Language Selection

English French German Italian Portuguese Spanish

Security: Updates, GNU/Linux, Spectre and DRM

Filed under
Security
  • Security updates for Wednesday
  • Another Linux distro poisoned with malware

    Last time it was Gentoo, a hard-core, source-based Linux distribution that is popular with techies who like to spend hours tweaking their entire operating sytem and rebuilding all their software from scratch to wring a few percentage points of performance out of it.

  • Arch Linux AUR packages found to be laced with malware

    Three Arch Linux packages have been pulled from AUR (Arch User Repository) after they were discovered to contain malware. The PDF viewer acroread and two other packages that are yet to be named were taken over by a malicious user after they were abandoned by their original authors.

  • ​The return of Spectre

    The return of Spectre sounds like the next James Bond movie, but it's really the discovery of two new Spectre-style CPU attacks.

    Vladimir Kiriansky, a Ph.D. candidate at MIT, and independent researcher Carl Waldspurger found the latest two security holes. They have since published a MIT paper, Speculative Buffer Overflows: Attacks and Defenses, which go over these bugs in great detail. Together, these problems are called "speculative execution side-channel attacks."

    These discoveries can't really come as a surprise. Spectre and Meltdown are a new class of security holes. They're deeply embedded in the fundamental design of recent generations of processors. To go faster, modern chips use a combination of pipelining, out-of-order execution, branch prediction, and speculative execution to run the next branch of a program before it's called on. This way, no time is wasted if your application goes down that path. Unfortunately, Spectre and Meltdown has shown the chip makers' implementations used to maximize performance have fundamental security flaws.

  • Mercury Security Introduces New Linux Intelligent Controller Line

    Mercury Security, a leader in OEM access control hardware and part of HID Global, announces the launch of its next-generation LP intelligent controller platform built on the Linux operating system.

    The new controllers are said to offer advanced security and performance, plus extensive support for third-party applications and integrations. The controllers are based on an identical form factor that enables seamless upgrades for existing Mercury-based deployments, according to the company.

  • Latest Denuvo Version Cracked Again By One Solo Hacker On A Personal Mission

    Denuvo is... look, just go read this trove of backlinks, because I've written far too many of these intros to be able to come up with one that is even remotely original. Rather than plagiarize myself, let me just assume that most of you know that Denuvo is a DRM that was once thought to be invincible but has since been broken in every iteration developed, with cracking times often now down to days and hours rather than weeks or months. Key in this post is that much if not most of the work cracking Denuvo has been done by a single person going by the handle Voksi. Voksi is notable not only for their nearly singlehandedly torpedoing the once-daunting Denuvo DRM, but also for their devotion to the gaming industry and developers that do things the right way, even going so far as to help them succeed.

    Well, Voksi is back in the news again, having once again defeated the latest build of Denuvo DRM.

  • Latest Denuvo Anti-Piracy Protection Falls, Cracker ‘Voksi’ On Fire

    The latest variant of the infamous Denuvo anti-piracy system has fallen. Rising crack star Voksi is again the man behind the wheel, defeating protection on both Puyo Puyo Tetris and Injustice 2. The Bulgarian coder doesn't want to share too many of his secrets but informs TorrentFreak that he won't stop until Denuvo is a thing of the past, which he hopes will be sooner rather than later.

More in Tux Machines

Games: Atari VCS Console, Humble Store and TUNG (The Ultimate Nerd Game)

  • Atari VCS Console Runs a Custom Linux Distro Called “AtariOS”
    Following criticism of its mediocre internal makeup the Ataris VCS console will now ship with 8GB RAM by default, up from the 4GB proposed during the funding push. It’s a decent increase in memory that should help the system cope better with more intensive indie games (don’t expect AAA titles to play nicely on the machine with the middling AMD Bristol Ridge APU).
  • Humble Store is doing a 'Pixel Perfect Platformers Sale' and it has some top Linux games for cheap
    For those of you who love your platformers, regardless of them being 2D, 3D, puzzle or action adventures there's bound to be something for the bored Linux gamer in the Humble Store Pixel Perfect Platformers Sale.
  • TUNG (The Ultimate Nerd Game) made me realise how stupid I really am
    The Ultimate Nerd Game or TUNG for short, is a first-person sandbox game about building intricate machines and it made me feel so very dumb. If you loved Minecraft's Redstone circuits or anything remotely similar, this is probably a free game you're going to love. For me, it was an exercise in frying my brain like it's in a microwave.

