Language Selection

English French German Italian Portuguese Spanish

Security: Intel, Cisco, Apple, FBI

Filed under
Security
  • How Much Slower Will My PC Become After Meltdown And Spectre Patches?
  • Intel's Microcode Update for Spectre Exploit Is Now Available in Ubuntu's Repos

    Canonical announced a few moments ago that Intel's latest microcode update for the Spectre security vulnerability is now available from the software repositories of all supported Ubuntu Linux releases.

    After releasing earlier this week new kernel updates to mitigate the Meltdown and Spectre security exploits that put billions of devices at risk of attacks by allowing a local, unprivileged attacker to obtain sensitive information from kernel memory, Canonical now released the updated microcode from Intel for supported Intel CPUs.

  • Cisco can now sniff out malware inside encrypted traffic

    Cisco has switched on latent features in its recent routers and switches, plus a cloud service, that together make it possible to detect the fingerprints of malware in encrypted traffic.

    Switchzilla has not made a dent in transport layer security (TLS) to make this possible. Instead, as we reported in July 2016, Cisco researchers found that malware leaves recognisable traces even in encrypted traffic. The company announced its intention to productise that research last year and this week exited trials to make the service – now known as Encrypted Traffic Analytics (ETA) - available to purchasers of its 4000 Series Integrated Service Routers, the 1000-series Aggregation Services Router and the model 1000V Cloud Services Router 1000V.

    Those devices can’t do the job alone: users need to sign up for Cisco’s StealthWatch service and let traffic from their kit flow to a cloud-based analytics service that inspects traffic and uses self-improving machine learning algorithms to spot dodgy traffic.

  • MacOS High Sierra security bug lets you unlock App Store System Preferences with any random password

    According to the bug report, users can simply open System Preferences, go to App Store settings and check the padlock icon. If it is unlocked, lock it and then try unlocking it using your username and any password.

  • Intel tells select customers not to use its bug fixes

    Processor giant Intel has told some of its customers that the microcode patches it issued to fix the Meltdown and Spectre flaws in its products are buggy and that they should not install them.

  • Canonical reissues Meltdown and Spectre patches for Ubuntu after borkage
  • A Step in the Right Direction: House Passes the Cyber Vulnerability Disclosure Reporting Act

    The House of Representatives passed the “Cyber Vulnerability Disclosure Reporting Act” this week. While the bill is quite limited in scope, EFF applauds its goals and supports its passage in the Senate.

    H.R. 3202 is a short and simple bill, sponsored by Rep. Sheila Jackson Lee (D-TX), that would require the Department of Homeland Security to submit a report to Congress outlining how the government deals with disclosing vulnerabilities. Specifically, the mandated report would comprise two parts. First, a “description of the policies and procedures developed [by DHS] for coordinating cyber vulnerability disclosures,” or in other words, how the government reports flaws in computer hardware and software to the developers. And second, a possibly classified “annex” containing descriptions of specific instances where these policies were used to disclose vulnerabilities in the previous year, leading to mitigation of the vulnerabilities by private actors.

    Perhaps the best thing about this short bill is that it is intended to provide some evidence for the government’s long-standing claims that it discloses a large number of vulnerabilities. To date, such evidence has been exceedingly sparse; for instance, Apple received its first ever vulnerability report from the U.S. government in 2016. Assuming the report and annex work as intended, the public’s confidence in the government’s ability to “play defense” may actually increase.

  • FBI Says Device Encryption Is 'Evil' And A Threat To Public Safety

    The FBI continues its anti-encryption push. It's now expanded past Director Christopher Wray to include statements by other FBI personnel. Not that Chris Wray isn't taking every opportunity he can to portray personal security as a threat to the security of the American public. He still is. But he's no longer the only FBI employee willing to speak up on the issue.

    Wray expanded his anti-encryption rhetoric last week at a cybersecurity conference in New York. In short, encryption is inherently dangerous. And the FBI boss will apparently continue to complain about encryption without offering any solutions.

  • Canonical Says It'll Release New Ubuntu Kernels to Further Mitigate Spectre Bugs

    Canonical's Dean Henrichsmeyer published today an update on the Ubuntu patches for the Meltdown and Spectre security vulnerabilities and what they plan on doing next to mitigate these critical bugs.

    By now, most of you have probably updated your Ubuntu Linux computers to the new kernel versions Canonical released earlier this week, as well as the new Nvidia proprietary graphics driver and Firefox web browser, both including patches to mitigate the Meltdown and Spectre exploits affecting billions of devices powered by modern processors from Intel, AMD, and ARM.

