Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by Debian (aspell, intel-microcode, krb5, rabbitmq-server, and ruby-actionpack-page-caching), Fedora (chromium, containernetworking-plugins, containers-common, crun, fossil, podman, skopeo, varnish-modules, and vmod-uuid), Gentoo (leptonica, libsdl2, and libyang), Mageia (golang, lib3mf, nodejs, python-pip, redis, and xstream), openSUSE (containerd, crmsh, curl, icinga2, and systemd), Oracle (containerd), and Red Hat (thunderbird).

  • Running FIPS 140 workloads on Ubuntu | Ubuntu

    Even though cryptography is used by almost every application today, the implementation of it is usually delegated to specialized cryptographic libraries. There are multiple reasons for that, including that implementing cryptography is not easy, and in fact it is easy to get wrong. Small mistakes–such as reusing a nonce–may render the data encrypted by an application recognizable. At the same time, the security landscape changes so fast that secure software of 10 years ago can no longer withstand attacks that exploit newly discovered vulnerabilities. For instance, algorithms like RC4 that were dominant in the early days of Internet commerce are today considered broken.

    How can we be assured that these cryptographic applications and libraries implement cryptography correctly and follow best practices such as not using legacy cryptography? As cryptography is sensitive to governments around the world, there is no universally accepted answer yet. To address this problem in the U.S., NIST developed FIPS 140, a data protection standard that is our focus in this article.

    FIPS 140 defines security requirements related to the design and implementation of a cryptographic module, or in software terms, for an application or library implementing cryptography. The standard has multiple levels of security, from levels 1 to 4, with level 1 applying to software implementations, while level 2 and further applying to specialized hardware alongside its software. On level 1, the standard requires the use of known, secure cryptographic algorithms and modes for data protection and requires their logical separation from the application. It further includes a certification process that ensures that the claims are tested and attested by an accredited lab by NIST.

    In essence the FIPS 140 standard ensures that cryptography is implemented using well known secure designs, follows certain best practices, does not involve obscure algorithms, and that there is a due process in attestation.

  • Renewed FIPS 140-2 Validation For Red Hat Enterprise Linux 8.2 | TFiR: Interviews, News & Analysis by Swapnil Bhartiya

    Red Hat has announced the renewal of the Federal Information Processing Standard 140-2 (FIPS 140-2) security validation for Red Hat Enterprise Linux 8.2. The second FIPS certification for the Red Hat Enterprise Linux 8 platform, this validation indicates Red Hat’s leadership and commitment to providing a more secure backbone for the innovation of open hybrid cloud.

    With this validation for Red Hat Enterprise Linux 8.2, many of Red Hat’s open hybrid cloud offerings also retain the FIPS 140-2 certification as layered products building on Red Hat Enterprise Linux 8.2’s cryptography modules. These include but are not limited to: Red Hat Ceph Storage, Red Hat Gluster Storage, Red Hat OpenShift, Red Hat OpenStack Platform, Red Hat Satellite, and Red Hat Virtualization.

  • The 10 Best Tools to Scan Your Linux Server for Malware and Security Flaws

    Linux is downright one of the most popular and secure operating systems for large-scale servers. Despite its widespread usage, it remains vulnerable to cyberattacks. Hackers target servers to either shut them down or steal valuable information.

    There is a pressing need to develop counter-hacking methods to brace security breaches and malware attacks. This is possible by hiring cybersecurity professionals; unfortunately, this can prove to be a costly affair. The next best solution is to install scanning tools that fit like a hand in glove for your Linux systems.

More in Tux Machines

Software: Matrix, Ktube, and Monero P2Pool

  • Chat Bubbles on Element and Several Matrix Apps

    This simple comparison wants to help everyone adopt alternative messaging technology, Matrix, with suitable user interface to them. We call Matrix Apps to instant messengers like Element, Fluffy, Nheko, Schildi and Spectral as they are created based upon the said technology. We will start by setting up criteria first that includes chat bubbles, then going through these messengers one by one, and you will see their pictures here along with a little comments from me. I hope you can pick up the messenger with UI you love the most from here.

  • Ktube Media Downloader lets you download YouTube videos easily on Linux

    I always like to tell people about how I have been using Linux as my primary operating system for over ten years. I love Linux, I understand it, it’s free and above all, it fits my workflow in a way Microsoft’s Windows (with all its goodness) probably never will. That also means I love and am a command-line ninja but I also know one thing, a lot of people out there fear and hate the command line.

  • Monero P2Pool V1.0 Is Released

    The latest version of P2Pool, a decentralized Monero mining pool has released. This is the first official release, signaling an invitation for more users to try out the new software.

Better Support & Performance For OpenACC Kernels Is Coming To GCC

While the GNU Compiler Collection has supported OpenACC for a few years now as this parallel programming standard popular with GPUs/accelerators, the current implementation has been found to be inadequate for many real-world HPC workloads leveraging OpenACC. Fortunately, Siemens has been working to improve GCC's OpenACC kernels support. GCC's existing OpenACC kernels construct has been found to be "unable to cope with many language constructs found in real HPC codes which generally leads to very bad performance." Fortunately, improvements are on the way and could potentially be mainlined in time for next year's GCC 12 stable release. Read more

Security Leftovers

  • Database containing 106m Thailand travelers' details leaked • The Register

    A database containing personal information on 106 million international travelers to Thailand was exposed to the public internet this year, a Brit biz claimed this week. Bob Diachenko, head of cybersecurity research at product-comparison website Comparitech, said the Elasticsearch data store contained visitors' full names, passport numbers, arrival dates, visa types, residency status, and more. It was indexed by search engine Censys on August 20, and spotted by Diachenko two days later. There were no credentials in the database, which is said to have held records dating back a decade. “There are many people who would prefer their travel history and residency status not be publicized, so for them there are obvious privacy issues,” wrote Comparitech editor Paul Bischoff on the company’s blog.

  • Break out your emergency change process and patch this ransomware-friendly bug ASAP, says VMware

    VMware has disclosed a critical bug in its flagship vSphere and vCenter products and urged users to drop everything and patch it. The virtualization giant also offered a workaround.

  • Reproducible Builds (diffoscope): diffoscope 185 released

    The diffoscope maintainers are pleased to announce the release of diffoscope version 185. This version includes the following changes:

    [ Mattia Rizzolo ]
    * Fix the autopkgtest in order to fix testing migration: the androguard
      Python module is not in the python3-androguard Debian package
    * Ignore a warning in the tests from the h5py package that doesn't concern
      diffoscope.
    
    [ Chris Lamb ]
    * Bump Standards-Version to 4.6.0.
    

GNOME 41 Released. This is What's New.

GNOME team announced the release of GNOME 41 with some exceptional changes and updates. We wrap up the release in this post. Read more