Language Selection

English French German Italian Portuguese Spanish

Microsoft

Microsoft Insecurity by Design

Submitted by Roy Schestowitz on Sunday 7th of March 2021 07:55:30 AM Filed under
Microsoft
Security
  • Move over, SolarWinds: 30,000 orgs’ email [cracked] via Microsoft Exchange Server flaws

    Four exploits found in Microsoft’s Exchange Server software have reportedly led to over 30,000 US governmental and commercial organizations having their emails [cracked], according to a report by KrebsOnSecurity. Wired is also reporting “tens of thousands of email servers” [cracked]. The exploits have been patched by Microsoft, but security experts talking to Krebs say that the detection and cleanup process will be a massive effort for the thousands of state and city governments, fire and police departments, school districts, financial institutions, and other organizations that were affected.

  • Microsoft [crack]: White House warns of 'active threat' of email attack

    Microsoft executive Tom Burt revealed the breach in a blog post on Tuesday and announced updates to counter security flaws which he said had allowed [attackers] to gain access to Microsoft Exchange servers.

  • More than 20,000 U.S. organizations compromised through Microsoft flaw: source [iophk: Windows TCO]

    Because installing the patch does not get rid of the back doors, U.S. officials are racing to figure out how to notify all the victims and guide them in their hunt.

    All of those affected appear to run Web versions of email client Outlook and host them on their own machines, instead of relying on cloud providers. That may have spared many of the biggest companies and federal government agencies, the records suggest.

    The federal Cybersecurity and Infrastructure Security Agency did not respond to a request for comment.

  • Don't Breed Crows: How Big Techs Started Out As US Government Projects, And Today They Threaten Democracy

    There is an old Spanish saying that goes like this: "don't breed Crows, they'll sting your eyes," and this saying fits perfectly with the class of American tech companies, the so-called Big Techs.

    Yes, with a few exceptions, most Big Techs were born as projects of the US government, US Army, CIA or NSA. Or, they are entwined with the American government, in one way or another.

    I stress that everything that has been written in this text is not secret. It is available on several websites on the internet, and, there is nothing new here. Just search, and anyone will find this information.

    [...]

    Microsoft The company that was born in 1975 in Albuquerque, New Mexico, as a creator of BASIC interpreters for microcomputers, and then, through a series of misadventures, became the largest software company in existence, also has very deep ties to intelligence agencies.

    Microsoft has been working closely with U.S. intelligence services to allow users' communications to be intercepted, including helping the National Security Agency circumvent the company's own encryption, according to top-secret documents obtained and leaked by Edward Snowden in 2013. These documents show the complicity of several technology companies, in the so-called Prism project.

    [...]

    Now, I invite you to think a little. I've known Microsoft for many years, and this company amasses more flops than hits. Indeed, Microsoft, were it any other company, would have been bankrupt and closed for many years now. But no. It looks like they have a cash printer in Redmond, or does the American government not let the company break, to not lose its source of backdoors ? Something to think about.

    Other than these companies, In-Q-Tel invests in other, little-known companies ranging from video games and virtual reality, to big data and data capture from social networks.

»

Proprietary Software and Security Issues: Microsoft Serving Malware, Ransomware, and FUD

Submitted by Roy Schestowitz on Friday 5th of March 2021 08:52:48 AM Filed under
Microsoft
Security
  • Development on Windows is Painful

    Overall, I think I can at least tolerate this development experience. It's not really the most ideal setup, but it does work and I can get things done with it. It makes me miss NixOS though. NixOS really does ruin your expectations of what a desktop operating system should be. It leaves you with kind of impossible standards, and it can be a bit hard to unlearn them.

    A lot of the software I use is closed source proprietary software. I've tried to fight that battle before. I've given up. When it works, Linux on the desktop is a fantastic experience. Everything works together there. The system is a lot more cohesive compared to the "download random programs and hope for the best" strategy that you end up taking with Windows systems. It's hard to do the "download random programs and hope for the best" strategy with Linux on the desktop because there really isn't one Linux platform to target. There's 20 or something. This is an advantage sometimes, but is a huge pain other times.

    The conclusion here is that there is no conclusion.

  • Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow

    Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow (among others) inside the npm public code repository — all of which exfiltrate sensitive information.

    The packages weaponize a proof-of-concept (PoC) code dependency-confusion exploit that was recently devised by security researcher Alex Birsan to inject rogue code into developer projects.

