Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Report: Response to the Consultation on the Government's regulatory proposals regarding consumer Internet of Things (IoT) security

    Open Rights Group (ORG) is a UK-based digital campaigning organisation working to protect fundamental rights to privacy and free speech online. With over 3,000 active supporters, we are a grassroots organisation with local groups across the UK.

    We are a project partner to Values and Ethics in Responsible Technology in Europe (VIRT-EU) – a European project funded by the Horizon 2020 program. VIRT-EU’s mission is to foster ethical thinking in IoT development. The following comments stem predominantly from our experience accumulated in the course of that project.

    We address the consultation questions in order below, omitting questions 7, 8 and 9 as these lie outside our remit.

    1. Do you agree that the Government should take powers to regulate on the security of consumer IoT products? If yes, do you agree with the proposed legislative approach?

    We welcome the proposal to create primary legislation to introduce enhanced security for consumers using IoT devices. We also support the approach of making some requirements mandatory in the first instance with a longer strategy.

  • 'This Is a Bombshell': Facial Recognition Data Collected by US Customs Agency Hacked

    "This is a bombshell," said Evan Greer, deputy director of the advocacy group Fight fight for the Future, in response to the reporting. "Even if you 100% trust the US government with your biometric information (which you shouldn't) this is a reminder that once your face is scanned and stored in a database, it's easily shared across government agencies, stolen by hackers, other governments, etc."

    Buzzfeed, also among the first to report on the breach on Monday, noted that the "cyberattack comes amid the ongoing rollout of CBP's "biometric entry-exit system," the government initiative to biometrically verify the identities of all travelers crossing US borders." As BuzzFeed News reported Citing earlier reporting, Buzzfeed pointed out that "CBP is scrambling to implement the initiative with the goal of using facial recognition technology on '100 percent of all international passengers,' including American citizens, in the top 20 US airports by 2021."

  • What you need to know about the MDS vulnerability and Red Hat Virtualization

    A new series of vulnerabilities in Intel processors, known as Microarchitectural Data Sampling, or more simply MDS, was recently made public and Red Hat released information about how the vulnerabilities affect our software and how to protect your organization.

    In the simplest terms, MDS is a vulnerability in Intel processors similar to Spectre and Meltdown; it allows a guest to read protected memory from anywhere on the host or guest. To mitigate the risks exposed by MDS, a combination of updated microcode, updated kernel(s), patches, and administrator action will need to be taken for both the hypervisors and virtual machines in your Red Hat Virtualization deployment. Unlike some similar vulnerabilities, simply disabling SMT and/or hyper-threading is not enough to protect your applications.

  • 5 reasons chaos engineering is indispensable to the CISO

    Security leaders, including the chief information security officer (CISO), are challenged to continuously demonstrate their role within the company's value stream as part of improving security. In doing so, a growing number of security organizations are shifting toward a more "applied security mode," leading many to rethink our traditional practices and question their effectiveness in today's high-velocity, software-driven world.

  • Wireless Security | Roadmap to Securing Your Infrastructure
  • IPFire on AWS: Update to IPFire 2.23 - Core Update 132

    Today, we have updated IPFire on AWS to IPFire 2.23 - Core Update 132 - the latest official release of IPFire.

    This update brings you the new Intrusion Prevention System out-of-the-box as well as updates to the whole system.

  • Amitabh Bachchan’s Twitter Account “Hacked” And DP Got Changed

More in Tux Machines

Programming: Thread Synchronization, Python, C++

  • Thread Synchronization in Linux and Windows Systems, Part 1

    In modern operating systems, each process has its own address space and one thread of control. However, in practice we often face situations requiring several concurrent tasks within a single process and with access to the same process components: structures, open file descriptors, etc.

  • Intro to Black – The Uncompromising Python Code Formatter

    There are several Python code checkers available. For example, a lot of developers enjoy using Pylint or Flake8 to check their code for errors. These tools use static code analysis to check your code for bugs or naming issues. Flake8 will also check your code to see if you are adhering to PEP8, Python’s style guide.

  • Report from the February 2019 ISO C++ meeting (Library)

    Back in February, I attended the WG21 C++ standards committee meeting in rainy Kona, Hawaii (yes, it rained most of the week). This report is so late that we’re now preparing for the next meeting, which will take place mid-July in Cologne. As usual, I spent the majority of my time in the Library Working Group (for LWG; for details on the various Working Groups and Study Groups see Standard C++: The Committee). The purpose of the LWG is to formalize the specification of the C++ Standard Library, i.e. the second “half” of the C++ standard (although in terms of page count it’s closer to three quarters than half). With a new C++20 standard on the horizon, and lots of new features that people want added to the standard library, the LWG has been very busy trying to process the backlog of new proposals forwarded by the Library Evolution Working Group (LEWG). One of the main tasks at the Kona meeting was to review the “Ranges Design Cleanup” proposal. The cleanup involves a number of fixes and improvements to the new Ranges library, addressing issues that came up during the review of the previous (much larger) proposal to add the Ranges library, which is one of the biggest additions to the C++20 library (most of the other significant additions to C++20 affect the core language, without much library impact). In fact, I’d say it’s one of the biggest additions to the C++ standard library since the first standard in 1998. The Ranges library work overhauls the parts of the standard that originated in the Standard Template Library (STL), i.e. iterators, algorithms, and containers, to re-specify them in terms of C++ Concepts. This has been a multi-year effort that has now landed in the C++20 working draft, following multiple proposals and several meetings of wording review by LWG.

  • Save and load Python data with JSON

    JSON stands for JavaScript Object Notation. This format is a popular method of storing data in key-value arrangements so it can be parsed easily later. Don’t let the name fool you, though: You can use JSON in Python—not just JavaScript—as an easy way to store data, and this article demonstrates how to get started.

Android Leftovers

SysAdmin Day Sale: Get 60% off on Linux Foundation Certification & Training

To celebrate the Sysadmin day, the Linux Foundation is giving 60% off on its training courses on sysadmin, Kubernetes, Hyperledger etc. Advance your career with these certifications. Read more

Raspberry Pi 4 and Raspbian Buster: Hands-On

In my previous two posts I looked at the Raspberry Pi 4 hardware and at the procedure for installing and booting the new Raspbian Buster Operating System on the Pi 4. With those basic steps out of the way, now it's time to look at both the hardware and software in more detail. The first thing I want to mention is that when I wrote the previous post about Raspbian, I had not noticed that there is an updated version of Raspbian Buster (2019-07-10) available. This version was released sort of quietly (without the usual blog post announcing and explaining it), although there are release notes for it if you are interested. This release is extremely good news, because it fixes some of the biggest problems that I mentioned in my previous post... Read more