Language Selection

English French German Italian Portuguese Spanish

Security

Security leftovers

Filed under
Security
  • Python-Based Botnet Targets Linux Systems with Exposed SSH Ports

    Experts believe that an experienced cybercrime group has created a botnet from compromised Linux-based systems and is using these servers and devices to mine Monero, a digital currency.

    Crooks are apparently using brute-force attacks against Linux systems that feature exposed SSH ports. If they guess the password, they use Python scripts to install a Monero miner.

  • AMD PSP Affected By Remote Code Execution Vulnerability

    While all eyes have been on Intel this week with the Spectre and Meltdown vulnerabilities, a disclosure was publicly made this week surrounding AMD's PSP Secure Processor in an unrelated security bulletin.

    AMD's Secure Processor / Platform Security Processor (PSP) that is akin to Intel's Management Engine (ME) is reportedly vulnerable to remote code execution.

  • DragonFlyBSD Lands Fixes For Meltdown Vulnerability

    Linux, macOS, and Windows has taken most of the operating system attention when it comes down to the recently-disclosed Meltdown vulnerability but the BSDs too are prone to this CPU issue. DragonFlyBSD lead developer Matthew Dillon has landed his fixes for Meltdown.

  • Spectre question

    Could ASLR be used to prevent the Spectre attack?

    The way Spectre mitigations are shaping up, it's going to require modification of every program that deals with sensitive data, inserting serialization instructions in the right places. Or programs can be compiled with all branch prediction disabled, with more of a speed hit.

    Either way, that's going to be piecemeal and error-prone. We'll be stuck with a new class of vulnerabilities for a long time. Perhaps good news for the security industry, but it's going to become as tediously bad as buffer overflows for the rest of us.

    Also, so far the mitigations being developed for Spectre only cover branching, but the Spectre paper also suggests the attack can be used in the absence of branches to eg determine the contents of registers, as long as the attacker knows the address of suitable instructions to leverage.

  • Intel Deploying Updates for Spectre and Meltdown Exploits

    Intel reports that company has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from “Spectre” and “Meltdown” exploits reported by Google Project Zero. I

  • Capsule8 Launches Open Source Sensor for Real-time Attack Detection Capable of Detecting Meltdown
  • You know what’s not affected by Meltdown or Spectre? The Raspberry Pi

    One or more of the security vulnerabilities disclosed this week affect nearly every modern smartphone, PC, and server processor. Intel processor are vulnerable to both Meltdown and Spectre attacks. AMD chips are vulnerable to Spectre attacks. And the ARM-based processors that are used in most modern smartphones can fall prey to a Spectre attack as well.

Security: Updates, PyCryptoMiner, and Hardware Crisis

Filed under
Security

RISC-V and Raspberry Pi Secure

Filed under
Linux
Hardware
Security
  • RISC-V Foundation Trumpets Open-Source ISAs In Wake Of Meltdown, Spectre

    The RISC-V Foundation says that no currently announced RISC-V CPU is vulnerable to Meltdown and Spectre and, in the wake of those bugs, stressed the importance of open-source development and a modern ISA in preventing vulnerabilities.

    In consumer computing, we usually only hear about two instruction set architectures (ISA): x86 and ARM. Classified as a complex instruction set, x86 dominates the desktop and server space. Since the rise of smartphones, however, reduced-instruction-set (RISC) ARM processors have dominated the mobile computing market. Beyond x86, there aren’t many complex instruction sets still in use, but there are still many relevant RISC designs despite ARM’s seeming ubiquity.

    The lesser known RISC-V ISA is among those being developed to take on ARM. It was created in the University of California, Berkeley and is unique because it’s open-source. The ISA is actively being worked on and is now overseen by the RISC-V Foundation, which includes companies such as AMD, Nvidia, Micron, Qualcomm, and Microsoft. An ISA alone doesn’t define a CPU design, though. RISC-V being open-source means that anyone is free to build their own CPU to implement the ISA, or their own compiler to build software that can run on RISC-V CPUs.

  • WHY RASPBERRY PI ISN’T VULNERABLE TO SPECTRE OR MELTDOWN

    Over the last couple of days, there has been a lot of discussion about a pair of security vulnerabilities nicknamed Spectre and Meltdown. These affect all modern Intel processors, and (in the case of Spectre) many AMD processors and ARM cores. Spectre allows an attacker to bypass software checks to read data from arbitrary locations in the current address space; Meltdown allows an attacker to read data from arbitrary locations in the operating system kernel’s address space (which should normally be inaccessible to user programs).

