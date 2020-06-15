Security Leftovers
Email Bug Allows Message Snooping, Credential Theft | Threatpost
Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email server software Dovecot, used by over three-quarters of IMAP servers, according to Open Email Survey.
What's that hurtling down the Bifröst? Node-based network fun with Yggdrasil 0.4
Alexander described v0.4 as a "significant change" and highlighted the improved mobility performance due in the release (useful for nodes that move around or change peerings frequently) as well as opportunistic source routing, which should make for improved connection quality of sessions.
Yggdrasil (the cosmic tree of Norse mythology) is a network routing technology that ditches the centralised design of traditional networks in favour of a globe-spanning tree, forming a scalable IPv6 encrypted mesh network, replete with end-to-end encryption of all traffic.
A farewell to unwieldy routing tables in favour of something node-based.
Version 0.3 is getting a bit long in tooth nowadays, having been originally released back in 2018. Version 0.3.13 arrived at the beginning of 2020. The "all-new protocol implementing an improved routing scheme" of v4.0 therefore represents a significant update.
Preparing for Yggdrasil v0.4
In the coming weeks, we will be preparing to release Yggdrasil v0.4. This is a significant change from the v0.3 branch with an all-new protocol implementing an improved routing scheme.
Zephyr OS Bluetooth vulnerabilities left smart devices open to attack • The Register
Vulnerabilities in the Zephyr real-time operating system's Bluetooth stack have been identified, leaving a wide variety of Internet of Things devices open to attack – unless upgraded to a patched version of the OS.
'Set it and forget it' attitude to open-source software has become a major security problem, says Veracode • The Register [Ed: Proprietary software is even worse in that regard]
There's a minefield of security problems bubbling under the surface of modern software, Veracode has claimed in its latest report, thanks to developers pulling third-party open-source libraries into their code bases – then never bothering to update them again.
South Korea’s nuclear research agency breached by North Korea-affiliated cyberattackers, says malware analyst group
South Korean officials have admitted that government nuclear think tank Korea Atomic Energy Research Institute (KAERI) was hacked in May 2021 by North Korea’s Kimsuky group. The Korean news outlet that broke the story has accused KAERI of a cover-up.
Malware analyst group IssueMakersLab said in a report that it detected an attack on KAERI on May 14th. The attack saw incoming heat from 13 internet addresses, of which one was traceable to Kimsuky.
Google is trying to overhaul the Bluetooth stack on your Chromebook... again
The Bluetooth story on Chromebooks is... weird. Wireless peripherals have been experiencing frequent stability problems for years now, multiple Chromebooks shipped with a buggy Bluetooth controller from Intel, and Google backpedaled on its ambitious efforts to rebuild Bluetooth from scratch to 'fix' its myriad issues. It's hard to pin down what happened exactly, but on the bright side, Google has managed to resolve most of its Bluetooth issues via software updates — even adding some goodies along the way. It seems Google hasn't given up on its plans for a broader Bluetooth overhaul, and it's now trying again with another Bluetooth stack.
Zero-day vulnerabilities in Pling leave Linux marketplaces open to RCE, supply chain attacks
A pair of serious zero-day vulnerabilities in Opendesktop’s Pling could result in drive-by remote code execution (RCE) and supply chain attacks against Linux marketplaces based on the platform.
Apple scrambles to quash iOS app sideloading demands with 'think of the children' defense
Apple, fearing regulators will force it to allow people to sideload whatever apps they like on their own iOS devices, has published a paper arguing about the importance of its oversight. The iGiant also sent a letter to US lawmakers warning of supposed harm if its gatekeeping is disallowed.
The letter is directed at members of the House Judiciary Committee and its Antitrust Subcommittee, who on Wednesday held a markup hearing to amend and vote on the advancement of six antitrust bills intended to rein in Big Tech.
today's kernel leftovers
KDE Plasma 5.22: The best KDE to date
In other words, the developers of KDE Plasma have nailed it on every conceivable level. Does that mean I'll be switching from my go-to Pop!_OS Linux? No. But that's all about the perfect melding of hardware and operating system, so Pop!_OS has an unfair advantage. However, had it not been for the power of the Thelio, you can bet I'd be seriously considering a migration from whatever desktop I was using to KDE Plasma—that's how good 5.22 is. What new features have the developers brought to light that makes this release so special? To be honest, the best thing they've done is a bit of code refactoring and take care of a laundry list of bugs. They've seriously improved the behavior and performance to the point where KDE Plasma can stand with the best desktop environments on the market—regardless of the operating system. Bug fixes galore make KDE pretty fantastic. But you're not here to read about bug fixes, you want to know what's changed and what's been added. Let's take a look. First off, I tested KDE Plasma 5.22 on KDE Neon (which, after a quick update, was running KDE Plasma 5.22.1). If you want to kick the tires of KDE Plasma 5.22, I highly recommend you go this route, as KDE Neon is a fantastic distribution for getting the latest version of the desktop. With that said, let's get on with what's new.
GnuCash review: The best free desktop budgeting software for small business owners
For small business owners, budgeting is necessary to understand your business's financial health. While tracking your company's expenses and income may seem time-consuming and complicated, there are a number of apps and software programs that make it easier for individuals and business owners to understand their finances. With so many different apps on the market, it can be hard to know which one is the best fit for you. Select compared over a dozen options when rating the best free budgeting tools, and we found that the most popular ones have nearly 5 out of 5-star ratings and thousands of customer reviews. We ranked GnuCash as the best desktop budgeting software for small business owners. GnuCash is a free software that uses a double-entry accounting method, making it a good option for small business owners trying to manage invoicing, bill payment and payroll. Below, we review GnuCash to give you all the details on its features, including the tools, perks, safety, pricing, availability and ratings so you can decide if it's the right choice for managing your money.
