Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • 36C3: Open Source Is Insufficient To Solve Trust Problems In Hardware

    With open source software, we’ve grown accustomed to a certain level of trust that whatever we are running on our computers is what we expect it to actually be. Thanks to hashing and public key signatures in various parts in the development and deployment cycle, it’s hard for a third party to modify source code or executables without us being easily able to spot it, even if it travels through untrustworthy channels.

    Unfortunately, when it comes to open source hardware, the number of steps and parties involved that are out of our control until we have a final product — production, logistics, distribution, even the customer — makes it substantially more difficult to achieve the same peace of mind. To make things worse, to actually validate the hardware on chip level, you’d ultimately have to destroy it.

    On his talk this year at the 36C3, [bunnie] showed a detailed insight of several attack vectors we could face during manufacturing. Skipping the obvious ones like adding or substituting components, he’s focusing on highly ambitious and hard to detect modifications inside an IC’s package with wirebonded or through-silicon via (TSV) implants, down to modifying the netlist or mask of the integrated circuit itself. And these aren’t any theoretical or “what if” scenarios, but actual possible options — of course, some of them come with a certain price tag, but in the end, with the right motivation, money is only a detail.

  • Election security, ransomware dominate cyber concerns for 2020 [iophk: Windows TCO]

    Senate Democrats have repeatedly tried to force Senate Majority Leader Mitch McConnell (R-Ky.) to schedule votes on a raft of various election security bills. The House has passed three major pieces of election security legislation this year that have stalled amid Republican objections in the Senate.

  • There’s Money To Be Made In Taming Open Source Software Code

    “We’re trying to create order out of chaos,” said CEO Wayne Jackson of his company, Sonatype.

    [...]

    “We are building the world’s critical infrastructure on software somebody else wrote, a stranger with unknown skills, motivations and desires, but the desire to innovate is so high, we’re willing to accept the risk of using some random person’s software invention,” Jackson said.

    Sometimes developers understand the practical use of the open source code they’re creating, and sometimes they don’t, according to Jackson. 

  • Medley India Infosolution helps Indian Railways build crew management software system

    The system design is end-to-end UNIX and Linux thereby immunising the systems against malicious threats. The solution has with immense power to control the client locations from central location by way of maintenance tasks, time synchronisation, patch updates and variety of user access requirements thus speeding up the service request handling from a remote location. Service requests can be lodged into the CMS system and are automated through SMS call lodging and reminder mechanisms. At the client side the users are authenticated via a biometric device (thumb impression reader) for logging onto the applications via a kiosk which ensures an audit trail and logging of activities for transparency and accountability.

More in Tux Machines

Red Hat Fluff and News

  • Q&A: How open source made Kubernetes appealing to enterprise app developers

    A: We are at an interesting inflection point right now with computing. We went from physical hardware to virtual machines to containers and to concepts like serverless computing. And we’re asking questions like, “Can it get even smaller?” We’re trying to make the underlying platform more powerful, but less and less visible. So if it’s invisible to developers, do we just stop caring about it? But you could make the same argument with Linux, right? If the application is done well, and Linux is doing its job, you shouldn't care about it. It's just running, it’s fast, it’s scalable. Kubernetes probably follows that path more than anything.

  • How open source communities work and what enterprises can learn
  • Inside Red Hat: Its open source heritage means big opportunity in cloud computing

    The open source proposition has been embedded in Red Hat’s roots since the company’s founding in 1993 and has since remained at the core of its guiding principles, with Linux operating system (OS) at the heart of all its innovations. Vendor loyalty and clearly charted paths were the mantras many companies operated on for years, while “digital transformation” was barely on an enterprise’s short-term road map. Then a decade ago, cloud adoption surged, creating the impetus to embrace more agile and flexible development models, and open source technologies emerged. [...] While the topic of COVID-19 did not overtly dominate the discussions or significantly color the overarching Red Hat messaging, it became clear that the ability to pivot rapidly, embrace change and remain flexible will underscore Red Hat’s efforts to successfully promote transformation amid the pandemic. Red Hat’s reputation has historically been predicated on its open and agile approach to development and deployment, long before such attributes were considered valuable, let alone essential.

  • Red Hat: Holding Its Own and Fueling Open Source Innovation

    When IBM acquired Red Hat for $34 billion in 2019, it was considered the industry’s largest software acquisition. The synergy between the two companies led them to become one of the leading hybrid multi-cloud providers globally. In most acquisitions, the acquired entity sometimes loses momentum and sheds some of its original luster. This does not seem to be the case with Red Hat.

Audio and Video: GNU World Order, Test and Code, More

  • GNU World Order 356

    Learn a little Postscript in this episode about **Ghostscript**.

  • Test and Code: 115: Catching up with Nina Zakharenko

    One of the great things about attending in person coding conferences, such as PyCon, is the hallway track, where you can catch up with people you haven't seen for possibly a year, or maybe even the first time you've met in person. Nina is starting something like the hallway track, online, on twitch, and it's already going, so check out the first episode of Python Tea. Interesting coincidence is that this episode is kind of like a hallway track discussion between Nina and Brian.

  • How to install Google Chrome on Pop!_OS 20.04
  • Are Custom Linux Kernels Faster than Stock?

    Are Custom Linux Kernels Faster than Stock? Benchmarks are done and will be compared using phoronix test suite. We will be analyzing 3 kernels, Liquorix, Mainline, and Xanmod.

Linux Lite 5.0 Final Released

Linux Lite 5.0 Final Codename Emerald is now available for download and installation. This is the most feature rich, complete Linux Lite release to date. This is the release many people have been waiting for. See below for details. Read more Also new: Whonix VirtualBox 15.0.1.3.4 - Point Release!

Open Data and GIS

  • How Open-Source Data Can Drive Automotive Innovation
  • LiDAR-Captured Road Data Now Publicly Available in Open-Source Machine Learning Dataset

    Scale AI says COVID-19 has shown the value of autonomous vehicles for no-contact delivery. They're making real-world road data available to train machine learning models to this end. Last week, Scale AI released PandaSet to the open-source community. According to Scale AI, PandaSet is the world’s first publicly-available machine learning dataset to include images from forward-facing solid-state LiDARs and mechanical spinning LiDARs. These two LiDAR technologies from Hesai will allow ML development teams to reap complex, real-world road data.

  • Podcast: Why should you take a closer look into Open Source GIS?
  • This German town replicated itself in VR to keep its tourism alive

    Nicolai Reith, Head of the Control and Communication department and advisor to the Mayor of Herrenberg, told Cities Today: “You don’t have to make a decision and then see [what happens]; you can see before you make the decision what the effect will be via the digital twin. This makes it easier to make the right decision for our city council, politicians, and citizens.”Herrenberg is already using the digital twin, which incorporates super-computing and technologies typically deployed in advanced aerospace, to visualize city data and citizens’ emotional responses to inform better decision-making. There are now plans to develop the emerging area of virtual tourism for the town, which has a population of around 31,000. “We have a very beautiful city center so tourists can explore it in a digital way with VR glasses before they come to Herrenberg, which is an interesting benefit for the future,” Reith said. [...] The team then added in geographic information system (GIS) data and traffic control systems data to incorporate topography, road geometry , and detailed traffic flows. Using the open-source fluid dynamics code OpenFOAM — which is typically used for modeling fuel injector sprays or airplane aerodynamics —they also created realistic models of the movement of wind and emissions through the city.