    Both vulnerabilities exploit performance features (caching and speculative execution) common to many modern processors to leak data via a so-called side-channel attack. Happily, the Raspberry Pi isn’t susceptible to these vulnerabilities, because of the particular ARM cores that we use.

    To help us understand why, here’s a little primer on so

Security: KPTI, Meltdown and Spectre

Filed under
Security
  • Intel facing class-action lawsuits over Meltdown and Spectre bugs

    Intel has been hit with at least three class-action lawsuits over the major processor vulnerabilities revealed this week.

    The flaws, called Meltdown and Spectre, exist within virtually all modern processors and could allow hackers to steal sensitive data although no data breaches have been reported yet. While Spectre affects processors made by a variety of firms, Meltdown appears to primarily affect Intel processors made since 1995.

    Three separate class-action lawsuits have been filed by plaintiffs in California, Oregon and Indiana seeking compensation, with more expected. All three cite the security vulnerability and Intel’s delay in public disclosure from when it was first notified by researchers of the flaws in June. They also cite the alleged computer slowdown that will be caused by the fixes needed to address the security concerns, which Intel disputes is a major factor.

  • More about Spectre and the PowerPC (or why you may want to dust that G3 off)

    Most of the reports on the Spectre speculative execution exploit have concentrated on the two dominant architectures, x86 (in both its AMD and Meltdown-afflicted Intel forms) and ARM. In our last blog entry I said that PowerPC is vulnerable to the Spectre attack, and in broad strokes it is. However, I also still think that the attack is generally impractical on Power Macs due to the time needed to meaningfully exfiltrate information on machines that are now over a decade old, especially with JavaScript-based attacks even with the TenFourFox PowerPC JIT (to say nothing of various complicating microarchitectural details). But let's say that those practical issues are irrelevant or handwaved away. Is PowerPC unusually vulnerable, or on the flip side unusually resistant, to Spectre-based attacks compared to x86 or ARM?

  • Measuring the Intel Management Engine to Create a More Secure Computer

    A modern computer has many different avenues for attack—ranging from local user-level exploits to root and kernel exploits, all the way down to exploits that compromise the boot loader or even the BIOS—but for over ten years the Intel Management Engine—with its full persistent access to all computer hardware combined with its secretive code base—has offered the theoretical worst-case scenario for a persistent invisible attack. The recent exploit from the talented group of researchers at Positive Technologies moves that worst-case scenario from “theoretical” to reality. While the proof-of-concept exploit is currently limited to local access, it is only a matter of time before that same style of stack smash attack turns remote by taking advantage of systems with AMT (Advanced Management Technology) enabled.

  • Linus Torvalds Latest Meltdown: “Is Intel Selling Sh*t And Never Willing To Fix Anything?”

    It’s not surprising to hear that the creator of the open-source Linux kernel couldn’t hold his temper after learning that Intel processors are affected by vulnerabilities that date back more than a decade ago. And why not? He has enough power to criticize Intel as the active development of the 26-year-old Linux kernel can’t go forward without him.

  • Linux Kernel 4.14.12 Released to Disable x86 PTI for AMD Radeon Processors

    It was bound to happen sooner or later, so Greg Kroah-Hartman just announced today the release of the Linux 4.14.12 kernel, which disables the x86 KPTI patches for AMD Radeon processors.

    Submitted over the Christmas holidays by AMD engineer Tom Lendacky, the "x86/cpu, x86/pti: Do not enable PTI on AMD processors" patch has landed today in the Linux 4.14.12 kernel, disabling the kernel page table isolation (KPTI) for all AMD Radeon processors, which were treated as "insecure" until now.

  • More Linux Kernel & GCC Patches Come Out In The Wake Of Spectre+Meltdown

    Besides the already-merged Kernel Page Table Isolation (KPTI) patches, other Linux kernel patches are coming out now in light of the recent Spectre and Meltdown vulnerabilities.

    Paul Turner of Google has posted some "request for comments" patches on a "Retpoline" implementation for the Linux kernel. The Retpoline patches are intended for fending off Spectre, the attack that breaks isolation between different applications. Unfortunately the Retpoline patching does add an additional cost to the kernel performance with the overall overhead being reported up to a 1.5% range.

  • KPTI Intel Chip Flaw Exposes Security Risks

    Operating system vendors are rushing to put out a fix for an alleged Intel chip flaw that could be used to exploit systems.

