Language Selection

English French German Italian Portuguese Spanish

Security News

Filed under
  • OpenSSL project releases patch to fix critical bug
  • Microsoft's monthlong patch delay could pose risks [Ed: Microsoft is in no hurry because there are back doors it knows about but keeps secret anyway]

    Microsoft has decided to bundle its February patches together with those scheduled for March, a move that at least some security experts disagree with.

    "I was surprised to learn that Microsoft wants to postpone by a full month," said Carsten Eiram, the chief research officer at vulnerability intelligence firm Risk Based Security, via email. "Even without knowing all the details, I find such a decision very hard to justify. They are aware of vulnerabilities in their products and have developed fixes; those should always be made available to customers in a timely fashion."

    Microsoft took everyone by surprise on Tuesday when it announced that this month's patches had to be delayed because of a "last minute issue" that could have had an impact on customers. The company did not initially specify for how long the patches will be postponed, which likely threw a wre

  • Zero-day flaw around, but Microsoft updates delayed by a month
  • Microsoft misses regular security fix date

    Microsoft has delayed the release of a security update that would have fixed a vulnerability cyber thieves are known to be exploiting.

    The fix was to be released as part of Microsoft's regular monthly security update for its Windows software.

  • How Google reinvented security and eliminated the need for firewalls

    In some ways, Google is like every other large enterprise. It had the typical defensive security posture based on the concept that the enterprise is your castle and security involves building moats and walls to protect the perimeter.

    Over time, however, that perimeter developed holes as Google’s increasingly mobile workforce, scattered around the world, demanded access to the network. And employees complained about having to go through a sometimes slow, unreliable VPN. On top of that, Google, like everyone else, was moving to the cloud, which was also outside of the castle.

  • No Firewalls, No Problem for Google

    On Tuesday at RSA Conference, Google shared the seven-year journey of its internal BeyondCorp rollout where it affirms trust based on what it knows about its users and devices connecting to its networks. And all of this is done at the expense—or lack thereof—of firewalls and traditional network security gear.

  • Android Phone Hacks Could Unlock Millions of Cars

More in Tux Machines

Red Hat Leftovers

Debian Leftovers

  • RcppSMC 0.2.1: A few new tricks
    A new release, now at 0.2.1, of the RcppSMC package arrived on CRAN earlier this afternoon (and once again as a very quick pretest-publish within minutes of submission).
  • sbuild-debian-developer-setup(1) (2018-03-19)
    I have heard a number of times that sbuild is too hard to get started with, and hence people don’t use it. To reduce hurdles from using/contributing to Debian, I wanted to make sbuild easier to set up. sbuild ≥ 0.74.0 provides a Debian package called sbuild-debian-developer-setup. Once installed, run the sbuild-debian-developer-setup(1) command to create a chroot suitable for building packages for Debian unstable.
  • control-archive 1.8.0
    This is the software that maintains the archive of control messages and the newsgroups and active files on I update things in place, but it's been a while since I made a formal release, and one seemed overdue (particularly since it needed some compatibility tweaks for GnuPG v1).
  • The problem with the Code of Conduct
  • Some problems with Code of Conducts

