Security: apt/apt-get, Blockchains and More
-
Justicz: Remote Code Execution in apt/apt-get
-
Remote Code Execution in apt/apt-get
-
How Blockchain Changes the Nature of Trust
Blockchains have to be trusted in order for them to succeed, and public blockchains can cause problems you may not think about, according to Bruce Schneier, a fellow and lecturer at the Harvard Kennedy School, in his keynote address at December’s Hyperledger Global Forum on “Security, Trust and Blockchain.”
Schneier began his talk by citing a quote from Bitcoin’s anonymous developer, Satoshi Nakamoto, who said “We have proposed a system for electronic transaction without relying on trust.”
“That’s just not true,’’ Schneier said. “Bitcoin is not a system that doesn’t rely on trust.” It eliminates certain trust intermediaries, but you have to somehow trust Bitcoin, he noted. Generally speaking, the Bitcoin system changes the nature of trust. -
Security Vulnerability Found in APT, Wine 4.0 Release, GPU Acceleration for Linux Apps on Chrome OS, Kickstarter Campaign for Polished Game Creation Tutorials for the Godot Free Game Engine, TUXEDO Computers Launch Two New High-Performance Laptops
All Debian and Ubuntu users (as well as users of their derivatives, such as Linux Mint, Ubuntu MATE, Kubuntu, Lubuntu and Xubuntu) should update APT immediately. Softpedia News reports that Max Justicz discovered a vulnerability in the APT package that could "allow a remote attacker to trick APT into installing malicious packages that pose as valid ones, but which could be used for code execution with administrative (root) privileges after installation to gain control of the vulnerable machine." See CVE-2019-3462 for the details.
-
Security updates for Wednesday
-
StackRox Boosts Container Security Platform With Multi-Risk Profiling
-
Detecting Ghosts By Reverse Engineering: Who Ya Gonna Call?
The most recent purportedly serious proposal by a Western government to force technology companies to provide access to the content of encrypted communications comes from Ian Levy and Crispin Robinson of the Government Communications Headquarters, or GCHQ, the U.K.’s equivalent of the National Security Agency. Cryptography luminaries such as Susan Landau, Matt Green, and Bruce Schneier have published detailed critiques of this proposal. Indeed, others from EFF have written about the proposal—known colloquially as the “ghost”—and explained why, contrary to GCHQ’s claim, the proposal really is an encryption backdoor with all the attendant security risks.
-
Amazon Posts L1TF/Foreshadow Demonstrator Code For The Linux Kernel
In helping to build better defenses against this side channel vulnerability, Julian Stecklina of Amazon Germany (who previously co-discovered the "LazyFP" vulnerability last year) has posted demonstrator code for the Level 1 Terminal Fault (L1TF) vulnerability against the Linux kernel.
- Login or register to post comments
- Printer-friendly version
- 1584 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago