Language Selection

English French German Italian Portuguese Spanish

Security: Side-Channel Attack, SystemD, Security Think Tank, GNU Binutils, SANS Investigative Forensic Toolkit (SIFT), Fiat-Chrysler

Filed under
Security
  • Side-Channel Attack Targets Windows, Linux
  • Linux system faces a couple of memory corruption bugs
  • Security Think Tank: How to use SDN, containers and encryption – and some warnings

    Now that the Christmas and New Year festivities are finished, it is time take a serious look at the networks that underpin your company’s activities and how to prevent rogue code (malware, ransomware, viruses) from running amok. Can software-defined networks and containerisation of services provide a valuable helping hand?

    If you are running virtualised servers in your network, you have probably found that it is easier to create a new virtual server running a dedicated application than running multiple applications on one server.

  • GNU Binutils load_specific_debug_section Integer Overflow Vulnerability [CVE-2018-20671]

    A vulnerability in the load_specific_debug_section function in GNU Binutils could allow a local attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.The vulnerability is due to insufficient validation of user-supplied input by the load_specific_debug_section function, as defined in the objdump.c source code file of the affected software. An attacker could exploit this vulnerability by executing the objdump command to cause an integer overflow condition, which could trigger a heap-based buffer overflow condition. A successful exploit could allow the attacker to execute arbitrary code or cause a DoS condition.Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.The vendor has confirmed the vulnerability and released a software patch.

  • GNU Binutils demangle_template Function Integer Overflow Vulnerability [CVE-2018-20673]
  • Investigate and fight cyberattacks with SIFT Workstation

    SANS has a smorgasbord of DFIR training, and we also offer a free Linux distribution for DFIR work. Our SANS Investigative Forensic Toolkit (SIFT) Workstation is a powerful collection of tools for examining forensic artifacts related to file system, registry, memory, and network investigations. It is also available bundled as a virtual machine (VM), and includes everything one needs to conduct any in-depth forensic investigation or response investigation.

  • Supreme Court refuses to hear Fiat Chrysler appeal in Jeep hacking case

    A year later, they were back to show what they could have done if they’d continued to work on the attack in secret, as malicious hackers might have done. Namely, in spite of Fiat-Chrysler’s patch, Miller and Valasek came up with yet another attack in which they managed to spin a steering wheel 90 degrees while the car was traveling at 60 mph. Another year, another Jeep stuck in a ditch next to a cornfield.

    The plaintiffs in the class action suit, filed against the US subsidiary of Fiat-Chrysler and the manufacturer of the uConnect software, contend that the company knew about the vulnerability for three years and failed to fix it.

More in Tux Machines

End of LibrePlanet 2019

  • Questioning and Finding Purpose
    This is copied over from my spiritual blog. I'm nervous doing that, especially at a point when I'm more vulnerable than usual in the Debian community. Still, this is who I am, and I want to be proud of that rather than hide it. And Debian and the free software community are about far more than just the programs we write. So hear goes: The Libreplanet opening keynote had me in tears. It was a talk by Dr. Tarek Loubani. He described his work as an emergency physician in Gaza and how 3d printers and open hardware are helping save lives. They didn't have enough stethoscopes; that was one of the critical needs. So, they imported a 3d printer, used that to print another 3d printer, and then began iterative designs of 3d-printable stethoscopes. By the time they were done, they had a device that performed as well or better than than a commercially available model. What was amazing is that the residents of Gaza could print their own; this didn't introduce dependencies on some external organization. Instead, open/free hardware was used to help give people a sense of dignity, control of some part of their lives, and the ability to better save those who depended on them. Even more basic supplies were unavailable. The lack of tourniquets caused the death of some significant fraction of casualties in the 2014 war. The same solution—3d-printed tourniquets had an even more dramatic result. Dr. Loubani talked about how he felt powerless to change the world around him. He talked about how he felt like an insignificant ant.
  • LibrePlanet Day 2: Welcoming everyone to the world of free software
    One of the most important questions that free software is facing in the year 2019 is: how do we make the world of free software accessible to broader audiences? Vast numbers of people are using software every day -- how do we relate our message to something that is important to them, and then welcome them into our community? In order to achieve our mission, we need to invite people and get them to use, create, and proliferate ethical software, until it replaces until all technology is free. Many of the best talks at LibrePlanet 2019 echoed a message for the free software community to focus on building a culture that's respectful and encouraging for new people, respecting a wide variety of personalities and values. The first way to get people invested in the culture of free software is to make it fun, and that was the focus of the morning keynote, "Freedom is fun!", delivered by free software veteran Bdale Garbee. A prominent name in the free software world for decades, Bdale talked about how he has a habit of turning all of his hobbies into free software projects, starting with model rockets.

Python Programming: PyPy 7.1 and More

  • PyPy v7.1 released; now uses utf-8 internally for unicode strings
    The interpreters are based on much the same codebase, thus the double release. This release, coming fast on the heels of 7.0 in February, finally merges the internal refactoring of unicode representation as UTF-8. Removing the conversions from strings to unicode internally lead to a nice speed bump. We merged the utf-8 changes to the py3.5 branch (Python3.5.3) but will concentrate on 3.6 going forward. We also improved the ability to use the buffer protocol with ctype structures and arrays.
  • PyPy 7.1 As The Well Known Alternative Python Implementation
    Last month brought the release of PyPy 7.0 as the JIT-ed performance-optimized Python implementation. PyPy 7.0 brought alpha Python 3.6 support, an updated CFFI module, and other enhancements. Out now is PyPy 7.1 as its successor.
  • Python’s “else” clause for loops
  • EuroPython 2019: Presenting our conference logo for Basel
    The logo is inspired by graphical elements from the Basel Jean Tinguely Museum and Basel Rhine Swimming. It was again created by our designer Jessica Peña Moro from Simétriko, who had already helped us in previous years with the conference design.

15 Useful And Best Media Server Software For Linux

There is no doubt that Linux is multi-purpose operating systems. It has gone far from being the operating systems for system administrators or for the programmers. You can use it for many purpose. In this post, We will talk about some of the best Media server software for Linux so that you can turn your Linux to media server instantly. Read more

Video/Audio: Manjaro 18.0.4 KDE, Linux Action News, Linux Gaming News Punch and GNU World Order

  • Manjaro 18.0.4 KDE Through
    In this video, we look at Manjaro 18.0.4. Enjoy!
  • Linux Action News 98
    Is Linux gaming really being saved by Google's Stadia platform? We discuss the details and possibilities. Plus good news for KDE Connect users, Intel begins work on next-generation open source video drivers, and much more.
  • Linux Gaming News Punch - Episode 5
    The Linux Gaming News Punch - Episode 5 is here once again! Another week, another ton of news and so here's your bite-sized take at a few interesting topics for those struggling to keep up. As usual, it has a video to give your eyes as well as your ears a feast or just the plain audio to listen to on the go.
  • gnuWorldOrder_13x13