OSS Leftovers

  • Can we build a social network that serves users rather than advertisers?
    Today, open source software is far-reaching and has played a key role driving innovation in our digital economy. The world is undergoing radical change at a rapid pace. People in all parts of the world need a purpose-built, neutral, and transparent online platform to meet the challenges of our time. And open principles might just be the way to get us there. What would happen if we married digital innovation with social innovation using open-focused thinking?
  • Digital asset management for an open movie project
    A DAMS will typically provide something like a search interface combined with automatically collected metadata and user-assisted tagging. So, instead of having to remember where you put the file you need, you can find it by remembering things about it, such as when you created it, what part of the project it connects to, what's included in it, and so forth. A good DAMS for 3D assets generally will also support associations between assets, including dependencies. For example, a 3D model asset may incorporate linked 3D models, textures, or other components. A really good system can discover these automatically by examining the links inside the asset file.
  • LG Releases ‘Open Source Edition’ Of webOS Operating System
  • Private Internet Access VPN opens code-y kimono, starting with Chrome extension
    VPN tunneller Private Internet Access (PIA) has begun open sourcing its software. Over the next six months, the service promises that all its client-side software will make its way into the hands of the Free and Open Source Software (FOSS) community, starting with PIA's Chrome extension. The extension turns off mics, cameras, Adobe's delightful Flash plug-in, and prevents IP discovery. It also blocks ads and tracking. Christel Dahlskjaer, director of outreach at PIA, warned that "our code may not be perfect, and we hope that the wider FOSS community will get involved."
  • Open sourcing FOSSA’s build analysis in fossa-cli
    Today, FOSSA is open sourcing our dependency analysis infrastructure on GitHub. Now, everyone can participate and have access to the best tools to get dependency data out of any codebase, no matter how complex it is.
  • syslog-ng at SCALE 2018
    It is the fourth year that syslog-ng has participated at Southern California Linux Expo or, as better known to many, SCALE ‒ the largest Linux event in the USA. In many ways, it is similar to FOSDEM in Europe, however, SCALE also focuses on users and administrators, not just developers. It was a pretty busy four days for me.
  • Cisco's 'Hybrid Information-Centric Networking' gets a workout at Verizon
  • Verizon and Cisco ICN Trial Finds Names More Efficient Than Numbers
  • LLVM-MCA Will Analyze Your Machine Code, Help Analyze Potential Performance Issues
    One of the tools merged to LLVM SVN/Git earlier this month for the LLVM 7.0 cycle is LLVM-MCA. The LLVM-MCA tool is a machine code analyzer that estimates how the given machine code would perform on a specific CPU and attempt to report possible bottlenecks. The LLVM-MCA analysis tool uses information already used within LLVM about a given CPU family's scheduler model and other information to try to statically measure how the machine code would carry out on a particular CPU, even going as far as estimating the instructions per cycle and possible resource pressure.
  • Taking Data Further with Standards
    Imagine reading a book, written by many different authors, each working apart from the others, without guidelines, and published without edits. That book is a difficult read — it's in 23 different languages, there's no consistency in character names, and the story gets lost. As a reader, you have an uphill battle to get the information to tell you one cohesive story. Data is a lot like that, and that's why data standards matter. By establishing common standards for the collection, storage, and control of data and information, data can go farther, be integrated with other data, and make "big data" research and development possible. For example, NOAA collects around 20 terabytes of data every day.Through the National Ocean Service, instruments are at work daily gathering physical data in the ocean, from current speed to the movement of schools of fish and much more. Hundreds of government agencies and programs generate this information to fulfill their missions and mandates, but without consistency from agency to agency, the benefits of that data are limited. In addition to federal agencies, there are hundreds more non-federal and academic researchers gathering data every day. Having open, available, comprehensive data standards that are widely implemented facilitates data sharing, and when data is shared, it maximizes the benefits of "big data"— integrated, multi-source data that yields a whole greater than its parts.

Security: Intel, Editors and Windows in Critical Systems

  • diff -u: Intel Design Flaw Fallout
    Linux patches for these issues are in a state of ongoing development. Security is always the first priority, at the expense of any other feature. Next would probably be the general speed of a running system for the average user. After that, the developers might begin piecing together any features that had been pulled as part of the initial security fix. But while this effort goes on, the kernel developers seem fairly angry at Intel, especially when they feel that Intel is not doing enough to fix the problems in future processors. In response to one set of patches, for example, Linus Torvalds burst out with, "All of this is pure garbage. Is Intel really planning on making this shit architectural? Has anybody talked to them and told them they are f*cking insane?" He went on, "the IBRS garbage implies that Intel is _not_ planning on doing the right thing for the indirect branch speculation. Honestly, that's completely unacceptable."
  • Hackers Can Abuse Plugins for Popular Unix Text Editors to Escalate Privileges
    Advanced Unix Text Editors offers extensibility by allowing users to install third-party plugins for ease of use and to enhance the Text Editors functionalities. Server administrators often run text editors with elevated privileges “sudo gedit” to edit root-owned configuration files. If the text editor contains vulnerable third-party plugin it enlarges attack surface.
  • House approves legislation to authorize Homeland Security cyber teams

    House lawmakers on Monday passed legislation that would codify into law the Department of Homeland Security’s cyber incident response teams that help protect federal networks and critical infrastructure from cyberattacks.