More in Tux Machines

Programming: BASIC, LLVM's Clang C++17, and Mozilla

  • So I wrote a basic BASIC
    So back in June I challenged myself to write a BASIC interpreter in a weekend. The next time I mentioned it was to admit defeat. I didn't really explain in any detail, because I thought I'd wait a few days and try again and I was distracted at the time I wrote my post.
  • LLVM C++14/C++17 BoF
  • LLVM's Codebase Will Likely Move To C++17 Next Year
    While LLVM's Clang compiler already supports C++17, what this change is about is the LLVM code itself and for sub-projects like Clang can begin making use of C++17 code itself. This in turn ups the requirements for being able to compile the code-base.  As it stands now LLVM requires C++11 for being able to build the compiler stack, but at this week's LLVM Developers' Meeting in San Jose they discussed upping that requirement. While they could move to C++14, the unofficial consensus is they should just move directly to C++17. This enables LLVM developers to take advantage of all these modern C++ features.
  • Don't rely on the shape of (Native)Error.prototype.message
  • The Rust Programming Language Blog: Update on the October 15, 2018 incident on crates.io
    A user called cratesio was created on crates.io and proceeded to upload packages using common, short names. These packages contained nothing beyond a Cargo.toml file and a README.md instructing users that if they wanted to use the name, they should open an issue on the crates.io issue tracker. The rate at which this user uploaded packages eventually resulted in our servers being throttled by GitHub, causing a slowdown in all package uploads or yanks. Endpoints which did not involve updating the index were unaffected.

Red Hat Leftovers

  • Red Hat Awards Crossvale Commercial Application Platform Partner of the Year.
    Crossvale was presented with the 2018 North America Commercial Application Platform Partner of the Year award by Red Hat. The announcement was made at the Red Hat North America Partner Conference held in Maryland on October 10th.
  • [Podcast] PodCTL #52 – OpenShift 3.11 and OpenShift Container Engine
    Last week Red Hat announced the general availability of OpenShift Container Platform 3.11. This is an important release because it incorporates the first wave of technology from the CoreOS acquisition. This includes new visibility for Operations teams through the Cluster Console and integrated Prometheus monitoring and Grafana dashboards. It also added support for a number of Operators, both from Red Hat and ISV partners (supporting the Operator Framework). This is important, as Operators will continue to play a more critical role in both the OpenShift platform, as well as for applications running on OpenShift. Finally, we discussed the recently released OpenShift Container Engine, and how it offers flexibility for customers that want Enterprise Kubernetes from OpenShift, but may want flexibility in certain areas of their deployments.
  • Knative: Building your Serverless Service
    In the Part-1 of Knative Serving blog series, you were introduced on how to build and deploy your first serverless service using Knative Serving. In this blog you will be introduced to another Knative component called Knative Build.
  • Agile Integration: Enterprise integration from a necessary evil to building competitive advantage
    Business success can be increasingly based on an organization’s ability to react to change. As new disruptive players enter markets and technology upends what consumers expect, organizations often need to change plans in shorter cycles. Modern software architectures and processes can help make organizations more effective at dealing with this change and emerge as leaders in their markets. "Planning as we know it is dead," was the keynote message delivered by Jim Whitehurst, Red Hat president and CEO, at the 2017 Red Hat Summit. "Planning harder in a less-known environment just isn’t the answer." In today’s world, the pace of innovation and disruption is accelerating in business. With that comes change, which can jar or break plans quickly and, in some instances, be extremely costly. Hence, the ability to react to change quickly can be a necessity. Enterprise integration can be at the heart of an organization's IT architecture. It may be necessary. But it is often a bottleneck.
  • Red Hat CEO Whitehurst sells $709000 in Hatter shares

Happy 14th Birthday, Ubuntu!

Bust out the bunting and start cooking a cake because it’s Ubuntu’s birthday! Yes, fourteen feature-filled years have flown by since Mark Shuttleworth sat down to share news of the very first Ubuntu release. Ubuntu 4.10 ‘Warty Warthog’ was thrust into the world on Wednesday October 20, 2004. Read more

GNOME: Vala Scripting and GNOME Foundation Hackfest 2018

  • Daniel Espinosa: Vala Scripting?
    I’m working with a library called GNOME Vala Language Server (GVls), as a proof of concept for a server that will serve autocompletion, syntax highlighting and that kind of stuff, but found something interesting by accident. I’ve added an interface called Client, may is not it final name, but it allows to locale a symbol in a already parsed file, along with some goodness from other interfaces and implementations, I’ll talk about in another article.
  • GNOME Foundation Hackfest 2018
    This week, the GNOME Foundation Board of Directors met at the Collabora office in Cambridge, UK, for the second annual Foundation Hackfest. We were also joined by the Executive Director, Neil McGovern, and Director of Operations, Rosanna Yuen. This event was started by last year’s board and is a great opportunity for the newly-elected board to set out goals for the coming year and get some uninterrupted hacking done on policies, documents, etc. While it’s fresh in our mind, we wanted to tell you about some of the things we have been working on this week and what the community can hope to see in the coming months.