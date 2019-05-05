Security Leftovers
Security updates for Thursday
WordPress Security Guidelines You Should Follow
glibc 2.28 cleanup – no more memory leaks
glibc already released 2.29, but I was still on a much older version and hadn’t noticed 2.28 (which is the version that is in RHEL8) has a really nice fix for people who obsess about memory leaks.
When running valgrind to track memory leaks you might have noticed that there are sometimes some glibc data structures left.
These are often harmless, small things that are needed during the whole lifetime of the process. So it is normally fine to not explicitly clean that up. Since the memory is reclaimed anyway when the process dies.
Remembering the Morris Worm, the first internet felony
Bug in Alpine Linux Docker Image Leaves Root Account Unlocked
A Brief History of Containerization: Why Container Security Best Practices Need to Evolve Now
Maybe it’s the advent of the internet, or perhaps your brain skipped all the way back to the steam engine. When asked that question, how many people do you think would land on shipping containers? They might not be the first thing that comes to mind, but the invention of shipping containers in the 1950s catalyzed change. Introducing a standard container helped pave the way for faster, cheaper and more reliable transportation of goods across the globe.
In many ways parallel to how physical containers shaped shipping, application containers are revolutionizing software development methods. Much like physical containers, application containers are a form of digital packaging. They rely on that attribute to provide virtual isolation for deploying or running various applications that use the same operating system (OS) or cloud.
Containers support a microservice-based architecture, an approach to redefining large-scale software projects to be more scalable and modular. Container technology can also help make it easier to run applications in different working environments under different conditions because it provides a solid runtime environment. Combined with the open source wave that has permeated the industry, this new wave of development has been a boon to cloud providers, developers and managed services alike.
The fight to reclaim the term ‘hacker’ starts here
In the early days of computing, ‘hacker’ was generally a positive term.
It started to gain traction through the Unix hack culture that took place at US universities in the ’60s and ’70s – an era recorded in free software guru Eric Raymond’s ‘A Brief History of Hackerdom’ and articles by GNU creator Richard Stallman, among others.
The inaugural edition of SwigCast – featuring an interview with ethical hackers Paul Johnston and Santiago Diaz – explores these ideas and delves into why better representations of hackers is needed today more than ever.
“Right now, ‘hacker’ is used in an entirely different connotation,” said Johnston.
Google’s Project Mainline in Android Q will help speed up security updates
Android version fragmentation is one of the biggest challenges for Google to solve. While the Google Pixel smartphones are among the most secure smartphones on the market thanks to the incredible efforts of Pixel and AOSP engineers, many other smartphones are vulnerable to exploits due to running outdated OS versions or outdated security patch levels. The latest report from Gartner shows that Android 9 Pie is an incredibly secure OS, yet only approximately 10% of all smartphones are on the release.
