Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security updates for Thursday
  • WSL2 and Kali
  • Security service tracks embedded Linux vulnerabilities

    Timesys has launched a Vigiles security monitoring and management platform with CVE tracking for embedded Linux available as free software or as a subscription service.

    Timesys Vigiles automates the identification, tracking, and analysis of vulnerabilities by comparing embedded Linux firmware with NIST’s daily Common Vulnerabilities and Exposures (CVE) notifications. The software helps customers focus on vulnerabilities that pose the biggest threats to a customer’s specific software components, thereby “eliminating the need to manually monitor and analyze thousands of vulnerabilities,” says Timesys.

  • Vim devs fix system-pwning text editor bug [Ed: This requires obtaining and opening malicious files though]

    The attack exploits a vulnerability in a Vim feature called modelines, which lets you set variables specific to a file. As long as these statements are in the first few lines, Vim interprets them as instructions. They might tell Vim to display the file with a text width of 60 characters, for example. Or maybe you want to expand tabs to spaces to avoid another geek’s ire.

  • Mail servers running Exim come under attack

    Mail servers running the Exim mail transport agent are being exploited, with the attackers using a vulnerability disclosed a few days ago to run arbitrary commands as root, a security practitioner has warned.

    Exim, one of the four MTAs commonly used on Unix servers, is developed by Phillip Hazel at the University of Cambridge. It is the default on some Linux distributions, like Debian.

    [...]

    The original post about the vulnerability was released by Qualys Research Labs on 5 June, which said it was trivially exploitable in local and non-default cases, but with the default configuration an attack would take a long time to succeed.

  • Exim email servers are now under attack [Ed: The drama queen that CBS hired (Cimpanu) says "Almost half of the internet's email servers are now being attacked with a new exploit." It sounds a lot worse when in fact many are patched and the "half" refers to number of installs, not attacks. Misreporting. FUD. ZDNet is not a news site but a tech tabloid. It should be regarded as such.]

More in Tux Machines

today's leftovers: kernel, games, mozilla...

  • Call for submissions — linux.conf.au 2020

    The linux.conf.au 2020 organising team has issued an invitation to IT professionals for proposals for talks and miniconfs at the next conference, which will take place on the Gold Coast, 13–17 January 2020. Held regularly since 1999, linux.conf.au is the largest Linux and open source conference in the Asia–Pacific region. The conference provides deeply technical presentations from industry leaders and experts on a wide array of subjects relating to open source projects, data and open government and community engagement.

  • Intel Is Still Working On Upstreaming SGX Enclave Support To Linux - Now At 21 Revisions

    Intel Software Guard Extensions "SGX" have been around since Skylake for allowing hardware-protected (via encryption) memory regions known as "enclaves" that prevent processes outside of the enclave from accessing these memory regions. While supported CPUs have been out for years, the Intel SGX support has yet to make it into the mainline kernel and this week marks the twenty-first revision to these patches.  The twenty-eight patches implementing the Intel SGX foundations support for the Linux kernel and Intel Memory Encryption Engine support were revised with various fixes. Even if the review of this twenty-first revision to these patches go spectacular, due to the timing this SGX support won't land until at least the Linux 5.4 kernel with being too late for Linux 5.3. 

  • Ciel Fledge, an Anime-styled sim about raising an adopted daughter

    Quite a peculiar game this one, Ciel Fledge from Studio Namaapa and PQube Games has you adopt a strange child found on the surface of a ruined planet and raise her.

  • Bendy and the Ink Machine & Prison Architect going cheap in the new Humble Very Positive Bundle 3

    Humble just released a new bundle full of highly rated games, with 2 great picks in there for Linux gamers. The Humble Very Positive Bundle 3 is now live, with 7 total games. Sadly, only 2 of those have Linux releases but even so it's a chance for you to get them a lot cheaper than normal and together.

  • backlogs, lag, and waiting
  • MDN’s First Annual Web Developer & Designer Survey

    Today we are launching the first edition of the MDN Developer & Designer Needs Survey. Web developers and designers, we need to hear from you! This is your opportunity to tell us about your needs and frustrations with the web.

  • GSOC19 Ahmed ElShreif: Week 7 Report

    Then I spend more time reading some UI tests written with Python framework and try to figure out what missing of the UI elements and I disccuss adding logs for new events with my mentors.

Video/Audio: LINUX Unplugged, Coder Radio, and Debian 10 "Buster" Video Overview

Devices With Linux: Ibase, AOpen, Purism and ASUS

  • Ryzen Embedded V1000 module supports four USB 3.1 ports

    Ibase’s “ET976” COM Express Type 6 module builds on AMD’s Ryzen Embedded V1000 SoC with USB 3.1, SATA III, GbE, PCIe x8, PEG, and more. Ibase announced a COM Express Type 6 module equipped with AMD’s Ryzen Embedded V1000 system-on-chip. The announcement refers to the ET876 as a Compact module (95 x 95mm) like Ibase’s earlier, Intel 7th Gen “Kaby Lake” ET975, but the spec sheet and the photo indicate it’s a larger 125 x 95mm Basic module like Ibase’s 7th Gen ET970.