    Internal developer projects typically use standard, trusted code dependencies that are housed in private repositories. Birsan decided to see what would happen if he created “copycat” packages to be housed instead in public repositories like npm, with the same names as the private legitimate code dependencies.

  • Ryuk ransomware develops worm-like capabilities, France warns

    A new sample of Ryuk ransomware appears to have worm-like capabilities, according to an analysis from the French National Agency for the Security of Information Systems (ANSSI), France’s national cybersecurity agency.

  • FireEye finds evidence Chinese [crackers] exploited Microsoft email app flaw since January [iophk: Windows TCO]

    Cybersecurity group FireEye on Thursday night announced it had found evidence that [crackers] had exploited a flaw in a popular Microsoft email application since as early as January to target groups across a variety of sectors.

    [...]

    Since then, FireEye found evidence that the hackers had gone after an array of victims, including “US-based retailers, local governments, a university, and an engineering firm,” along with a Southeast Asian government and a Central Asian telecom.

  • Does Linux Need Antivirus? [Ed: Avast: Let's badmouth GNU/Linux to make proprietary software sales, with back doors in them, based on the supposition that crap on top of poor practices will somehow yield better results]
»

Linux Foundation, Microsoft, and Linux

Submitted by Roy Schestowitz on Thursday 4th of March 2021 11:21:11 AM Filed under
Linux
Microsoft
  • The Linux Foundation Continues to Expand Japanese Language Training & Certification

    Japan is one of the world’s biggest markets for open source software, which means there is a constant need for upskilling of existing talent and to bring new individuals into the community to meet hiring demand. The Linux Foundation is committed to expanding access to quality open source training and certification opportunities, which is why we have developed a number of Japanese language offerings.

    [...]

    While Hyperledger Fabric Administration is the newest Japanese course offered by Linux Foundation Training & Certification, it is far from alone. Our catalog of Japanese-language offerings includes:

  • ESET says more threat groups using Microsoft zero-days in attacks

    Slovakian security firm ESET says it has detected at least three additional threat groups using a zero-day in Microsoft Exchange Server in attacks, even as the US Government issued an emergency directive telling all US federal bodies to patch Exchange and report on exploitation by noon on Friday.

  • Radeon R600 Gallium3D Flips On OpenGL 4.5 For NIR Backend - Phoronix

    The experimental NIR back-end for the R600 Gallium3D driver as an alternative to the default TGSI code-path has now enabled OpenGL 4.5 support for capable GPUs.

    With a number of OpenGL 4.5 conformance test suite fixes that were merged on Tuesday, OpenGL 4.5 is now ultimately enabled for the NIR code path.

    This OpenGL 4.5 support is enabled for all Radeon HD 5000 "Cedar" GPUs through the Radeon HD 6000 series where the R600g driver support ends. Previously and for the non-NIR code-path this is at OpenGL 4.3 support.

  • Microsoft Sends Out Patches For Hyper-V "Isolation VMs" With Linux [Ed: Microsoft is interjecting shims for proprietary software with NSA back doors... into the Linux kernel]

    With the forthcoming Linux 5.12 kernel there is a big Redmond victory with Linux being able to boot as the root partition on Microsoft's hypervisor while moving forward the company still has more in store for the ongoing years long effort of Linux on Hyper-V.

    [...]

    At the moment there are 12 patches from Microsoft engineers under a "request for comments" banner on implementing this Hyper-V support for Isolation VMs -- both with VBS and AMD SEV-SNP. It's obviously too late for seeing in the 5.12 kernel but we'll see when this latest Hyper-V driver initiative is buttoned up and ready for mainline.

»

Microsoft Security Issues and Blame-Shifting

Submitted by Roy Schestowitz on Wednesday 3rd of March 2021 02:23:22 PM Filed under
Microsoft
Security
»

Refund of pre-installed Windows: Lenovo must pay 20,000 euros in damages

Submitted by Roy Schestowitz on Tuesday 2nd of March 2021 11:12:23 AM Filed under
GNU
Linux
Hardware
Microsoft

In a historic judgment in Italy, in a case initiated by FSFE supporter Luca Bonissi, Lenovo was ordered to pay 20,000 euros in damages for abusive behaviour in denying to refund the price of a pre-installed Windows licence. In a motivating gesture for the Free Software cause, Luca donated 15,000 euros to the FSFE.