    Intel has not officially disclosed details on the flaw yet, though a patch already exists in the Linux kernel, with patches for Microsoft Windows and Apple macOS expected by Jan. 9. The Intel flaw doesn't have a branded name at this point, though security researchers have referred to it as both KPTI (Kernel Page Table Isolation) and KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed).

  • Reading privileged memory with a side-channel

    We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.

Hardware Security Fiasco: The Latest

Filed under
Hardware
Security
  • Windows 10 Cumulative Update KB4056892 (Meltdown & Spectre Fix) Fails to Install

    Microsoft rolled out Windows 10 cumulative update KB4056892 yesterday as an emergency patch for systems running the Fall Creators Update in an attempt to fix the Meltdown and Spectre bugs affecting Intel, AMD, and ARM processors manufactured in the last two decades.

    But as it turns out, instead of fixing the two security vulnerabilities on some computers, the cumulative update actually breaks them down, with several users complaining that their systems were rendered useless after attempting to install KB4056892.

    Our readers pointed me to three different Microsoft Community threads (1, 2, 3) where users reported cumulative update KB4056892 issues, and in every case the problem appears to be exactly the same: AMD systems end up with a boot error before trying a rollback and failing with error 0x800f0845.

  • Linus Torvalds says Intel needs to admit it has issues with CPUs

    Linux creator Linus Torvalds has had some harsh words for Intel in the course of a discussion about patches for two [sic] bugs that were found to affect most of the company's processors.

  • We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

    In the wake of The Register's report on Tuesday about the vulnerabilities affecting Intel chips, Chipzilla on Wednesday issued a press release to address the problems disclosed by Google's security researchers that afternoon.

    To help put Intel's claims into context, we've annotated the text. Bold is Intel's spin.

  • When F00F bug hit 20 years ago, Intel reacted the same way

    A little more than 20 years ago, Intel faced a problem with its processors, though it was not as big an issue as compared to the speculative execution bugs that were revealed this week.

  • Meltdown, Spectre and the Future of Secure Hardware

    Meltdown and Spectre are two different—but equally nasty—exploits in hardware. They are local, read-only exploits not known to corrupt, delete, nor modify data. For local single user laptops, such as Librem laptops, this is not as large of a threat as on shared servers—where a user on one virtual machine could access another user’s data on a separate virtual machine.

    As we have stated numerous times, security is a game of depth. To exploit any given layer, you go to a lower layer and you have access to everything higher in the stack.

  • KPTI — the new kernel feature to mitigate “meltdown”
  • Astounding coincidence: Intel's CEO liquidated all the stock he was legally permitted to sell after learning of catastrophic processor flaws
  • Intel CEO sold all the stock he could after Intel learned of security bug

     

    While an Intel spokesperson told CBS Marketwatch reporter Jeremy Owens that the trades were "unrelated" to the security revelations, and Intel financial filings showed that the stock sales were previously scheduled, Krzanich scheduled those sales on October 30. That's a full five months after researchers informed Intel of the vulnerabilities. And Intel has offered no further explanation of why Krzanich abruptly sold off all the stock he was permitted to.

Meltdown/Spectre 'Damage Control'

Filed under
Hardware
Security
  • Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers
  • Massive Intel Chip Security Flaw Threatens Computers

    A design flaw in all Intel chips produced in the last decade is responsible for a vulnerability that puts Linux, Windows and macOS-powered computers at risk, according to multiple press reports. The flaw reportedly is in the kernel that controls the chip performance, allowing commonly used programs to access the contents and layout of a computer's protected kernel memory areas. The Linux kernel community, Microsoft and Apple have been working on patches to their operating systems to prevent the vulnerability.

  • What Linux Users Must Know About Meltdown and Spectre Bugs Impacting CPUs

    While these bugs impact a huge number of devices, there has been no widespread attacks so far. This is because it’s not straightforward to get the sensitive data from the kernel memory. It’s a possibility but not a certainty. So you should not start panicking just yet.

  • Loose threads about Spectre mitigation

    KPTI patches are out from most vendors now. If you haven't applied them yet, you should; even my phone updated today (the benefits of running a Nexus phone, I guess). This makes Meltdown essentially like any other localroot security hole (ie., easy to mitigate if you just update, although of course a lot won't do that), except for the annoying slowdown of some workloads. Sorry, that's life.

