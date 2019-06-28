Security and DRM Leftovers
-
GNU Binutils Binary File Descriptor Library Heap-Based Buffer Over-Read Vulnerability [CVE-2019-12972]
A vulnerability in the Binary File Descriptor (BFD) library, as distributed in GNU Binutils could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.The vulnerability is due to a heap-based buffer over-read condition that exists in the _brd_doprntfunction, as defined in the bfd.c source code file of the affected software. An attacker could exploit this vulnerability by submitting malicious executable and linkable format (ELF) input to the targeted system. A successful exploit could cause the affected software to stop responding or crash, resulting in a DoS condition.Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.The vendor has confirmed the vulnerability and released software updates.
-
enSilo Endpoint Security Platform 3.1 Product Review
The collector installers were straightforward, but we found the server to be confusing. We had trouble getting all VMs to report back to the cloud server. Additionally, we were unable to get the Ubuntu machine installed and reporting correctly.
We were able to get the CentOS machine online and connected, but when we went back and checked on it, it was in a disconnected state. The reasons for this were unclear to us, and, we concluded, the Linux offerings need some work.
-
Cleaning a broken GNUpg (gpg) key
I've long said that the main tools in the Open Source security space, OpenSSL and GnuPG (gpg), are broken and only a complete re-write will solve this. And that is still pending as nobody came forward with the funding. It's not a sexy topic, so it has to get really bad before it'll get better.
Gpg has a UI that is close to useless. That won't substantially change with more bolted-on improvements.
Now Robert J. Hansen and Daniel Kahn Gillmor had somebody add ~50k signatures (read 1, 2, 3, 4 for the glory details) to their keys and - oops - they say that breaks gpg.
But does it?
-
Multiple Facebook Pages Caught Spreading Remote Access Trojans Since 2014
Researchers from cybersecurity firm Check Point have uncovered a Facebook campaign that has been spreading malware since 2014. The campaign was operating under the posts that discussed the political situation in Libya.
Notorious Remote Access Trojans (RATs) like SpyNote, Houdini and Remcos were spread through Facebook pages and it is believed that the residents of Libya, the US, China, and Europe have been affected by it.
-
Microsoft is about to shut off its ebook DRM servers: "The books will stop working"
"The books will stop working": That's the substance of the reminder that Microsoft sent to customers for their ebook store, reminding them that, as announced in April, the company is getting out of the ebook business because it wasn't profitable enough for them, and when they do, they're going to shut off their DRM servers, which will make the books stop working.
Almost exactly fifteen years ago, I gave an influential, widely cited talk at Microsoft Research where I predicted this exact outcome. I don't feel good about the fact that I got it right. This is a fucking travesty.
-
Sony, Microsoft, Nintendo Say Trump Tariffs Will Make Game Consoles Hugely More Expensive [Ed: Those are just DRM boxes]
If you hadn't noticed by now, Trump's efforts to use tariffs to somehow magically improve the country's standing in the world aren't based on much in the way of sound logic or economic theory. And companies who've been forced to reconfigure and relocate their entire supply chains (to countries like Taiwan) to avoid massive penalties are likely to just pass those costs on to American consumers, something said consumers haven't really fully grokked yet. Countless CEOs think the entire gambit is immeasurably stupid, but have been hesitant to be too pointed in their criticism for fear of upsetting administration regulators.
As the actual bill comes due however, consumers are likely to wake up from their slumber. Maybe.
Case in point: Microsoft, Sony, and Nintendo this week fired off a letter to the Office of the United States Trade Representative, warning the Trump administration's plan to bump Chinese tariffs from 10 to 25 percent will have a profoundly-negative impact on the game industry. With 96 percent of game consoles made in China last year, the act of reconfiguring their entire supply chains will have a massive impact on the sector's bottom line and the numerous connecting companies that tendril out from the big three gaming giants.
-
- Login or register to post comments
- Printer-friendly version
- 616 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Cinnamon 4.2 Early Testing
it's been a while since posted a post here, but that's because of my work load which was way so hectic, so i didn't have time to post an update on Slackware or other things related to Slackware, but for today, i will make an exception since it's time to play with Cinnamon 4.2, the latest release of Cinnamon, which is yet to be announced, but the tarballs are already released on their github project page. There's no news yet on their blog, but i'm guessing they will release it soon after they mark it as stable. It took several minor releases to ensure stability and compatibility in Cinnamon based on past track records. We had some minor issue dealing with cinnamon-settings-daemon for Slackware-Current since they moved to support newer UPower 0.99 API while in Slackware, we still use the old UPower 0.9.23. In the end, upstream patched a bit, but i'm not really sure the power management component works best since i haven't tried it yet on a laptop (desktop is fine). Also new: Cinnamon 4.2.0
Games: GOG, Linux Gaming News Punch, Various New Games, New Valve Stats and Godot Engine 4.0 Updates
today's howtos
Today in Techrights
Recent comments
5 min 19 sec ago
12 min 50 sec ago
13 min 45 sec ago
15 min 46 sec ago
23 min 9 sec ago
1 hour 5 min ago
2 hours 4 min ago
2 hours 15 min ago
7 hours 20 min ago
7 hours 39 min ago