Security: Linux/BillGates, Hyped Bug(fix), DNS over TLS
Notes on Linux/BillGates
This post will include some notes on Linux/BillGates, hereafter referred to as just ‘BillGates’, and rather than being very in-depth as the previous blog, I will mostly list high-level notes and remediation or disinfection steps. Additionally, after the conclusion, you will find other resources if necessary.
Dirty COW redux: Linux devs patch botched patch for 2016 mess
Linus Torvalds last week rushed a patch into the Linux kernel, after researchers discovered the patch for 2016's Dirty COW bug had a bug of its own.
Dirty COW is a privilege escalation vulnerability in Linux's “copy-on-write” mechanism, first documented in October 2016 and affecting both Linux and Android systems.
New web browsing security tool arrives: DNS over TLS
Net neutrality is on its death bed. With it gone, ISPs will be able to strip-data-mine your every move on the web. There are answers. One is Tenta's new secure Domain Name System (DNS) resolver, Tenta DNS. This receives and sends the directions to the websites you visit using the secure Transport Layer Security (TLS) protocol.
DNS is the internet's master phone book. When you type in a website address or click on a link, it turns human-readable domain names into machine-usable IP addresses. If you use your ISP's DNS server, which is the default, the ISP can watch your every move. Even if you use an ordinary third-party DNS server, such as Google Public DNS servers, 8.8.8.8 or 8.8.4.4, and one of Cisco's OpenDNS servers, 208.67.222.222 or 208.67.220.220, your DNS requests are still made in the clear and your ISP can see where you're going.
4MLinux 23.1 released.
This is a minor (point) release in the 4MLinux STABLE channel, which comes with the Linux kernel 4.9.61. The 4MLinux Server now includes Apache 2.4.29, MariaDB 10.2.10, and PHP 7.0.25 (see this post for more details). Additionally, some popular programs (Audacity, PeaZip, UNetbootin) have been updated, too. You can update your 4MLinux by executing the "zk update" command in your terminal (fully automatic process).
