Language Selection

English French German Italian Portuguese Spanish

Security: BIND, 5G, Boing Boing, Microsoft/NSA and Secure Hash Algorithm 1 (SHA-1)

Filed under
Security
  • All About BIND DNS: Who, How, & Why

    BIND (Berkeley Internet Name Domain) is a software collection of tools including the world’s most widely used DNS (Domain Name System) server software. This feature-full implementation of DNS service and tools aims to be 100% standards-compliant and is; intended to serve as a reference architecture for DNS software.

    Originally written in the 1980s at the University of California’s Berkeley campus, BIND is a free and open-source software package. The most recent major version, BIND 9, was initially released in 2000 and is regularly maintained by the Internet Systems Consortium.

    For small or uncomplicated networks, BIND by itself is well suited to provide all DNS-related service functions. With BIND, you can run caching DNS servers, authoritative servers, or even both together.

  • 5G Security

    The 5G security problems are threefold. First, the standards are simply too complex to implement securely. This is true for all software, but the 5G protocols offer particular difficulties. Because of how it is designed, the system blurs the wireless portion of the network connecting phones with base stations and the core portion that routes data around the world. Additionally, much of the network is virtualized, meaning that it will rely on software running on dynamically configurable hardware. This design dramatically increases the points vulnerable to attack, as does the expected massive increase in both things connected to the network and the data flying about it.

    Second, there's so much backward compatibility built into the 5G network that older vulnerabilities remain. 5G is an evolution of the decade-old 4G network, and most networks will mix generations. Without the ability to do a clean break from 4G to 5G, it will simply be impossible to improve security in some areas. Attackers may be able to force 5G systems to use more vulnerable 4G protocols, for example, and 5G networks will inherit many existing problems.

    Third, the 5G standards committees missed many opportunities to improve security. Many of the new security features in 5G are optional, and network operators can choose not to implement them. The same happened with 4G; operators even ignored security features defined as mandatory in the standard because implementing them was expensive. But even worse, for 5G, development, performance, cost, and time to market were all prioritized over security, which was treated as an afterthought.

  • Boing Boing was [cracked]

    Around 11:30 EST on January 10th, An unknown party logged into Boing Boing's CMS using the credentials of a member of the Boing Boing team.

    They proceeded to install a widget into our theme that allowed them to redirect users to a malware page hosted at a third party.

  • NSA tips off Microsoft to security flaw

    The National Security Agency (NSA) found and notified Microsoft of what it called a serious vulnerability in the company's Windows 10 operating system that could potentially expose computer users to significant breaches, surveillance or disruption, officials announced Tuesday.

  • Exploit Fully Breaks SHA-1, Lowers the Attack Bar

    A proof-of-concept attack has been pioneered that “fully and practically” breaks the Secure Hash Algorithm 1 (SHA-1) code-signing encryption, used by legacy computers to sign the certificates that authenticate software downloads and prevent man-in-the-middle tampering.

    The exploit was developed by Gaëtan Leurent and Thomas Peyrin, academic researchers at Inria France and Nanyang Technological University/Temasek Laboratories in Singapore. They noted that because the attack is much less complex and cheaper than previous PoCs, it places such attacks within the reach of ordinary attackers with ordinary resources.

More in Tux Machines

GNU Parallel 20200222 ('BrexitDay') released [stable]

GNU Parallel 20200222 ('BrexitDay') [stable] has been released. It is available for download at: http://ftpmirror.gnu.org/parallel/ No new functionality was introduced so this is a good candidate for a stable release. GNU Parallel is 10 years old next year on 2020-04-22. You are here by invited to a reception on Friday 2020-04-17. Read more

GNU/Linux in Crostini Form

  • Using 'LXPanel' as a UI for Crostini

    If you are used to a menu-driven user interface in Linux or find the Chrome OS application launcher not quite to your liking for accessing Crostini Linux applications then one option you could try is LXPanel. The panel generates a menu for installed applications automatically from '*.desktop' files and can itself be incorporated in its own '.desktop' file which if pinned to the Chrome OS shelf can also be used as a means to start the 'penguin' container after booting. Unfortunately it is not quite perfect as the panel is displayed in the middle of the screen and doesn't respond well to changing its position under geometry in its panel settings. However you can toggle its visibility by clicking the panel's icon on the shelf. Also closing the panel (by right clicking the icon) only closes the 'LXPanel' application in Chrome OS so to terminate it fully you need to use 'killall lxpanel' in a terminal session.

