Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Microsoft Discreetly Drops ‘Telemetry’ As Part Of Larger ‘Security Cumulative Update’ Without First Informing Windows 7 Users? [Ed: Microsoft being Microsoft and backporting surveillance; With Windows Update any piece of software can become more malicious overnight.]

    Microsoft appears to have once again attempted to sneak telemetry components. The company released security updates for all supported operating systems on the July 2019 Patch Day. However, this month’s cumulative updates, which were supposed to contain only security-related components, contain an unexpected compatibility/telemetry component.

    The suspicious components were hidden in plain sight. Incidentally, this is the second time Microsoft has attempted to insert telemetry components. However, during the first attempt the Windows OS maker had openly mentioned the inclusion of the telemetry components, whereas this time, the company didn’t offer any indication. This methodology appears to an attempt to garner more accurate data about usage and installation patterns of the Windows operating system as Microsoft will soon phase out Windows 7.

    Windows Update delivered several packages of security and reliability fixes for Windows 7 earlier this week. The packages are different for each of the Windows operating system’s versions that Microsoft officially supports. However, the ‘cumulative update’ package contained a rather suspicious component. The security update in question was intended for Microsoft Windows 7 Operating System (OS) which was released as part of the July 2019 Patch Day.

  • Swimlane research team open sources pyattack

    As security teams adopt the Mitre ATT&CK Framework to help them identify gaps in their defenses, having a way to identify what malware and tools are being used by specific actors or groups becomes more critical. Additionally, having a way to identify these relationships programatically is even more critical.

    Today, we are excited to announce the Swimlane research team has released pyattck—a Python package to interact with the Mitre ATT&CK Framework. There are many different open-source projects being released on a daily basis, but we wanted to provide a straightforward Python package that allows the user to identify known relationships between all verticals of the Mitre ATT&CK Framework.

  • Strongbox Password Safe is a free, open-source KeePass client for iOS [Ed: iOS from Apple has back doors (see Vault 7 from Wikileaks for instance), so you should not put any passwords in it]
  • Research Finds Loads of Container Vulnerabilities

    Docker containers are great in that it’s easy to get started building an application using frameworks and components that others have made available via open source projects. The challenge, however, is not all those projects are current in terms of their cybersecurity patches. In fact, a developer of a framework may not even be actively supporting it anymore.

    A new report from vulnerability management platform vendor Kenna Security highlights the extent of the problem in the Docker community. Via the VulnerabilitiesContainer.org site, Kenna Security is sharing the results of analyses of containers being reused widely that find some of these open source projects have hundreds of unresolved Common Vulnerabilities and Exposure (CVE) issues.

  • A World of Infinite Choice in Open Source Software

    We recently released the fifth annual State of the Software Supply Chain Report in London. This year, we worked with Gene Kim and Dr. Stephen Magill to examine our largest data sample ever. Our goal? To qualify and quantify how exemplary development teams operate.

    As part of the research we identified the top 3% of DevOps teams using exemplary practices. (Take the quiz to see how your team stacks up.)

    Before we could truly understand these practice, we had to have the right context. The report’s first goal was to compare the use of open source in 2019 - to that of years past - and understand the broader environment developers are working in. As anticipated, open source component use continues to rocket upward.

  • In memoriam – Corby Corbató, MIT computer science pioneer, dies at 93

    Almost everyone’s heard of Linux – it’s the operating system kernel that’s behind a significant proportion of servers on the internet, including most of Google, Facebook, Amazon and many other contemporary online juggernauts.

    In its Android flavour, Linux powers the majority of smartphones out there, and in one form or another it’s also the kernel of choice for many so-called IoT devices such as bike computers, home Wi-Fi routers, webcams, baby monitors and even doorlocks.

    Most people who use Linux know that the name is a sort-of pun on Unix, the operating system that Linux most resembles.

    And Unix, of course, is the operating system behind a significant proportion of the devices out there that don’t run Linux, being at the heart of Apple’s macOS and iOS systems, as well as the various and widely-used open source BSD distributions.

More in Tux Machines

Annual Report 2018: LibreOffice development

Throughout the second half of 2018, the developer community worked on a new major release: LibreOffice 6.2. Details about the end-user-facing new features are provided on this page, and in the following video – so in the rest of this blog post, we’ll focus on developer-related changes. Read more

Programming Leftovers

Linux Kernel: Chrome OS, Direct Rendering Manger (DRM) and Char/Misc

  • Various Chrome OS Hardware Support Improvements Make It Into Linux 5.3 Mainline

    Various Chrome OS hardware platform support improvements have made it into the Linux 5.3 kernel for those after running other Linux distributions on Chromebooks and the like as well as reducing Google's maintenance burden with traditionally carrying so much material out-of-tree.

  • The Massive DRM Pull Request With AMDGPU Navi Support Sent In For Linux 5.3

    At 479,818 lines of new code and just 36,145 lines of code removed while touching nearly two thousand files, the Direct Rendering Manger (DRM) driver updates for Linux 5.3 are huge. But a big portion of that line count is the addition of AMD Radeon RX 5000 "Navi" support and a good portion of that in turn being auto-generated header files. Navi support is ready for the mainline Linux kernel!

  • Char/Misc Has A Bit Of Changes All Over For Linux 5.3

    The char/misc changes with each succeeding kernel release seem to have less changes to the character device subsystem itself and more just a random collection of changes not fitting in other subsystems / pull requests. With Linux 5.3 comes another smothering of different changes.

today's howtos