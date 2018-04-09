Language Selection

Security: E-Mail Vulnerability, Reproducible Builds, 'IoT', YouTube and Mythology About Security (Back Doors Intentional)

Tuesday 10th of April 2018 03:25:21 PM
Security
  • Obscure E-Mail Vulnerability

     

    I think the problem is more subtle. It's an example of two systems without a security vulnerability coming together to create a security vulnerability. As we connect more systems directly to each other, we're going to see a lot more of these. And like this Google/Netflix interaction, it's going to be hard to figure out who to blame and who -- if anyone -- has the responsibility of fixing it.

  • Reproducible Builds: Weekly report #154
  • A Long-Awaited IoT Crisis Is Here, and Many Devices Aren't Ready

     

    ou know by now that Internet of Things devices like your router are often vulnerable to attack, the industry-wide lack of investment in security leaving the door open to a host of abuses. Worse still, known weaknesses and flaws can hang around for years after their initial discovery. Even decades. And Monday, the content and web services firm Akamai published new findings that it has observed attackers actively exploiting a flaw in devices like routers and video game consoles that was originally exposed in 2006.

  • Feral Interactive Releases GameMode, YouTube Music Videos Hacked, Oregon Passes Net Neutrality Law and More

    YouTube was hacked this morning, and many popular music videos were defaced, including the video for the hit song Despacito, as well as videos by Shakira, Selena Gomez, Drake and Taylor Swift. According to the BBC story, "A Twitter account that apparently belongs to one of the hackers posted: 'It's just for fun, I just use [the] script 'youtube-change-title-video' and I write 'hacked'."

  • Despacito YouTube music video hacked plus other Vevo clips

    YouTube's music video for the hit song Despacito, which has had over five billion views, has been hacked.

    More than a dozen other artists, including Shakira, Selena Gomez, Drake and Taylor Swift are also affected. The original clips had been posted by Vevo.

    [...]

    Cyber-security expert Prof Alan Woodward, from Surrey University, said it was unlikely that the hacker was able to gain access so easily.

  • YouTube Hacked? Most Watched Video “Despacito” And Other Clips Deleted (And Restored)

    Just five days ago, Luis Fonsi’s viral Despacito music video earned the title of world’s most watched video on YouTube with more than 5 billion views. Apparently, YouTube hackers managed to delete the video, along with other Vevo clips.

    However, as per the latest development, the deleted videos have been restored on the website. Earlier, after the hack, Despacito video showed a thumbnail with masked people holding guns. After clicking the video, it said: “This video is unavailable.”

  • Mythology about security…

    Government export controls crippled Internet security and the design of Internet protocols from the very beginning: we continue to pay the price to this day.  Getting security right is really, really hard, and current efforts towards “back doors”, or other access is misguided. We haven’t even recovered from the previous rounds of government regulations, which has caused excessive complexity in an already difficult problem and many serious security problems. Let us not repeat this mistake…

Games Leftovers

today's leftovers

  • Linspire 7.0 Service Pack 1 released
    Today we are delivering Linspire 7 SP1 for general release. With this release we have several fixes and changes that we have made to Linspire. With this release we have resolved many of the issues that users had with our first release. Linspire 7 is the only desktop distribution that is supported for 10 years on the desktop. Linspire is deployed by many companies, government agencies and education facilities for their productivity, design and development workstations.
  • Slackware 13.x EOL in July
    Patrick has been supporting older Slackware releases for more than 7 years and it's getting harder to push updates for those releases as their base libraries are too ancient. It will also keep his load high as it might take more time to inspect whether an update affected older releases and trying to build or patch packages to fix those issues. Well, in the next few months (exactly one day after USA independency day), the support for all Slackware 13.x (13.0, 13.1, and 13.37) will expires and support will only be given to Slackware 14.x and future releases.
  • Indore: SVVV signs MoU with Red Hat Academy
    Red Hat is an open source, web deployed and managed education program that is designed to provide turnkey curriculum materials to academic institutions to start and sustain an open source and Linux curriculum program. SVVV is a state private university established with a vision to be a leader in shaping better future for mankind through quality education, training and research. Red Hat Academy turns academic institutions into centers for enterprise-ready talent by outfitting them with Red Hat training.
  • Top Badgers of 2017: Alberto Rodriguez Sanchez
    “Top Badgers” is a special series on the Community Blog. In this series, Luis Roca interviewed the top badge earners of 2017 in the Fedora Project. Not familiar with Fedora Badges? No worries, you can read more about them on the Badges website. This article features Alberto Rodriguez Sanchez (bt0dotninja), who clocked in at the #4 spot of badges earned in 2017, with 33 badges! As of the writing of this article, Alberto is the #117 all-time badge earner in Fedora.

GNU/Linux Desktops/Laptops: Death of a Thinkpad, HP Chromebook x2

  • Death of a Thinkpad x120e laptop
    My laptop named "angela" is (was?) a Thinkpad x120e (ThinkWiki). It's a netbook model (although they branded it a Ultraportable), which meant back then that it was a small, wide, slim laptop with less power, but cheaper. It did its job: I carried it through meetings and conferences all over the world for 7 years now. I also used it as a workstation for a short time in 2016-2017 when marcos stopped being a workstation and turned solely into a home cinema.
  • HP Unveils the Chromebook x2 as World's First Detachable Chromebook
    HP unveiled on Monday the HP Chromebook x2 as world's first detachable Chromebook device, a 2-in-1 computer powered by Google's Linux-based Chrome OS operating system. With the HP Chromebook x2, the company known for manufacturing business laptops and other computer-related devices attempts to expand its Chromebook portfolio to meet the growing demand for these versatile, powerful, and secure computers driven by Google's Chrome OS and supporting Android apps. "The HP Chromebook x2 hits a trifecta for customers, combining the productivity of the Chrome OS and power of the world’s most-used app platform into a versatile form factor ideal for experiencing all the Google ecosystem has to offer," said Kevin Frost, Vice President and General Manager, Consumer Personal Systems at HP.

Server: 'Microservices', 'DevOps', Kubernetes, SDN

  • Microservices Explained
    Microservices is not a new term. Like containers, the concept been around for a while, but it’s become a buzzword recently as many companies embark on their cloud native journey. But, what exactly does the term microservices mean? Who should care about it? In this article, we’ll take a deep dive into the microservices architecture.
  • DevOps success: Why continuous is a key word
    Today’s consumers want bigger and better technologies, tools and features, and they want them now. For most dev teams, long gone are the days of having weeks – or even months – to develop, test and update their software and applications. Today, in the age of DevOps and faster release cycles, processes throughout the software development lifecycle (SDLC) must occur in tandem, with features continuously being revised and optimized –without compromising on quality or user experience.
  • This Week in Numbers: Chinese Adoption of Kubernetes
    Chinese developers are, in general, less far along in their production deployment of containers and Kubernetes, according to our reading of data from a Mandarin-translated version of a Cloud Native Computing Foundation survey. For example, 44 percent of the Mandarin respondents were using Kubernetes to manage containers while the figure jumped to 77 percent amongst the English sample. They are also much more likely to deploy containers to Alibaba Cloud and OpenStack cloud providers, compared to the English survey respondents. The Mandarin respondents were also twice as likely to cite reliability as a challenge. A full write-up of these findings can be found in the post “China vs. the World: A Kubernetes and Container Perspective.”
  • OpenContrail SDN Moves to Linux Foundation as Tungsten Fabric