    Spectre is more difficult. There are two variants; one abuses indirect jumps and one normal branches. There's no good mitigation for the last one that I know of at this point, so I won't talk about it, but it's also probably the hardest to pull off. But the indirect one is more interesting, as there are mitigations popping up. Here's my understanding of the situation, based on random browsing of LKML (anything in here may be wrong, so draw your own conclusions at the end):

    Intel has issued microcode patches that they claim will make most of their newer CPUs (90% of the ones shipped in the last years) “immune from Spectre and Meltdown”. The cornerstone seems to be a new feature called IBRS, which allows you to flush the branch predictor or possibly turn it off entirely (it's not entirely clear to me which one it is). There's also something called IBPB (indirect branch prediction barrier), which seems to be most useful for AMD processors (which don't support IBRS at the moment, except some do sort-of anyway, and also Intel supports it), and it works somewhat differently from IBRS, so I don't know much about it.

  • The disclosure on the processor bugs

    The rumored bugs in Intel (and beyond) processors have now been disclosed: they are called Meltdown and Spectre, and have the requisite cute logos. Stay tuned for more.

    See also: this Project Zero blog post. "Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01."

    See also: this Google blog posting on how it affects users of Google products in particular. "[Android] devices with the latest security update are protected. Furthermore, we are unaware of any successful reproduction of this vulnerability that would allow unauthorized information disclosure on ARM-based Android devices. Supported Nexus and Pixel devices with the latest security update are protected."

  • How the Meltdown Vulnerability Fix Was Invented

    A major security flaw has surfaced that’s thought to affect all Intel microprocessors since at least 2011, some ARM processors and, according to Intel, perhaps those of others. Unusually, the exploit, called Meltdown, takes advantage of the processors’ hardware rather than a software flaw, so it circumvents security schemes built into major operating systems.

  • Why Intel x86 must die: Our cloud-centric future depends on open source chips

    Two highly publicized security flaws in the Intel x86 chip architecture have now emerged. They appear to affect other microprocessors made by AMD and designs licensed by ARM.

    And they may be some of the worst computer bugs in history -- if not the worst -- because they exist in hardware, not software, and in systems that number in the billions.

    These flaws, known as Meltdown and Spectre, are real doozies. They are so serious and far-reaching that the only potential fix in the immediate future is a software workaround that, when implemented, may slow down certain types of workloads as much as 30 percent.

  • Intel Acknowledges Chip-Level Security Vulnerability In Processors

    Security researchers have found serious vulnerabilities in chips made by Intel and other companies that, if exploited, could leave passwords and other sensitive data exposed.

  • ​How Linux is dealing with Meltdown and Spectre

    He's not the only one unhappy with Intel. A Linux security expert is irked at both Google and Intel. He told me that Google Project Zero informed Intel about the security problems in April. But neither Google nor Intel bothered to tell the operating system vendors until months later. In addition, word began to leak out about the patches for these problems. This forced Apple, the Linux developers, and Microsoft to scramble to deliver patches to fundamental CPU security problems.

    The result has been fixes that degrade system performance in many instances. While we don't know yet how badly macOS and Windows will be affected, Michael Larabel, a Linux performance expert and founder of the Linux Phoronix website, has ran benchmarks on Linux 4.15-rc6, a Linux 4.15 release candidate, which includes Kernel Page Table Isolation (KPTI) for Intel's Meltdown flaw.

  • [Fedora] Protect your Fedora system against Meltdown

    You may have heard about Meltdown, an exploit that can be used against modern processors (CPUs) to maliciously gain access to sensitive data in memory. This vulnerability is serious, and can expose your secret data such as passwords. Here’s how to protect your Fedora system against the attack.

  • Today's CPU vulnerability: what you need to know

    The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.

  • Apple says Spectre and Meltdown vulnerabilities affect all Mac and iOS devices

    Technology companies are working to protect their customers after researchers revealed that major security flaws affecting nearly every modern computer processor could allow hackers to steal stored data — including passwords and other sensitive information — on desktops, laptops, mobile phones and cloud networks around the globe.

    The scramble to harden a broad array of devices comes after researchers found two significant vulnerabilities within modern computing hardware, one of which cannot be fully resolved as of yet. Experts say the disclosure of the critical flaws underscores the need to keep up with software updates and security patches and highlights the role independent research plays in prodding tech companies to minimize security weaknesses.

