Language Selection

English French German Italian Portuguese Spanish

Security: Uber Sued, Intel ‘Damage Control’, ZDNet FUD, and XFRM Privilege Escalation

Filed under
Security
  • Uber hit with 2 lawsuits over gigantic 2016 data breach

    In the 48 hours since the explosive revelations that Uber sustained a massive data breach in 2016, two separate proposed class-action lawsuits have been filed in different federal courts across California.

    The cases allege substantial negligence on Uber’s part: plaintiffs say the company failed to keep safe the data of the affected 50 million customers and 7 million drivers. Uber reportedly paid $100,000 to delete the stolen data and keep news of the breach quiet.

    On Tuesday, CEO Dara Khosrowshahi wrote: “None of this should have happened, and I will not make excuses for it.”

  • Intel Releases Linux-Compatible Tool For Confirming ME Vulnerabilities [Ed: ‘Damage control’ strategy is to make it look like just a bug.]

    While Intel ME security issues have been talked about for months, confirming fears that have been present about it for years, this week Intel published the SA-00086 security advisory following their own internal review of ME/TXE/SPS components. The impact is someone could crash or cause instability issues, load and execute arbitrary code outside the visibility of the user and operating system, and other possible issues.

  • Open source's big weak spot? Flawed libraries lurking in key apps [Ed: Linux basher Liam Tung entertains FUD firm Snyk and Microsoft because it suits the employer's agenda]
  • SSD Advisory – Linux Kernel XFRM Privilege Escalation

More in Tux Machines

EXT4 fscrypt vs. eCryptfs vs. LUKS dm-crypt Benchmarks

Given the recent advancements of the EXT4 file-system with its native file-system encryption support provided by the fscrypt framework, here are benchmarks comparing the performance of an EXT4 file-system with no encryption, fscrypt-based encryption, eCryptfs-based encryption, and a LUKS dm-crypt encrypted volume. Read more

Debian GNU/Linux 8 "Jessie" Has Reached End of Security Support, Upgrade Now

Released more than three years ago, on April 25, 2015, Debian GNU/Linux 8 "Jessie" is currently considered the "oldstable" Debian branch since the release of the Debian GNU/Linux 9 "Stretch" operating system series precisely a year ago, on June 17, 2017. As such, Debian GNU/Linux 8 "Jessie" has now reached end of life and will no longer receive regular security support beginning June 17, 2018. Security support for Debian GNU/Linux 8 "Jessie" will be handed over to the Debian LTS team now that LTS (Long Term Support) support has ended for Debian GNU/Linux 7 "Wheezy" on May 31, 2018. Debian GNU/Linux 8 "Jessie" will start receiving additional support from the Debian LTS project starting today, but only for a limited number of packages and architectures like i386, amd64, armel, and armhf. Read more

openSUSE Tumbleweed Is Now Powered by Linux Kernel 4.17, KDE Plasma 5.13 Landed

As of today, the openSUSE Tumbleweed rolling operating system is now powered by the latest and most advanced Linux 4.17 kernel series, which landed in the most recent snapshot released earlier. Tumbleweed snapshot 20180615 was released today, June 17, 2018, and it comes only two days after snapshot 20180613, which added the Mesa 18.1.1 graphics stack and KDE Plasma 5.13 desktop environment, along with many components of the latest KDE Applications 18.04.2 software suite. Today's snapshot 20180615 continued upgrading the KDE Applications software suite to version 18.04.2, but it also upgraded the kernel from Linux 4.16.12 to Linux 4.17.1. As such, OpenSuSE Tumbleweed is now officially powered by Linux kernel 4.17, so upgrading your installs as soon as possible would be a good idea. Read more

today's howtos and leftovers