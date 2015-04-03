Security Leftovers
A Very Bad Time For Android Apps? Or Just Cleaning Up The Mess?
Yes, I know this is a magazine dedicated to Linux, and more specifically PCLinuxOS. As such, the state of the Google Play Store isn't of much direct concern for PCLinuxOS users when it comes to running or using their PCLinuxOS installation.
BUT ... Android does use the Linux kernel as the core component of its OS. I suspect that a lot of PCLinuxOS users use Android because of this, over the closed-source and limited ecosystem that is iOS. I suspect that PCLinuxOS users use phones and tablets running Android to fulfill their mobile computing needs. Supporting a mobile platform that uses the Linux kernel as its core component would be a natural extension of one's support for Linux.
We'll also discount, for the time being, the enormous amount of hatred for Google, especially among users of Linux and other open source software. Google is the force that drives Android, so there are bound to be a lot of people who shun Android because of its inextricable relationship with Google. It's hard to blame anyone going to such lengths to disassociate themselves with all things Google. The search engine behemoth has brought it upon themselves through their missteps, past, present and ongoing.
-
Android users, if you could pause your COVID-19 panic buying for one minute to install these critical security fixes, that would be great
The March update includes 17 patches for flaws described as critical remote code execution holes, though only one is actually documented due to the other 16 residing in closed-source Qualcomm components.
The documented flaw, CVE-2020-0032, lies within the open-source Android media framework that can be exploited by opening a booby-trapped file that Google is disturbingly vague about. Patching the bug will also require an update to a codec used by Google Play.
-
AMD just recently had a 'Take A Way' security issue for their CPUs disclosed
Thought Intel was the only one? Well you would be living under a rock with all the past issues but Intel seemed to be constantly hit harder, and they had another recently. This time, it's AMD's turn in the security spotlight.
Researchers from 'Graz University of Technology', 'Univ Rennes, CNRS, IRISA' and another unaffiliated with either have released a paper with a security issue named 'Take A Way' which affects AMD CPUs going back to 2011 affecting a huge amount of them.
-
Security News This Week: An Unfixable Flaw Threatens 5 Years of Intel Chips
As the novel coronavirus continues to propagate, phishing scams that pose as Covid-19 advice do as well. The trend started over a month ago, but it's only going to get worse. Abide by these tips to avoid them, and also please keep washing those hands.
In non-pandemic news, researchers figured out how to clone the mechanical keys of tens of millions of cars from Toyota, Hyundai, and Kia, making theft a much simpler matter. Some recently released Russian disinformation shows how the Kremlin's professional trolls are adapting to Facebook's defenses. And a very bad bill called the EARN IT act represents the most serious threat to strong end-to-end encryption in years.
-
Chris Eng: Patch Management Challenges Drive ‘Security Debt’ [Ed: Veracode pretends that only FOSS inside people's code contains bugs; this is their 'trade']
Companies are lagging when it comes to keeping up with software security patches – causing them to fall into “security debt,” Chris Eng, chief research officer with Veracode said.
Today, challenges around patch management are being worsened by applications using third-party code and open source libraries, which often introduce another entire set of vulnerabilities, said Eng, speaking at the RSA Conference 2020 in San Francisco last week.
“What will happen is companies will get further and further behind on those on those open source version patches,” he said. “And the further you get behind, the harder it is to catch up.”
-
