Language Selection

English French German Italian Portuguese Spanish

Security: Windows Ransomware, Cortana Holes, Google Play Protect and More

Filed under
Security
  • The worst types of ransomware attacks
  • Patched Cortana Bug Let Hackers Change Your Password From the Lock Screen
  • What is Google Play Protect and How Does it Keep Android Secure?
  • ​Another day, another Intel CPU security hole: Lazy State

    Once upon a time, when we worried about security, we worried about our software. These days, it's our hardware, our CPUs, with problems like Meltdown and Spectre, which are out to get us. The latest Intel revelation, Lazy FP state restore, can theoretically pull data from your programs, including encryption software, from your computer regardless of your operating system.

    Like its forebears, this is a speculative execution vulnerability. In an interview, Red Hat Computer Architect Jon Masters explained: "It affects Intel designs similar to variant 3-a of the previous stuff, but it's NOT Meltdown." Still, "It allows the floating point registers to be leaked from another process, but alas that means the same registers as used for crypto, etc." Lazy State does not affect AMD processors.

  • Eric S. Raymond on Keeping the Bazaar Secure and Functional
  • Purple testing and chaos engineering in security experimentation

    The way we use technology to construct products and services is constantly evolving, at a rate that is difficult to comprehend. Regrettably, the predominant approach used to secure design methodology is preventative, which means we are designing stateful security in a stateless world. The way we design, implement, and instrument security has not kept pace with modern product engineering techniques such as continuous delivery and complex distributed systems. We typically design security controls for Day Zero of a production release, failing to evolve the state of our controls from Day 1 to Day (N).

    This problem is also rooted in the lack of feedback loops between modern software-based architectures and security controls. Iterative build practices constantly push product updates, creating immutable environments and applying complex blue-green deployments and dependencies on ever-changing third-party microservices. As a result, modern products and services are changing every day, even as security drifts into the unknown.

More in Tux Machines

Voters Choose Two New Board Members and One Incumbent to openSUSE Board

Out of 446 eligible voters, 46 more openSUSE Members than last elections, only 231 — 6 fewer than last elections — chose to cast their votes, leaving last spring’s elections holding the record both for most ballots cast and largest percentage of Members who took enough interest in openSUSE to take the time to cast their votes. Incumbent Christian Boltz aka cboltz garnered the most votes with a total of 141 votes — more than half of those who voted — confirming the Community’s confidence in him. He was followed closely by Marina Latini aka deneb_alpha with 119 votes — also more than half of the active voters — and Dr. Axel Braun aka DocB with 104 votes, almost half. As incumbent, Christian is already sitting on the Board and will continue his duties for his second two-year term. Marina and Axel are expected to join him and take their seats for their first two-year terms sometime within the next couple of weeks. Read more

Wayland's Weston 6.0 To Support XDG-Shell Stable, Helping Apps Like MPV Video Player

While the current Wayland/Weston release cycle is a bit behind schedule, it has allowed time for another addition to be made to the Weston 6.0 compositor. Weston 6.0 now has support for the XDG-Shell stable protocol where as previously it only exposed the XDG-Shell v6 unstable protocol. The two versions of the XDG-Shell protocol are quite close so it wasn't much work involved, but newer Wayland-supported apps like the MPV video player are explicitly looking for the stable version of the protocol. Read more Also: The Linux Vendor Firmware Service Has Served Up More Than 5 Million Firmware Files

Latte bug fix release v0.8.6

Latte Dock v0.8.6 has been released containing important fixes and improvements! Read more Also: The Long Road to Long-Term Goals

What’s New in Linux Mint 19.1 Xfce Edition

Linux Mint 19.1 XFCE is the latest release of Linux Mint 19.1 that uses lightweight Xfce desktop environment 4.12. It comes with updated software and brings refinements and many new features to make your desktop experience more comfortable. The Update Manager is able to list mainline kernels and to show their support status. The Software Sources tool was given a new look. Similar to the welcome screen, it’s now using an Xapp sidebar and a headerbar. The Language Settings and the Input Methods are now two separate applications and the user interface for the Input Methods tool was revamped. It uses an icon sidebar and now shows a dedicated page for each supported language. Based on Ubuntu 18.04.1 LTS an powered by Linux Kernel 4.19, Linux Mint 19.1 Xfce edition also include pre-installed applications Thunar File Manager 1.6.15, Mozilla Firefox 65, Archive Manager 3.28, Gnome Disk 3.28, Hexchat 2.14, Thundebird 60, GIMP 2.8, Transmission Torrent Client 2.92, Rythmbox Music Manager 3.4.2, VLC Player 3.0.4, Xfce Dictionary 0.8, Libre Office Suite 6.0.6, Xfce Terminal 0.8, GNOME Fonts 3.28, Synaptic package Manager 0.84. Read more