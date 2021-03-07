Security: MOSS, Updates, FUD, MOSS, Linux Kernel Live Patching Software and Debian LTS
-
Mozilla Joins New Partners to Fund Open Source Digital Infrastructure Research
Today, Mozilla is pleased to announce that we’re joining the Ford Foundation, the Sloan Foundation, and the Open Society Foundations to launch a request for proposals (RFP) for research on open source digital infrastructure. To kick off this RFP, we’re joining with our philanthropic partners to host a webinar today at 9:30 AM Pacific. The Mozilla Open Source Support Program (MOSS) is contributing $25,000 to this effort.
Nearly everything in our modern society, from hospitals and banks to universities and social media platforms, runs on “digital infrastructure” – a foundation of open source code that is designed to solve common challenges. The benefits of digital infrastructure are numerous: it can reduce the cost of setting up new businesses, support data-driven discovery across research disciplines, enable complex technologies such as smartphones to talk to each other, and allow everyone to have access to important innovations like encryption that would otherwise be too expensive.
[...]
We’re pleased to invite interested researchers to apply to the RFP, using the application found here. The application opened on July 20, 2020, and will close on September 4, 2020. Finalists will be notified in October, at which point full proposals will be requested. Final proposals will be selected in November.
-
Security updates for Thursday
Security updates have been issued by Debian (poppler and tomcat8), Fedora (cacti, cacti-spine, java-1.8.0-openjdk, mbedtls, mingw-python3, singularity, and xen), openSUSE (firefox, redis, and singularity), Red Hat (samba), SUSE (java-11-openjdk, qemu, and vino), and Ubuntu (ffmpeg and pillow).
-
North Korean hackers attack Windows, Linux, Mac operating systems; India among victims [Ed: Oh, look. FUD campaign from antivirus companies says "organisations should install a dedicated [proprietary] cyber security product on all Windows, Linux and MacOS endpoints (devices)" (i.e. buy our flawed stuff)]
The first of the MATA attacks were April 2018. Since then, the actor behind this advanced malware framework has taken an aggressive approach to infiltrate corporate entities around the world, cyber security solutions firm Kaspersky has said.
-
Ongoing Meow attack has nuked >1,000 databases without telling anyone why
Besides amounting to a serious privacy breach, the database was at odds with the Hong Kong-based UFO’s promise to keep no logs. The VPN provider responded by moving the database to a different location but once again failed to secure it properly. Shortly after, the Meow attack wiped it out.
Representatives of UFO didn’t immediately respond to an email seeking comment.
Since then, Meow and a similar attack have destroyed more than 1,000 other databases. At the time this post went live, the Shodan computer search site showed that 987 ElasticSearch and 70 MongoDB instances had been nuked by Meow. A separate, less-malicious attack tagged an additional 616 ElasticSearch, MongoDB, and Cassandra files with the string “university_cybersec_experiment.” The attackers in this case seem to be demonstrating to the database maintainers that the files are vulnerable to being viewed or deleted.
-
How to Choose Linux Kernel Live Patching Software
In 1991, two unrelated events occurred, each the promise of two very different kinds of freedom: the death of the Cold War and the birth of Linux.
Kernel live patching arrived in 2008 during Linux’s teenage years. Today, with the Linux kernel approaching 30 years old, live patching has matured, ready to ditch its reputation as an optional extra—a “nice to have.”
There are two reasons for this. The first is the predominance of Linux as the platform of choice for cost-effective, versatile web hosting—more than half of all known websites now run on Linux. The second is the recognition that live patching is not just a convenience; it’s also an effective, low-impact way to augment Linux system security.
-
Raphaël Hertzog: Freexian’s report about Debian Long Term Support, June 2020
Like each month, here comes a report about the work of paid contributors to Debian LTS.
-
