Language Selection

English French German Italian Portuguese Spanish

Security: Updates, GNU/Linux, Spectre and DRM

Filed under
Security
  • Security updates for Wednesday
  • Another Linux distro poisoned with malware

    Last time it was Gentoo, a hard-core, source-based Linux distribution that is popular with techies who like to spend hours tweaking their entire operating sytem and rebuilding all their software from scratch to wring a few percentage points of performance out of it.

  • Arch Linux AUR packages found to be laced with malware

    Three Arch Linux packages have been pulled from AUR (Arch User Repository) after they were discovered to contain malware. The PDF viewer acroread and two other packages that are yet to be named were taken over by a malicious user after they were abandoned by their original authors.

  • ​The return of Spectre

    The return of Spectre sounds like the next James Bond movie, but it's really the discovery of two new Spectre-style CPU attacks.

    Vladimir Kiriansky, a Ph.D. candidate at MIT, and independent researcher Carl Waldspurger found the latest two security holes. They have since published a MIT paper, Speculative Buffer Overflows: Attacks and Defenses, which go over these bugs in great detail. Together, these problems are called "speculative execution side-channel attacks."

    These discoveries can't really come as a surprise. Spectre and Meltdown are a new class of security holes. They're deeply embedded in the fundamental design of recent generations of processors. To go faster, modern chips use a combination of pipelining, out-of-order execution, branch prediction, and speculative execution to run the next branch of a program before it's called on. This way, no time is wasted if your application goes down that path. Unfortunately, Spectre and Meltdown has shown the chip makers' implementations used to maximize performance have fundamental security flaws.

  • Mercury Security Introduces New Linux Intelligent Controller Line

    Mercury Security, a leader in OEM access control hardware and part of HID Global, announces the launch of its next-generation LP intelligent controller platform built on the Linux operating system.

    The new controllers are said to offer advanced security and performance, plus extensive support for third-party applications and integrations. The controllers are based on an identical form factor that enables seamless upgrades for existing Mercury-based deployments, according to the company.

  • Latest Denuvo Version Cracked Again By One Solo Hacker On A Personal Mission

    Denuvo is... look, just go read this trove of backlinks, because I've written far too many of these intros to be able to come up with one that is even remotely original. Rather than plagiarize myself, let me just assume that most of you know that Denuvo is a DRM that was once thought to be invincible but has since been broken in every iteration developed, with cracking times often now down to days and hours rather than weeks or months. Key in this post is that much if not most of the work cracking Denuvo has been done by a single person going by the handle Voksi. Voksi is notable not only for their nearly singlehandedly torpedoing the once-daunting Denuvo DRM, but also for their devotion to the gaming industry and developers that do things the right way, even going so far as to help them succeed.

    Well, Voksi is back in the news again, having once again defeated the latest build of Denuvo DRM.

  • Latest Denuvo Anti-Piracy Protection Falls, Cracker ‘Voksi’ On Fire

    The latest variant of the infamous Denuvo anti-piracy system has fallen. Rising crack star Voksi is again the man behind the wheel, defeating protection on both Puyo Puyo Tetris and Injustice 2. The Bulgarian coder doesn't want to share too many of his secrets but informs TorrentFreak that he won't stop until Denuvo is a thing of the past, which he hopes will be sooner rather than later.

More in Tux Machines

Microsoft and IBM Spin/PR

  • Windows 10 Will Finally Offer Easy Access to Linux Files [Ed: No, this is more WSL entrapment. They try to prevent people from using proper GNU/Linux with the actual kernel, either standalone or dual-boot. This is also about surveillance on one's files, keys, keystrokes, everything.]
  • Zowe Makes Mainframe Evergreen [Ed: Swapnil Bhartiya greenwashing and openwashing 2-in-1]
    Zowe also offers a vendor-agnostic experience allowing users to mix and match tooling and technologies. It provides interoperability, through the latest web technologies, products, and solutions from multiple vendors, and it allows developers to use the familiar, industry-standard, open source tools to access mainframe resources and services.
  • The ibmvnic driver with SR-IOV is now supported by SLES 12 and SLES 15 on IBM POWER9 processor-based systems
    The ibmvnic driver enables PowerVM Single Root I/O Virtualizations (SR-IOV) for improved network capabilities including reduced systems processor utilization, decreased network latency, and enforcement of network Quality of Service.

Games: Hollow Knight: Silksong, Warhammer 40,000: Mechanicus and Dusk

New Releases and Video: Archman and ArcoLinux

Mir 1.1.1 Release Candidate

  • Mir 1.1.1 - release candidate
    I’ve just kicked off the process for a bugfix release of Mir. An initial release-candidate is currently building in ppa:mir-tream/rc.
  • Mir 1.1.1 RC1 Has Fixes For PostmarketOS, Demo Shells Using Wayland
    Mir 1.1 was released back in December as the first post-1.0 feature update while now preparing for release is the Mir 1.1.1 maintenance milestone. Canonical's Alan Griffiths has tagged the Mir 1.1.1 release candidate today as the newest bug-fix release. Highlights include: - Fixing issues with PostmarketOS support, particularly around its usage of the musl C library rather than Glibc. PostmarketOS is the mobile Linux distribution derived from Alpine Linux that's been having a steady following in recent times and running on the Nexus 5/7, Nokia N9, and other devices.