Language Selection

English French German Italian Portuguese Spanish

Security: Patches, Roboto Drama and Android/Google

Filed under
Security
  • Security updates for Friday

    Security updates have been issued by Fedora (dpdk, mingw-djvulibre, mingw-hunspell, mingw-ilmbase, mingw-OpenEXR, php-symfony, php-symfony3, and rsyslog), openSUSE (chromium and squid), SUSE (aspell, cups, djvulibre, and dpdk), and Ubuntu (djvulibre).

  • Roboto Botnet network building, DDoS not a priority
  • Google quintuples top reward for hacking Android to $1 million

    Google, which has already paid security researchers over $15 million since launching its bug bounty program in 2010, today expanded its Android Security Rewards program. Most notably, the company is introducing a top prize of $1 million. The previous top prize was $200,000. That’s technically a quintupling, although the maximum reward could be even higher. Google is launching a 50% bonus for exploits found on specific developer preview versions of Android, meaning the top reward could net you $1.5 million.

  • Bad Binder: Android In-The-Wild Exploit (Project Zero)

    Over on the Project Zero blog, Maddie Stone has a lengthy post about a zero-day exploit that was found and fixed in the Android Binder interprocess communication mechanism. The post details the search for the problem, which was apparently being used in the wild, its fix, and how it can be exploited. This is all part of an effort to "make zero-day hard"; one of the steps the project is taking is to disseminate more information on these bugs.

  • Bad Binder: Android In-The-Wild Exploit

    On October 3, 2019, we disclosed issue 1942 (CVE-2019-2215), which is a use-after-free in Binder in the Android kernel. The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device. If chained with a browser renderer exploit, this bug could fully compromise a device through a malicious website.

    We reported this bug under a 7-day disclosure deadline rather than the normal 90-day disclosure deadline. We made this decision based on credible evidence that an exploit for this vulnerability exists in the wild and that it's highly likely that the exploit was being actively used against users.

    In May 2019, Project Zero published a blog post and spreadsheet for tracking “in-the-wild” 0-day exploits. In July 2019, I joined Project Zero to focus on the use of 0-day exploits in the wild. We expect our approach to this work will change and mature as we gain more experience with studying 0-days, but the mission stays the same: to “make zero-day hard”.

New Linux/Windows Malware Allows Arbitrary Execution of Shell...

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Pekwm: A lightweight Linux desktop

Let's say you want a lightweight desktop environment, with just enough to get graphics on the screen, move some windows around, and not much else. You find traditional desktops get in your way, with their notifications and taskbars and system trays. You want to live your life primarily from a terminal, but you also want the luxury of launching graphical applications. If that sounds like you, then Pekwm may be what you've been looking for all along. Pekwm is, presumably, inspired by the likes of Window Maker and Fluxbox. It provides an application menu, window decoration, and not a whole lot more. It's ideal for minimalists—users who want to conserve resources and users who prefer to work from a terminal. Read more

What motivates people to contribute to open source?

Knowing what motivates people is a smart way to recruit contributors to an open source project—and to keep them contributing once they've joined. For his book How Open Source Ate Software, Red Hat's Gordon Haff did a lot of research on the topic of motivation, and he shared some of it in his Lightning Talk at All Things Open 2019, "Why do we contribute to open source?" Watch Gordon's Lightning Talk to learn about the three main types of motivation—extrinsic, intrinsic, and internalized extrinsic—what they are, and how they relate to open source communities. Read more

6 Best Free Linux Speed Reading Tools

The idea of speed reading was invented by an American schoolteacher named Evelyn Wood. There’s a few different approaches when it comes to speed reading. Spritz technology is based on the notion that much of the time spent in reading text is taken by the eye’s focus moving between words and across the page. According to Spritz, spritzing is defined as reading content one word at a time with the optimal recognition point (ORP) positioned inside of their custom “redicle”. After your eyes find the ORP, your brain starts to process the meaning of the word that you’re viewing. The concept of speed reading in this context is simple: slice a text into individual short segments, like a word. The software featured in this group test is based on spritzing. Read text without moving your eyes, and therefore rapidly increase your reading speed. Unlike other reading techniques, you don’t need to rewire your brain to work more efficiently. Read more

5 cool terminal pagers in Fedora

Large files like logs or source code can run into the thousands of lines. That makes navigating them difficult, particularly from the terminal. Additionally, most terminal emulators have a scrollback buffer of only a few hundred lines. That can make it impossible to browse large files in the terminal using utilities which print to standard output like cat, head and tail. In the early days of computing, programmers solved these problems by developing utilities for displaying text in the form of virtual “pages” — utilities imaginatively described as pagers. Pagers offer a number of features which make text file navigation much simpler, including scrolling, search functions, and the ability to feature as part of a pipeline of commands. In contrast to most text editors, some terminal pagers do not require loading the entire file for viewing, which makes them faster, especially for very large files. Read more