We all know how frustrating it is to buy a brand new computer and realise that it comes with a pre-installed proprietary operating system. Some companies have adapted their unfair behaviour and established clearer procedures for consumers to obtain the refund for paid licences of software they do not want to use. However, some computer manufacturers like Lenovo still make it very hard for consumers, forcing them to assert their rights in expensive and exhausting lawsuits. This is the successful story of Luca Bonissi, an Italian developer and long-term FSFE supporter and volunteer, in his relentless quest for getting a Windows licence refund, and how Lenovo was ordered to pay 20,000 euros for its unlawful behaviour during the court proceedings.

Read more

»

Microsoft Proprietary Software Disasters and Human Rights Abuses

Submitted by Roy Schestowitz on Thursday 18th of February 2021 02:37:16 PM Filed under
Microsoft
  • Unhappy with response, senators ask for a leader to head up cyber breach cleanup [iophk: Windows TCO]

    In a Feb. 9 letter, Sens. Mark Warner, D-Virginia, and Marco Rubio, R-Florida ― the chairman and vice chairman of the Senate Intelligence Committee, respectively — expressed their concern with the federal response to date.

  • Microsoft Vaccine Scheduling Software Deal Ended By Iowa

    In New Jersey, the system had yet to work correctly after five weeks, two administration officials who asked not to be identified said last week. That was a high-profile stumble for Redmond, Washington-based Microsoft, which is trying to build a big business by selling software to run hospitals and health care systems and has been touting its ability to aid the nationwide effort to inoculate residents against the coronavirus.

  • DNA testing source code

    The maker of the software, Cybergenetics, has insisted in lower court proceedings that the program’s source code is a trade secret.

»

A Post-Mortem in 5 Acts: How Microsoft Privatized Open Source And Killed JavaScript in the Process

Submitted by Rianne Schestowitz on Thursday 18th of February 2021 06:14:10 AM Filed under
Development
Microsoft
OSS

Microsoft may not be able to innovate on products, and they usually fail miserably. But it is shockingly good at marketing, propaganda, and take-overs.

Microsoft has essentially deprecated JavaScript and the non-profit foundation, which governed it, by TypeScript, which is governed and controlled by the for-profit Microsoft Corporation. If Microsoft was truly interested in improving JavaScript it could have done that through the non-profit foundation. But instead, it took the ‘Evil Corp’ approach of making the foundation and JavaScript slowly irrelevant, so it could guarantee that it could monopolize and monetize the whole industry.

Read more

»

Use this bootable USB drive on Linux to rescue Windows users

Submitted by Roy Schestowitz on Wednesday 17th of February 2021 10:08:45 AM Filed under
GNU
Linux
Microsoft

People regularly ask me to help them rescue Windows computers that have become locked or damaged. Sometimes, I can use a Linux USB boot drive to mount Windows partitions and then transfer and back up files from the damaged systems.

Other times, clients lose their passwords or otherwise lock their login account credentials. One way to unlock an account is to create a Windows boot disk to repair the computer. Microsoft allows you to download copies of Windows from its website and offers tools to create a USB boot device. But to use them, you need a Windows computer, which means, as a Linux user, I need another way to create a boot DVD or USB drive. I have found it difficult to create Windows USBs on Linux. My reliable tools, like Etcher.io, Popsicle (for Pop!_OS), and UNetbootin, or using dd from the command line to create bootable media, have not been very successful.

Read more

»

Microsoft Azure and Canonical Ubuntu Linux have a user privacy problem

Submitted by Rianne Schestowitz on Monday 15th of February 2021 06:45:40 PM Filed under
Microsoft
Security
Ubuntu

It was just another day for Luca Bongiorni, a security advisor for Bentley Systems. He'd just spun up an Ubuntu Linux 18.04 instance on the Microsoft Azure cloud using a corporate sandbox for testing purposes. Three hours later, on Bongiorni's LinkedIn account he received a message from a Canonical sales representative saying, "I saw that you spun up an Ubuntu image in Azure," and telling him he'd be his "point of contact for anything Ubuntu-related in the enterprise." Say what??

Actually, Bongiorni was a little more "frank" about his annoyance and surprise that a Canonical salesperson had tracked him down on an entirely different service and knew that he had just used Ubuntu on Microsoft Azure. "What the f*** is happening here? WHY [did] MICROSOFT FORWARDED TO UBUNTU THAT I SPUN A NEW VM!?!" Customer privacy, what's that?

Read more

»

Proprietary Microsoft Stuff and Security Issues

Submitted by Roy Schestowitz on Monday 15th of February 2021 04:47:30 PM Filed under
Microsoft
Security
  • What deserves firing? Asking for Excel, or ignoring the alternatives?