  • Linux apps on Chromebooks may be reason enough for external GPU support

    We’ve been tracking a device known only as ‘Mushu’ for about a month at this point, and it brings with it a very specific and interesting addition to the Chrome OS ecosystem: a discrete GPU (or dGPU for short). When we first reported on this device being in development, I suggested that I don’t see a ton of use cases for a Chromebook with a dGPU for most users. Without a proper video editor or tons of ways to play locally-stored games, its hard to make a case for dGPUs when existing Chromebooks are already so fast at what they do.

NVIDIA's Ray Tracing Approach in Vulkan

  • NVIDIA talk up bringing DirectX Ray Tracing to Vulkan

    With Ray Tracing becoming ever more popular, NVIDIA have written up a technical post on bringing DirectX Ray Tracing to Vulkan to encourage more developers to do it. The blog post, titled "Bringing HLSL Ray Tracing to Vulkan" mentions that porting content requires both the API calls (so DirectX to Vulkan) and the Shaders (HLSL to SPIR-V). Something that's not so difficult now, with the SPIR-V backend to Microsoft's open source DirectXCompiler (DXC). Since last year, NVIDIA added ray tracing support to DXC's SPIR-V back-end too using their SPV_NV_ray_tracing extension and there's already titles shipping with it like Quake II RTX and Wolfenstein: Youngblood. While this is all NVIDIA-only for now, The Khronos Group is having discussions to get a cross-vendor version of the Vulkan ray tracing extension implemented and NVIDIA expect the work already done can be used with it which does sound good.

  • NVIDIA Demonstrates Porting Of DirectX Ray-Tracing To Vulkan

    NVIDIA has written a new technical blog post on bringing HLSL ray-tracing to Vulkan with the same capabilities of DirextX Ray-Tracing. This effort is made feasible by Microsoft's existing open-source DirectXCompiler (DXC) with SPIR-V back-end for consumption by Vulkan drivers. Last year NVIDIA contributed to the open-source DXC support for SPV_NV_ray_tracing. This in turn with the open-source tooling allows converting DXR HLSL shaders into SPIR-V modules for Vulkan.

Vulkan Survey and AMDVLK, AMD Targets GNU/Linux

  • LunarG's Vulkan developer survey results out now - Vulkan also turns 4

    LunarG, the software company that Valve sponsors who work on building out the ecosystem for the Vulkan API recently conducted a Vulkan developer survey with the results out now. Before going over the results, just a reminder that Vulkan just recently turned four years old! The 1.0 specification went public on February 16, 2016. Since then, we've seen some pretty amazing things thanks to it. We've had Linux ports that perform really nicely, the mighty DXVK translation layer advanced dramatically, to the vkBasalt post-processing layer and so on—there's been a lot going on. However, as a graphics API do remember it's pretty young and has a long life ahead of it. As for the LunarG survey: there were 349 replies to it, and while not a huge amount it gives us an interesting insight into what some developers think and feel about how Vulkan is doing as a whole. Overall, it gives quite a positive picture on the health of Vulkan with over 60% feeling the overall quality of the Vulkan ecosystem as "Good" and almost 20% rating it as "Excellent".

  • AMDVLK 2020.Q1.2 Released With Vulkan 1.2 Support

    AMDVLK 2020.Q1.2 is out as the first official AMD open-source Vulkan Linux driver code drop in one month. AMDVLK has been off its wagon this quarter with their previous weekly/bi-weekly code drops of AMDVLK but that just means the v2020.Q1.2 is quite a big one. First up, AMDVLK 2020.Q1.2 now is supporting Vulkan 1.2 that debuted back in January and with Mesa's RADV Radeon Vulkan driver already having supported it for weeks.

  • Radeon Pro Software for Enterprise 20.Q1.1 for Linux Released

    AMD's Radeon Pro Software for Enterprise 20.Q1.1 Linux driver release was made available this week as their newest quarterly driver installment intended for use with Radeon Pro graphics hardware.