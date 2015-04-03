Security Leftovers A Very Bad Time For Android Apps? Or Just Cleaning Up The Mess? Yes, I know this is a magazine dedicated to Linux, and more specifically PCLinuxOS. As such, the state of the Google Play Store isn't of much direct concern for PCLinuxOS users when it comes to running or using their PCLinuxOS installation. BUT ... Android does use the Linux kernel as the core component of its OS. I suspect that a lot of PCLinuxOS users use Android because of this, over the closed-source and limited ecosystem that is iOS. I suspect that PCLinuxOS users use phones and tablets running Android to fulfill their mobile computing needs. Supporting a mobile platform that uses the Linux kernel as its core component would be a natural extension of one's support for Linux. We'll also discount, for the time being, the enormous amount of hatred for Google, especially among users of Linux and other open source software. Google is the force that drives Android, so there are bound to be a lot of people who shun Android because of its inextricable relationship with Google. It's hard to blame anyone going to such lengths to disassociate themselves with all things Google. The search engine behemoth has brought it upon themselves through their missteps, past, present and ongoing.

Android users, if you could pause your COVID-19 panic buying for one minute to install these critical security fixes, that would be great The March update includes 17 patches for flaws described as critical remote code execution holes, though only one is actually documented due to the other 16 residing in closed-source Qualcomm components. The documented flaw, CVE-2020-0032, lies within the open-source Android media framework that can be exploited by opening a booby-trapped file that Google is disturbingly vague about. Patching the bug will also require an update to a codec used by Google Play.

AMD just recently had a 'Take A Way' security issue for their CPUs disclosed Thought Intel was the only one? Well you would be living under a rock with all the past issues but Intel seemed to be constantly hit harder, and they had another recently. This time, it's AMD's turn in the security spotlight. Researchers from 'Graz University of Technology', 'Univ Rennes, CNRS, IRISA' and another unaffiliated with either have released a paper with a security issue named 'Take A Way' which affects AMD CPUs going back to 2011 affecting a huge amount of them.

Security News This Week: An Unfixable Flaw Threatens 5 Years of Intel Chips As the novel coronavirus continues to propagate, phishing scams that pose as Covid-19 advice do as well. The trend started over a month ago, but it's only going to get worse. Abide by these tips to avoid them, and also please keep washing those hands. In non-pandemic news, researchers figured out how to clone the mechanical keys of tens of millions of cars from Toyota, Hyundai, and Kia, making theft a much simpler matter. Some recently released Russian disinformation shows how the Kremlin's professional trolls are adapting to Facebook's defenses. And a very bad bill called the EARN IT act represents the most serious threat to strong end-to-end encryption in years.

Chris Eng: Patch Management Challenges Drive ‘Security Debt’ [Ed: Veracode pretends that only FOSS inside people's code contains bugs; this is their 'trade'] Companies are lagging when it comes to keeping up with software security patches – causing them to fall into “security debt,” Chris Eng, chief research officer with Veracode said. Today, challenges around patch management are being worsened by applications using third-party code and open source libraries, which often introduce another entire set of vulnerabilities, said Eng, speaking at the RSA Conference 2020 in San Francisco last week. “What will happen is companies will get further and further behind on those on those open source version patches,” he said. “And the further you get behind, the harder it is to catch up.”

OSS Leftovers The Fintech Files: Are central banks open to open source? Welcome to The Fintech Files, your weekly roundup from FN’s fintech correspondent Ryan Weeks, keeping you up-to-date with the latest developments in financial tech and innovation

Dave Wreski: Founder of Guardian Digital - Open Source Cloud Email Security Dave Wreski recognized the power of Open Source two decades ago. Already an established internet security expert and Network Architect at UPS, Dave was captivated by the power of open-source development. He was soon to discover that this model could be used as a vehicle for solving complex digital security needs. He recognized that the open-source model - where resources could be shared by a worldwide community - was the vehicle that would drive internet security into the 21st century.

Huobi Open-Source DeFi Blockchain Now Live for Public Beta Testing Huobi, a major cryptocurrency exchange, announced the public testnet launch of its open-source decentralized finance (DeFi) blockchain, Huobi Chain, on Feb. 29. Its aim is to provide a regulator-friendly framework for financial services companies to deploy applications in a variety of finance-related sectors.

Neo SPCC open sources its Neo node benchmarking toolkit Neo St Petersburg Competence Center (Neo SPCC) has made its benchmarking tool for Neo blockchain nodes open source, ready for use by developers in the ecosystem. Designed to be agnostic to node implementation, neo-bench can be used to test performance and help uncover bottlenecks.

Google launches FuzzBench service to benchmark fuzzing tools More recently, security fuzzing tools have expanded in number, and today there are hundreds of specialised open-source tools and online services designed to probe specific types of software. But which security fuzzing tools, techniques and algorithms work the best when assessing real programs for bugs? That’s been harder to know without fuzzing the fuzzers. But doing this presents a problem – traditional assessments often use too few benchmarks and don’t run over long enough periods because testers lack the resources to do anything more ambitious.

Getting Ready For Google Summer of Code 2020 Google Summer of Code is now in its 16th Year of providing an opportunity for students to spend their summer break getting hand-on experience of contributing to open source projects with a stipend provided by Google. It can be a win-win situation for both open source organizations and students looking for a programming career. [...] This year's Student Applications Period, during which interested students make proposals for what they want to do, is from March 16 -31 t with the pairing of accepted students and mentors announced at the end of April. Students then have a period of Community Bonding in which they get to know more about their organization's community before Coding commences on May 18 and continues until August 10th. If you a student making your first application to GSoC and want more guidance on how to make a successful application, together with advice given to mentors on how to select proposal, the videos from 2018 on Google Summer Of Code 2018 Student Applications Now Open are worth viewing, After, all it never hurts to know what is ideally required before you embark on writing a winning proposal.