Language Selection

English French German Italian Portuguese Spanish

Security: WireGuard, SafeBreach and More

Filed under
Security
  • WireGuard Snapshot `0.0.20191012` Available
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    Hello,
    
    A new snapshot, `0.0.20191012`, has been tagged in the git repository.
    
    Please note that this snapshot is a snapshot rather than a final
    release that is considered secure and bug-free. WireGuard is generally
    thought to be fairly stable, and most likely will not crash your
    computer (though it may).  However, as this is a snapshot, it comes
    with no guarantees; it is not applicable for CVEs.
    
    With all that said, if you'd like to test this snapshot out, there are a
    few relevant changes.
    
    == Changes ==
    
      * qemu: bump default version
      * netns: add test for failing 5.3 FIB changes
      
      Kernels 5.3.0 - 5.3.3 crash (and are probably exploitable) via this one liner:
      
      unshare -rUn sh -c 'ip link add dummy1 type dummy && ip link set dummy1 up && ip -6 route add default dev dummy1 && ip -6 rule add table main suppress_prefixlength 0 && ping -f 1234::1'
      
      We fixed this upstream here:
      
      https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=ca7a03c4175366a92cee0ccc4fec0038c3266e26
      
      This is relevant to WireGuard because a very similar sequence of commands is
      used by wg-quick(8).
      
      So, we've now added some tests to catch this code path in the future. While
      the bug here was a random old use-after-free, the test checks the general
      policy routing setup used by wg-quick(8), so that we make sure this continues
      to work with future kernels.
      
      * noise: recompare stamps after taking write lock
      
      We now recompare counters while holding a write lock.
      
      * netlink: allow preventing creation of new peers when updating
      
      This is a small enhancement for wg-dynamic, so that we can update peers
      without readding them if they've already been removed.
      
      * wg-quick: android: use Binder for setting DNS on Android 10
      
      wg-quick(8) for Android now supports Android 10 (Q). We'll be releasing a new
      version of the app for this later today.
    
    This snapshot contains commits from: Jason A. Donenfeld and Nicolas Douma.
    
    As always, the source is available at https://git.zx2c4.com/WireGuard/ and
    information about the project is available at https://www.wireguard.com/ .
    
    This snapshot is available in compressed tarball form here:
      https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20191012.tar.xz
      SHA2-256: 93573193c9c1c22fde31eb1729ad428ca39da77a603a3d81561a9816ccecfa8e
      BLAKE2b-256: d7979c453201b9fb6b1ad12092515b27ea6899397637a34f46e74b52b36ddf56
    
    A PGP signature of that file decompressed is available here:
      https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20191012.tar.asc
      Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE
    
    If you're a snapshot package maintainer, please bump your package version. If
    you're a user, the WireGuard team welcomes any and all feedback on this latest
    snapshot.
    
    Finally, WireGuard development thrives on donations. By popular demand, we
    have a webpage for this: https://www.wireguard.com/donations/
    
    Thank you,
    Jason Donenfeld
    
  • WireGuard 0.0.20191012 Released With Latest Fixes

    WireGuard is still working on transitioning to the Linux kernel's existing crypto API as a faster approach to finally make it into the mainline kernel, but for those using the out-of-tree WireGuard secure VPN tunnel support, a new development release is available.

  • SafeBreach catches vulnerability in controversial HP Touchpoint Analytics software

    Now the feature is embroiled in another minor controversy after security researchers at SafeBreach said they uncovered a new vulnerability. HP Touchpoint Analytics comes preinstalled on many HP devices that run Windows. Every version below 4.1.4.2827 is affected by what SafeBreach found.

    In a blog post, SafeBreach Labs security researcher Peleg Hadar said that because the service is executed as "NT AUTHORITY\SYSTEM," it is afforded extremely powerful permissions that give it wide access.

    "The CVE-2019-6333 vulnerability gives attackers the ability to load and execute malicious payloads using a signed service. This ability might be abused by an attacker for different purposes such as execution and evasion, for example: Application Whitelisting Bypass Signature Validation Bypassing," Hadar wrote.

    [...]

    The company has long had to defend HP Touchpoint Analytics against critics who say it gives HP unnecessary access to users' systems. When it first became widely noticed in 2017, dozens of users complained that they had not consented to adding the system.

  • Security Tool Sprawl Reaches Tipping Point
  • How trusted digital certificates complement open source security

    Application developers incorporating open source software into their designs may only discover later that elements of this software have left them (and their customers) exposed to cyber-attacks.

  • Securing the Container Supply Chain

More in Tux Machines

HP Linux Imaging & Printing Drivers Are Now Supported on Debian GNU/Linux 10.2

HP Linux Imaging and Printing (HPLIP) software, an open-source and free print, scan and fax driver solution for HP printers and scanners, has been updated today to version 3.19.12 for Linux-based operating systems. HPLIP 3.19.12 is here to add support for several new printers, including HP Color LaserJet Pro M256dn, HP Color LaserJet Pro M255dn, HP Color LaserJet Pro M256nw, HP Color LaserJet Pro M255nw, HP Color LaserJet Pro M256dw, HP Color LaserJet Pro M255dw, HP Color LaserJet Pro M155a, HP Color LaserJet Pro M156a, HP Color LaserJet Pro M155nw, HP Color LaserJet Pro M156nw, HP Color LaserJet Pro MFP M282nw, and HP Color LaserJet Pro MFP M284nw. Additionally, HP Color LaserJet Pro MFP M283fdn, HP Color LaserJet Pro MFP M285fdn, HP Color LaserJet Pro MFP M283fdw, HP Color LaserJet Pro MFP M285fdw, HP Color LaserJet Pro MFP M283cdw, HP Color LaserJet Pro MFP M285cdw, HP Color LaserJet Pro MFP M182n, HP Color LaserJet Pro MFP M184n, HP Color LaserJet Pro MFP M182nw, HP Color LaserJet Pro MFP M184nw, HP Color LaserJet Pro MFP M183fw, and HP Color LaserJet Pro MFP M185fw are also supported by the new version. Read more Also: HPLIP 3.19.12 Released with New Printers Support

