Security: Reward for Finding Holes, Spectre V2 Workarounds, Jumble Password
-
Hack the Gov’t and Tell the NCSC? You’ll Now Get a Pat on the Back
Security researchers who find vulnerabilities in UK government web services can now report them directly to the National Cyber Security Centre (NCSC), rather than wondering who to tell – and whether they’ll get prosecuted for doing so.
That’s according to “Ollie” the NCSC’s vulnerability disclosure lead, who announced a new vulnerability reporting service in a blog published on Thursday.
The service acknowledges the “crucial role security researchers play in helping to secure UK government web services”, he wrote.
-
China outrages West by doing the same commercial spying we do
In what was a truly terrible year for privacy and cybersecurity, it’s appropriate to end it pointing out the hypocrisy of the media and western governments, and particularly Australia.
Journalists at both News Corp and Nine have today cooperated with a coordinated international attack on “Chinese cyber-espionage”: at The Oz it’s “the Morrison Government has publicly condemned China for an economic espionage operation against Australia as the Trump administration announced it had charged the Chinese spies who were responsible”.
At the SMH, it’s “an extraordinary penetration that has compromised the data of hundreds of businesses” with the Morrison government’s cyber security spruiker Alastair MacGibbon declaring “this is audacious, it is huge, and it impacts potentially thousands of businesses globally. We know there are victims in Australia”.
-
Air Force Fixes 120 Bugs, Pays $130K in Bounties
The US Air Force's third bug bounty program has concluded after a month-long hacking period, which ran from October 19 to November 22, 2018. As a result of their research findings, hackers were awarded more than $130,000 in bounties.
According to the official results of Hack the Air Force 3.0 (HTAF 3.0), released by the U.S. Department of Defense (DoD) and HackerOne, the Air Force fixed over 120 valid security vulnerabilities, bringing the combined total of the three bug bounty challenges to more than 430 unique security vulnerabilities discovered and fixed. In total, researchers have earned more than $350,000 through the HTAF programs.
-
NCSC launches website vulnerability reporting service
It provides a route for security researchers to inform the NCSC of any issues they detect, acknowledging the role played by people outside the organisation and public authorities.
The service has been created as it can be difficult to find the right contact inside organisations for reporting a vulnerability that has been identified.
-
Linux DMA Mapping Updates Help Recover Losses Caused By Spectre V2 Retpolines
Yet another pull request sent in early ahead of the holidays for the Linux 4.21 kernel merge window are the DMA-Mapping updates managed by Christoph Hellwig. Normally the DMA-Mapping changes aren't really worth noting on Phoronix, but this time around it brings some improvements to help offset the overhead incurred by Retpolines for Spectre V2 mitigation.
While the year started looking rather brutal for Linux performance due to the costs associated with Spectre and Meltdown mitigations, fortunately, as we end 2018 there has been a lot of that overhead reduced and other ongoing optimizations. The latest example of this is with the DMA-Mapping changes to help recover much of the impact Retpolines had on the DMA code.
-
Jumble Password – An Open-Source “Unique IDs and Passwords” Creator for Linux
Electron-based app Jumble Password is basically a utility app for crafting unique and different passwords for you. This usually makes your password with the help of combining your name and your date of your birth. This app works using a random number or permutation algorithm which is named as the Fisher-Yates Shuffle Algorithm and this aids in jumbling up the sequences.
One example can be such that you want to make a password for your website or project where you are working and so now you will get the opportunity to select any random names or any date for getting some unique suggestions every single time you click on the button SUBMIT. You will get a new password every time you submit the date and name and every password will be unique and new. You can select any of them for your use and if you do not like it you can again click on SUBMIT.
-
A Lot Of Media Driver Work For Linux 4.21 - Includes Intel IPU3, ASpeed Video Engine
The media subsystem is seeing a lot of work going into the upcoming Linux 4.21 kernel cycle. Two pull requests of media feature work have already been sent in for this imminent merge window. Highlights of the media subsystem work for Linux 4.21 include: - The Intel IPU3 driver is being staged for this next kernel. This is for the Intel Image Processing Unit 3 (3rd Generation IPU) found in select Kabylake/Skylake U/Y-series products. The IPU processes images captured by a MIPI CSI2 receiver and interfaces with the kernel's V4L2 subsystem. Intel developers have been working on this IPU3 driver for more than the past year. This IPU3 driver is big enough that it was sent in via its own secondary pull request.
Android Leftovers
Lubuntu kicks 32-bit Linux users to the curb
It is the year 2018, and 2019 is right around the corner -- 64-bit processors have been mainstream for a really long time. If you are still using a computer that is 32-bit only, it is time to toss it into a dumpster. No, I’m not being an elitist; it is simply time to move on. A much superior laptop can be had new for a few hundred bucks. Hell, you could probably buy a used 64-bit machine for under $100. With all of that said, I am proud of all Linux-based operating system maintainers that have the courage to ditch 32-bit processor support. Some misguided Linux community members will decry this, claiming that the open source kernel can breathe new life into old hardware. That’s true, but it’s time for the world to raise the bar on what the bottom is -- all hardware can’t be supported forever. The latest major operating system to drop 32-bit support? Lubuntu.
The Performance Of Five Linux Distributions From Early 2016 To The End Of 2018
With the end of another year upon us, there has been the start of many year-end benchmark comparisons looking at how various aspects of Linux performance has evolved over 2018. In this comparison though is going back further than that and seeing how five Linux distributions have experienced performance changes over the past nearly three years -- using the CentOS, Clear Linux, Fedora, and openSUSE Linux distribution releases from early 2016 to their latest releases as of right now with their stable updates.
