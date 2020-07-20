Security: Updates, Funding, Routers and Bluetooth Low Energy (BLE)
-
Security updates have been issued by Debian (libopenmpt, nginx, nss, qemu, rails, redis, ruby-sanitize, and tomcat9), Fedora (glibc, libldb, nspr, nss, samba, and webkit2gtk3), openSUSE (cairo, firefox, google-compute-engine, LibVNCServer, mumble, ntp, openconnect, openexr, openldap2, pdns-recursor, python-ipaddress, rubygem-puma, samba, singularity, slirp4netns, thunderbird, xen, and xrdp), and Oracle (.NET Core, .NET Core 3.1, java-1.8.0-openjdk, java-11-openjdk, kernel, and thunderbird).
-
Is your home router leaving your network vulnerable to attack? New research suggests that this worrisome scenario is more likely than you may have thought.
A Fraunhofer Institute for Communication (FKIE) report reveals that the firmware used in a large number of popular home routers is susceptible to malware and other serious exploits. We explored the importance of prioritizing network security in a recent LinuxSecurity.com feature article: Top Tips for Securing Your Linux System in 2020, and thought it was important to dive deeper into the topic given these critical new findings.
After examining 127 home routers from seven leading brands (Netgear, Linksys, D-Link, ASUS, AVM, TP-Link and Zyxel), FKIE security researchers discovered that, on average, these routers contained 53 critical security vulnerabilities - and none of the routers were fully protected. The study revealed that an alarming number of routers have not received a single firmware update in their lifetime, and are susceptible to hundreds of notorious security issues as a result. To make matters worse, certain vendors have been shipping firmware updates without fixing known security bugs. Fifty of the routers examined in the study used hard-coded credentials, where a known username and password was encoded into the router by default, and many published at least five private keys per firmware image. FKIE concluded: “The update policy of router vendors is far behind the standards as we know it from desktop or server operating systems. However, routers are exposed to the Internet 24 hours a day, leading to an even higher risk of malware infection.” The organization emphasizes the need for industry-wide improvements in router security.
-
A group of researchers at Purdue University’s Center for Education and Research in Information Assurance and Security (CERIAS) recently discovered a vulnerability that affects the many IoT devices running Bluetooth.
Bluetooth Low Energy (BLE) is the most widely utilized low-energy communication protocol for mobile and IoT devices. Sales of Bluetooth Low Energy (BLE) devices are forecasted to triple by 2023 to 1.6 billion annual shipments, according to market advisory firm ABI.
[...]
After discovering the design weaknesses in the BLE specification, the researchers analyzed mainstream BLE stack implementations, including BLE protocol stacks on Linux, Android, iOS and Windows to see if “real-world devices” were vulnerable to the security flaws. Three of the devices tested were determined to be vulnerable because they failed to ensure the connecting IoT device authenticated its data and accepted unauthenticated data.
“This vulnerability has a broad impact on mainstream platforms that support BLE communications, including Linux, Android and iOS,” said Wu. “According to a recent study, more than 1 billion BLE devices do not use application-layer security, which could have provided a second line of defense. At least 8,000 Android BLE apps with 2.38 billion installations read data from BLE devices in plaintext. Similar numbers may apply to iOS apps.”
today's howtos
Python Programming
-
In this article, we'll be diving into the Basic Data Types in Python. These form some of the fundamental ways you can represent data.
[...]
It's important to point out that Python usually doesn't require you to specify what data type you are using and will assign a data type to your variable based on what it thinks you meant.
An equally important thing to point out is that Python is a "loosely/weakly typed" programming language, meaning that a variable can change its type over the course of the program's execution, which isn't the case with "strongly typed" programming languages (such as Java or C++).
So something that was an int can end up being a str easily, if you assign it a string value.
-
A lightweight solution to classes, if I am just combining all sorts of data structures is the built-in collections. Some of them could be
List of Lists
List of Tuples
List of Dictionaries
Dictionary of Dictionaries
Dictionary of Lists
-
The k-means clustering method is an unsupervised machine learning technique used to identify clusters of data objects in a dataset. There are many different types of clustering methods, but k-means is one of the oldest and most approachable. These traits make implementing k-means clustering in Python reasonably straightforward, even for novice programmers and data scientists.
If you’re interested in learning how and when to implement k-means clustering in Python, then this is the right place. You’ll walk through an end-to-end example of k-means clustering using Python, from preprocessing the data to evaluating results.
-
We are very pleased to have Bloomberg as Diamond Sponsor for EuroPython 2020. Without sponsors like Bloomberg, we wouldn’t be able to make the event affordable.
You will be able to visit their sponsor exhibit rooms and take the opportunity to chat with their staff to learn more about the large Python eco-system they have built internally and how they are collaborating with the Python community.
-
On this episode, we will explore more about models and how to interact with data in your database. Listen at djangoriffs.com. Last Episode On the last episode, we discussed the basics of setting up a database and creating a model to store data. Working With Models To create new rows in our new database tables, we can use a model’s save method. When you save a model instance, Django will send a message to the database that effectively says “add this new data to this database table.
The Document Foundation Officially Drops Branding For LibreOffice 7.0 "Personal Edition"
Surprising many in the open-source community in recent weeks was the LibreOffice 7.0 release candidate branded as a "Personal Edition". While still being free/open-source software and no licensing change, the traditional LibreOffice build was going to be marketed as "Personal Edition" to differentiate from other stakeholders that may market their professional/enterprise services around this cross-platform, open-source office suite. Those Personal Edition plans are now officially being reverted from next month's LibreOffice 7.0 release.
Following the negative backlash from the LibreOffice "Personal Edition" branding appearing on the splash screen and other marketing elements, The Document Foundation Board of Directors sought feedback on the matter.
The board met on Friday to discuss what to do regarding LibreOffice 7.0's branding and they have decided to revert the changes made to the release candidates and instead opt for the same branding as found in LibreOffice 6.4. In other words, no "Personal Edition" at least for the LO 7.0.x series.
Recent comments
40 min 4 sec ago
1 hour 21 sec ago
1 hour 4 min ago
2 hours 44 min ago
3 hours 10 min ago
3 hours 59 min ago
11 hours 48 min ago
11 hours 55 min ago
15 hours 59 min ago
16 hours 2 min ago