Security Leftovers
-
OpenSSH adds protection against Spectre, Meltdown, RAMBleed
OpenSSH, a widely used suite of programs for secure (SSH protocol-based) remote login, has been equipped with protection against side-channel attacks that could allow attackers to extract private keys from memory.
-
How to take the pain out of patching Linux and Windows systems at scale
Patching can be manually intensive and time-consuming, requiring large amounts of coordination and processes. Tony Green gives the best tips.
-
Removal of IBRS mitigation for Spectre Variant2
As the Meltdown and Spectre attacks were published begin of January 2018, several mitigations were planned and implemented for Spectre Variant 2.
-
Go and FIPS 140-2 on Red Hat Enterprise Linux
Red Hat provides the Go programming language to Red Hat Enterprise Linux customers via the go-toolset package. If this package is new to you, and you want to learn more, check out some of the previous articles that have been written for some background.
The go-toolset package is currently shipping Go version 1.11.x, with Red Hat planning to ship 1.12.x in Fall 2019. Currently, the go-toolset package only provides the Go toolchain (e.g., the compiler and associated tools like gofmt); however, we are looking into adding other tools to provide a more complete and full-featured Go development environment.
In this article, I will talk about some of the improvements, changes, and exciting new features for go-toolset that we have been working on. These changes bring many upstream improvements and CVE fixes, as well as new features that we have been developing internally alongside upstream.
-
Check your password security with Have I Been Pwned? and pass
Password security involves a broad set of practices, and not all of them are appropriate or possible for everyone. Therefore, the best strategy is to develop a threat model by thinking through your most significant risks—who and what you are protecting against—then model your security approach on the activities that are most effective against those specific threats. The Electronic Frontier Foundation (EFF) has a great series on threat modeling that I encourage everyone to read.
In my threat model, I am very concerned about the security of my passwords against (among other things) dictionary attacks, in which an attacker uses a list of likely or known passwords to try to break into a system. One way to stop dictionary attacks is to have your service provider rate-limit or deny login attempts after a certain number of failures. Another way is not to use passwords in the "known passwords" dataset.
-
SUSE: Release of SUSE CaaS Platform, SUSE Enterprise Storage, SUSE Linux Enterprise 15 Service Pack 1 and More
Glen Barber: Statement regarding employment change and roles in the [FreeBSD] Project
Dear FreeBSD community: As I have a highly-visible role within the community, I want to share some news. I have decided the time has come to move on from my role with the FreeBSD Foundation, this Friday being my last day. I have accepted a position within a prominent company that uses and produces products based on FreeBSD. My new employer has included provisions within my job description that allow me to continue supporting the FreeBSD Project in my current roles, including Release Engineering. There are no planned immediate changes with how this pertains to my roles within the Project and the various teams of which I am a member. FreeBSD 11.3 and 12.1 will continue as previously scheduled, with no impact as a result of this change. I want to thank everyone at the FreeBSD Foundation for providing the opportunity to serve the FreeBSD Project in my various roles, and their support for my decision. I look forward to continue supporting the FreeBSD Project in my various roles moving forward. GlenAlso: FreeBSD's Release Engineering Lead Departs The Foundation
There's A Professional Grade Digital Cinema Camera Powered By Linux
Digital camera startup Octopus Cinema has been designing the "OCTOPUSCAMERA" as a digital cinema camera that's professional grade yet is an open platform with removable/upgradeable parts and this camera platform itself is running Linux. The OCTOPUSCAMERA supports up to 5K full frame recording, weighs less than 1kg, and is powered by Linux. It's a rather ambitious device and they aim to be shipping in 2020. Also: Old Linus Torvalds is back: Linux page caching sparks 'bulls**t' outburst [Ed: Anti-Linux writers of the CBS tabloid ZDNet are mobbing Torvalds into silence again]
Android Leftovers