OSS Leftovers

  • Pharmaceutical industry gets first open source platform for Level 4 serialization
    Pharmaceutical companies today for the first time have an open source alternative for level 4 serialization with the launch of QU4RTET, a platform that provides them with new flexibility, transparency and affordability as they comply with global drug anti-counterfeiting laws.
  • Kontron Uses Open Source to Move Beyond Bare Metal
    Kontron, a company known for its embedded computing technology, is leveraging virtualization and open source to become a direct supplier to large service providers, promising to integrate hardware and operating system software with best-of-breed virtual network functions. That new sales strategy has evolved to support containers, particularly as they fit at the edge of the network, which for Kontron AG is the cell tower. In May, Kontron announced that its integrated SYMKLOUD open source platform now supports the latest versions of OpenStack for virtual machines and bare metal, as well as Kubernetes v1.10 for Docker and containers, via its distribution partnership with Canonical.
  • Open Source Expands In Finance With The FINOS Platform
  • Global Open Source Services Market Forecast to 2025 Published by Marketresearchnest
  • Synopsys ARC HS4x Processors Now Supported By GCC
    The GCC 8 compiler brought the Synopsys ARC CPU target while for the GCC 9 release is going to be support for the company's HS4x processors. Merged today to mainline GCC is support for the HS4x CPUs within the ARC target. Adding this newer generation of ARC processors to the GNU Compiler Collection code-base was just a few hundred lines of code with building off the existing target code.
  • GPL Cooperation Commitment gets more support for open source licensing
    Red Hat has announced its open source license enforcement initiative is making new strides. As part of the GPL Cooperation Commitment, 14 new companies have joined the effort to promote greater predictability for GPLv2 and LGPLv2.x licenses. “Through this initiative, we hope ultimately to increase participation in the use and development of open source software by helping to ensure that enforcement, when it takes place, is fair and predictable,” according to the commitment’s website.
  • The Global IP Exchange: Human ingenuity and open source technology
    He said: “Customers do increasingly care about open source, and if you don’t comply you are at risk of upsetting authors, as well as litigation and injunctions.” “If you’re just distributing internally, then you’re fine, but as soon as it leaves your company, then you’ve triggered an obligation.” For those who don’t comply, he warned that either the licensor, or the Free Software Foundation will find out.
  • How to Setup Python Virtual Environment on Ubuntu 18.04
    Python is a versatile programming language that can be used for many different programming projects(Web - Mobile - Desktop). Easy to set up, and written in a relatively straightforward style with immediate feedback on errors, Python is a great choice for beginners and experienced developers alike. Python 3 is the most current version of the language and is considered to be the future of Python. This article will guide you through installing Python 3 on your local Linux machine and setting up a programming virtual environment via the command line. This article will explicitly cover the installation procedures for Ubuntu 18.04, but the general principles apply to any other distribution of Debian Linux.
  • How expensive is globbing for sources in large projects
    Since we have the measurement script, let's use it for something more interesting. Modules are an upcoming C++ feature to increase build times and a ton of other coolness depending on who you ask. The current specification works by having a kind of "module export declaration" at the beginning of source files. The idea is that you first compile those to generate a sort of a module declaration file and then you can start the actual compilation that uses said files. If you thought "waitaminute, that sounds exactly like how FORTRAN is compiled", you are correct. Because of this it has the same problem that you can't compile source files in an arbitrary order, but instead you must first somehow scan them to find out the interdependencies between source (not header) files. In practice what this means is that instead of single-phase compilation all files must be processed twice. All scan operations must be done before any compilation jobs can start because otherwise you might start to compile a file before its dependencies are fully processed. The scanning can be done in one of two ways. Either the build system scans the sources meaning it needs to understand the syntax of source files or the compiler can be invoked in a special preprocessing mode. Note that build systems such as Ninja do not do any such operations by themselves but instead always invoke external processes to do their work.
  • Security updates for Monday

Software: Newsboat, FreeFileSync, Corebird, FileZilla, nomacs, RAV1E

  • Newsboat: A Snazzy Text-Based RSS Feed Reader
    Newsboat is a sleek, open source RSS/Atom feed reader for the text console. It’s a fork of Newsbeuter. RSS and Atom are a number of widely-used XML formats to transmit, publish and syndicate articles, typically news or blog articles. Newsboat is designed to be used on text terminals on Unix or Unix-like systems. It’s entirely controlled by the keyboard. The software has an internal commandline to modify configuration variables and to run commands.
  • FreeFileSync – Data Backup and File Synchronization App
    FreeFileSync is a free data backup and file synchronization app which is available in Linux systems enables you to seamlessly sync your backup data with the source data. When you take a backup of your HD, or any other disk drive, you should keep it in sync for the file changes you do from time to time. It is often difficult to remember which file/directories you have changed/deleted/updated since the last backup. FreeFileSync solves that problem and it can determine and sync only those changed/deleted/updated files in your backup.
  • Corebird Twitter Client – to Stop Working
    Corebird, the best native GTK+ Twitter client available for Linux desktops including Ubuntu will stop working on August 2018. This has been recently reported by the Corebird developer in patreon as well as in GitHub. This is mainly due to the policy change from Twitter which will remove UserStream API which is used by Corebird and other third party Twitter clients. In the patreon post, the developer stated that, the new API by Twitter named Accounts Activity API is too difficult to implement and he may not have much time available for development.
  • FileZilla – Best FTP Client for Linux, Ubuntu Releases version 3.34.0
    FileZilla is a free and open source FTP client available for Ubuntu, Mint and other Linux systems. FileZilla is the go-to software when you need a FTP client for your need. FileZilla is loaded with supports for FTP, SFTP, FTPS protocols and it is cross platform. It comes with nice user friendly and easy to use GUI.
  • nomacs 3.10.2
    nomacs is licensed under the GNU General Public License v3 and available for Windows, Linux, FreeBSD, Mac, and OS/2.
  • RAV1E: The "Fastest & Safest" AV1 Encoder
    Following the news about VP9 and AV1 having more room to improve particularly for alternative architectures like POWER and ARM, a Phoronix reader pointed out an effort that Mozilla is behind on developing the "rav1e" encoder. AV1 up to this point for encoding on CPUs has been - unfortunately - extremely slow. But it turns out Mozilla and others are working on RAV1E as what they are billing as the fastest and safest AV1 encoder. RAV1E has been in development for a while now but has seemingly flown under our radar.

today's howtos