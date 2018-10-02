Security Leftovers
-
Why Cops Can Force You to Unlock Your Phone With Your Face
The question of whether cops can force someone to unlock their phone in the US for a search hinges on Fifth Amendment protections against self-incrimination—that no one "shall be compelled in any criminal case to be a witness against" themselves. Privacy advocates argue that this extends to the act of unlocking a phone or generally decrypting data on a device. But while that line of thinking has succeeded as a defense against having to produce a passcode, it works less reliably in the context of Touch ID or other biometrics. Something you know, like a passcode, is easier to view as testimonial—legally speaking, a statement made by a witness—than something you have, like a physical attribute.
-
Equifax penalised $3.5 million for consumer law breaches
Australia’s largest consumer credit reporting agency Equifax Information Services and Solutions is to pay penalties totalling $3.5 million for misleading and deceptive conduct and unconscionable conduct in relation to credit report services.
-
Canonical Outs New Linux Kernel Security Patch for All Supported Ubuntu Releases
Canonical releases today a new major Linux kernel security update for all supported Ubuntu releases to fix various vulnerabilities discovered by security researchers lately.
Available now for the Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 LTS (Trusty Tahr) operating system series, the new Linux kernel security patches address a total of eleven vulnerabilities that affect the Linux 4.15, 4.4, and 3.13 kernels of the aforementioned Ubuntu releases and their derivatives.
Among the fixes, we can notice a use-after-free vulnerability (CVE-2018-17182) discovered by Jann Horn in Linux kernel's vmacache subsystem, which could allow a local attacker crash the system, as well as a stack-based buffer overflow (CVE-2018-14633) in the iSCSI target implementation, which lets a remote attacker crash the system.
-
India bars Huawei, ZTE from 5G trials
India's Department of Telecommunications has barred Chinese telecommunications providers Huawei Technologies and ZTE Corporation from participating in trials for developing 5G use cases in the country, the Economic Times has reported.
-
India dials Cisco, Samsung, Nokia, Ericsson, says no to Chinese Huawei, ZTE
The Department of Telecommunications (DoT) has excluded Huawei and ZTE from its list of companies asked to partner it for trials to develop 5G use cases for India, indicating that New Delhi may well follow the US and Australia in limiting involvement of Chinese telecom equipment makers in the roll-out of the next-gen technology.
-
Symantec SSL certificates no longer trusted
A browser will check the validity of a SSL certificate in order to confirm the validity of the web site being loaded. This is done by validating a chain of trust. Certificate Authorities (CAs) will guarantee the certificates they issue, along with the bona fides of any secondary issuing authority that is operating under their umbrella. Of course this will require a very rigorous process to validate any entity that wishes to obtain a certificate.
In 2016 users became aware that Symantec (and their supported issuers) was issuing certificates in contravention of the established guidelines and posted their finding to a Mozilla security mailing list. After considerable discussion amongst the other CAs a decision was made to distrust Symantec and to remove it as a CA.
-
- Login or register to post comments
- Printer-friendly version
- 1422 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Canonical/Ubuntu: Roundup of Ubuntu Server Progress and Appeal to Hype (AI/ML)
Google Pixel Slate, Android 'Smart' Watch and Google's Censorship/Ban of SuperSU (Root Access)
Devices/Embedded Linux From Enea/Xilinx and Advantech
Microsoft Takeover of GNU/Linux Machines by Debian/APT
Recent comments
2 hours 9 min ago
2 hours 10 min ago
2 hours 10 min ago
7 hours 3 min ago
20 hours 57 min ago
21 hours 11 min ago
1 day 1 hour ago
1 day 2 hours ago
1 day 16 hours ago
1 day 16 hours ago