Language Selection

English French German Italian Portuguese Spanish

Security: Side-Channel Attack, SystemD, Security Think Tank, GNU Binutils, SANS Investigative Forensic Toolkit (SIFT), Fiat-Chrysler

Filed under
Security
  • Side-Channel Attack Targets Windows, Linux
  • Linux system faces a couple of memory corruption bugs
  • Security Think Tank: How to use SDN, containers and encryption – and some warnings

    Now that the Christmas and New Year festivities are finished, it is time take a serious look at the networks that underpin your company’s activities and how to prevent rogue code (malware, ransomware, viruses) from running amok. Can software-defined networks and containerisation of services provide a valuable helping hand?

    If you are running virtualised servers in your network, you have probably found that it is easier to create a new virtual server running a dedicated application than running multiple applications on one server.

  • GNU Binutils load_specific_debug_section Integer Overflow Vulnerability [CVE-2018-20671]

    A vulnerability in the load_specific_debug_section function in GNU Binutils could allow a local attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.The vulnerability is due to insufficient validation of user-supplied input by the load_specific_debug_section function, as defined in the objdump.c source code file of the affected software. An attacker could exploit this vulnerability by executing the objdump command to cause an integer overflow condition, which could trigger a heap-based buffer overflow condition. A successful exploit could allow the attacker to execute arbitrary code or cause a DoS condition.Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.The vendor has confirmed the vulnerability and released a software patch.

  • GNU Binutils demangle_template Function Integer Overflow Vulnerability [CVE-2018-20673]
  • Investigate and fight cyberattacks with SIFT Workstation

    SANS has a smorgasbord of DFIR training, and we also offer a free Linux distribution for DFIR work. Our SANS Investigative Forensic Toolkit (SIFT) Workstation is a powerful collection of tools for examining forensic artifacts related to file system, registry, memory, and network investigations. It is also available bundled as a virtual machine (VM), and includes everything one needs to conduct any in-depth forensic investigation or response investigation.

  • Supreme Court refuses to hear Fiat Chrysler appeal in Jeep hacking case

    A year later, they were back to show what they could have done if they’d continued to work on the attack in secret, as malicious hackers might have done. Namely, in spite of Fiat-Chrysler’s patch, Miller and Valasek came up with yet another attack in which they managed to spin a steering wheel 90 degrees while the car was traveling at 60 mph. Another year, another Jeep stuck in a ditch next to a cornfield.

    The plaintiffs in the class action suit, filed against the US subsidiary of Fiat-Chrysler and the manufacturer of the uConnect software, contend that the company knew about the vulnerability for three years and failed to fix it.

More in Tux Machines

Games: Zombie Panic! Source, Dicey Dungeon, NVIDIA RTX, Steam Play, Battle Motion, Ravva and the Cyclops Curse, Feudal Alloy

  • The Beta of Zombie Panic! Source was updated recently, should work better on Linux
    Zombie Panic! Source is currently going through an overhaul, as part of this it's coming to Linux with a version now in beta and the latest update should make it a better experience. [...] I personally haven't been able to make any of the events yet, so I have no real thoughts on the game. Once it's out of beta and all servers are updated, I will be taking a proper look as it looks fun. No idea when this version will leave beta, might be a while yet.
  • Dicey Dungeons, the new unique roguelike from Terry Cavanagh and co introduces quests
    We have a lot of roguelikes available on Linux (seriously, we do) yet Dicey Dungeons from Terry Cavanagh, Marlowe Dobbe, and Chipzel still remains fresh due to the rather unique game mechanics. I still can't get over how fun the dice mechanic is, as you slot dice into cards to perform actions. It's different, clever and works really well.
  • Quake 2 now has real-time path tracing with Vulkan
    If you have one of the more recent NVIDIA RTX graphics cards, here's an interesting project for you to try. Q2VKPT from developer Christoph Schied implements some really quite advanced techniques.
  • Steam Play versus Linux Version, a little performance comparison and more thoughts
    Now that Steam has the ability officially to override a Linux game and run it through Steam Play instead, let's take a quick look at some differences in performance. Before I begin, let's make something clear. I absolutely value the effort developers put into Linux games, I do think cross-platform development is incredibly important so we don't end up with more lock-in. However, let's be realistic for a moment. Technology moves on and it's not financially worth it to keep updating old games, they just don't sell as well as newer games (with exceptions of course). As the years go on, there will be more ways to run older games better and better, of that I've no doubt.
  • Battle Motion, a really silly massive fantasy battle game will have Linux support
    Sometimes when looking around for new games I come across something that really catches my eye, Battle Motion is one such game as it looks completely silly.
  • Ravva and the Cyclops Curse looks like a rather nice NES-inspired platformer
    Another lovely looking retro-inspired platformer! Ravva and the Cyclops Curse from developer Galope just released this week with Linux support.
  • Become a fish inside a robot in Feudal Alloy, out now with Linux support
    We've seen plenty of robots and we've seen a fair amount of fish, but have you seen a fish controlling a robot with a sword? Say hello to Feudal Alloy.

