Security: YubiKey, RHEL Bug, Facebook and Instagram, Various Updates
-
Introducing the YubiKey 5 Series with New NFC and FIDO2 Passwordless Features
Our new YubiKey 5 Series is comprised of four multi-protocol security keys, including two much anticipated new features: FIDO2 / WebAuthn and NFC (near field communication).
-
New Linux 'Mutagen Astronomy' security flaw impacts Red Hat and CentOS distros
This is a type of vulnerability that requires an attacker to have a foothold on a vulnerable system, but it's one of those security flaws that can turn a simple hack into a very bad one, as it can be used to give an intruder root access and complete control over infected systems.
-
Responsible disclosure: retrieving a user's private Facebook friends.
Data access control isn’t easy. While it can sound quite simple (just give access to the authorized entities), it is very difficult, both on a theoretical side (who is an authorized entity? What does authorized mean? And how do we identify an entity?) and on a pratical side.
On the pratical side, how we will see, disclose of private data is often a unwanted side effect of an useful feature.
Facebook and Instagram
Facebook bought Instagram back in 2012. Since then, a lot of integrations have been implemented between them: among the others, when you suscribe to Instagram, it will suggest you who to follow based on your Facebook friends.
Your Instagram and Facebook accounts are then somehow linked: it happens both if you sign up to Instagram using your Facebook account (doh!), but also if you sign up to Instagram creating a new account but using the same email you use in your Facebook account (there are also other way Instagram links your new account with an existing Facebook account, but they are not of our interest here).
So if you want to create a secret Instagram account, create a new mail for it
Back in topic: Instagram used to enable all its feature to new users, before they have confirmed their email address. This was to do not “interrupt” usage of the website / app, they would have been time to confirm the email later in their usage.
Email address confirmation is useful to confirm you are signing up using your own email address, and not one of someone else.
-
Security updates for Wednesday
- Login or register to post comments
- Printer-friendly version
- 2304 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago