Security Leftovers
Security updates have been issued by Debian (libpam-radius-auth, pillow, ppp, proftpd-dfsg, and python-pysaml2), Fedora (firefox, glib2, hiredis, http-parser, libuv, mingw-openjpeg2, nghttp2, nodejs, openjpeg2, python-pillow, skopeo, and webkit2gtk3), Mageia (patch, postgresql, and systemd), Red Hat (ksh, nodejs:10, openjpeg2, python-pillow, systemd, and thunderbird), and SUSE (java-1_7_1-ibm, libsolv, libzypp, zypper, pdsh, slurm_18_08, and php53).
Are you a Google Chrome user? High-rated security vulnerabilities have already been discovered in version 80 of Google Chrome. The Cybersecurity and Infrastructure Security Agency is encouraging Google users to update again just weeks after the Chrome 80 release. Here’s what you need to know.
There’s a fresh remote code execution (RCE) vulnerability in OpenSMTPD, and by extension in OpenBSD. Yes, it feels like déjà vu all over again.
The severity of the vulnerability, CVE-2020-8794, means that anyone running a public-facing OpenSMTPD deployments should update as soon as possible.
OpenBSD’s developers describe the issue as a “an out of bounds read in smtpd [that] allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.”
Kali Linux is the world's most popular offensive-security-optimized Linux distro. Maintained and managed by the fine folks at Offensive Security, Kali was born in 2006 as BackTrack Linux, but after a major refactoring in 2013 got the name Kali. What does the name mean? Well, we'll get to that.
The new bill, that will allow the police to use trojans or virus programmes to tap into the chats, is expected to be voted through parliament on Thursday. Home Affairs Minister Mikael Damberg says he is convinced it will lead to more convictions.
A while back I wrote about a bunch of vulnerabilities in McAfee WebAdvisor, a component of McAfee antivirus products which is also available as a stand-alone application. Part of the fix was adding a bunch of pages to the extension which were previously hosted on siteadvisor.com, generally a good move. However, when I looked closely I noticed a Cross-Site Scripting (XSS) vulnerability in one of these pages (CVE-2019-3670).
Now an XSS vulnerability in a browser extension is usually very hard to exploit thanks to security mechanisms like Content Security Policy and sandboxing. These mechanisms were intact for McAfee WebAdvisor and I didn’t manage to circumvent them. Yet I still ended up with a proof of concept that demonstrated how attackers could gain local administrator privileges through this vulnerability, something that came as a huge surprise to me as well.
MakuluLinux LinDoz Edition is now available for Download
MakuluLinux LinDoz Is not designed to be a Clone of Windows, it is merely familiar territory for both Windows and Linux users, the themes aren’t replicas of windows, but mere “similar” designs. It doesn’t matter which environment you come from, when you log into LinDoz you get a familiar sense of belonging. We added just enough to make windows users feel comfortable, yet pushing them to explore the Linux world, Linux users will feel instantly at home, feeling comfortable with the terminal and rest of the tools and software, yet maybe enjoy the windows like themes and icon sets. Lindoz is also extremely beautiful, from the first logon you will simply fall in love with how pleasing it is on the eyes. LinDoz not only offers pretty themes and beautiful wallpapers, it also features a really cool and unique menu options and some other cool hidden goodies, Watch the included Video for more details…
Makulu LinDoz 2020 is a complete redesign of the Original Debian based LinDoz flavor. It is now built on top of the new MakuluLinux Constructor 2020 Base, Codenamed : “2020-U Base”, A Base that we spent a lot of time making and perfecting, possibly one of the fastest, most flexible and most stable bases floating around the net at the moment, not to mention it is near bug free. Unlike the its predecessor which used the Debian repositories, This base gets its core updates from Ubuntu Bionic with additional updates being supplied by Makulu Directly, unlike many other big developers that borrow their base from Debian or Ubuntu, we chose to instead build our own, this way we don’t inherit any known bugs that plague Ubuntu builds and since we built the base we know whats going on inside it, it also allowed us to optimize for speed and stability of our Builds, and it shows, it really shows, anyone who has run any of our builds have noticed how well they run… The Reason I mention the base at all will be relevant in Due time. Just know, this new 2020 Base is really Awesome, and that LinDoz is built on this new Base.
today's howtos
Games: Lazr, Counter-Strike: Global Offensive, Hearts of Iron IV, Spiritfarer, Black Mesa, ΔV: Rings of Saturn, The Turing Test
With a campaign that had quite a dicey ending, Lazr, an action platformer with some really fun use of cloth physics/simulation has now been funded on Kickstarter.