Addressing Icons Themes (Again)

I wrote some time ago on how platforms have a responsibility to respect the identity of applications, but now there’s some rumblings that Ubuntu’s community-built Yaru icon set (which is a derivative of the Suru icon set I maintain) intends to ignore this and infringe upon applications’ brands by modifying their icons... [...] For instance, the entire point of the GNOME icon refresh initiative is to address visual mismatches between third-party app icons and GNOME icons and we been have reaching out to developers to see about updating their icons to new design—this is the appropriate approach for a platform visual overhaul, by the way—which could always use more help on. Now I don’t see this ever happening, but I have hopes that someday Ubuntu will fully embrace GNOME and promote it as its desktop solution—especially given the desktop is out of the scope of the Ubuntu business these days. Read more

Wine 4.0 RC7

  • Wine Announcement
    The Wine development release 4.0-rc7 is now available.The Wine development release 4.0-rc7 is now available.
  • Juicy like the good stuff, Wine 4.0 RC7 is out with a delightful aroma
    No need to worry about a sour aftertaste here, we're of course talking about the wonderful software and not the tasty liquid. As usual, they're in bug-fix mode while they attempt to make the best version of Wine they can and so no super huge features made it in.
  • Wine 4.0-RC7 Released With Fixes For Video Player Crashes, Game Performance Issues
    Wine 4.0 should be officially out soon, but this weekend the latest test release of it is Release Candidate 7 that brings more than one dozen fixes. Wine 4.0 remains in a feature freeze until its release, which will likely be within the next two weeks or so. Since last Friday's Wine 4.0-RC6, the RC7 release has 13 known bug fixes. Catching our interest are some game performance regressions being resolved, including for Hot Pursuit, Project CARS, Gas Guzzlers, and others. There are also video player crash fixes when opening audio or video files.

Wikipedia cofounder: How and why I transitioned to Linux—how you can, too

My first introduction to the command line was in the 80s when I first started learning about computers and, like many geeky kids of the time, wrote my first BASIC computer programs. But it wasn’t until my job starting Nupedia (and then Wikipedia) that I spent much time on the Bash command line. (Let me explain. “Bash” means “Bourne-again shell,” a rewrite of the class Unix shell “sh.” A “shell” is a program for interacting with the computer by processing terse commands to do basic stuff like find and manipulate files; a terminal, or terminal emulator, is a program that runs a shell. The terminal is what shows you that command line, where you type your commands like “move this file there” and “download that file from this web address” and “inject this virus into that database”. The default terminal used by Linux Ubuntu, for example, is called Gnome Terminal–which runs Bash, the standard Linux shell.) Even then (and in the following years when I got into programming again), I didn’t learn much beyond things like cd (switch directory) and ls (list directory contents). It was then, around 2002, that I first decided to install Linux. Back then, maybe the biggest “distro” (flavor of Linux) was Red Hat Linux, so that’s what I installed. I remember making a partition (dividing the hard disk into parts, basically) and dual-booting (installing and making it possible to use both) Linux and Windows. It was OK, but it was also rather clunky and much rougher and much less user-friendly than the Windows of the day. So I didn’t use it much. Read more