Language Selection

English French German Italian Portuguese Spanish

Security: Patches, Josh Bressers, FUD and NIST 800-53 Revision 4 Mappings for Wind River Linux

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by Debian (libtasn1-6, libtirpc, mcabber, picocom, pngquant, trafficserver, and zziplib), Fedora (curl and xen), openSUSE (bluez, ceph, chromium, curl, grafana, grafana-piechart-panel,, graphviz, mariadb, and mercurial), Oracle (nghttp2), Red Hat (microcode_ctl), SUSE (mutt, python3-requests, and tomcat), and Ubuntu (glib-networking and mailman).

  • Josh Bressers: Episode 203 – Humans, conferences, and security: let me think and get back to you in a bit

    Josh and Kurt talk about human behavior. The conversation makes its way to conferences and the perpetual question of if a conference is useful or not. We come to the agreement the big shows aren’t what they used to be, but things like BSides are great experiences.

  • New Chinese malware targeting Windows, Linux machines [Ed: So.... do not install it?]
  • Chinese malware ''Golang'' targeting Windows, Linux machines

    Cyber-security researchers have identified a new variant of cryptominer malware from China-based hackers that is targeting both Windows and Linux machines.

    Called Golang, the new malware variant is aiming at mining Monero, an open-source cryptocurrency created in 2014, according to US-based cyber security firm Barracuda Networks.

  • This Chinese malware is affecting Windows, Linux devices: Here's how
  • New Republican bill latest in long line to force encryption backdoors

    In what seems like Groundhog Day when it comes to encrypted communications, a group of Republican senators last week introduced the Lawful Access to Encrypted Data Act, which aims to end the use of so-called “warrant-proof” encrypted technology by terrorists and criminals. Senate Judiciary Committee Chairman Lindsey Graham (R-SC), Tom Cotton (R-AR) and Marsha Blackburn (R-TN) introduced this latest measure to find a way for law enforcement to gain access to devices and data that are protected by unbreakable encryption methods.

    [...]

    The efforts by lawmakers and federal law enforcement agencies to force Silicon Valley and the tech industry to build backdoors into encrypted devices and communications go back to 1993 when the Clinton Administration’s proposed to create a “Clipper Chip” so the NSA could intercept encrypted voice communications. Since then, a number of proposals to bypass or otherwise negate encryption have been introduced and failed.

    The best known of these anti-encryption efforts is the legal fight waged by former FBI Director James Comey with Apple to force the Cupertino giant into helping the Bureau break into the iPhone of a mass shooter in San Bernardino. Most recently, a bipartisan bill, the EARN-IT Act, which is also backed by Senator Graham, has been widely condemned as a sneak attack on end-to-end encryption.

    The Lawful Access to Encrypted Data Act comes after Attorney General William Barr coined a new euphemistic phrase for encryption backdoors, “lawful access,” and began promoting the idea of court-authorized access to the content of encrypted communications. It’s no surprise, then, that Barr is an enthusiastic backer of the bill.

  • Ramping up security options with new NIST 800-53 Mappings

    “More than ever, organizations must balance a rapidly evolving cyber threat landscape against the need to fulfill business requirements.” To that extent, Wind River has NIST 800-53 Revision 4 mappings for VxWorks, Wind River Linux, and Wind River + Star Lab Titanium showing 100% coverage of the applicable controls

    These mappings are in a database format, so that they can be directly consumable by our customers’ requirements management tool for their efforts in showing compliance to the allocation of the controls to their system. Our mappings are expanding on our on-going Security Technical Implementation Guide (STIG) work for both VxWorks and Wind River Linux. This ensures maximum value to our customers and minimizes disruption to the configuration of their platforms.

More in Tux Machines

today's howtos

Android Leftovers

Today in Techrights

Mobian Project is Bringing Debian GNU/Linux to Mobile Phones

Mobian is an open-source project which is bringing the Debian GNU/Linux distributions to mobile devices such as tabs and phones. Read more