Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • More than 300 Cisco switch models vulnerable to CIA hack

    A cache of CIA documents was dropped on the internet two weeks ago via WikiLeaks. It was a huge volume of data, some of which detailed CIA tools for breaking into smartphones and even smart TVs. Now, Cisco has said its examination of the documents points to a gaping security hole in more than 300 models of its switches. There’s no patch for this critical vulnerability, but it’s possible to mitigate the risk with some settings changes.

    Cisco’s security arm sent out an advisory on Friday alerting customers that the IOS and IOS XE Software Cluster were vulnerable to hacks based on the leaked documents. The 318 affected switch models are mostly in the Catalyst series, but there are also some embedded systems and IE-series switches on the list. These are enterprise devices that cost a few thousand dollars at least. So, nothing in your house is affected by this particular attack.

  • Assange chastises companies who haven't responded to CIA vulnerability offers

    Wikileaks head Julian Assange slammed companies not taking the site up on the sites offer to share security flaws the CIA had exploited in their products.

    In a screen-shot statement tweeted on Saturday, Wikileaks noted that "Organizations such as Mozilla" had responded to the site's emails offering unreleased security vulnerabilities from leaked CIA files. "Google and other companies" had not.

    "Most of these lagging companies have conflicts of interest due to their classified work with US government agencies. In practice such associations limit industry staff with US security clearances from fixing holes based on leaked information from the CIA. Should such companies choose to not secure their users against CIA or NSA attacks users may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts," the statement read.

    Wikileaks recently published a trove of files leaked from the CIA, including descriptions of hacking techniques. The site made an effort to redact source code showing how to actually accomplish the techniques, although enough code slipped through the cracks for researchers to reverse engineer at least one of the security flaws.

  • Gentoo: 201703-02 Adobe Flash Player: Multiple vulnerabilities

More in Tux Machines

Debian Leftovers: Installer, CI, Stretch, and Devuan Jessie

Fedora Leftovers: Memorial Weekend ISO, LGBTQA Awareness Day and More

Linux 4.12 RC3, Linux Foundation Project Updates

  • Linux 4.12-rc3
    Hey, things continue to look good, and rc3 isn't even very big. I'm hoping there's not another shoe about to drop, but so far this really feels like a nice calm release cycle, despite the size of the merge window. Knock wood. Anyway, rc3 has a little bit of everything. The biggest single change is actually just a documentation update (the intel pstate docs were converted to rst format), so the diffstat actually looks a bit odd with a wuarter just being documentation. There's also some tooling updates (perf and some bpf selftest). But if you ignore those two pieces, it looks pretty normal: two thirds of it being drivers (gpu, nvme, scsi, tty, block), with the remainder being about half networking and haf "misc" (core kernel, header files, XFS, arch updates). Go forth and test, Linus
  • Linux 4.12-rc3 Kernel Released
    Linus Torvalds has announced the third weekly test candidate for the upcoming Linux 4.12 kernel debut. Linus commented of Linux 4.12-rc3 that it isn't a very big release over the prior RCs and so far it's a "nice calm release cycle." The biggest change this past week was actually documentation updates.
  • Linus Torvalds Announced the Third Release Candidate of the Linux 4.12 Kernel
    Even if it's Memorial weekend, Linus Torvalds is on the job announcing the release and immediate availability of the third RC (Release Candidate) milestone of the upcoming Linux 4.12 kernel series.
  • Hyperledger Sawtooth Graduates to Active Status
    We’re happy to share that Hyperledger’s Technical Steering Committee (TSC) has granted the Hyperledger Sawtooth maintainer’s request to advance the project’s status from Incubation to Active. Hyperledger Iroha also graduated today.
  • Stronger Together: How Cloud Foundry Supports Other Communities
    The open source Cloud Foundry application development platform was publicly announced over six years ago, and along the way, we have connected with other projects, adopting technologies from other open source communities as they matured. For example, before Docker was a company or even a project, the Cloud Foundry platform was using Linux containers to isolate deployed applications from one another. Our container implementation wasn’t built in a general purpose way like Docker’s; it wasn’t designed to solve all of the potential use cases for a container runtime. It was designed specifically to support the stateless web applications that Cloud Foundry was initially intended to support, and to do that in a secure, multitenant fashion.

Reasons to use the GNOME 3 desktop environment, cool KDE tweaks, and GNOME integration for Qt based application

  • 11 reasons to use the GNOME 3 desktop environment for Linux
    Late last year, an upgrade to Fedora 25 caused issues with the new version of KDE Plasma that made it difficult for me to get any work done. So I decided to try other Linux desktop environments for two reasons. First, I needed to get my work done. Second, having been using KDE exclusively for many years, I thought it might be time to try some different desktops.
  • Which Linux desktop environment do you prefer?
  • 7 cool KDE tweaks that will change your life
  • Gnome integration for Qt based applications in Flatpak
    Following blog post from Patrick Griffis about new themes support in Flatpak, we started working on supporting this new feature too. Currently wherever you start a Qt application, it would always look like a KDE application or something would be missing, like icons so you would end up with bad experience and mixed feelings. This is going to change now as we now support Gnome in form of icons, widget style and Qt platform theme and with this, when you run a Qt application in Gnome, it will look definitely better and more natively than before. We packaged regular adwaita icons which are used by default in Gnome as extension of freedesktop runtime. For widget style we use adwaita-qt style, which is a Qt style attempting to look like Gtk’s adwaita and the most important part putting this all together is QGnomePlatform, a Qt platform theme which reads your Gnome configuration and applies it to running Qt applications. QGnomePlatform also enforces Qt apps to use adwaita icons and adwaita-qt style by default so that’s another reason why it is important. Both adwaita-qt and QGnomePlatform projects are by the way authored by Martin Bříza, a collegue of mine from Red Hat so if you meet him in person somewhere buy him a beer for that he cares about Qt integration in Gnome :). Now coming to a question how to install this and make it work. Basically all you need to do is install following extensions and you shold be done: