Language Selection

English French German Italian Portuguese Spanish

Security: Bug Doors, Samba, GitHub Cracks, Microsoft Entryism

Filed under
Security
  • Zoom.us flaw forces users onto video and audio calls

    The macOS client application for the popular audio and video conferencing service Zoom can be made to forcibly join users to calls, activating Mac microphones video cameras without users being asked for permission, a researcher has found.

  • Years late to the SMB1-killing party, Samba finally dumps the unsafe file-sharing protocol version by default

    Samba says its next release will switch off previously on-by-default support for the aging and easily subverted SMB1 protocol. It can be reenabled for those truly desperate to use the godforsaken deprecated protocol version.

    The open-source SMB toolkit's developers say the Samba 4.11 build, currently in preview, will by default set SMB2_02 as the earliest supported version of the Windows file-sharing protocol.

    "This means clients without support for SMB2 or SMB3 are no longer able to connect to smbd (by default)," the 4.11 release notes read.

    "It also means client tools like smbclient and others, as well as applications making use of libsmbclient are no longer able to connect to servers without SMB2 or SMB3 support (by default)."

    Admins will still have the option to allow SMB1 on their servers if they so choose, but support will be turned off by default.

  • The GitHub account of Canonical who developed popular Ubuntu Linux was hacked[Ed: GitHub is Microsoft's responsibility, so speak to Microsoft. Ubuntu needs to delete GitHub.]
  • GitHub account belonging to Ubuntu Linux maker Canonical hacked [Ed: The account belongs to Microsoft actually. The site is entirely owned by it.]

    “Canonical has removed the compromised account from the Canonical organization in GitHub and is still investigating the extent of the breach, but there is no indication at this point that any source code or PII was affected,” the team said.

  • Microsoft to Join Linux Mailing List That Privately Discusses Unpatched Security Issues [Ed: It is pretty revealing that it is mostly Microsoft propaganda sites which push the "Microsoft loves Linux" lie.]

    Microsoft will become a member of the sought after Linux-distros mailing list, which privately discusses non-public security issues. To qualify for the membership, a member must have been submitting fixes for at least a year, with the tech giant’s anniversary and join date on August 5.

  • Microsoft set to join private Linux security mailing list [Ed: Microsoft entryism is progressing inside Linux and Windows promotion sites are pleased.]

    As it stands right now, there are representatives from ALT Linux, Amazon Linux AMI, Arch Linux, Chrome OS, CloudLinux, CoreOS, Debian, Gentoo, Openwall, Oracle, Red Hat, Slackware, SUSE, Ubuntu, and Wind River on the list. According to the list’s information page, issues disclosed here are subject to a maximum embargo period of 14 days but seven days are preferable.

Samba 4.11-RC1 Released

  • Samba 4.11-RC1 Released With Scalability Improvements, Disables SMB1 By Default

    The first release candidate of Samba 4.11 is now available while Samba 4.12 begins development on Git master.

    With Samba 4.11 there is the notable work around making it scalable to 100,000+ users with hundreds of thousands of objects. This is making Samba of more relevance for use in very large organizations. Samba 4.11 also brings other performance optimizations, lower memory usage, search performance enhancements, and other scalability work.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Annual Report 2018: LibreOffice development

Throughout the second half of 2018, the developer community worked on a new major release: LibreOffice 6.2. Details about the end-user-facing new features are provided on this page, and in the following video – so in the rest of this blog post, we’ll focus on developer-related changes. Read more

Programming Leftovers

Linux Kernel: Chrome OS, Direct Rendering Manger (DRM) and Char/Misc

  • Various Chrome OS Hardware Support Improvements Make It Into Linux 5.3 Mainline

    Various Chrome OS hardware platform support improvements have made it into the Linux 5.3 kernel for those after running other Linux distributions on Chromebooks and the like as well as reducing Google's maintenance burden with traditionally carrying so much material out-of-tree.

  • The Massive DRM Pull Request With AMDGPU Navi Support Sent In For Linux 5.3

    At 479,818 lines of new code and just 36,145 lines of code removed while touching nearly two thousand files, the Direct Rendering Manger (DRM) driver updates for Linux 5.3 are huge. But a big portion of that line count is the addition of AMD Radeon RX 5000 "Navi" support and a good portion of that in turn being auto-generated header files. Navi support is ready for the mainline Linux kernel!

  • Char/Misc Has A Bit Of Changes All Over For Linux 5.3

    The char/misc changes with each succeeding kernel release seem to have less changes to the character device subsystem itself and more just a random collection of changes not fitting in other subsystems / pull requests. With Linux 5.3 comes another smothering of different changes.

today's howtos