Language Selection

English French German Italian Portuguese Spanish

Red Hat Risk Reflex (The Linux Security Flaw That Isn't)

Filed under
Red Hat
Security

News headlines screaming that yet another Microsoft Windows vulnerability has been discovered, is in the wild or has just been patched are two a penny. Such has it ever been. News headlines declaring that a 'major security problem' has been found with Linux are a different kettle of fish. So when reports of an attack that could circumvent verification of X.509 security certificates, and by so doing bypass both secure sockets layer (SSL) and Transport Layer Security (TLS) website protection, people sat up and took notice. Warnings have appeared that recount how the vulnerability can impact upon Debian, Red Hat and Ubuntu distributions. Red Hat itself issued an advisory warning that "GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification... An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid." In all, at least 200 operating systems actually use GnuTLS when it comes to implementing SSL and TLS and the knock-on effect could mean that web applications and email alike are vulnerable to attack. And it's all Linux's fault. Or is it?

Read more ►

More in Tux Machines

Interview: Thomas Weissel Installing Plasma in Austrian Schools

With Plasma 5 having reached maturity for widespread use we are starting to see rollouts of it in large environments. Dot News interviewed the admin behind one such rollout in Austrian schools. Read more

today's leftovers

  • Top Lightweight Linux Distributions To Try In 2017
    Today I am going to discuss the top lightweight Linux distros you can try this year on your computer. Although you got yourself a prettyLinuxle linux already but there is always something new to try in Linux. Remember I recommend to try this distros in virtualbox firstly or with the live boot before messing with your system. All distro that I will mention here will be new and somewhat differ from regular distros.
  • [ANNOUNCE] linux-4.10-ck1 / MuQSS CPU scheduler 0.152
  • MSAA Compression Support For Intel's ANV Vulkan Driver
    Intel developer Jason Ekstrand posted a patch over the weekend for enabling MSAA compression support within the ANV Vulkan driver.
  • Highlights of YaST development sprint 31
    As we announced in the previous report, our 31th Scrum sprint was slightly shorter than the usual ones. But you would never say so looking to this blog post. We have a lot of things to talk you about!
  • Comparing Mobile Subscriber Data Across Different Sources - How accurate is the TomiAhonen Almanac every year?
    You’ll see that last spring I felt the world had 7.6 Billion total mobile subscriptions when machine-to-machine (M2M) connections are included. I felt the world had 7.2 Billion total subscriptions when excluding M2M and just counting those in use by humans. And the most relevant number (bottom line) is the ‘unique’ mobile users, which I felt was an even 5.0 Billion humans in 2015. The chart also has the total handsets-in-use statistic which I felt was 5.6 Billion at the end of 2015. Note that I was literally the first person to report on the distinction of the unique user count vs total subscriptions and I have been urging, nearly begging for the big industry giants to also measure that number. They are slowly joining in that count. Similarly to M2M, we also are now starting to see others report M2M counts. I have yet to see a major mobile statistical provider give a global count of devices in use. That will hopefully come also, soon. But lets examine these three numbers that we now do have other sources, a year later, to see did I know what I was doing.

Leftovers: Gaming

Leftovers: Software