Against the goal of $10,000 they ended with $10,432. Sadly, right before it ended they had a sudden drop in funding from other $12,300 which means two stretch-goals didn't make it and the campaign as a whole almost didn't make it.
Valve are pushing out more customization options to Counter-Strike: Global Offensive, with the ability to add Patches sewn into Agent's outfits.
Customization is big of course, it's part of the reason other games (Fortnite) are so popular. Looks like Valve want to get a bigger piece of the pie too. With the new Battle Pass system introduced with the Shattered Web Operation, it brought with it new Agents so you don't have to just have the standard look.
You could be excused for thinking that the latest expansion for Hearts of Iron IV is all about the plucky resistance fighters and partisans that fought various occupying forces and oppressive governments during the Second World War. While they certainly feature in new mechanics, there they’re not the main attraction of this sizeable expansion. Instead, La Résistance’s major features can be split into two broad camps: the introduction of espionage and skullduggery and unique focus trees and content for Iberian nations and France.
The new espionage system adds a new layer of strategy to the game. Its fundamentals are simple: spend resources to establish an agency, recruit agents and then send them off in missions to further your aims. It’s a system that’s rather intuitive and offers a degree of flexibility in how you choose to grow your spy agency. In the various games that I played I found that it didn’t require much micromanagement and that I was able to approach warfare in slightly different ways each time around thanks to the help of my agents.
The types of missions available are plentiful and, honestly, slightly overwhelming when it comes to actually deciding what I wanted to go for. This is in part because of the very long time it takes to infiltrate other countries, crack their codes or plan some of the more useful operations like winning over potential quislings so that future occupations are smoother. For typical aggressor nations, like Germany, it’s simply not worth the bother to send your two or so agents to France in the early years to destabilize them. By the time that you’re able to do anything useful in these infiltrated countries, you’re likely already on the verge of overwhelming them militarily anyways. The spy game plays best for long-term calculations, against foes who you have the luxury of time to undermine thoroughly.
Spiritfarer has me so extremely curious, coming from Thunder Lotus Games (Sundered, Jotun) it's a 'cozy management game about dying' and a short gameplay teaser is out.
This is one I actually missed, when it and others had a short demo up for The Game Awards recently (I was too busy enjoying CARRION) so this is the first proper footage I've seen of it. In Spiritfarer, you play as Stella, a ferrymaster to the deceased. It's your job to care for their spirits before they get released into the afterlife. A highly unusual setting for such a sim although it has the usual mechanics like mining, farming and so on but the setting definitely hits a new spot.
After a very long 14 year development cycle (yes really) and almost 5 years in Early Acces, the Half-Life remake Black Mesa is finally going properly release on March 5.
In an announcement on Steam, they mentioned how hard it has been and how they nearly quit multiple times but they're just about at the finishing line now. They even mentioned how their first game industry job came as a result of their free work on Black Mesa, which did eventually turn into their actual job and they feel Black Mesa is "the best, most polished, and most fun version of the game yet" and that the "anticipation and excitement around our project is beyond flattering.".
ΔV: Rings of Saturn, a top-down hard sci-fi space simulation game backed up by real physics and science has a rather explosive new trailer out.
Currently in Early Access, and something our contributor Scaine talks about highly, ΔV: Rings of Saturn from Kodera Software definitely seems like something a bit special. It's been through some huge updates in the last few months too from a major Godot Engine upgrade with improved performance to a bunch of new visual effects.
In a world without Portal and The Talos Principle, The Turing Test would have been a great game. Fortunately there is Portal and The Talos Principle, which leaves The Turing Test as an interesting clone with a lot of (sometimes) challenging levels, but no real innovation.