    The Idaho Statesman (IS) is a USA local newspaper, that is owned by a company called McClatchy. A few years ago, McClatchy decided to cut costs by, among other things, “doing away with subscriptions to Microsoft Office for new employees”. Consequentely, in late January 2021 McClatchy denied a request by a new IS reporter to have “access to Microsoft Excel”. Faced with resistance to get a software program as basic as a spreadsheet for a member of her staff, the IS top editor, Mrs Christina Lords, complained about this on Twitter.

    Eventually, it seems, the reporter was “granted access to Excel on her company laptop”. But Lords was fired, for violating McClatchy’s social media policy.

    [...]

    As far as I am concerned, I find nothing wrong in McClatchy’s decision to not pay anymore for Microsoft Office. What I find hard to accept is just their refusal to buy the most expensive variety of a software essential for daily tasks… without concretely encouraging all of their staff to use license-free alternatives, or at least allowing them. It is almost like saying “we won’t buy gold-plated Mont Blanc pens for new employees anymore, but even those employees must write only with gold-plated Mont Blanc pens”. Please tell me that there is more to this story.

  • Report: Microsoft recently sought to acquire Pinterest

    Microsoft Corp. at one point considered acquiring the social network Pinterest Inc., according to a report today in the Financial Times.

    Pinterest had a market capitalization of about $51 billion prior to the publication of the report. The company’s stock price jumped more than 5% following the Financial Times’ scoop, after previously rising more than 600% since the start of the coronavirus pandemic.

    The paper, citing people familiar with the matter, said that Microsoft had approached Pinterest about an acquisition “in recent months.” One of the tipsters was citing as saying that the negotiations are currently not active. It’s unclear whether the talks were shelved completely or simply paused.

  • Arrests in Ukraine hit Windows Egregor ransomware gang

    Law enforcement authorities in France and Ukraine have joined forces to arrest a number of people in Ukraine who were using the Windows Egregor ransomware to make money.

  • NVD - CVE-2020-24074
  • CVE - CVE-2020-24074
  • Singtel affected by cyber attack on Accellion file-sharing software

    Singapore's multinational telecommunications conglomerate Singtel has been breached by an attack on a file-sharing system from Accellion that is nearing its end-of-life, with the breach ocurring on 20 January, the telco says.

  • Open-Source Kernel Security Technologies

    Lockdown is a relatively new security feature designed specifically for the Linux kernel. Part of the Linux kernel 5.4 branch, it is a feature that must be activated. Its default mode is off, simply because it can negatively affect existing systems. However, the primary function of lockdown is to prevent root account interactions with kernel code. By strengthening this divide, Lockdown counters potentially dangerous interactions that have been possible since the launch of the Linux OS. Once lockdown has been activated, there will be limitations on kernel functionality, but these will make it significantly more difficult for root accounts that have been compromised to affect the rest of the OS.

  • Here’s why you should be wary of installing anything that sets SELinux to permissive

    In the world of Android modding, people tend to regard root access as the cornerstone of all things. It allows users to take complete control of their devices and add features that aren’t always available in the stock configuration. But as they say — “with great power comes great responsibility” — it’s not wise to bypass Android’s security model unless you know what you’re getting into. For veteran Android enthusiasts on our forums, you are probably aware of the potential for backdoors to exist on your device, and you are more likely to be running a trusted root-enabled mod on top of the latest Android version with the latest security patches. Having said that, you might know a few people who don’t really care about what root tweaks they install so long as they seemingly work for them. This is why you can still find a truckload of mods that only work when SELinux is set to permissive, which, in turn, leave their users extremely susceptible to security threats.

    [...]

    For a user to get full root access on their own device running Android 10 (or higher) with SELinux set to permissive is shockingly easy to do: All you have to do is press install, and “Magica” will automatically gain root access in a service and install Magisk to the boot image. This is something far wider in scope than just tweaking your device. According to XDA Senior Recognized Developer and Magisk maintainer topjohnwu, any arbitrary app, including malware, can permanently root your device without your consent and permission by utilizing the PoC.

