Language Selection

English French German Italian Portuguese Spanish

Security: Updates, NewEgg Breach, "Master Password" and CLIP OS

Filed under
Security
  • Security updates for Thursday
  • NewEgg cracked in breach, hosted card-stealing code within its own checkout

    The popular computer and electronics Web retailer NewEgg has apparently been hit by the same payment-data-stealing attackers who targeted TicketMaster UK and British Airways. The attackers, referred to by researchers as Magecart, managed to inject 15 lines of JavaScript into NewEgg's webstore checkout that forwarded credit card and other data to a server with a domain name that made it look like part of NewEgg's Web infrastructure. It appears that all Web transactions over the past month were affected by the breach.

  • "Master Password" Is A Password Manager Alternative That Doesn't Store Passwords

    Master Password is a different way of using passwords. Instead of the "know one password, save all others somewhere" way of managing passwords used by regular password managers, Master Password's approach is "know one password, generate all the others".

  • French cyber-security agency open-sources CLIP OS, a security hardened OS

    The National Cybersecurity Agency of France, also known as ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information), has open-sourced CLIP OS, an in-house operating system its engineers had developed to address the needs of the French government administration.

    In a press release, ANSSI described CLIP OS as a "Linux-based operating system [that] incorporates a set of security mechanisms that give it a very high level of resistance to malicious code and allow it to protect sensitive information."

More on CLIP OS

  • French Government Open Sources Secure Operating System

    The French government’s national cybersecurity agency has released an operating system built using open source components internally over the course of more than 10 years for use by the French administration.

    Dubbed CLIP OS, the operating system is based on the open source Linux kernel, but focuses on security hardening and provides partitioning mechanisms that allow the processing of both public and sensitive information in isolation on the same computer.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Devices With Linux Support

  • Quest Releases KACE SDA & SMA Updates

    The update to 7.0 for KACE Systems Deployment Appliance is primarily about bringing a scope of endpoint management capabilities with new support for Linux devices to the table.

  • Rugged, Kaby Lake transport computer has a 10-port LAN switch with PoE

    Axiomtek’s Linux-ready “tBOX400-510-FL” transportation system has a 7th Gen Intel CPU and a 10-port managed switch with 8x M12-style 10/100Mbps PoE and 2x GbE ports. The rugged system also has 3x mini-PCIe slots and dual swappable SATA drives. Axiomtek has launched a fanless, Kaby Lake-U based transportation computer with a choice of power supplies designed for in-vehicle, marine, or railway applications. The rugged tBOX400-510-FL features a Qualcomm-driven, Layer 2 managed PoE switch with support for IP surveillance and video management applications. “Customers can connect IP cameras directly without installing an extra PoE switch, minimizing overall deployment costs and installation space onboard,” stated Axiomtek product manager Sharon Huang.

Software: Open Build Service (OBS) and Spotify 'App'

  • Introducing Open Build Service, Version 2.10

    We are pleased to announce the availability of Open Build Service (OBS) version 2.10! After more than one year of development, this new version of OBS brings a revamped web user interface, improved support for shipping your software in containers and integrating your package builds with source code management systems like GitLab and Pagure.

  • Spotify’s Snap App Was Outdated, But Now It Isn’t

    I’ll be honest: when Spotify arrived on the Snap store I thought: “hurrah”. Hurrah for an easier way to install the music streaming client (no need to futz around adding the Spotify repository like in the past) and hurrah for automatic background updates that ensure I’m always running the latest release. At least, that was the theory. Alas, the official Spotify for Linux Snap package has not been updated since April of this year. “Oh,” I thought, “I guess there hasn’t been an update to the Spotify Linux desktop client since then!” But there has — several updates, in fact!

KDE: Sponsorship, GSoC and KDE Connect

  • Couture Becomes a KDE Patron

    enioka Haute Couture is a software development house that creates complete and tailor-made solutions. enioka strives to return ownership of the software development and innovation to its customers. To that effect, it co-creates the software with its customers' teams to allow them to retain control of their projects in complex systems or organizations. "We are excited to welcome enioka Haute Couture as a Patron of KDE. They truly understand what it means to empower people when creating software; something KDE cares deeply about", said Lydia Pintscher, President of KDE e.V.

  • GSoC Milestone Update 1.1

    The second part of Milestone 1 for my Google Summer of Code 2019’s project porting KDE Connect to Windows involves enabling the SFTP plugin that ships in the linux build. The plugin allows you to navigate through your mobile device’s files (like you do with a file manager) ON YOUR DESKTOP! It makes use of sshfs to allow mounting the remote file system on your desktop. After that, you can use any file manager you like; heck, you can even use your terminal to have a walk through your mobile’s files. Once that is done, you can do literally anything with the mobile device’s files as you would do with the local filesystem: move files, copy them to your desktop machine, delete them, rename, anything!

  • KDE Connect sprint 2019

    From friday the 19th to sunday the 21st, we had the KDE Connect sprint. It's always a nice opportunity to meet the others working on KDE Connect, since we usually only talk to each other online.

  • KDE Connect is Being Ported to Windows 10

    Google Summer of Code 2019 is proving to be a bumper one for KDE Connect, the open source Android-to-PC integration suite. Last week we reported on the progress made by a GSoC student on KDE Connect for Mac. This week we bring word on a new KDE Connect Windows port. “Wait, isn’t KDE Connect already available for Windows?”, you might (rightly) ask — and the answer is yes, kind of!

Security Leftovers

  • Security updates for Monday

    Security updates have been issued by Debian (bind9, exiv2, kernel, nss, openjdk-11, openjdk-8, patch, and squid3), Fedora (gvfs, libldb, and samba), Mageia (firefox, gvfs, libreswan, rdesktop, and thunderbird), openSUSE (bzip2, clementine, dbus-1, expat, fence-agents, firefox, glib2, kernel, kernel-firmware, ledger, libqb, libu2f-host, pam_u2f, libvirt, neovim, php7, postgresql10, python-requests, python-Twisted, ruby-bundled-gems-rpmhelper, ruby2.5, samba, webkit2gtk3, zeromq, and znc), Red Hat (java-1.8.0-openjdk, java-11-openjdk, rh-maven35-jackson-databind, rh-nodejs8-nodejs, and rh-redis5-redis), Slackware (kernel), and SUSE (ucode-intel).

  • VLC Player hit by buffer overflow vulnerability

    A security researcher has warned of a serious vulnerability in VideoLAN's VLC Player (VLC), a popular media playback tool, for which no patch is yet available.

  • Critical flaw in VLC Player affecs Linux, Windows and UNIX apps

    GERMAN SECURITY AGENCY CERT-Bund has uncovered a critical flaw n VLC Media Player that could enable hackers to access and modify data on devices.