around the world are saying). Typically self-effacing, Ormandy made this simple announcement on Twitter (to a reception mixing admiration, humour, and horror):
  • Hacked in Translation – from Subtitles to Complete Takeover
    Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years.
  • A Samba remote code execution vulnerability
    Distributors are already shipping the fix; there's also a workaround in the advisory for those who cannot update immediately.