Language Selection

English French German Italian Portuguese Spanish

Security: Open Source Security Podcast, Screwed Drivers, and Voting Machines

Filed under
Security
  • Open Source Security Podcast: Episode 157 - Backdoors and snake oil in our cryptography

    Josh and Kurt talk about snakeoil cryptography at Black Hat and the new backdoored cryptography fight. Both of these problems will be with us for a very long time. These are fights worth fighting because it's the right thing to do.

  • Screwed Drivers – Signed, Sealed, Delivered

    Our analysis found that the problem of insecure drivers is widespread, affecting more than 40 drivers from at least 20 different vendors – including every major BIOS vendor, as well as hardware vendors like ASUS, Toshiba, NVIDIA, and Huawei. However, the widespread nature of these vulnerabilities highlights a more fundamental issue – all the vulnerable drivers we discovered have been certified by Microsoft. Since the presence of a vulnerable driver on a device can provide a user (or attacker) with improperly elevated privileges, we have engaged Microsoft to support solutions to better protect against this class of vulnerabilities, such as blacklisting known bad drivers.

  • Most states still aren’t set to audit paper ballots in 2020

    Despite some progress on voting security since 2016, most states in the US aren’t set to require an audit of paper ballots in the November 2020 election, according to a new report out this week from the Brennan Center for Justice.

    The report notes that experts and government officials have spent years recommending states adopt verifiable paper ballots for elections, but a handful still use electronic methods potentially vulnerable to cyberattacks. In 2016, 14 states used paperless machines, although the number today is 11, and the report estimates that no more than eight will use them in the 2020 election.

More in Tux Machines

PulseAudio 13 Released with Dolby TrueHD and DTS-HD Master Audio Support, More

Released three months after the PulseAudio 12 series, PulseAudio 13 is here with support for Dolby TrueHD and DTS-HD Master Audio, support for the SteelSeries Arctis 5 USB headset, improved initial card profile selection for ALSA cards, as well as S/PDIF improvements for CMEDIA USB2.0 High-Speed True HD Audio. The PulseAudio 13 series also adds several new module arguments, including "max_latency_msec" for module-loopback, "stream_name" for module-rtp-send, and "avoid_resampling" for module-udev-detect and module-alsa-card, and no longer uses persistent Bluetooth card profile choices by default, recommending users to use A2DP by default. Read more

GNOME Firmware App Launches Officially to Make Updating Firmware Easier on Linux

Promising to make firmware updates easier to deploy, GNOME Firmware is a graphical application for power users that lets them check for new firmware for their devices, update or downgrade current firmware, as well as to install new firmware. GNOME Firmware is designed as an optional utility for GNOME users, as well as users of other desktop environments. "GNOME Firmware is designed to be a not-installed-by-default power-user tool to investigate, upgrade, downgrade and re install firmware," said Richard Hughes in a blog post. "GNOME Software will continue to be used for updates as before. Vendor helpdesks can ask users to install GNOME Firmware rather than getting them to look at command line output." Read more

Chuwi AeroBook review: Testing 5 Linux distributions

Chuwi is likely not a brand familiar to many, though the Chinese firm has established its abilities in producing budget-focused notebooks and tablets—essentially, attempting to provide a full Windows experience at a price point of an average Chromebook. Chuwi's upmarket Chuwi Aerobook could be the right price for an Ultrabook form factor at a $500 price point. Support for Linux on fundamentally consumer hardware has improved considerably over the last decade, largely preventing the need to perform extensive manual configuration. In 2019, minor compatibility issues—tiny papercut-like problems that are harder to actually solve—can pop up for specific hardware configurations. Depending on the return policies of your preferred marketplace, it might be impossible or cost-prohibitive to return a product like this if it doesn't work with Linux. Read more

New webpage for Plasma Desktop

In my quest to improve the website of KDE, I updated the Plasma Desktop webpage. This is a huge improvement to the old website, which didn’t show any screenshots and didn’t list any Plasma features. I already teased the improvements I made in the Plasma BoF in Milan to the Akademy. The redesign got a lot of positive feedback by the Plasma team and after some small modifications the changes landed. Read more