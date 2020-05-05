Security: Patches, IPFire 2.25 and More
-
Security updates for Tuesday
Security updates have been issued by Debian (apache2 and libx11), Fedora (batik, ecj, eclipse, eclipse-cdt, eclipse-ecf, eclipse-emf, eclipse-gef, eclipse-m2e-core, eclipse-mpc, eclipse-mylyn, eclipse-remote, eclipse-webtools, firefox, httpd, jetty, lucene, selinux-policy, and univocity-parsers), Mageia (hylafax+), openSUSE (ark and chromium), Red Hat (virt:8.2 and virt-devel:8.2), SUSE (freeradius-server, freerdp, php7, php72, php74, and xorg-x11-server), and Ubuntu (freerdp2, keystone, net-snmp, python-django, and python-rsa).
-
IPFire 2.25 - Core Update 149 is available for testing
IPFire is based on glibc 2.32, the standard library for all C programs, and GCC 10.2, the GNU Compiler Collection. Both bring various bug fixes and improvements.
The most notable change is that we have decided to remove a mitigation Spectre 2 which caused that user space programs in IPFire were running about 50% slower due to using a microcode feature which is called "retpoline". Those "return trampolines" disable the branch prediction engine in out-of-order processors which was considered to help with mitigating leaking any information from any unaccessible kernel space.
This is however not as effective as thought and massively decreases performance in the user land which mainly affects features like our Intrusion Prevention System, Web Proxy and URL filter. We still use this mechanism to avoid leaking any kernel memory into the user space.
On top of that, we have updated various tools used for building IPFire as well as core libraries.
We have also enabled a new GCC feature called "stack clash protection" on x86_64 and aarch64 which adds additional checks to mitigate exploits and we have enabled "CF protection" which hardens all software against attackers gaining control over a program flow and circumventing security checks like password or signature validation.
-
[Old] On Biometric Authentication
With a regular password-based method which doesn’t require things like scanning fingers or smiling at a camera, attackers don’t have a lot of opportunities to interfere in the login process. Either the system validating the authentication must be compromised, or the shared secret must be guessed. Biometric authentication doesn’t work like that. Because, by definition, it’s tied to your body, the attacker can easily make a copy of the secret. They just have to make a copy of the biometric data. And one leave plenty of them around. For example, think about the number of fingerprints we make every day, the number of pictures of people online, the number of times our voices may be recorded, and more generally, the number of biometric traces we leave. In 2014, hackers replicated fingerprints from high resolution photos and showed how to fool fingerprint readers. One has to keep in mind that biometric data are not bullet-proof and have a wide the attack surface. Avoiding biometric data leaks and protecting against replay attacks is complicated.
-
- Login or register to post comments
- Printer-friendly version
- 925 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Design a book cover with an open source alternative to InDesign
I recently finished writing a book about C programming, which I self-published through Lulu.com. I've used Lulu for several book projects, and it's a great platform. Earlier this year, Lulu made changes that give authors greater control over creating their book covers. Previously, you just uploaded a pair of large-format images for the front and back book covers. Now, Lulu allows authors to upload a custom PDF exactly sized to your book's dimensions. You can create the cover using Scribus, the open source page layout program. Here's how I do it.
My dramatic journey to becoming an open source engineer
It's been five years and a heck of a journey from being a non-programmer to becoming an associate software engineer at Red Hat. It's a story worth telling—not because I have achieved a lot, but because of so much drama and so many pitfalls. So grab a cup of coffee, and I will share the unturned pages of my love story with technology. People say love is as powerful as hate. And love stories that start with hate are often the most passionate ones. My love story with technology was just like that. I got into the world of programming in my freshman year of college. It was my most painful subject. Even though I have always been passionate about futuristic technologies, I didn't know how to move forward towards my passion.
LFS Stable Version 10.0 Release
The Linux From Scratch community announces the release of LFS Version 10.0. This version of the book has undergone a major reorganization. It uses enhanced cross-compilation techniques and an environment isolated from the host system to build tools for the final system. This reduces both the chance for changing the the host system and the potential of the host system influencing the LFS build process. Major package updates include toolchain versions glibc-2.32, gccc-10.2.0, and binutils-2.35. In total, 37 packages were updated since the last release. The Linux kernel has also been updated to version 5.8.3. You can read the book online, or download to read locally. In coordination with this release, a new version of LFS using the systemd package is also being released. This package implements the newer systemd style of system initialization and control and is consistent with LFS in most packages. Also: Linux From Scratch 10.0 Released For Rolling Your Own Linux Installation From Source
Debian: BBB vs Jitsi, Extended Long Term Support (ELTS) and More
Recent comments
1 hour 28 min ago
1 hour 46 min ago
2 hours 30 min ago
9 hours 45 min ago
9 hours 47 min ago
10 hours 2 min ago
10 hours 7 min ago
10 hours 20 min ago
10 hours 45 min ago
10 hours 47 min ago