Language Selection

English French German Italian Portuguese Spanish

Security: Patches, John the Ripper and Debian LTS/ELTS

Filed under
Security
  • Security updates for Wednesday

    Security updates have been issued by Arch Linux (bind, chromium, freerdp, imagemagick, sqlite, and tomcat8), Debian (coturn, imagemagick, jackson-databind, libmatio, mutt, nss, and wordpress), Fedora (libEMF, lynis, and php-PHPMailer), Red Hat (httpd24-nghttp2), and SUSE (ntp, openconnect, squid, and transfig).

  • Microsoft releases emergency security update to fix two bugs in Windows codecs
  • John the Ripper explained: An essential password cracker for your hacker toolkit

    The tool comes in both GNU-licensed and proprietary (Pro) versions. An enhanced “jumbo” community release has also been made available on the open-source GitHub repo. The Pro version, designed for use by professional pen testers, has additional features such as bigger, multilingual wordlists, performance optimizations and 64-bit architecture support.

    Some of the key features of the tool include offering multiple modes to speed up password cracking, automatically detecting the hashing algorithm used by the encrypted passwords, and the ease of running and configuring the tool making it a password cracking tool of choice for novices and professionals alike.

  • Debian LTS and ELTS - June 2020

    Here is my transparent report for my work on the Debian Long Term Support (LTS) and Debian Extended Long Term Support (ELTS), which extend the security support for past Debian releases, as a paid contributor.

    In June, the monthly sponsored hours were split evenly among contributors depending on their max availability - I was assigned 30h for LTS (out of 30 max; all done) and 5.25h for ELTS (out of 20 max; all done).

    While LTS is part of the Debian project, fellow contributors sometimes surprise me: suggestion to vote for sponsors-funded projects with concorcet was only met with overhead concerns, and there were requests for executive / business owner decisions (we're currently heading towards consultative vote); I heard concerns about discussing non-technical issues publicly (IRC team meetings are public though); the private mail infrastructure was moved from self-hosting straight to Google; when some got an issue with Debian Social for our first video conference, there were immediate suggestions to move to Zoom...
    Well, we do need some people to make those LTS firmware updates in non-free

More in Tux Machines

How Librem 5 Solves NSA’s Warning About Cellphone Location Data

The NSA has published new warnings for military and intelligence personnel about the threats from location data that is captured constantly on modern cellphones (originally reported by the Wall Street Journal). While privacy advocates (including us at Purism) have long warned about these risks, having the NSA publish an official document on the subject helps demonstrate that cellphone tracking is a real privacy and security problem for everyone. We have been thinking about the danger of location data on cellphones for a long time at Purism and have designed the Librem 5 from scratch specifically to address this risk. The NSA document describes and confirms a number of the threats I wrote about almost a year and a half ago when I introduced our “lockdown mode” feature on the Librem 5–a feature that disables all sensors on the Librem 5. In this post I’ll describe the threats the NSA presents in their document and how we address them with the Librem 5. Read more Also: Librem 5 Web Apps

Latest Linux Magazine (With Paywall)

Android Leftovers

Leftovers: LibreOffice, GNU Projects

  • [Haiku] July 2020 Activity Report

    Welcome to the July, 2020 Activity Report for the Haiku project!

    This report covers hrev54370 through hrev54484.

  • Neo Colibre for Maximum Productivity

    Having fun everyone. I wish you are all doing good in this tough time. It was Adolfo who complaint about Colibre's failure to accomplish WCAG contrast guideline. He said the colors are too faint and everything looks washed out. Furthermore, MS Office 365 has since moved those colors to a brand new monoline style iconography. See this bug report for details So I took the chance to update this Windows default icon theme. Luckily, the icon theme comes with SVG version, I can easily use bash script to automate a neccessary color conversion, and take the rest manually. In one month, I finally managed to finish this "Neo" Colibre. Hopefully this will benefit the largest LibreOffice user platform (approximately more than ~80%).

  • Simulated Animation Effects Week#9

    Last week I’ve started by working on support for Custom Shapes. At first I didn’t how could I get the related geometry information about Custom Shapes. Upon asking on IRC, mst (Micheal Stahl) directed me to SdrObject class. Inspecting this class, found out a child of it that handles Custom Shapes called SdrObjCustomShape had a function SdrObjCustomShape::GetLineGeometry was returning exactly what I’ve wanted in the first place a B2DPolyPolygon! So I went ahead and created an implementation that if the shape type is CustomShape, it got corresponding SdrObject using it’s XShape and casted the SdrObject* to an SdrObjCustomShape* and got the B2DPolyPolygon from that. Then it triangulated this polygon using basegfx::triangulator::triangulate, and added resulting collection of triangles to a box2d body.

  • Best Photoshop alternatives 2020

    GIMP boasts a huge number of features and functions that rival Photoshop. There’s also a huge community of developers and artists who have created a wide array of plugins, making this a highly adaptable program. If you desire a specific feature, there’s probably an add-on for it. 

  •        
  • AMD HSA Offloading Support Dropped From The GCC Compiler

    There didn't appear to be much usage ever out of the AMD HSA (Heterogeneous System Architecture) support within the GCC compiler and hadn't been maintained in a while so now has been wiped out of the GNU Compiler Collection.

  • Mike Blumenkrantz: Another Minor Annoyance

    Once more going way out of order since it’s fresh in my mind, today will be a brief look at gl_InstanceID and a problem I found there while hooking up ARB_base_instance. gl_InstanceID is an input for vertex shaders which provides the current instance being processed by the shader. It has a range of [0, instanceCount], and this breaks the heck out of Vulkan.