Language Selection

English French German Italian Portuguese Spanish

Security: Buffer Overflow Attacks, AT&T, British Government, and Various Patches Including KDE's

Filed under
Security
  • How Buffer Overflow Attacks Work

    A computer program may be vulnerable to buffer overflow if it handles incoming data incorrectly. Anybody who can provide suitably crafted user input data can cause such a program to crash. Even worse, a vulnerable program may execute arbitrary code provided by an intruder and do something that the author did not intend it to do. Buffer overflow vulnerabilities are caused by programmer mistakes, which are easy to understand but not so easy to avoid or protect against.

  • AT&T Employees Took Bribes To Plant Malware On Company's Network

    The DOJ this week announced that AT&T employees have been paid more than $1 million in bribes to unlock millions of smartphones, and to install malware and unauthorized hardware on the company's network. According to the full DOJ complaint (pdf), Muhammad Fahd, a 34-year-old man from Pakistan and a (presumed dead) co-conspirator, Ghulam Jiwani, paid off AT&T employees at the company's Mobility Customer Care call center in Bothell, Washington. In return, from April 2012 until September 2017, the two men unlocked iPhones so they could be used on another carrier's network.

  • Andy Simpkins: gov.uk paperwork [Ed: The situation described here by Debian's Andy Simpkins isn't even as bad as it gets; it's not unusual anymore. Far too much British government stuff has been outsourced to surveillance firms in another continent.]

    Well thats the first page anyway. Correctly addressed to the “Current Occupier”. So why am I posting about this?

    Phishing emails land in our inbox all the time (hopfully only a few because our spam filters eat the rest). These are unsolisitord emails trying to trick us into doing somthing, usually they look like somthing official and warn us about somthing that we should take action about, for example an email that looks like it has come from your bank warning about suspicious activity in your account, they then ask you to follow a link to the ‘banks website’ where you can login and confirm if the activity is genuine – obviously taking you through a ‘man in the middle’ website that harvests your account credentials.

    The govoment is justifiably concerned about this (as to are banks and other businesses that are impersonated in this way) and so run media campaigns to educate the public in the dangers of such scams and what to look out for.

  • Security updates for Friday

    Security updates have been issued by Debian (postgresql-11, postgresql-9.4, and postgresql-9.6), Fedora (exiv2), openSUSE (python-Django and vlc), Oracle (kernel), Red Hat (qemu-kvm-rhev), SUSE (evince, nodejs10, python, and squid), and Ubuntu (postgresql-10, postgresql-11, postgresql-9.5).

  • Fixes for recent KDE desktop vulnerability [Ed: Anti-Linux tabloids badmouthed KDE by overhyping it]

    As you may have been made aware on some news articles, blogs, and social media posts, a vulnerability to the KDE Plasma desktop was recently disclosed publicly. This occurred without KDE developers/security team or distributions being informed of the discovered vulnerability, or being given any advance notice of the disclosure.

    [...]

    The fixed packages are now in that PPA, so all is required is to update your system by your normal preferred method.

More Security Issues

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Programming Leftovers

  • This Week in Rust 340
  • Simplify data visualization in Python with Plotly

    Plotly is a plotting ecosystem that allows you to make plots in Python, as well as JavaScript and R. In this series of articles, I'm focusing on plotting with Python libraries.

  • Perl Hacks, Perl School, and the future of Perl publishing

    Dave Cross, long-time Perl user, trainer, and author, recently released The Best of Perl Hacks, a curated collection of his best posts from his Perl Hacks blog. His imprint, Perl School, has published six e-books, including two that I wrote. There’s an unrelated book, Perl Hacks: Tips & Tools For Programming, Debugging, And Surviving, by chromatic, Damian Conway, and Curtis “Ovid” Poe. It’s also very good, but completely separate from Dave’s.

  • Qt for Automation changed to Qt M2M Protocols

    Qt M2M Protocols is now automatically included for free to every new Qt Device Creation subscription. The additional distribution license price has been removed as well. Qt Application Development license holders can buy Qt M2M Protocols separately.

