Language Selection

English French German Italian Portuguese Spanish

Security, FUD, Openwashing and Threats

Filed under
Server
Security
  • Security updates for Tuesday

    Security updates have been issued by Debian (curl and otrs2), Fedora (NetworkManager-ssh and python-psutil), Mageia (ipmitool, libgd, libxml2_2, nextcloud, radare2, and upx), openSUSE (inn and sudo), Oracle (kernel, ksh, python-pillow, and thunderbird), Red Hat (curl, kernel, nodejs:10, nodejs:12, procps-ng, rh-nodejs10-nodejs, ruby, and systemd), SUSE (dpdk, firefox, java-1_7_1-ibm, java-1_8_0-ibm, libexif, libvpx, nodejs10, nodejs8, openssl1, pdsh, slurm_18_08, python-azure-agent, python3, and webkit2gtk3), and Ubuntu (libapache2-mod-auth-mellon, libpam-radius-auth, and rsync).

  • New Critical RCE Bug in OpenBSD SMTP Server Threatens Linux Distros [Ed: Typical FUD associating "Linux" with a package that GNU/Linux distros do not come with]

    Security researchers have discovered a new critical vulnerability in the OpenSMTPD email server. An attacker could exploit it remotely to run shell commands as root on the underlying operating system.

  • New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers [Ed: Again attributing to operating systems bugs in pertinent packages they may not even have]

    OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems.
    OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers.
    It was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems.

  • Y2K bug has a 2020 echo

    The New Scientist reports on problems with software caused by an echo of the Y2K bug that had every excited in the late 1990s.

    It turns out one of the fixes then was to kick various software cans down the road to 2020. In theory that gave people 20 years to find long term answers to the problems. In some cases they might have expected software refreshes to have solved the issue.

    [...]

    This happens because Unix time started on January 1 1970. Time since then is stored as a 32-bit integer. On January 19 2038, that integer will overflow.

    Most modern applications and operating systems have been patched to fix this although there are some compatibility problems. The real issue comes with embedded hardware, think of things like medical devices, which will need replacing some time in the next 18 years.

  • The “Cloud Snooper” malware that sneaks into your Linux servers [Ed: They don't want to mention that people actually need to install this malware on GNU/Linux for dangers to become viable. Typical Sophos FUD/sales.]
  • Cybersecurity alliance launches first open source messaging framework for security tools [Ed: Openwash of proprietary software firms]

    Launched by the Open Cybersecurity Alliance (OCA), a consortium of cybersecurity vendors including IBM, Crowdstrike, and McAfee, on Monday, the OCA said that OpenDXL Ontology is the "first open source language for connecting cybersecurity tools through a common messaging framework."

  • Microsoft uses its expertise in malware to help with fileless attack detection on Linux [Ed: Truly laughable stuff as Microsoft specialises in adding back doors, then abusing those who speak about it]
  • Azure Sphere, Microsoft's Linux-Powered IoT Security Service, Launches [Ed: Microsoft is Googlebombing "Linux" again; you search for Linux news, you get Microsoft Azure (surveillance) and proprietary malware, instead.]

'Security'

Microsoft news disguised as "Linux"

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Audiocasts/Shows/Screencasts: FLOSS Weekly, BSDNow and Linux Mint 20 Backgrounds Slideshow

  • FLOSS Weekly 581: Purism

    Doc Searls and Simon Phipps talk to Kyle Rankin, Chief Security Officer and Vice President at Purism. Purism is security focussed software & hardware company that believes in building products that respect and protect individuals' privacy, security, and freedom.

  • BSDNow 353: ZFS on Ironwolf

    Scheduling in NetBSD, ZFS vs. RAID on Ironwolf disks, OpenBSD on Microsoft Surface Go 2, FreeBSD for Linux sysadmins, FreeBSD on Lenovo T480, and more.

  • Linux Mint 20 Backgrounds Slideshow

    In this video, we are looking at the beautiful backgrounds of the upcoming Linux Mint 20.

