Language Selection

English French German Italian Portuguese Spanish

Security: Spectre and Meltdown, Industrial System Sabotage, VDP, Windows in Healthcare

Filed under
Security
  • Some thoughts on Spectre and Meltdown

     

    Contrast that with what happened this time around. Google discovered a problem and reported it to Intel, AMD, and ARM on June 1st. Did they then go around contacting all of the operating systems which would need to work on fixes for this? Not even close. FreeBSD was notified the week before Christmas, over six months after the vulnerabilities were discovered. Now, FreeBSD can occasionally respond very quickly to security vulnerabilities, even when they arise at inconvenient times — on November 30th 2009 a vulnerability was reported at 22:12 UTC, and on December 1st I provided a patch at 01:20 UTC, barely over 3 hours later — but that was an extremely simple bug which needed only a few lines of code to fix; the Spectre and Meltdown issues are orders of magnitude more complex.  

  • Menacing Malware Shows the Dangers of Industrial System Sabotage

     

    At the S4 security conference on Thursday, researchers from the industrial control company Schneider Electric, whose equipment Triton targeted, presented deep analysis of the malware—only the third recorded cyberattack against industrial equipment. Hackers [sic] were initially able to introduce malware into the plant because of flaws in its security procedures that allowed access to some of its stations, as well as its safety control network.

  • 25 per cent of hackers don't report bugs due to lack of disclosure policies

     

    One of the standout discoveries was that almost 25 per cent of respondents said they were unable to disclose a security flaw because the bug-ridden company in question lacked a vulnerability disclosure policy (VDP).

  • 'Professional' hack [sic] on Norwegian health authority compromises data of three million patients [iophk: "Windows TCO"]

More in Tux Machines

KDE: Akademy 2018, KDE Slimbook, New Kirigami Communication Channels

  • Akademy 2018 in lovely Vienna!
    Attending Akademy - the annual KDE contributors summit - is always a quite intense experience. This year it happened from 11th to 17th August in the lovely city of Vienna, Austria. It was a quite special edition. We got a higher number of attendees, including some people who have been doing KDE things for more than a decade but only now had the chance to show up and talking to people in-person. In addition, we changed the conference program a bit, moving the reports for the Working Groups from the KDE e.V. General Assembly (restricted to KDE e.V. members) to the general Akademy schedule. Also, this year we introduced four training sessions covering topics not exactly technical but of paramount important for a community like KDE: Non-violent Communication, Online Fundraising and Campaigning, Documentation writing for non-writers, and Public Speaking Training.
  • Best Service
    How often do you meet your laptop vendor in person? Last year, I picked up a KDE Slimbook, and the machine has been great, acting as my development-box-on-the-go for lots of KDE travels. It has a few stickers, and some scratches, and the screen had gotten a bit wobbly by now .. so, at this year’s Akademy I stopped by the Slimbook stand, admired the newer Slimbook II (alas, the old one isn’t written off yet), and mentioned the wobbly screen.
  • New Kirigami communication channels
    Kirigami used to have a Telegram channel as its main communication channel. this is of course not optimal being a closed service and many potential contributors not having an account on Telegram.

today's howtos

How to Burn Blu-ray Disks in Ubuntu/Linux

K3b is a free disk burning utility for KDE but can run in any Linux distributions with proper packages installed. K3b is very simple to use yet powerful utility and capable of handling CD, DVDs with operations such as burning, re-writing, erasing, copying etc. This is how you can burn Blu-ray disks in Ubuntu, Linux systems using K3b. Read more

Fedora News and Red Hat's Finances