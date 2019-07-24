Security Leftovers Best VPN for Ubuntu in 2019 (Full Review) Linux is a highly customizable and completely open-source operating system that gives you full control over your computer. The Ubuntu distribution takes that customizability and adds a layer of user-friendliness on top. You get all the security benefits of Linux, only you don’t have to be a command line expert to get things done. Even though Ubuntu is more secure than other operating systems, out of the box it doesn’t do much to protect data leaving your device. VPNs bridge that crucial gap by providing encryption for every packet that exits your home network. You’ll get non-local privacy along with a high level of anonymity, all from the comfort of your own Ubuntu system.

Cisco's failure to heed whistleblower's warning about security defects in video surveillance software costs the company $8.6m in fines There's a lesson here about the people who advocate for allowing companies to decide when defects in their products can be revealed: companies are not trustworthy custodians of bad news about their products, even (especially) when the stakes are high and they face titanic liability for failing to mitigate reported defects.

GitLab Is A Very Powerful Tool For Security: Liz Rice Of Aqua Security The ‘Takeaway’ from this interview is that GitLab is a very powerful tool for security. Guest Liz Rice, VP of Open Source Engineering at Aqua Security.

Liz Rice On Technology & Culture Of The Cloud Native World Liz Rice, VP of Open Source Engineering at Aqua Security sat down with Swapnil Bhartiya at KubeCon and CloudNativeCon, Barcelona, to talk about a wide range of topics.

bzip2 and the CVE that wasn’t Compiling with the GCC sanitizers and then fuzzing the resulting binaries might find real bugs. But not all such bugs are security issues. When a CVE is filed there is some pressure to treat such an issue with urgency and push out a fix as soon as possible. But taking your time and making sure an issue can be replicated/exploited without the binary being instrumented by the sanitizer is often better. This was the case for CVE-2019-12900 “BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors“. The bzip2 project had lost the domain which it had used for the last 15 years. And it hadn’t seen an official release since 2010. The bzip2 project homepage, documentation and downloads had already been moved back to sourceware.org. And a new bug tracker, development mailinglist and git repository had been setup. But we were still in the middle of a code cleanup (removing references to the old homepage, updating the manual and adding various cleanups that distros had made to the code) when the CVE was filed.