Security Leftovers: Tor, Patches, Reproducible Builds and More
Security updates for Friday
Security updates have been issued by Debian (squid3), Fedora (lilypond and python3), openSUSE (xen), SUSE (libreoffice, libvirt, webkit2gtk3, xen, and xerces-c), and Ubuntu (apache2).
Reproducible Builds (diffoscope): diffoscope 156 released
The diffoscope maintainers are pleased to announce the release of diffoscope version 156. This version includes the following changes:
[ Chris Lamb ] * Update PPU tests for compatibility with Free Pascal versions 3.2.0 or greater. (Closes: #968124) * Emit a debug-level logging message when our ppudump(1) version does not match file header. * Add and use an assert_diff helper that loads and compares a fixture output to avoid a bunch of test boilerplate. [ Frazer Clews ] * Apply some pylint suggestions to the codebase.
Jack Daniel’s Manufacturer Was Target of Apparent Ransomware Attack
In this instance, a message sent anonymously to Bloomberg claimed to have [cr]acked Brown-Forman and compromised its internal network. The alleged [attackers] said they copied 1 terabyte of confidential data and promised to share it online. The website named by the attackers goes to a page that lists victims of Sodinokibi ransomware, which emerged in 2019 and has spread across the globe, according to McAfee LLC. Also known as REvil, the ransomware code is maintained by one group of people and distributed by affiliates, a model known as ransomware as a service, McAfee said.
Finns Among the Most Concerned in Europe About Cybersecurity [iophk: Windows TCO]
More than half of Finns reported to being a victim of cybercrime in recent years, while Finland also had among the highest number of survey respondents that claimed to have been a victim of online banking fraud in the past five years. In addition, 49% of Finns say they are increasingly concerned about the ability of companies to keep their user data safe and secure, although this figure was higher in countries such as Spain, Malta, and Ireland.
Let's take a closer look at why Finns might be so concerned, and what companies with a presence in Finland can be doing to assuage those concerns.
Tor security advisory: exit relays running sslstrip in May and June 2020
What happened
In May 2020 we found a group of Tor exit relays that were messing with exit traffic. Specifically, they left almost all exit traffic alone, and they intercepted connections to a small number of cryptocurrency exchange websites. If a user visited the HTTP version (i.e. the unencrypted, unauthenticated version) of one of these sites, they would prevent the site from redirecting the user to the HTTPS version (i.e. the encrypted, authenticated version) of the site. If the user didn't notice that they hadn't ended up on the HTTPS version of the site (no lock icon in the browser) and proceeded to send or receive sensitive information, this information could be intercepted by the attacker.
Programming: picolibc, Elixir, Perl, Java, and Python
Android Leftovers
Best Kali Linux Alternatives
A system based on security is a great approach for hackers, as it can immediately detect any defects and weaknesses in a computer or network. Linux is the most commonly used operating system among hackers. Various Linux hacking distributions consist of several tools used to improve the security of the network. Kali Linux is one of the best distributions, and alternative Linux distributions come with different advanced features. This article will discuss some of the best Kali Linux alternatives used by hackers.
Cantor 20.08
Our developers are adding some usability improvements to Cantor and some initial results from GSoC projects are now available with the 20.08 release. For example, now you can collapse, uncollapse, and remove all results from the worksheet; exclude entries from the worksheet commands processing; add actions for selected texts; zoom widgets; get tooltips for almost all settings options; use the new horizontal rule entry; and more.