  • Intel CEO Sold $24 Million In Stocks After Google Exposed 10 Year Old Vulnerabilities

    In the month of November last year, Intel CEO Brian Krzanich sold off a big chunk of his company stocks worth $24 million (245,743 shares). The stocks were valued at $11 million back then. Now, the CEO is left with just 250,000 shares which fulfill the minimum requirement to continue his job.

  • “Meltdown” And “Spectre” Flaws: Affecting Almost All Devices With Intel, AMD, & ARM CPUs

    Just yesterday, a report from The Register disclosed a massive security screwup on behalf of Intel, which impacted nearly all chips manufactured in the past ten years. It was also reported that future patches released by the developers of Windows and Linux kernel could reduce the performance of devices up to 5-30%. That’s a lot.

  • Security updates for Thursday

    As might be guessed, a fair number of these updates are for the kernel and microcode changes to mitigate Meltdown and Spectre. More undoubtedly coming over the next weeks.

  • A collection of Meltdown/Spectre postings
  • Mitigations landing for new class of timing attack

    Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Our internal experiments confirm that it is possible to use similar techniques from Web content to read private information between different origins. The full extent of this class of attack is still under investigation and we are working with security researchers and other browser vendors to fully understand the threat and fixes. Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. This includes both explicit sources, like performance.now(), and implicit sources that allow building high-resolution timers, viz., SharedArrayBuffer.

  • Is PowerPC susceptible to Spectre? Yep.

    Meltdown is specific to x86 processors made by Intel; it does not appear to affect AMD. But virtually every CPU going back decades that has a feature called speculative execution is vulnerable to a variety of the Spectre attack. In short, for those processors that execute "future" code downstream in anticipation of what the results of certain branching operations will be, Spectre exploits the timing differences that occur when certain kinds of speculatively executed code changes what's in the processor cache. The attacker may not be able to read the memory directly, but (s)he can find out if it's in the cache by looking at those differences (in broad strokes, stuff in the cache is accessed more quickly), and/or exploit those timing changes as a way of signaling the attacking software with the actual data itself. Although only certain kinds of code can be vulnerable to this technique, an attacker could trick the processor into mistakenly speculatively executing code it wouldn't ordinarily run. These side effects are intrinsic to the processor's internal implementation of this feature, though it is made easier if you have the source code of the victim process, which is increasingly common.

IPFire 2.19 - Core Update 117 released

Filed under
GNU
Linux
Security

The first Core Update is ready to be released today and it comes withh a huge number of various bug and security fixes.

Read more

The inventor of Linux is furious at Intel

Filed under
Security

Linux inventor and founder Linus Torvalds is not known for holding back strong opinions he has about computers, which is why he's become one of the loudest voices critical of Intel's handling of the so-called Meltdown bug, which was revealed on Wednesday and could enable an attacker to steal confidential information, including passwords.

"I think somebody inside of Intel needs to really take a long hard look at their CPU's, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed," Torvalds wrote in a sharply-worded email sent on to a Linux list on Wednesday.

Read more

Also: SUSE Responds to Meltdown and Spectre CPU Vulnerabilities in SLE and openSUSE

Latest on Hardware Catastrophe

Filed under
Hardware
Security

​Major Linux redesign in the works to deal with Intel security flaw

Filed under
Linux
Hardware
Security

Long ago, Intel made a design mistake in its 64-bit chips -- and now, all Intel-based operating systems and their users must pay the price.

Linux's developers saw this coming early on and patched Linux to deal with it. That's the good news. The bad news is it will cause at least a 5-percent performance drop. Applications may see far more serious performance hits. The popular PostgreSQL database is estimated to see at least a 17-percent slowdown.

How bad will it really be? I asked Linux's creator Linus Torvalds, who said: "There's no one number. It will depend on your hardware and on your load. I think 5 percent for a load with a noticeable kernel component (e.g. a database) is roughly in the right ballpark. But if you do micro-benchmarks that really try to stress it, you might see double-digit performance degradation."