  • AOpen’s new kiosk/signage systems span Kaby Lake and Whiskey Lake

    AOpen’s compact, Linux-friendly “Digital Engine DE5500” embedded PC for kiosk and signage has a 7th Gen CPU, 2x HDMI 2.0, 2x GbE, 3x M.2, and SATA. AOpen is also prepping a Whiskey Lake based smart kiosk with OpenVINO and RealSense. Taiwanese signage vendor AOpen, which offers products such as its Android-driven, i.MX6-based MEP320 signage player, has launched an Intel 7th Gen Kaby Lake based signage and kiosk computer called the Digital Engine DE5500. The product supports Linux or Windows 10 and offers an optional AOpen Intelligent Control Unit (AiCU) smart kiosk control software package with “self-perception, self-determination, and self-execution” features.

  • Mr. Librem Kyle Rankin: Consent Matters: When Tech Shares Your Secrets Without Your Permission

    There is a saying that goes around modern privacy circles that “Privacy is about Consent.” This means that the one big factor that determines whether your privacy is violated comes down to whether you consented to share the information. For instance, let’s say Alice tells Bob a secret: if Bob then tells the secret to someone else, Bob will be violating Alice’s privacy, unless he had asked Alice for permission first. If you think about it, you can come up with many examples where the same action, leading to the same result, takes on a completely different tone–depending on whether or not the actor got consent. We have a major privacy problem in society today, largely because tech companies collect customer information and share it with others without getting real consent from their customers. Real consent means customers understand all of the ways their information will be used and shared, all the implications that come from that sharing–now, and in the future. Instead, customers get a lengthy, click-through privacy policy document that no one is really expected to read or understand. Even if someone does read and understand the click-through agreement, it still doesn’t fully explain all of the implications behind sharing your location and contact list with a messaging app or using voice commands on your phone. Big Tech has been funded, over the past two decades, by exploiting the huge influx of young adults who were connected to the Internet and shared their data without restriction. While it’s a generalization that young adults often make decisions based on short-term needs, without considering the long-term impacts, there’s also some truth behind it–whether we are discussing a tattoo that seemed like a good idea at the time, posting pictures or statements on social media that come back to bite you or giving an app full access to your phone. Individuals didn’t understand the value of this data or the risks in sharing it; but tech companies knew it all along and were more than happy to collect, store, share and profit off of it, and Big Tech is now a multi-billion-dollar industry.

  • ASUS Chromebook C523

    Today we are looking at the ASUS Chromebook C523 (C523NA-DH02). It is a strong, modern smart-looking Chromebook for a great price with a big screen. It comes with a fanless Dual-Core Intel Celeron N3350 CPU, a 15.6 inch, 1366x768, HD NanoEdge display, and non-touch screen. It has 4gb of RAM and a 32GB eMMC SSD. It has Android Apps (Google Play) and Linux Apps (crostini) support and it will receive auto-updates until November 2023. It weighs 3.1 lbs and its dimensions are 14.1 x 9.9 x 0.6 in inches. The battery has 2 cells, 38Whr Lithium-ion battery, and 10 hours of battery life.

Ubuntu Copying Fedora and Ubucon Raising Funds

  • Ubuntu 19.10 Will Offer a Flicker Free Boot (For Some Users, Anyway)

    A short, but welcome, update: Ubuntu 19.10 will offer a flicker free boot experience for some users! Red Hat’s crop of competent engineers are (as always) to credit for effort that Ubuntu 19.10 ‘Eoan Ermine’ takes full advantage of. Now, Ubuntu’s boot experience as-is isn’t exactly terrible, but there’s a visible bit of blinking during the process. As an AMD user I’m used to my laptop display “flickering” off and back on a few times during boot, signalling the transition from boot loader to loading screen to login screen — alas, something this effort can’t address. But users of Ubuntu 19.10 with modern Intel graphics cards and an UEFI setup should benefit from a truly seamless flickr-free boot experience, thanks to a new Plymouth snapshot added to the Eoan archives.

  • Ubuntu 19.10 To Ship With Flicker-Free Boot Support

    Thanks to the upstream work achieved by Red Hat engineers working on Fedora the past few cycles, Ubuntu 19.10 should have a flicker-free boot experience. Ubuntu 19.10 is in the process of picking up packages for the flicker-free boot experience that was led by Red Hat engineers like Hans de Goede for delivering a very polished boot experience particularly when booting in UEFI mode and also with supported graphics driver configurations, which for now is best with the Intel DRM code.

  • Our Diamond Sponsor – Ubuntu!

    Our Diamond Sponsor of this event is Ubuntu, an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things. Linux was already established in 2004, but it was fragmented into proprietary and unsupported community editions, and free software was not a part of everyday life for most computer users. That’s when Mark Shuttleworth gathered a small team of Debian developers who together founded Canonical and set out to create an easy-to-use Linux desktop called Ubuntu.

  • Ubucon Europe 2019: Call for Sponsors

    This event can only be possible thanks to our sponsors. Your investment helps us create a greater experience for the open source community, while you still benefit from a considerable amount of exposure.