AMD Radeon RX 5500 XT Linux Performance

AMD today is shipping the Radeon RX 5500 XT as the new sub-$200 Navi graphics card. This 7nm graphics card offers 22 compute units, 1408 stream processors, up to 5.6 TFLOPS of compute power, 4GB or 8GB GDDR6 video memory options, and built atop their modern RDNA architecture and supporting features in common with the RX 5700 series like PCIe 4.0 support. Here is a look at the initial Linux gaming performance of the AMD Radeon RX 5500 XT with various gaming benchmarks and Steam Play tests as well. The Radeon RX 5500 XT 4GB version is launching at $169 USD while the Radeon RX 5500 XT 8GB version will command $199 USD. These price points put them comparable to the current Radeon RX 580 / 590 retail cards. AMD markets the RX 5500 XT as offering 1.6x the performance-per-Watt of the original Polaris Radeon RX 480 and designed for 1080p gaming to go up against NVIDIA's GeForce GTX 1650 SUPER graphics card. Read more

KDE's December 2019 Apps Update

The release of new versions for KDE applications is part of KDE’s continued effort to bring you a complete and up-to-date catalog of fully-featured, beautiful and useful programs for your system. Available now are new versions of KDE’s file browser Dolphin; Kdenlive, one of the most complete open source video editors; the document viewer Okular; KDE’s image viewer, Gwenview; and all of your other favorite KDE apps and utilities. All of these applications have been improved, making them faster and more stable and they boast exciting new features. The new versions of KDE applications let you be productive and creative, while at the same time making use of KDE software easy and fun. We hope you enjoy all the novel features and improvements worked into all of KDE’s apps! Read more Also: KDE Applications 19.12 Open-Source Software Suite Released, Here's What's New KDE Applications 19.12 Released With Big Improvements To Kdenlive + Other KDE Programs

Games: Feral Interactive, Fantasy Strike, GNU/Linux as Gaming Platform

  • Seems like Feral Interactive may have a few surprises for Linux in 2020

    Porting studio Feral Interactive [Official Site] have already given Linux a lot of games and it sounds like more are coming. While this year they've already released Shadow of the Tomb Raider Definitive Edition, a Vulkan beta for Shadow of Mordor, Total War: THREE KINGDOMS and DiRT 4 plus plus big updates/expansions to Company of Heroes 2 and Total War: WARHAMMER II. Still to come is Life is Strange 2, which Feral previously teased to arrive sometime soon.

  • Fighting game Fantasy Strike adds full cross-platform online play with PC and Consoles

    The very pretty fighting game Fantasy Strike from Sirlin Games just got a great update, enabling cross-platform online play between Linux/macOS/Windows and the Nintendo Switch and Playstation 4 consoles. Apply to all online modes including Casual and Ranked, find a match should be a lot easier now. You can also challenge or spectate others from your in-game friends list, which also works across all platforms too as you can add people from any platform based on tags.

  • Looking towards other operating systems

    Learning a new operating system from scratch is a daunting experience for many people. Fortunately, there are a few Linux distributions that come with a Windows-like desktop environment such as a form of a star bar at the bottom. However, Windows and Linux operating on vastly different philosophies, to the way that they are organized to the way that the files are handled. Linux employs the traditional monolithic kernel and it provides a hierarchical view of the files. Because it is modular, most of the necessary drivers can be loaded and unloaded dynamically. One of the major appeals of Linux is that it is open-source, compared to Microsoft which is a closed and inaccessible environment. Windows is made for simple and out of the box use and directed toward inexperienced users, a reason why the OS has been adopted by so many people. Linux puts more emphasis on the user, who has the possibility of customizing the desktop environment to suit their needs. Windows also offer a few, but fairly limited customization options. The main reason why people avoid switching to Linux is their gaming habits. Linux is known for not playing well with most PC games. Most PC games are being developed with Windows as the main platforms with some companies providing Linux support sometime after the original release. Games that do not have a Linux release require third party compatibility applications to run Windows games. The major application that is used to play Windows games on Linux is Wine. The developers of Wine have specified that the software is not an emulator but more of a compatibility layer for Linux to run Windows programs, not just games. In the world of programming, Wine is considered a masterpiece and one of the greatest feats of open source development that allows most Windows binaries to run on Linux without relying on any of Microsoft’s dependencies. Most of the Wine resources are dedicated to running the complicated frameworks of various DirectX components. [...] Many people prefer to enjoy online gaming, especially casino games. The beauty of these games is that most are available and can be played directly in the browser. The default browser that Linux uses is Mozilla Firefox, which itself, is a powerful browser. Because online casinos are played directly in the browser, there is almost no difference between playing them on Linux and playing them in Windows. There are also casino games that can be downloaded with most of them being made to run only on Windows due to a large number of people using the OS. As mentioned before, to run most Windows software, players have the option to use WINE. However, since because playing the casinos using the browser, most people are better off sticking with that version. Many games from online roulette to poker, and other table games are available online. Almost all online casinos found online have the option to play instantly with no download required, which is why any OS that can run a browser is perfectly capable to run casino games. Linux has been around for a long time, but it was only in the last 10 years that people have started noticing the operating system becoming more friendlier and easy to learn. Besides the many desktop environments, customizability, community and growing compatibility of games, as well as more security, many have started the transition from Windows to Linux.