Summary: make sure you have at least one constraint source configured and use no options. ntpd will set the clock if needed, even if you machines has no battery backed up clock and is running a DNSSEC validating resolver.
GNOME Asia Summit 2019 Announced for GNOME 3.36 "Gresik" Desktop in Indonesia
Every year, the GNOME developers and contributors gather together for the GUADEC (GNOME Users And Developers European Conference) and GNOME Asia Summit events to plan the next major release of their beloved, open-source desktop environment for Linux-based operating systems.
While the GUADEC 2019 conference will kick off this summer between August 23rd and 28th, in Thessaloniki, Greece, for the upcoming GNOME 3.34 "Thessaloniki" desktop environment, the GNOME Asia Summit 2019 event will take place between October 11th and 13th, 2019, in Gresik, Indonesia.
CentOS 7 and RHEL 7 Get Important Linux Kernel Update to Patch SACK Panic Flaws
The new Linux kernel security updates patch an integer overflow flaw (CVE-2019-11477) discovered by Jonathan Looney in Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments, which could allow a remote attacker to cause a so-called SACK Panic attack (denial of service) by sending malicious sequences of SACK segments on a TCP connection that has a small TCP MSS value.
"While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented," reads Red Hat's security advisory. "Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments."
Security: Updates, Holes, FUD and Primers
Raspberry Pi is a teeny-tiny device that can be tinkered with to gain deceptively high capabilities. This has been proved by a recent report which confirmed that a NASA lab was hacked using a Raspberry Pi.
The breach occurred in April 2018 where NASA’s Jet Propulsion Laboratory (JPL) was hacked and 500MB of data from major mission systems was stolen.
[...]
Apparently, the system administrators did not consistently update the inventory system while adding new devices to the network.
There are two primary and separate bug fixes in DragonFlyBSD 5.6.1 around OpenSSH and TTM. The OpenSSH issue is a SSHD configuration issue for the SSH daemon. The TTM bug is a lockup issue that could come about when using the Radeon DRM graphics driver with this Radeon/TTM code ported over to DragonFlyBSD from the Linux kernel.
That's it for DragonFlyBSD 5.6.1, which is on top of the many great additions in version 5.6 like HAMMER2 by default, a VM rework / performance improvements, and other enhancements.
Some owners of Pixel 3A and 3A XL devices had a happy, or rather surprising, moment when they realized that Google goofed-up badly.
As posted on Reddit, Google accidentally released a build of the monthly security update meant for July 2019. It is 79.8MB in size and comes with a label that says “CONFIDENTIAL INTERNAL ONLY.” This clearly means it’s an internal build and not meant for public release.
The SupportAssist software comes pre-loaded on most Dell laptops and desktops. It’s used to check for different hardware and software issues that could arise over the course of time on Dell machines. For example, it can be used to test whether the battery is in a healthy condition or not.
Unfortunately, the innocent-looking SupportAssist could open doors for attackers who can use it to achieve privilege escalation on Dell machines running Windows 10. The vulnerability was discovered by security firm SafeBreach Labs, the firm told Fossbytes in an email.
One of the biggest disadvantages of using pirated software is the increased risk of letting your computer get infected with malware. Cybercriminals often bundle the cracked versions of paid software on piracy websites with adware and cryptominer to earn free cash. So, if you’re installing such programs from unknown sources, the chances of you getting hacked are pretty good.
The same attack vector is being used by hackers to distribute a new Mac cryptocurrency miner named Bird Miner. As Malwarebytes’ official blog explains, Bird Miner has been found to be bundled with a cracked installer of a software named Ableton Live, which is a tool for high-end music production.
A new Mac cryptocurrency miner Malwarebytes detects as Bird Miner has been found in a cracked installer for the high-end music production software Ableton Live. The software is used as an instrument for live performances by DJs, as well as a tool for composing, recording, mixing, and mastering. And while cryptomining is not new on Mac, this one has a unique twist: It runs via Linux emulation.
Public Key Infrastructure (PKI) provides a framework of encryption and data communications standards used to secure communications over public networks. At the heart of PKI is a trust built among clients, servers and certificate authorities (CAs). This trust is established and propagated through the generation, exchange and verification of certificates.
This article focuses on understanding the certificates used to establish trust between clients and servers. These certificates are the most visible part of the PKI (especially when things break!), so understanding them will help to make sense of—and correct—many common errors.
As a brief introduction, imagine you want to connect to your bank to schedule a bill payment, but you want to ensure that your communication is secure. "Secure" in this context means not only that the content remains confidential, but also that the server with which you're communicating actually belongs to your bank.
