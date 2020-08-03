Security Leftovers
Linux and open-source communities rise to Biden's cybersecurity challenge
Anyone who thought computer security problems were some abstract trouble that had little to do with their daily life was rudely awakened recently. The Colonial Pipeline ransomware attack saw gas and oil deliveries shut down throughout the southeast. Cybersecurity failures had already become a major problem with the SolarWinds software supply chain attack and the FBI having to step in to fix broken Microsoft Exchange servers. So, on May 12th President Joe Biden signed an executive order to boost the federal government cyber defense and to warn all of America that technology security must be job one now. The Linux Foundation and its related organizations are stepping up to better Linux and open-source security.
Using Dynamic Admission Control to Secure Your Kubernetes’ Supply Chain
Kubernetes adoption is up, but many organizations are suffering security incidents in their container and Kubernetes environments. In the fall edition of the “State of Container and Kubernetes Security” report, for instance, 91% of respondents told StackRox that they had adopted the container orchestration platform. That’s about the same proportion (90%) of survey participants that admitted to having suffered a security incident in their Kubernetes and container environments over the preceding 12 months. Two-thirds of those security incidents consisted of a misconfiguration issue. Those events were followed by a vulnerability incident (22%), a runtime incident (17%) and a failed audit (16%). Nearly half (44%) of respondents said that they ultimately delayed moving an application into production as a result of their security concerns.
Reproducible Builds (diffoscope): diffoscope 175 released
The diffoscope maintainers are pleased to announce the release of diffoscope version 175. This version includes the following changes:
* Use the actual filesystem path name (instead of diffoscope's concept of the source name) to correct APK filename filtering when an APK file is in another container -- we need to filter the auto-generated "1.apk" instead of "original-filename.apk". (Closes: reproducible-builds/diffoscope#255) * Don't call os.path.basename twice. * Correct grammar in a fsimage.py debug message. * Add a comment about stripping filenames.
Your clipboard is only as secure as your device
The system clipboard is part of every modern operating system. It lets us copy and paste text, images, files, and data between different applications. Like everything else these days, it’s increasingly getting tied up with other people’s servers (“the cloud.”) So, what does that mean for your clipboard privacy?
The clipboard was invented in 1973, and it was never designed to be secure. It’s a shared area of computer memory used to quickly duplicate information from one app — one data silo — to another. Traditionally, every running process on our computers has had full access to everything that lands on the clipboard. Yet, we copy and move about personal information, passwords, company secrets, and a whole lot more using the same old clipboard without blinking an eye.
New features like cross-device synchronization and clipboard history can be very useful. However, they also make the interactions more complicated and the behavior more unpredictable. It can even expose our passwords and personal data to new avenues of attack from malicious software running on your other devices.
Tails: Call for testing 4.19~rc1
Contribute to Tails by testing our release candidate for Tails 4.19! [...] Tails 4.19, scheduled for June 1, will completely change how to connect to the Tor network from Tails. We would like as many people as possible to test this beta version to be able to fix as many problems as possible before we release 4.19 to all users.
By David A. Wheeler
How LF communities enable security measures required by the US Executive Order on Cybersecurity