Language Selection

English French German Italian Portuguese Spanish

Security, FUD, Openwashing and Threats

Filed under
Server
Security
  • Security updates for Tuesday

    Security updates have been issued by Debian (curl and otrs2), Fedora (NetworkManager-ssh and python-psutil), Mageia (ipmitool, libgd, libxml2_2, nextcloud, radare2, and upx), openSUSE (inn and sudo), Oracle (kernel, ksh, python-pillow, and thunderbird), Red Hat (curl, kernel, nodejs:10, nodejs:12, procps-ng, rh-nodejs10-nodejs, ruby, and systemd), SUSE (dpdk, firefox, java-1_7_1-ibm, java-1_8_0-ibm, libexif, libvpx, nodejs10, nodejs8, openssl1, pdsh, slurm_18_08, python-azure-agent, python3, and webkit2gtk3), and Ubuntu (libapache2-mod-auth-mellon, libpam-radius-auth, and rsync).

  • New Critical RCE Bug in OpenBSD SMTP Server Threatens Linux Distros [Ed: Typical FUD associating "Linux" with a package that GNU/Linux distros do not come with]

    Security researchers have discovered a new critical vulnerability in the OpenSMTPD email server. An attacker could exploit it remotely to run shell commands as root on the underlying operating system.

  • New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers [Ed: Again attributing to operating systems bugs in pertinent packages they may not even have]

    OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems.
    OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers.
    It was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems.

  • Y2K bug has a 2020 echo

    The New Scientist reports on problems with software caused by an echo of the Y2K bug that had every excited in the late 1990s.

    It turns out one of the fixes then was to kick various software cans down the road to 2020. In theory that gave people 20 years to find long term answers to the problems. In some cases they might have expected software refreshes to have solved the issue.

    [...]

    This happens because Unix time started on January 1 1970. Time since then is stored as a 32-bit integer. On January 19 2038, that integer will overflow.

    Most modern applications and operating systems have been patched to fix this although there are some compatibility problems. The real issue comes with embedded hardware, think of things like medical devices, which will need replacing some time in the next 18 years.

  • The “Cloud Snooper” malware that sneaks into your Linux servers [Ed: They don't want to mention that people actually need to install this malware on GNU/Linux for dangers to become viable. Typical Sophos FUD/sales.]
  • Cybersecurity alliance launches first open source messaging framework for security tools [Ed: Openwash of proprietary software firms]

    Launched by the Open Cybersecurity Alliance (OCA), a consortium of cybersecurity vendors including IBM, Crowdstrike, and McAfee, on Monday, the OCA said that OpenDXL Ontology is the "first open source language for connecting cybersecurity tools through a common messaging framework."

  • Microsoft uses its expertise in malware to help with fileless attack detection on Linux [Ed: Truly laughable stuff as Microsoft specialises in adding back doors, then abusing those who speak about it]
  • Azure Sphere, Microsoft's Linux-Powered IoT Security Service, Launches [Ed: Microsoft is Googlebombing "Linux" again; you search for Linux news, you get Microsoft Azure (surveillance) and proprietary malware, instead.]

'Security'

Microsoft news disguised as "Linux"

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Android Leftovers

What is open source project governance?

In many discussions of open source projects and community governance, people tend to focus on activities or resources like "speaking for the project" or "ownership of the web domain." While documenting these things is useful, they aren't truly governance matters. Alternately, others focus exclusively on technical matters like election rules, codes of conduct, and release procedures. While these might be the tools of governance, they're not governance itself. So what exactly is open source project governance? In short, governance is the rules or customs by which projects decide who gets to do what or is supposed to do what, how they're supposed to do it, and when. This definition of governance can prompt important questions for open source communities seeking to evolve their governance models. Let's explore how. Read more

Software: ledger2beancount, TenFourFox, KDE Itinerary, GCompris

  • Martin Michlmayr: ledger2beancount 2.2 released

    I released version 2.2 of ledger2beancount, a ledger to beancount converter.

  • TenFourFox FPR23 available

    TenFourFox Feature Parity Release 23 final is now available for testing (downloads, hashes, release notes). This blog post was composed in the new Blogger interface, which works fine but is slower, so I'm going back to the old one. Anyway, there's no difference from the beta except for outstanding security fixes and as usual, if all goes well, it will go live Monday evening Pacific time.

  • April/May in KDE Itinerary

    It has been a busy two month since the last report again, KDE’s source code hosting is now using Gitlab, we got the 20.04 release out, notifications were significantly improved, and we are now leveraging OpenStreetMap in more places, with even more exciting things still to come. The global travel restrictions have been hampering field testing, but they have most certainly not slowed down the development of KDE Itinerary!

  • GSoC’20 Wrapping up Community Bonding Period

    As the coding period of GSoC is going to begin in the next 2 days. In this blog, I am going to write all about what I did during the community bonding period. During this period I have interacted with my mentors and finalized the multiple datasets of a few activities. Recently, the GCompris project has been moved to GitLab so I set up my account over there and also asked my mentors how can I push my branches to the server and everything else. I have also gone through the code of the memory activities and planned about the resources I will be using. I have also set up my environment as to how to test the GCompris on the android platform. I plan to start my work with the enumeration memory game activity so I have created a branch for it and pushed it to the server.

Security Leftovers