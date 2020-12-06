Security Leftovers
-
Security updates for Wednesday
Security updates have been issued by Debian (golang-golang-x-net-dev, python-certbot, and xorg-server), Fedora (resteasy, scap-security-guide, and vips), openSUSE (chromium, python, and rpmlint), SUSE (kernel), and Ubuntu (aptdaemon, curl, gdk-pixbuf, lxml, and openssl, openssl1.0).
-
Aireplay-ng – Linux Hint
Aireplay-ng is used to generate rogue Wireless traffic. It can be used along with aircrack-ng to crack WEP and WPA keys. The main purpose of aireplay-ng is to inject frames. There are several different types of powerful attacks that can be performed using aireplay-ng, such as the deauthentication attack, which helps in capturing WPA handshake data, or the fake authentication attack, in which packets are injected into the network access point by authenticating to it to create and capture new IVs.
-
Patch Tuesday, Good Riddance 2020 Edition
Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsoft’s most-dire “critical” label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help from users.
[...]
So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.
And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.
As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.
-
How Kali Linux creators plan to handle the future of penetration testing - Help Net Security
Offensive Security might best known as the company behind Kali Linux, the popular (and free) open-source pen testing platform, but its contribution to the information security industry is definitely not limited to it.
“Over 60% of Fortune 100 companies employ Offensive Security-trained professionals – that is definitely something for us to be proud of,” says its CEO, Ning Wang.
The company’s main goal, according to her, is to train millions of professionals to embrace the hacker mindset and the essential ethical hacking skills needed to break into and to succeed within the cybersecurity industry.
“Traditionally, we have focused on those with a fair amount of IT hands-on experience to gain the try harder mindset to become a professional penetration tester. Going forward, we will develop training for more people with more diverse backgrounds,” she told Help Net Security.
-
Center for Internet Security (CIS) compliance in Red Hat Enterprise Linux using OpenSCAP
The CIS (Center for Internet Security) produces various cyber security related services. In particular, it produces benchmarks, which are "configuration guidelines for various technology groups to safeguard systems against today evolving cyber threat" in the words of the CIS.
-
- Login or register to post comments
- Printer-friendly version
- 508 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
QEMU 5.2 Released For Improving The Linux Open-Source Virtualization Stack
QEMU 5.2 was released on Tuesday as the latest feature release for this open-source processor emulator that plays an important role in the open-source Linux virtualization stack. With QEMU 5.2 there are more than 3,200 changes but some of the release highlights include: - A number of RISC-V support improvements including OpenSBI 0.8, support for migrating machines, and a number of other low-level enhancements.
Life after proprietary wares: German support biz flees IBM Db2 databases for something more Postgres-shaped
A German IT services outfit specialising in the insurance market has migrated 500 IBM Db2 databases to the EnterpriseDB (EDB) iteration of Postgres in a sign of life after proprietary wares. BG-Phoenics joins Indian credit reference agency TransUnion CIBIL, which shifted Oracle workloads to EDB, providing evidence for the viability of open-source database tech for demanding business workloads. Harald Stefan, head of platform databases for BG Phoenics, was in 2017 responsible for around 1,500 operational databases supporting 8,500 IT users in the social insurance market. His team took the decision to replace all of its IBM technology, including Db2, Tivoli and Websphere, which by the end of 2019 made up the core infrastructure supporting the content management system. Databases varied in size from smaller than 100GB to 2.5TB. The reason for the departure from Big Blue's technology was the complexity of the architecture and subsequent effect on management and licensing. It also had an impact on deployment times.
Android Leftovers
AMD Zen 3 Performance With The Initial "znver3" GCC Compiler Support
Last week AMD published their Zen 3 support for GCC code compiler. That initial support, which has already been merged into GCC 11, is the initial support flipping on newly supported instructions but not yet offering any tuned scheduler model or other optimizations compared to the existing Zen 2 path. In any case, here is a look at the performance changes with building the open-source benchmarks under test with "znver3" compared to the prior Zen 2 and Zen 1 targets along with generic x86_64 and then also looking at the performance if catering the compiler targets for Intel's Skylake and Haswell processors. From the GCC 11.0 development code on 3 December with the Znver3 patch applied and compiled as a release build, I ran benchmarks with the Ryzen 9 5950X while looking at various compiler flags (CFLAGS/CXXFLAGS) for a look at the resulting performance of the open-source C/C++ benchmarks under test. The "-O3" optimization level was consistent across all the compiler targets tested while "-march=" values of znver3, znver2, znver1, x86-64, haswell, and skylake were all tested. The Zen 3/2/1 comparison is obvious and x86-64 offers a look at the generic x86-64 base level performance.
Recent comments
55 min 8 sec ago
1 hour 8 min ago
1 hour 14 min ago
1 hour 18 min ago
3 hours 11 min ago
3 hours 13 min ago
11 hours 27 min ago
13 hours 9 min ago
13 hours 42 min ago
14 hours 28 min ago