Security: OKLOK 'Smart' Stuff, Worms, KDE FUD and Debian LTS

Submitted by Roy Schestowitz on Tuesday 6th of August 2019 02:13:03 PM Filed under
Security
  • Picking the FB50 smart lock (CVE-2019-13143)

    The lock pairs to a phone via Bluetooth, and requires the OKLOK app from the Play/App Store to function. The app requires the user to create an account before further functionality is available. It also facilitates configuring the fingerprint, and unlocking from a range via Bluetooth.

    We had two primary attack surfaces we decided to tackle — Bluetooth (BLE) and the Android app.

  • What is a computer worm? How this self-spreading malware wreaks havoc

    A worm is a form of malware (malicious software) that operates as a self-contained application and can transfer and copy itself from computer to computer.

    It's this ability to operate autonomously, without the need for a host file or to hijack code on the host computer, that distinguishes worms from other forms of malware.

  • Unpatched KDE vulnerability disclosed on Twitter [Ed: CBS hired Catalin Cimpanu to attack GNU/Linux in its tabloid ZDNet like he had done at cesspool site Bleeping Computer. Now he trash-talks KDE, based on a mere "tweet", because of a bug that affects few people while ignoring, as usual, Windows back doors.]
  • Jonas Meurer: debian lts report 2019.07

    This month I was allocated 17 hours. I also had 2 hours left over from Juney, which makes a total of 19 hours. I spent all of them on the following tasks/ issues.

RHEL 7.7 Released: Red Hat Drives Cloud-Native Flexibility, Enhances Operational Security with Latest Version of Red Hat Enterprise Linux 7

Red Hat, Inc., the world's leading provider of open source solutions, today announced the general availability of Red Hat Enterprise Linux 7.7, the final Full Support Phase release of the Red Hat Enterprise Linux 7 platform. As hybrid and multicloud computing helps to transform enterprise IT, Red Hat Enterprise Linux 7.7 delivers enhanced consistency and control across cloud infrastructure for IT operations teams while also providing a suite of modern, supported container creation tools for enterprise application developers. [...] Frequently, modern applications built to run across the hybrid cloud are developed using Linux containers. Building cloud-native apps requires cloud-native development tools, like a container daemon, but these tools can introduce unnecessary risk and complexity into development environments. Red Hat Enterprise Linux 7.7 now includes full support for Red Hat’s distributed container toolkit - buildah, podman and skopeo - on Red Hat Enterprise Linux workstation deployments with the Red Hat Universal Base Image, enabling developer teams to build, run and manage containerized applications across the hybrid cloud with a smaller, more manageable tool footprint. Read more Also: Red Hat Enterprise Linux 7.7 released

GNOME 3.33.90 released

>Hi developers and testers,

GNOME 3.33.90 is now available, slightly ahead of schedule for a change!

This is the first beta release for GNOME 3.34. To ensure the quality of the final release, we have entered feature freeze, UI freeze, and API freeze, so now is a good time for distributors planning to ship GNOME 3.34 to start testing the packages.

If you want to compile GNOME 3.33.90, you can use the official BuildStream project snapshot. Thanks to BuildStream's build sandbox, it should build reliably for you regardless of your host system:

https://download.gnome.org/teams/releng/3.33.90/gnome-3.33.90.tar.xz

The list of updated modules and changes is available here:

https://download.gnome.org/core/3.33/3.33.90/NEWS

The source packages are available here:

https://download.gnome.org/core/3.33/3.33.90/sources/

WARNING!
--------
This release is a snapshot of development code. Although it is buildable and usable, it is primarily intended for testing and hacking purposes. GNOME uses odd minor version numbers to indicate development status.

For more information about 3.33, the full schedule, the official module lists and the proposed module lists, please see our 3.33 wiki page:

https://www.gnome.org/start/unstable

Michael
Read more Also: GNOME 3.34 Beta Released - Now Under UI/Feature/API/ABI Freezes

