Security: GitHub (Microsoft) Lawsuit, LibreOffice FUD From Microsoft Tim, Slackware Patch/Upgrade and Debian LTS
-
GitHub "actively encourages" hacking, suit filed against company after Capital One hack says [Mitchel Lewis: "For what it’s worth, Microsoft has the technology to prevent PHI breaches; at least within the Data Loss Prevention component of Exchange."]
"GitHub had an obligation, under California law, to keep off (or to remove from) its site Social Security numbers and other Personal Information," the suit says.
-
LibreOffice handlers defend suite's security after 'unfortunately partial' patch [Ed: Microsoft propagandist Microsoft Tim still at it, attacking LibrOoffice because of malicious macros one could, in principle, run]
The Document Foundation, custodian of LibreOffice, has defended the suite's security after attempts to patch a code execution flaw turned out to be "partial".
"So far in the story of LibreOffice we have been able to patch all security issues before they reached the end user," a spokesperson told The Reg. "For this last one we have a patch for version 6.2.5 which is unfortunately partial because there are other ways to trigger the vulnerability. This is going to be patched in version 6.3, which is out next week, and in 6.2.6."
-
[Slackware] Chromium 76 packages available
The release earlier this week of Chromium 76 came with a total of 43 security fixes but this new major version of course also sports some real usability changes.
Most notably: Flash is now disabled by default. It’s no longer sufficient to click an “allow Flash on this page” popup but you need to go into the Chromium settings and override the default. And click in on the Flash element to make it start playing. Even then, the changes you make will not survive the restart of the browser. Google is apparently stepping up its efforts in convincing website developers to switch to HTML5 instead. In 2020 Adobe will stop with Flash anyway, so remaining Flash-powered sites will not survive long.
Another big behavioral change is that it is no longer possible for web sites to detect that you are browsing in ‘anonymous mode‘. This will make it a lot harder for sites with a ‘pay-wall‘ to block you from accessing their paid content though trial subscriptions.
And another positive change is that hitting the ‘Esc‘ key to stop a page from loading, is no longer treated as user activation. Meaning that malicious web sites will have more trouble messing with your browser because your ‘Esc‘ keypress is no longer passed to the remote web site.
-
Jonas Meurer: debian lts report 2019.07
This month I was allocated 17 hours. I also had 2 hours left over from Juney, which makes a total of 19 hours. I spent all of them on the following tasks/ issues.
-