  • Using Visual Studio Code for Qt Applications – Part Two

    In the last blog post we saw an essential, C++ oriented, Visual Studio Code setup. That was enough to get going right away, but we can still definitely do more and better. Here I’ll show you how to get a complete setup for your qmake and CMake projects, all this while also wearing a Qt hat (on top of my C++ hat) and having a deeper look at the Qt side. Build qmake Qt projects Qmake is not integrated with Visual Studio Code the way CMake is, so setting up a qmake project for build is slightly more convoluted than doing the same with CMake. This means we’ll have to define our own build tasks. We’re going to do this in two stages: build steps definition and build steps combination, leveraging the fact that Visual Studio Code implements task dependencies and ordered sequential execution of dependencies.

  • Where Did Software Go Wrong?

    Computers were supposed to be “a bicycle for our minds”, machines that operated faster than the speed of thought. And if the computer was a bicycle for the mind, then the plural form of computer, Internet, was a “new home of Mind.” The Internet was a fantastic assemblage of all the world’s knowledge, and it was a bastion of freedom that would make time, space, and geopolitics irrelevant. Ignorance, authoritarianism, and scarcity would be relics of the meatspace past.

    Things didn’t quite turn out that way. The magic disappeared and our optimism has since faded. Our websites are slow and insecure; our startups are creepy and unprofitable; our president Tweets hate speech; we don’t trust our social media apps, webcams, or voting machines. And in the era of coronavirus quarantining, we’re realizing just how inadequate the Internet turned out to be as a home of Mind. Where did it all go wrong?

  • good idea bad implementation crosstalk

    Unfortunately products like the latter seem quite common. Most things in my house are still rather dumb because regrettably few products are actually the same thing, but smarter. Instead smart devices are inevitably some inscrutable machine intelligence physically manifested in my house. So no thanks. Battle lines drawn, everybody pick a side, good idea or bad implementation, and fight!

Android Leftovers

Ryzen 9 3900X/3950X vs. Core i9 10900K In 380+ Benchmarks

Following our initial Core i5 10600K and Core i9 10900K Linux benchmarks last week, here is a much larger comparison I have been working on since then in looking specifically at the Ryzen 9 3900X and 3950X against the Core i9 10900K. It's the largest to date with nearly 400 benchmarks being tested, most of them real-world test cases. The past number of days I have been running this Core i9 10900K vs. Ryzen 9 3900X vs. Ryzen 9 3950X comparison with 381 benchmarks out of 138 distinct applications/workloads on both systems. With this round of benchmarking the Gigabyte Z490 AORUS MASTER and ASUS ROG CROSSHAIR VIII HERO were at play with 2 x 8GB DDR4-3600 Corsair memory, Samsung 970 EVO NVMe SSD, and Radeon RX 5700 XT graphics. Benchmarking was run off Ubuntu 20.04 LTS while upgrading to the Linux 5.7 Git kernel for the very latest kernel bits. All other Ubuntu 20.04 packages were at their respective defaults. Read more

Compact 8K video encoder runs Linux on Kaby Lake

Advantech has launched a “VEGA-8300E 8K Broadcast Video Encoder” and streaming appliance for 8Kp60, 10-bit 4:2:2 HEVC real-time encoding. The system runs Ubuntu on a 7th Gen Kaby Lake CPU and offers 2x hot-swappable SATA bays. We realize that most of you are not in the market for an 8K video encoder, but we occasionally like to check in on the high-end video world where Linux is steadily making inroads. Normally Advantech’s VEGA-8300E 8K Broadcast Video Encoder would have been showcased at the NAB Show, which has been cancelled due to the pandemic. (Some NAB content is available on the online NAB Show Express.) We heard about the VEGA-8300E from an Advantech announcement on Businesswire that revealed the product has won a 2020 Best of Show Special Edition Award presented by TV Technology. Read more