Read more

Syndicate content

More in Tux Machines

RF-enabled Raspberry Pi add-on brings Google Assistant to gizmos, speakers, and robots

JOY-iT and Elector have launched a $42 “Talking Pi” RPi add-on that enables Google Home/AIY compatible voice activation of home automation devices linked to the Pi’s GPIO, and includes a mic board, PWM servo controls, and support for a 433MHz SRD radio. Elektor has begun selling a $42, open source voice control add-on board that is programmable via the Google Assistant SDK. Built by Germany based JOY-iT, and marketed by Conrad Business Supplies, the RF-enabled Talking Pi enables voice control of home automation equipment such as smart lights, power sockets, and other gizmos via addressable extensions to the Raspberry Pi’s GPIO. Read more

16-Way Graphics Card Comparison With Radeon On ROCm, NVIDIA With Initial 2018 Linux Drivers

Towards the end of December AMD quietly released ROCm 1.7.60 as the newest version of their Radeon Open Compute stack complete with their maturing OpenCL implementation. With the improvements there plus NVIDIA recently introducing their 390 Linux driver series (390.12 Beta currently), I ran some fresh Linux OpenCL GPU compute benchmarks on a variety of AMD and NVIDIA graphics cards for those curious how the current performance stacks up. Read more Also: X.Org Server Finally Adapted To Better Deal With 16:9 & 16:10 Displays

Proprietary Slack as Canonical's Showcase of Snap

  • Slack comes to Linux as a snap
    Slack’s ambition to become the default, go-to place for employees chat to each other and link into hundreds of other applications to get work done is getting one more step up today by becoming available on a new platform. From today, Slack will be available as a Snap, an application package that’s available across a range of open-source-based Linux environments.
  • Slack now available as a Snap for Linux
    At the end of last year, the Linux desktop scored a huge win when Spotify became available as a Snap. If you aren't familiar with Snaps, please know that they are essentially software packages designed to run as a container on any Linux distro. Not only does it make installing software packages easier for users, but it makes things simpler for developers too. Ultimately, Snaps have the potential to solve the big fragmentation problem in the Linux desktop community.
  • Slack Is Now Available as a Snap for Ubuntu and Other Linux Distros
    Canonical and Slack announced today that the popular Slack team collaboration and communication platform is now available as a Snap for Ubuntu and other Snappy-enabled GNU/Linux distributions. With the promise of making your working life simpler, more productive and pleasant, Slack is used by numerous organizations and businesses to increase the productivity of their employees. It's an all-in-one platform that offers messaging, planning, calendaring, budgeting, code reviewing, and many other tools. "Slack brings team communication and collaboration into one place so you can get more work done, whether you belong to a large enterprise or a small business. Check off your to-do list and move your projects forward by bringing the right people, conversations, tools, and information you need together," reads project's page.
  • Canonical brings Slack to the snap ecosystem
    Canonical, the company behind Ubuntu, today announced the first iteration of Slack as a snap, bringing collaboration to open source users. Slack is an enterprise software platform that allows teams and businesses of all sizes to communicate effectively. Slack works seamlessly with other software tools within a single integrated environment, providing an accessible archive of an organisation’s communications, information and projects. In adopting the universal Linux app packaging format, Slack will open its digital workplace up to an-ever growing community of Linux users, including those using Linux Mint, Manjaro, Debian, ArchLinux, OpenSUSE, Solus, and Ubuntu.
  • Want to Install Slack on Ubuntu? It’s Now Easier Than Ever
    You can easily install Slack on Ubuntu as a Snap application from the Ubuntu Software app. The popular app lets people chat and collaborate in realtime.

Ubuntu Patches

  • Ubuntu Preparing Kernel Updates With IBRS/IBPB For Spectre Mitigation
    Canonical has rolled out Spectre Variant One and Spectre Variant Two mitigation to their proposed repository with updated kernels for Ubuntu 14.04 LTS / 16.04 LTS / 17.10. These kernels with IBRS and IBPB added in will be sent down as stable release updates next week.
  • Canonical Invites Ubuntu Users to Test Kernel Patches for Spectre Security Flaw
    Canonical has released preliminary kernel updates to mitigate both variants of the Spectre security vulnerability in all supported Ubuntu Linux operating systems, including all official flavors. The company promised last week that it would release new kernel updates on Monday, January 15, 2018, for all supported Ubuntu releases. But it didn't happen as they needed more time to thoroughly test and prepare the patches that would presumably address variant 1 and 2 of the Spectre exploit, which is harder to fix than Meltdown, so that it won't cause any issues.
  • Purism Progress Report, Spectre Mitigation for Ubuntu, Malicious Chrome Extensions and More
    Canonical has made Spectre Variant One and Spectre Variant Two mitigation availble in Ubuntu Proposed with updated kernels for Ubuntu 14.04 LTS, 16.04 LTS and 17.10. Those kernels will be in the stable release updates starting January 22, 2018. See ubuntu insights for more information.