»
Syndicate content

More in Tux Machines

Tor and Mozilla/Firefox

  • United Nations Whisteblower Says The Tor Anonymity Network Is Great For Human Rights Work

    US military subsidiaries such as the NSA, who use Tor for open source intelligence gathering, are not the only ones who need a secure traffic analysis resistant anonymity network like Tor. UN human rights lawyer Emma Reilly says it is "great" when working with human rights defenders. [...] We feel for her, she is not the only one who was forced to learn Pascal in her youth. We also feel for all the victims of the UN Human Rights Council who has been handing over names of human rights activists from the day it formed in March 2006. China is not only having a very negative impact on human rights activists who contact the UN for help, China is also committing grave crimes against pro-democracy activists in Hong Kong (香港). [...] The free software tool OnionShare is a very user-friendly program that lets you share files and setup chat-rooms over the Tor network in case you need to communicate with human rights activists or other endangered people in a secure fashion. You can follow human rights lawyer Emma Reilly on Twitter if you want to learn more about her important human rights work. She does not appear to have a fediverse social media account in case Twitter de-platforms her on behest of the Chinese regime.

  • How one woman fired up her online business during the pandemic

    Sophia Keys started her ceramics business, Apricity Ceramics, five years ago. But it wasn’t until a global pandemic forced everyone to sign on at home and Screen Time Report Scaries became a thing that her business really took off. She had never been active on social media, but decided to create relaxing videos of pottery throwing as a type of craft-ASMR (autonomous sensory meridian response videos that provide relaxation with a sedative, tingling sensation for some) early in the pandemic. These videos gained traction and Keys started building a community. A couple months into the pandemic, when she had more finished pieces than she knew what to do with, she posted about the sale on her Instagram page. She sold out. She now has over 21K followers and her ceramics sell out in hours. Amidst the chaos of 2020, here’s how Sophia expanded her woman-owned online business, found her own confidence on social media, and built a community around her handmade products.

  • Mozilla Performance Blog: Performance Sheriff Newsletter (February 2021)

    In February there were 201 alerts generated, resulting in 29 regression bugs being filed on average 4 days after the regressing change landed. Welcome to the February 2021 edition of the performance sheriffing newsletter. Here you’ll find the usual summary of our sheriffing efficiency metrics, followed by some analysis on the data footprint of our performance metrics. If you’re interested (and if you have access) you can view the full dashboard.

Games: Assassin’s Greed, Yorg, Wanted Raccoon and More

  • Assassin’s Greed

    I don’t think any sane person is going to disagree with the quote, “Power corrupts; absolute power corrupts absolutely.” For those unaware, that quote came from British politician Baron Acton in 1887. That’s one of the few sayings man has uttered that stands against the test of time. Keep in mind, Acton coined this phrase from politicians who said something similar even earlier than his time; Acton’s phrase just seems to be the most popular, since it reads like modern English. Now, I’m not trying to get into politics; we’re a gaming web site, after all. But sadly, after a number of events have occurred — for the gaming industry in particular — within the past couple of years, I feel like even us Linux gamers get the short end of the stick. True, we always had the short end of the stick, up until Valve stepped in and basically saved our bacon around 2012-2013. But as far as native Linux games are concerned, and as advanced as Proton gets, competition that has arisen lately can either be a plus for us, or, as I bring out here, competition can be more so of a nuisance than it is anything else. [...] Yeah, some were probably expecting me to point the gun at Microsoft first. I’m not a total Microsoft hater, as I do appreciate some of their work, like some of the code they’ve contributed to the Linux kernel. But I seem to hear it all the time. Microsoft bought this company. [...] Microsoft joined the Linux foundation late 2016. Supposedly, they’re a high-paying “Platinum Member.” I don’t know if their claim, “We love Linux,” is actually true. If anything, they consider Linux as a threat, as long as they’re not making revenue via this platform. They haven’t made any official drivers for Linux as far as their Xbox controllers are concerned. Microsoft is invested in Linux at least when it comes to their whole Azure cloud services, a competitor to AWS and Google Cloud, and they have made it easier to develop for Linux within Windows with the WSL module developed in partnership with Ubuntu. Microsoft tried to make their own locked garden during the Windows 8 era with the Windows Store and trying to force everyone to put their applications through there. Fortunately, they failed miserably, thanks in no small part to Valve creating SteamOS. But it doesn’t mean Microsoft won’t stop trying.

  • FOSS racer Yorg has a new release with improved gamepad support | GamingOnLinux

    Top-down open-source racing? Yorg is a little bit like some of the classic Micro Machines games and while rough around the edges as it's in development it's showing promise as another FOSS game. With fast arcade racing along with some amusing physics, Yorg is already a lot of fun with multiple tracks, vehicles and different drivers to pick from. You can play against AI, local multiplayer and experimental online multiplayer. There's weapons too, so you can blow everyone up.

