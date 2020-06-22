Security and Privacy Leftovers
-
Security updates for Monday
Security updates have been issued by Debian (lynis, mutt, neomutt, ngircd, and rails), Mageia (gnutls), Oracle (thunderbird), Red Hat (chromium-browser, gnutls, grafana, thunderbird, and unbound), Scientific Linux (thunderbird and unbound), and SUSE (bind, java-1_8_0-openjdk, kernel, libgxps, and osc).
-
OmniOS Updates Bring Microcode Mitigation For CrossTalk/SRBDS
New OmniOS Community Edition releases for this open-source Solaris/Illumos-based operating system are now available that principally bring updated Intel CPU microcode for mitigating the CrossTalk / SRBDS vulnerability.
The updated OmniOS CE build ships with the latest CPU microcode given the recent security disclosure on Special Register Buffer Data Sampling (SRBDS) plus just a few other minor changes. The main headliner is just mitigating against this latest Intel CPU vulnerability that we extensively covered earlier this month. Most Linux distributions are already shipping the updated CPU microcode as well as the patched version of the Linux kernel that allows disabling of the mitigation if desired as well as for sysfs reporting of the mitigation state. In the case of the OmniOS support, it appears to just be the mitigated microcode without any reporting/configurable extras.
-
Exploiting Bitdefender Antivirus: RCE from any website
My tour through vulnerabilities in antivirus applications continues with Bitdefender. One thing shouldn’t go unmentioned: security-wise Bitdefender Antivirus is one of the best antivirus products I’ve seen so far, at least in the areas that I looked at. The browser extensions minimize attack surface, the crypto is sane and the Safepay web browser is only suggested for online banking where its use really makes sense. Also very unusual: despite jQuery being used occasionally, the developers are aware of Cross-Site Scripting vulnerabilities and I only found one non-exploitable issue. And did I mention that reporting a vulnerability to them was a straightforward process, with immediate feedback and without any terms to be signed up front? So clearly security isn’t an afterthought which is sadly different for way too many competing products.
-
Mozilla’s response to EU Commission Public Consultation on AI
In Q4 2020 the EU will propose what’s likely to be the world’s first general AI regulation. While there is still much to be defined, the EU looks set to establish rules and obligations around what it’s proposing to define as ‘high-risk’ AI applications. In advance of that initiative, we’ve filed comments with the European Commission, providing guidance and recommendations on how it should develop the new law. Our filing brings together insights from our work in Open Innovation and Emerging Technologies, as well as the Mozilla Foundation’s work to advance trustworthy AI in Europe.
We are in alignment with the Commission’s objective outlined in its strategy to develop a human-centric approach to AI in the EU. There is promise and the potential for new and cutting edge technologies that we often collectively refer to as “AI” to provide immense benefits and advancements to our societies, for instance through medicine and food production. At the same time, we have seen some harmful uses of AI amplify discrimination and bias, undermine privacy, and violate trust online. Thus the challenge before the EU institutions is to create the space for AI innovation, while remaining cognisant of, and protecting against, the risks.
-
On Contact Tracing and Hardware Tokens
Early in the COVID-19 pandemic, I was tapped by the European Commission to develop a privacy-protecting contact tracing token, which you can read more about at the Simmel project home page. And very recently, Singapore has announced the deployment of a TraceTogether token. As part of their launch, I was invited to participate in a review of their solution. The urgency of COVID-19 and the essential challenges of building supply chains means we are now in the position of bolting wheels on a plane as it rolls down the runway. As with many issues involving privacy and technology, this is a complicated and nuanced situation that cannot be easily digested into a series of tweets. Thus, over the coming weeks I hope to offer you my insights in the form of short essays, which I will post here.
-
- Login or register to post comments
- Printer-friendly version
- 860 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Python Programming
Microsoft Director Enters Board of Mozilla
GStreamer 1.17.1 unstable development release
The GStreamer team is pleased to announce the first development release in the unstable 1.17 release series. The unstable 1.17 release series adds new features on top of the current stable 1.16 series and is part of the API and ABI-stable 1.x release series of the GStreamer multimedia framework. The unstable 1.17 release series is for testing and development purposes in the lead-up to the stable 1.16 series which is scheduled for release in a few weeks time. Any newly-added API can still change until that point, although it is rare for that to happen. Full release notes will be provided in the near future, highlighting all the new features, bugfixes, performance optimizations and other important changes. The autotools build has been dropped entirely for this release, so it's finally all Meson from here on.
LibreOffice Community and GSoC Students
Recent comments
2 hours 13 min ago
2 hours 34 min ago
4 hours 2 min ago
4 hours 11 min ago
4 hours 30 min ago
4 hours 33 min ago
4 hours 34 min ago
6 hours 34 min ago
1 day 15 hours ago
1 day 16 hours ago