Language Selection

English French German Italian Portuguese Spanish

Security: Updates, GNU/Linux, Spectre and DRM

Filed under
Security
  • Security updates for Wednesday
  • Another Linux distro poisoned with malware

    Last time it was Gentoo, a hard-core, source-based Linux distribution that is popular with techies who like to spend hours tweaking their entire operating sytem and rebuilding all their software from scratch to wring a few percentage points of performance out of it.

  • Arch Linux AUR packages found to be laced with malware

    Three Arch Linux packages have been pulled from AUR (Arch User Repository) after they were discovered to contain malware. The PDF viewer acroread and two other packages that are yet to be named were taken over by a malicious user after they were abandoned by their original authors.

  • ​The return of Spectre

    The return of Spectre sounds like the next James Bond movie, but it's really the discovery of two new Spectre-style CPU attacks.

    Vladimir Kiriansky, a Ph.D. candidate at MIT, and independent researcher Carl Waldspurger found the latest two security holes. They have since published a MIT paper, Speculative Buffer Overflows: Attacks and Defenses, which go over these bugs in great detail. Together, these problems are called "speculative execution side-channel attacks."

    These discoveries can't really come as a surprise. Spectre and Meltdown are a new class of security holes. They're deeply embedded in the fundamental design of recent generations of processors. To go faster, modern chips use a combination of pipelining, out-of-order execution, branch prediction, and speculative execution to run the next branch of a program before it's called on. This way, no time is wasted if your application goes down that path. Unfortunately, Spectre and Meltdown has shown the chip makers' implementations used to maximize performance have fundamental security flaws.

  • Mercury Security Introduces New Linux Intelligent Controller Line

    Mercury Security, a leader in OEM access control hardware and part of HID Global, announces the launch of its next-generation LP intelligent controller platform built on the Linux operating system.

    The new controllers are said to offer advanced security and performance, plus extensive support for third-party applications and integrations. The controllers are based on an identical form factor that enables seamless upgrades for existing Mercury-based deployments, according to the company.

  • Latest Denuvo Version Cracked Again By One Solo Hacker On A Personal Mission

    Denuvo is... look, just go read this trove of backlinks, because I've written far too many of these intros to be able to come up with one that is even remotely original. Rather than plagiarize myself, let me just assume that most of you know that Denuvo is a DRM that was once thought to be invincible but has since been broken in every iteration developed, with cracking times often now down to days and hours rather than weeks or months. Key in this post is that much if not most of the work cracking Denuvo has been done by a single person going by the handle Voksi. Voksi is notable not only for their nearly singlehandedly torpedoing the once-daunting Denuvo DRM, but also for their devotion to the gaming industry and developers that do things the right way, even going so far as to help them succeed.

    Well, Voksi is back in the news again, having once again defeated the latest build of Denuvo DRM.

  • Latest Denuvo Anti-Piracy Protection Falls, Cracker ‘Voksi’ On Fire

    The latest variant of the infamous Denuvo anti-piracy system has fallen. Rising crack star Voksi is again the man behind the wheel, defeating protection on both Puyo Puyo Tetris and Injustice 2. The Bulgarian coder doesn't want to share too many of his secrets but informs TorrentFreak that he won't stop until Denuvo is a thing of the past, which he hopes will be sooner rather than later.

More in Tux Machines

Review: Bodhi Linux 5.0.0

Sometimes when reviewing an operating system it is difficult to separate the question "Is this a good distribution?" from "Is this a good distribution for me?" Bodhi is one of those projects where the answers to these questions are quite different, mostly over matters of style rather than functionality. On a personal level, I don't think I would ever be inclined to use Bodhi myself because I don't like the Moksha/Enlightenment style of desktop. It does a lot of little things differently (not badly, just differently) from other open source desktops and its style is not one I ever seem to find comfortable. This, combined with the streamlined, web-based AppCenter and unusual settings panel, makes Bodhi a distribution which always feels a bit alien to me. Let's put aside my personal style preferences though and try to look at the distribution objectively. Bodhi is trying to provide a lightweight, visually attractive distribution with a wide range of hardware support. It manages to do all of these things and do them well. The distribution is paying special attention to lower-end hardware, including 32-bit systems, and maintains a remarkably small memory footprint given the amount of functionality and eye candy included. Most lightweight distributions sacrifice quite a bit visually in order to provide the lightest interface possible, but Bodhi does a nice job of balancing low resource requirements with an attractive desktop environment. Bodhi is pleasantly easy to install, thanks to the Ubiquity installer, has a minimal collection of software (in the main edition) that allows us to craft our own experience and, for people who need more applications out of the box, there is the AppPack edition. All of this is to say that, for me personally, I spent more time that I would have liked this week searching through settings, trying to get used to how Moksha's panel works, tracking down less popular applications and re-learning when to use right-click versus left-click on the desktop. But, objectively, I would be hard pressed to name another distribution that more elegantly offers a lightweight desktop with visual effects, or that offers such easy access to both legacy and modern hardware support. In short, I think Bodhi Linux is a good distribution for those who want to get the most performance out of their operating system without sacrificing hardware support or the appearance of the interface. There are a few little glitches here and there, but sothing show-stopping and, overall, Bodhi is a well put together distribution. Read more

Android Leftovers

5 ways to play old-school games on a Raspberry Pi

They don't make 'em like they used to, do they? Video games, I mean. Sure, there's a bit more grunt in the gear now. Princess Zelda used to be 16 pixels in each direction; there's now enough graphics power for every hair on her head. Today's processors could beat up 1988's processors in a cage-fight deathmatch without breaking a sweat. But you know what's missing? The fun. You've got a squillion and one buttons to learn just to get past the tutorial mission. There's probably a storyline, too. You shouldn't need a backstory to kill bad guys. All you need is jump and shoot. So, it's little wonder that one of the most enduring popular uses for a Raspberry Pi is to relive the 8- and 16-bit golden age of gaming in the '80s and early '90s. But where to start? Read more

Today in Techrights