  • Wanted Raccoon is an upcoming comedy game in the spirit of Goat Simulator

    Remember the craziness of Goat Simulator? Wanted Raccoon has a familiar theme of animals going wild and it's entering Early Access on March 19 with Linux support. A game that seems like a big gimmick but apparently there's a little more to it. The developer mentions an actual storyline and some sort of research system. You can ride skateboards, fight people, upgrade skills, and of course - steal food. Everything a good Raccoon does right? There's also something about a kidnapped family. Hero Raccoon to the rescue?

  • Building a Retro Linux Gaming Computer - Part 2: Selecting a Graphics Card

    Linux graphics support is still remarkably similar to how it was 20 years ago, even with all the progress that has been made in the years since. The Mesa 3D graphics library had its origins all the way back in 1995, and through the Utah GLX project attracted the attention of industry luminaries such as id Software’s John Carmack and vendors such as ATI, Intel, Matrox, S3, and 3dfx. By the turn of the millennium all of them had at least some support in Mesa. Nvidia went a different route, one which continues to set them apart to this day. Rather than choosing to cooperate with Mesa they instead ported their Windows drivers over to Linux directly, maintaining their own proprietary binary blob separate from the main Linux kernel. This driver model was also later adopted by ATI when they switched focus to their own proprietary “fglrx” driver, although this was largely reversed again after AMD acquired the company in 2006. By the time of Red Hat Linux 9 the Direct Rendering Infrastructure or DRI was firmly in place in Mesa and offered 3D support for a wide number of cards. This included the ATI 3D Rage Pro Turbo, which was the AGP card I had selected to test the machine. While a solid 2D performer it offered lacklustre 3D graphics even for the time of its release, and was intended more as an OEM graphics solution than for gaming. That makes them easy to find, but also not worth a lot.

10 Best Compression Tools for Linux

File compression is an integral part of system administration. Finding the best compression method requires significant determination. Luckily, there are many robust compression tools for Linux that make backing up system data easier. Here, we present ten of the best Linux compression tools that can be useful to enterprises and users in this regard. [...] A plethora of reliable Linux compression tools makes it easy to archive and back up essential data. You can choose from many lossless compressors with high compression ratios such as LZ4, lzop, and bzip2. On the other hand, tools like Zstandard and plzip allow for more advanced compression workflows. Read more

Security Leftovers

  • Security updates for Monday

    Security updates have been issued by Debian (activemq, libcaca, libupnp, mqtt-client, and xcftools), Fedora (ceph, mupdf, nagios, python-PyMuPDF, and zathura-pdf-mupdf), Mageia (cups, kernel, pngcheck, and python-pygments), openSUSE (bind, chromium, gnome-autoar, kernel, mbedtls, nodejs8, and thunderbird), and Red Hat (nodejs:10, nodejs:12, nodejs:14, screen, and virt:8.2 and virt-devel:8.2). 

    •   
  • Server Security Tips – Secure Your Server with These Best Practices

    Servers play a vital role in organizations. Their primary function is to provide both data and computational services. Because of the critical role they play, servers hold confidential organizational data and information. Information is like gold nowadays, and hackers are gold miners. An insecure server is vulnerable to all sorts of security threats and data breaches.

    •      
  • Multiple Linux Kernel Vulnerabilities Could Allow Privilege Escalation

    Fortunately, before any active exploitation, Popov fixed these bugs for the users. Popov has confirmed merging of these patches with the mainline kernel version 5.11-rc7. Also, the fixes have been “backported into the stable affected trees”. As Positive Technologies elaborated, this isn’t the first time Popov found and patched a vulnerability. Earlier, he has also caught and fixed two Linux, bugs CVE-2017-2636 and CVE-2019-18683, as well in 2017 and 2020 respectively.

  • Understanding Samsung Knox Vault: Protecting the data that matters most

    Eight years ago, Samsung set out on a mission to build the most trusted and secure mobile devices in the world. With the introduction of our Samsung Knox platform at MWC in 2013, we put in place the key elements of hardware-based security that would help defend Samsung mobile devices and our customers’ data against increasingly sophisticated cyber threats. Samsung Knox has since evolved into more than a built-in security platform, now encompassing a full suite of mobile management tools for enterprise IT administrators. But our mobile product planners, developers and security engineers have remained laser-focused on answering the primary question: how do we remain a step ahead of hackers and keep our users safe at all times? [...] In the first days of Android, the main focus was building a more open and flexible mobile operating system. Security was state-of-the-art for the time, inherited from the world of Unix and mainframe computers. But from the start, it became clear that smartphones were different; they were the most personal computers anyone had ever built.

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6