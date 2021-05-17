Security Leftovers
Security updates for Monday
Security updates have been issued by Arch Linux (apache, gitlab, inetutils, isync, kube-apiserver, nettle, polkit, python-urllib3, python-websockets, thunderbird, and wireshark-cli), Debian (squid3), Fedora (glibc, libxml2, mingw-openjpeg2, and openjpeg2), Mageia (djvulibre, docker-containerd, exif, gnuchess, irssi, jasper, kernel, kernel-linus, microcode, python-lxml, python-pygments, rust, slurm, and wpa_supplicant, hostapd), openSUSE (389-ds and pam_radius), Oracle (.NET Core 3.1, container-tools:3.0, container-tools:ol8, krb5, microcode_ctl, postgresql:12, postgresql:13, and runc), Red Hat (dhcp, postgresql, postgresql:10, postgresql:12, postgresql:9.6, rh-postgresql10-postgresql, rh-postgresql12-postgresql, and rh-postgresql13-postgresql), Scientific Linux (dhcp and microcode_ctl), SUSE (ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone, crowbar-openstack, grafana, kibana, monasca-installer, python-Django, python-py, rubygem-activerecord-session_store, freeradius-server, libjpeg-turbo, spice, and squid), and Ubuntu (rpcbind).
Breaking SSL Locks: App Developers Behaving Badly
The padlock icon indicates a secure communication channel between the browser and the server. When the lock is closed and green, the connection is encrypted using HTTPS and an SSL certificate signed by a trusted authority. Your private data, from the browser to the server, is secure. When the lock is broken, the communication channel is broken, insecure, and cannot be trusted. Any data sent to the server is easily visible, can be intercepted, and even compromised by an attacker.
Often mobile apps use the same HTTPS communication channels to back-end services as the web browser. That may make you wonder, where is the little lock being shown? How do you know your private data is being sent securely?
SSL Security Deliberately Broken in Many Mobile Apps
Recent findings from Symantec show that some mobile app developers are deliberately breaking the secure communication channel between the browser and the server, allowing potentially private data to be sent via insecure SSL connections.
As Symantec explains, the little padlock shown in your browser indicates a secure communication channel between the browser and the server, meaning the connection is encrypted and your data is safe. When the lock is broken, however, any data sent to the server is easily visible and can be intercepted or compromised.
Do We Even Need the Computer Fraud & Abuse Act (CFAA)?-Van Buren v. US - Technology & Marketing Law Blog
Games: GOG, Mechajammer, and More
today's howtos
SUSE/Red Hat Leftovers
With Deskreen, You Can Mirror or Stream Your Linux Computer Screen to Any Device
Screen sharing or screen mirroring apps available out there aren’t that good. Even though most of the dedicated options are only available for Windows/Mac, you may have a tough time finding an open-source solution for Linux. With such an app, you can share your screen with any device connected to your network. If you have a multi-monitor setup, you realise the advantages of having multiple screens. And, with Deskreen, you can turn any device into your secondary screen, how exciting!
