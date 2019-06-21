Security Leftovers
Security updates for Monday
OpenSSH code gets an update to protect against side-channel attacks
Last week, Damien Miller, a Google security researcher, and one of the popular OpenSSH and OpenBSD developers announced an update to the existing OpenSSH code that can help protect against the side-channel attacks that leak sensitive data from computer’s memory. This protection, Miller says, will protect the private keys residing in the RAM against Spectre, Meltdown, Rowhammer, and the latest RAMBleed attack.
SSH private keys can be used by malicious threat actors to connect to remote servers without the need of a password. According to CSO, “The approach used by OpenSSH could be copied by other software projects to protect their own keys and secrets in memory”.
However, if the attacker is successful in extracting the data from a computer or server’s RAM, they will only obtain an encrypted version of an SSH private key, rather than the cleartext version.
Bird Miner cryptominer targets Macs, emulates Linux [Ed: This is actually malware that spreads itself using proprietary software and not about "Linux"]
A new cryptominer, dubbed Bird Miner, has been spotted in the wild targeting Mac devices and running via Linux emulation under the guise of a production software tool.
Linux Admins! Grab Our Free Tool To Protect Against Netflix SACK Panic
Your Linux boxes may be vulnerable to TCP networking vulnerabilities that can lead to a remote DoS attack.
Videos: OpenMandriva Lx 4.0, Enso OS 0.3.1, OpenShift and Upbound
189 Lives Changed - By Linux
I've been at this business of putting Linux-powered computers into the homes of financially disadvantaged kids since 2005, one way or the other. That's 14 years and north of 1670 computers placed. Throughout those years, I've shared with you some of our successes, and spotlighted the indomitable spirit of the Free Open Source Community and The Linux Community as a whole. I've also shared with you the lowest of the low times for us, and me personally. But through it all, Reglue has maintained our mission of placing first-time computers into the homes of financially disadvantaged students. By onesies and twosies mostly. A multi-machine learning center here and there, by far the greatest is the Bruno Knaapen Technology Learning Center. And as much of a challenge as that was, we have another project of even greater measure. If you don't know who Bruno Knaapen is, I suggest you follow the link. Bruno will go down in history as a person who helped more people adapt to Linux than anyone, at any time. Bruno's online contributions are still a treasure trove of Linux knowledge. So much, individuals pay out of their pocket to make sure that information remains available. Going down that list, you will come to understand the tenacity and knowledge that man shared with his community. I was one of those that learned at his elbow.
Tails 3.14.2 is out
This release is an emergency release to fix a critical security vulnerability in Tor Browser. You should upgrade as soon as possible.
Security Leftovers
