Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security updates for Tuesday

    Security updates have been issued by Debian (intel-microcode and libbsd), openSUSE (chromium, LibreOffice, and spectre-meltdown-checker), and SUSE (mozilla-nspr, mozilla-nss and python-azure-agent).

  • How AI and Cybersecurity Will Intersect in 2020

    So much of the discussion about cybersecurity's relationship with artificial intelligence and machine learning (AI/ML) revolves around how AI and ML can improve security product functionality. However, that is actually only one dimension of a much broader collision between cybersecurity and AI.

  • Best of TechBeacon 2019: Security is in the hot seat with privacy laws

    New laws such as the California Consumer Privacy Act (CCPA) and the European Union's General Data Privacy Regulation (GDPR) have put substantial pressure on organizations to bolster their security practices this year. Adding to the urgency were the near-constant reports of data breaches, an ever-evolving threat landscape, and a growing volume of attacks.

More in Tux Machines

VirtualBox 6.1.28 Released with Initial Support for Linux 5.14 and 5.15 Kernels

VirtualBox 6.1.28 is here about three months after VirtualBox 6.1.26 to introduce initial guest and host support for the Linux 5.14 and 5.15 kernel series. This means that you can now use VirtualBox on GNU/Linux systems powered by Linux kernels 5.14 or 5.15, as well as to run distributions powered by Linux 5.14 or 5.15 kernels inside virtual machines. In addition, this release introduces initial support for the upcoming Red Hat Enterprise Linux 8.5 operating system, improves the detection of kernel modules in Linux hosts to prevent unnecessary rebuilds, fixes a display corruption on Linux Mint systems, and adds bindings support for Python 3.9. Read more

More Mozilla Spying and Management Shuffle

  • William Lachance: Learning about Psychological Safety at the Recurse Center

    Some context: I’m currently working as a software engineer at Mozilla, building out our data pipeline and analysis tooling. I’ve been at my current position for more than 10 years (my “anniversary” actually passed while I was out). I started out as a senior engineer in 2011, and was promoted to staff engineer in 2016. In tech-land, this is a really long tenure at a company. I felt like it was time to take a break from my day-to-day, explore some new ideas and concepts, and hopefully expose myself to a broader group of people in my field. My original thinking was that I would mostly be spending this time building out an interactive computation environment I’ve been working on called Irydium. And I did quite a bit of that. However, I think the main thing I took away from this experience was some insight on what makes a remote environment for knowledge work really “click”. In particular, what makes somewhere feel psychologically safe, and how this feeling allows us to innovate and do our best work. While the Recurse Center obviously has different goals than an organization that builds and delivers consumer software, I do think there are some things that it does that could be applied to Mozilla (and, likely, many other tech workplaces).

  • [Older] Firefox Now Sends Your Address Bar Keystrokes to Mozilla

    Firefox now sends more data than you might think to Mozilla. To power Firefox Suggest, Firefox sends the keystrokes you type into your address bar, your location information, and more to Mozilla’s servers. Here’s exactly what Firefox is sharing and how to control it.

  • Support.Mozilla.Org: What’s up with SUMO – October 2021

    As we enter October, I hope you’re all pumped up to welcome the last quarter of the year and, basically, wrapping up projects that we have for the remainder of the year. With that spirit, let’s start by welcoming the following folks into our community. [...] Thanks for Jefferson Scher for straightening the Firefox Suggest confusion on Reddit. That definitely help people to understand the feature better.

  • Welcome Imo Udom, Mozilla’s new Senior Vice President, Innovation Ecosystems

    I am delighted to share that Imo Udom has joined Mozilla as Senior Vice President, Innovation Ecosystems. Imo brings a unique combination of strategy, technical and product expertise and an entrepreneurial spirit to Mozilla and our work to design, develop and deliver new products and services.

Security Leftovers

  • Security updates for Tuesday

    Security updates have been issued by Debian (redmine and strongswan), Fedora (containerd, fail2ban, grafana, moby-engine, and thunderbird), openSUSE (curl, firefox, glibc, kernel, libqt5-qtsvg, rpm, ssh-audit, systemd, and webkit2gtk3), Red Hat (389-ds:1.4, curl, kernel, kernel-rt, redis:5, and systemd), SUSE (util-linux), and Ubuntu (ardour, linux-azure, linux-azure-5.11, and strongswan).

  • Best Open Source Security Tools | eSecurityPlanet

    Over the past quarter of a century, the open source movement has gone from strength to strength. But that success and the openness inherent in the community have led to a major challenge – security. The more software that is developed, the greater the likelihood there is for vulnerabilities. To make matters worse, the open source world prides itself on openness and transparency. Therefore, any security vulnerabilities are disclosed publicly. In this age of organized gangs of cybercriminals, that is like placing an ad asking for an attack. This has given rise to a large number of open source security tools. They take care of all aspects of the management of security in open source components, examine dependencies, fix bugs in code, and lower risk.

  • Credit card PINs can be guessed even when covering the ATM pad

    Researchers have proven it’s possible to train a special-purpose deep-learning algorithm that can guess 4-digit card PINs 41% of the time, even if the victim is covering the pad with their hands. The attack requires the setting up of a replica of the target ATM because training the algorithm for the specific dimensions and key spacing of the different PIN pads is crucially important.

  • Using Machine Learning to Guess PINs from Video - Schneier on Security

    This works even if the person is covering the pad with their hands.

  • Google Developing "SiliFuzz" For Fuzzing CPUs To Uncover Electrical Defects - Phoronix

    With OSS-Fuzz for continuous fuzzing of open-source projects and along with working on the various sanitizers for compilers, Google has been doing a lot for proactively uncovering software defects in key open-source projects. Now though a group of their engineers have been working on SiliFuzz for software aiming to discover new CPU defects.

This Raspberry Pi add-on lets you control Lego robots

Raspberry Pi is releasing an add-on that will let you use many of its tiny, inexpensive computers to control certain Lego robot motors and sensors. The add-on is called the Build HAT (HAT stands for Hardware Attached on Top), and slotting it onto a Raspberry Pi’s GPIO pins will give you four ports that you can use to control Lego Education’s SPIKE components, which the HAT and its software are specially designed for. It’ll also connect to most other parts that use an LPF2 connector, including the components from the Lego Mindstorms robot inventor kit. There’s also a Python library (basically a set of commands you can use to control the robot) available to go alongside the HAT, which will let you write software to control the robot parts you’ve got hooked up. Programing Lego’s SPIKE components with Python isn’t a unique selling feature from Raspberry Pi — the SPIKE kit comes with a hub that supports connecting six devices (compared to the Build HAT’s four) that can also store and run Python programs. Read more