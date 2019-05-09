Language Selection

Security Leftovers

Tuesday 21st of May 2019
Security
  • Security updates for Monday
  • NetBSD 8.1 RC1 Released With MDS Mitigations, Option To Turn Off SMT/HT, Driver Updates

    The first and only anticipated release candidate for NetBSD 8.1 is now available for testing.

    The NetBSD 8.1 release candidate adds the necessary mitigations for the Microarchitectural Data Sampling / Zombieload vulnerabilities. With Hyper Threading looking increasingly insecure with these new CPU vulnerabilities, NetBSD has joined other operating systems in offering a new setting to disable HT/SMT support: the smtoff rc.conf option.

  • Outbound Traffic Filtering | Roadmap to Securing Your Infrastructure

    This week, we’re discussing outbound traffic filtering. This is filtering provided at the network edge by a firewall with rules (ACLs) restricting what internal users are allowed to access. Some firewalls have the ability to filter by an application (layer 7 firewalls), but we’re going to concentrate on standard packet-filtering firewalls and their capabilities. There are several reasons for wanting to restrict outbound communications, such as defeating malware, making data exfiltration harder, and the detection of infected hosts.

  • Bluetooth's Complexity Has Become a Security Risk

    Fundamentally, both Bluetooth and BLE open up a channel for two devices to communicate—an extremely useful arrangement, but one that also opens the door for dangerous interactions. Without strong cryptographic authentication checks, malicious third parties can use Bluetooth and BLE to connect to a device they shouldn't have access to, or trick targets into thinking their rogue device is a trusted one.

  • Huawei promises continued security updates and service to existing users post Google ban

    Google has shocked the world by banning Huawei from future OS versions and security updates, but existing Huawei handsets will continue getting Google Play app updates, while Huawei promises it will issue security updates instead.

  • Security Advisory: Kernel and Firmware Updates for Intel MDS Vulnerability
  • ICE Tops Its Old Record, Spends Another $820,000 On Cellphone-Cracking Tools

    As consecutive heads of the FBI have whined about the general public's increasing ability to keep their devices and personal data secure with encryption, a number of companies have offered tools that make this a moot point. Grayshift -- the manufacturer of phone-cracking tool GrayKey -- has been selling hundreds of thousands of dollars-worth of devices to other federal agencies not so insistent the only solution is backdoored encryption.

    ICE is one of these agencies. It led all federal agencies in phone-cracking expenditures in 2018. It spent $384,000 on these tools last year. It wasn't just ICE. Other agencies like the DEA and [checks notes] the Food and Drug Administration have also purchased these devices. But ICE led the pack, most likely because ICE -- along with DHS counterpart CBP -- are engaging in more suspicionless, warrantless device searches than ever.

The Huawei Ban: Will Linux Replace Windows On Future Huawei Laptops?

As I write this, Bloomberg has learned that other U.S-based tech giants like Intel, Qualcomm and Broadcom will cut off their supply of components to Huawei. Losing access to Intel processors will obviously affect future Huawei laptops, but what about the operating system Huawei will ship on these devices? What about the installation of Windows 10 you currently have on your Huawei laptop? [...] Linux Out Of The Box? We know that Huawei has prepared for this situation by developing its own in-house alternative operating systems to both Android and Windows, though the state of said development is unknown. Its Windows alternative is almost certainly a custom Linux distribution. And it's not far-fetched to speculate that Huawei has it playing nicely on its own processors. Read more

Lokomotive: Production-ready Kubernetes distribution with Linux technologies

Kinvolk.io, a software consultancy specializing in cloud tech for Linux, announced their Kubernetes distribution Lokomotive on May 17, 2019. Under an open source license, Lokomotiv aims towards production-ready performance and a secure, stable Kubernetes distribution. According to Kinvolk, the fully supported release and commercial support with lokoctl and Lokomotive Components pulls into the station sometime this summer. For now, let us have a look at what’s under the hood and the project’s goals. Read more Also: Kubernetes, Cloud Native, and the Future of Software

10 Best Linux Distros to Install on a USB Stick

The GNU/Linux community is blessed with 100+ distributions and we do our best to cover only the best of them on FossMint so if you haven’t checked out titles like the Best Linux Distros for Laptops in 2019, 5 Operating Systems for the IoT, and the Top 10 GNU/Linux Distros for Privacy & Security then you probably should. Today, our attention is Linux distros that are perfect for running from USB sticks (and potentially other portable external storage devices) which means that we’ll be concentrating on portable Operating Systems. These are Operating Systems that are designed to be minimalist in their resource requirements i.e. they can run on hardware with little secondary storage space and/or little RAM. Portable Operating Systems also typically come in small enough sizes to fit on USB drives and CDs without losing the quality of their performance even when running on old machines. With that being said, here’s my list of the best portable Linux distributions. Read more

Audiocasts/Shows: Coder Radio, SMLR and This Week in Linux

  • Batteries are Leaking | Coder Radio 358
    A strong argument against Python’s batteries included model exposes some bigger problems the community is struggling with. We chat about all of it. Plus lessons learned six years after a project, a new tool, and some feedback.
  • SMLR 307 Night of The Living Daemon
  • This Week in Linux 67 | Zombieload, Nextcloud, Peppermint 10, KDE Plasma, IPFire, ArcoLinux, LuneOS
    On this episode of This Week in Linux, we’ll check out some Distro News from Peppermint OS, ArcoLinux, LuneOS & IPFire. We got a couple apps to talking about like Nextclou0…d and a new Wallpaper tool that has quite a bit of potential. We’ll take a look at what is to come with the next version of KDE Plasma. Intel users have gotten some more bad news regarding a new security vulnerability. Later in the show, we’ll cover some interesting information regarding a couple governments saving money by switching to Linux. Then finally we’ll check out some Linux Gaming News. All that and much more on your Weekly Source for Linux GNews!

