Language Selection

English French German Italian Portuguese Spanish

Security News

Filed under
Security
  • OpenSSL project releases patch to fix critical bug
  • Microsoft's monthlong patch delay could pose risks [Ed: Microsoft is in no hurry because there are back doors it knows about but keeps secret anyway]

    Microsoft has decided to bundle its February patches together with those scheduled for March, a move that at least some security experts disagree with.

    "I was surprised to learn that Microsoft wants to postpone by a full month," said Carsten Eiram, the chief research officer at vulnerability intelligence firm Risk Based Security, via email. "Even without knowing all the details, I find such a decision very hard to justify. They are aware of vulnerabilities in their products and have developed fixes; those should always be made available to customers in a timely fashion."

    Microsoft took everyone by surprise on Tuesday when it announced that this month's patches had to be delayed because of a "last minute issue" that could have had an impact on customers. The company did not initially specify for how long the patches will be postponed, which likely threw a wre

  • Zero-day flaw around, but Microsoft updates delayed by a month
  • Microsoft misses regular security fix date

    Microsoft has delayed the release of a security update that would have fixed a vulnerability cyber thieves are known to be exploiting.

    The fix was to be released as part of Microsoft's regular monthly security update for its Windows software.

  • How Google reinvented security and eliminated the need for firewalls

    In some ways, Google is like every other large enterprise. It had the typical defensive security posture based on the concept that the enterprise is your castle and security involves building moats and walls to protect the perimeter.

    Over time, however, that perimeter developed holes as Google’s increasingly mobile workforce, scattered around the world, demanded access to the network. And employees complained about having to go through a sometimes slow, unreliable VPN. On top of that, Google, like everyone else, was moving to the cloud, which was also outside of the castle.

  • No Firewalls, No Problem for Google

    On Tuesday at RSA Conference, Google shared the seven-year journey of its internal BeyondCorp rollout where it affirms trust based on what it knows about its users and devices connecting to its networks. And all of this is done at the expense—or lack thereof—of firewalls and traditional network security gear.

  • Android Phone Hacks Could Unlock Millions of Cars

More in Tux Machines

today's leftovers

  • Mesa's Shader Cache Will Now Occupy Less Disk Space
    Mesa previously had a hard-coded limit to not take up more than 10% of your HDD/SSD storage, but now that limit has been halved. In a change to Mesa 17.2-dev Git and primed for back-porting to Mesa 17.1, Timothy Arceri has lowered the cache size limit to 5% of the disk space. He noted in the commit, "Modern disks are extremely large and are only going to get bigger. Usage has shown frequent Mesa upgrades can result in the cache growing very fast i.e. wasting a lot of disk space unnecessarily. 5% seems like a more reasonable default."
  • Amazon EC2 Cloud Benchmarks vs. AMD Ryzen, Various AMD/Intel Systems
  • Epiphany 3.25.1 Released, Ported To Meson
    Epiphany 3.25.1 has been released as the latest update for GNOME's Web Browser in what will be part of GNOME 3.26 this September. Epiphany 3.25.1 has continued the trend by other GNOME components in porting to the Meson build system. With Epiphany 3.25.1, Meson is present and its Autotools build system has been removed.
  • Tumbleweed Snapshots Update Fonts, Perl, Python Packages
    openSUSE Tumbleweed snapshots this week gave many newer versions of Perl and Python packages, but several other packages were updated in the repositories including some open fonts. Google and Adobe fonts were updated in snapshots 20170424 and 20170420 with google-croscore-fonts and adobe-sourcehansans-fonts being added to the repositories respectively.
  • 3 cool features in Ubuntu 17.04
    April showers bring May flowers, and fresh versions of Ubuntu too. Canonical’s latest official Ubuntu release—17.04—arrived this month after news of the death of Unity 8 and the return to the GNOME desktop in 2018. For now, Ubuntu is still shipping with its Unity desktop. I wrote earlier that most users who need stability and support over new features will probably want to stick with Ubuntu 16.04, which was released last April, until Ubuntu 18.04 arrives a year from now. However, there are a few small things in Ubuntu 17.04 that will appeal to users who are keen to get all the newest updates.
  • Linux Security and Isolation APIs course in Munich (17-19 July 2017)
    I've scheduled the first public instance of my "Linux Security and Isolation APIs" course to take place in Munich, Germany on 17-19 July 2017. (I've already run the course a few times very successfully in non-public settings.) This three-day course provides a deep understanding of the low-level Linux features (set-UID/set-GID programs, capabilities, namespaces, cgroups, and seccomp) used to build container, virtualization, and sandboxing technologies. The course format is a mixture of theory and practical.

more of today's howtos

Leftovers: OSS and Sharing

Microsoft Begs, Bugs, and Bug Doors

  • Don't install our buggy Windows 10 Creators Update, begs Microsoft
    Microsoft has urged non-tech-savvy people – or anyone who just wants a stable computer – to not download and install this year's biggest revision to Windows by hand. And that's because it may well bork your machine. It's been two weeks since Microsoft made its Creators Update available, and we were previously warned it will be a trickle-out rather than a massive rollout. Now, Redmond has urged users to stop manually fetching and installing the code, and instead wait for it to be automatically offered to your computer when it's ready.
  • Microsoft Word flaw took so long to fix that hackers used it to send fraud software to millions of computers
    A flaw in Microsoft Word took the tech giant so long to fix that hackers were able to use it to send fraud software to millions of computers, it has been revealed. The security flaw, officially known as CVE-2017-0199, could allow a hacker to seize control of a personal computer with little trace, and was fixed on April 11 in Microsoft's regular monthly security update - nine months after it was discovered.