Servers: Kubernetes, Benchmarks and OpenStack

  • Longhorn Simplifies Distributed Block Storage in Kubernetes

    Today we’re announcing the general availability of Longhorn, an enterprise-grade, cloud-native container storage solution. Longhorn directly answers the need for an enterprise-grade, vendor-neutral persistent storage solution that supports the easy development of stateful applications within Kubernetes. We’ve been working on Longhorn for almost as long as we’ve been around as a company. We launched the project in 2017, and then in 2019, we contributed it to the Cloud Native Computing Foundation (CNCF) as a sandbox project. So it’s that CNCF open source project that is now generally available.

  • Supporting the Evolving Ingress Specification in Kubernetes 1.18

    Earlier this year, the Kubernetes team released Kubernetes 1.18, which extended Ingress. In this blog post, we’ll walk through what’s new in the new Ingress specification, what it means for your applications, and how to upgrade to an ingress controller that supports this new specification.

  • Benchmarks Of 2nd Gen AMD EPYC On Amazon EC2 Against Intel Xeon, Graviton2

    Today AMD and Amazon announced the general availability of 2nd Gen AMD EPYC "Rome" processors available via the Elastic Compute Cloud. AMD EPYC "Rome" on EC2 with the new "C5a" instance types offer very competitive performance against the latest Intel Xeon instance types, Amazon's own Graviton2 Arm-based instances, and a big upgrade compared to the first-generation EPYC processors in the cloud.

  • OpenStack Ussuri for Ubuntu 20.04 and 18.04 LTS

    The Ubuntu OpenStack team at Canonical is pleased to announce the general availability of OpenStack Ussuri on Ubuntu 20.04 LTS and on Ubuntu 18.04 LTS via the Ubuntu Cloud Archive.

Debian Leftovers and Developers

  • Antoine Beaupré: Replacing Smokeping with Prometheus

    I've been struggling with replacing parts of my old sysadmin monitoring toolkit (previously built with Nagios, Munin and Smokeping) with more modern tools (specifically Prometheus, its "exporters" and Grafana) for a while now. Replacing Munin with Prometheus and Grafana is fairly straightforward: the network architecture ("server pulls metrics from all nodes") is similar and there are lots of exporters. They are a little harder to write than Munin modules, but that makes them more flexible and efficient, which was a huge problem in Munin. I wrote a Migrating from Munin guide that summarizes those differences. Replacing Nagios is much harder, and I still haven't quite figured out if it's worth it. [...] A naive implementation of Smokeping in Prometheus/Grafana would be to use the blackbox exporter and create a dashboard displaying those metrics. I've done this at home, and then I realized that I was missing something.

  • Reproducible Builds in May 2020

    One of the original promises of open source software is that distributed peer review and transparency of process results in enhanced end-user security. Nonetheless, whilst anyone may inspect the source code of free and open source software for malicious flaws, almost all software today is distributed as pre-compiled binaries. This allows nefarious third-parties to compromise systems by injecting malicious code into seemingly secure software during the various compilation and distribution processes.

  • Steve McIntyre: Interesting times, and a new job!

    It's been over ten years since I started in Arm, and nine since I joined Linaro as an assignee. It was wonderful working with some excellent people in both companies, but around the end of last year I started to think that it might be time to look for something new and different. As is the usual way in Cambridge, I ended up mentioning this to friends and things happened! [...] Where do I fit in? Pexip is a relatively small company with a very flat setup in engineering, so that's a difficult question to answer! I'll be starting working in the team developing and maintaining PexOS, the small Linux-based platform on which other things depend. (No prizes for guessing which distro it's based on!) But there's lots of scope to get involved in all kinds of other areas as needs and interests arise. I can't wait to get stuck in! Although I'm no longer going to be working on Debian arm port issues on work time, I'm still planning to help where I can. Let's see how that works...

LibreELEC (Leia) 9.2.3

LibreELEC 9.2.3 (Leia) the final version has arrived based upon Kodi v18.7.1. Read more