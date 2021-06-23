Security: HAProxy, Misplaced FUD, and More
A critical security vulnerability has been disclosed in HAProxy, a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks.
Researchers with JFrog Security uncovered the vulnerability, CVE-2021-40346, during their regular searches for new and previously unknown vulnerabilities in popular open-source projects. HAProxy fits into that category.
The "Linux Threat Report 2021 1H" from Trend Micro found that Linux cloud operating systems are heavily targeted for cyberattacks, with nearly 13 million detections in the first half of this year. As organizations expand their footprint in the cloud, correspondingly, they are exposed to the pervasive threats that exist in the Linux landscape.
This latest threat report, released Aug. 23, provides an in-depth look at the Linux threat landscape. It discusses several pressing security issues that affect Linux running in the cloud.
Isracard used a single cell phone to communicate with credit card clients, and receive documents via WhatsApp. An employee stole the phone. He reformatted the SIM, which was oddly the best possible outcome, given the circumstances. Using the data to steal money would have been much worse.
The developers have announced the project’s blog a new Long Term Support (LTS) program on as part of an update of their End-of-Life (EOL) policy. The LTS program begins retrospectively with the last major version, ClamAV 0.103. The new LTS policy extends the lifespan from 0.103 to September 2023. LTS editions are supported for a minimum of three years.
Each LTS version is supported with critical patch versions and access to signature updates for the duration of the three-year support period. A new LTS feature release is presented approximately every two years. Non-LTS releases are supported with critical patch versions for at least four months from the original release date of the next feature release or until the release of the next feature release. For detailed information on the Long Term Support Program, see the LTS Announcement blog post and the LTS Policy in the online documentation.
Most of us are familiar with Microsoft Windows or macOS - these OSes dominate the personal computing space. But the OS that is taking over the world isn’t owned by Microsoft, Apple, or any tech company for that matter. In fact, the most popular OS in the world today isn’t owned by anyone. It’s the completely open-source Linux operating system.
GnuPG, also known as GPG, is a unique hybrid encryption tool that not only employs conventional symmetric-key cryptography but also uses public-key cryptography. This two-prong approach to encryption helps speed up the encryption process without compromising OS security.
GnuPG is popular among journalists who use the tool to encrypt important documents and protect the identities of their sources.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Zoho has released a security update on a vulnerability (CVE-2021-40539) affecting ManageEngine ADSelfService Plus builds 6113 and below. CVE-2021-40539 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine ADSelfService Plus is a self-service password management and single sign-on solution for Active Directory and cloud apps. Additionally, CISA strongly urges organizations ensure ADSelfService Plus is not directly accessible from the internet.
Audiocasts/Shows: FLOSS Weekly, mintcast, and More
Richard North was the dog that caught the bus when all of a sudden his open source project, Testcontainers, took off, and now has more than a million monthly downloads and developers using it at Netflix, Uber, Spotify, Google and other settings large and small. Doc Searls and Dan Lynch talk with Richard about how he caught the bus he ended up driving, how he set up Testcontainers.org, stood up Atomicjar.com as a running business backed by smart capital, and put learnings to use through a six-year journey that includes a worldwide pandemic that is changing development for everyone.
1:49 The News
27:48 Security Update
32:18 Bi-Weekly Wanderings
1:01:28 Announcements & Outro
First up in the news Linux Mint is ready for the facelift, Snaps get an upgrade, Kernel 5.14 is out, and 5.15 is looking good, and Ubuntu gets a release date
In security cache flushing and Bluetooth flaws
Then in our Wanderings Joe pines a phone with plasma, Tony walks 500 miles, and I search for a keyboard
We are coming in hot, literally. It's a day of spicy takes.
today's howtos
A directory in a Linux system can hold from a few files to hundreds and thousands of files.
You may need to sort the files by size, either in ascending or descending order. The reason for sorting files by size may vary. We may want to locate the largest to smallest files or vice versa.
You can easily sort files using the ls command.
In this tutorial, we’ll cover the various ways of sorting files by size using the ls command.
In our examples we’ll sort files in the /var/cache/apt/archives directory.
ProjectSend is an open-source self-host file sharing platform for companies, teams and communities.
It is an ideal solution if you want to share files with your clients. Let's say you are a designer who shares dozens of files with his clients every day, with ProjectSend you can do this effortlessly and without a hassle.
Log files are very useful when it comes to situations where the root cause of an event has to be investigated. But analyzing logs does not only mean looking for errors in the system. There are also a lot of other informations in most of the log files. The pacemaker log file is a perfect example. Beside warnings and errors it includes also all cluster changes. The trick is to know which keywords you have to search for.
Regular readers of Enable Sysadmin know that most of us are big fans of Ansible. We particularly like using Ansible roles to design reusable code effectively. A playbook follows a specific execution order when it runs, and there are several ways to control the order in which your tasks run. In this article, I'll look at two particularly useful Ansible features, pre_tasks and post_tasks. I'll walk you through some real (and simple) examples of how these features can add additional flexibility to your playbooks by executing tasks at different points during a playbook run.
Sometimes when managing a website, things can get messed up. You might remove some stale content and replace it with a redirect to other pages. Later, after making other changes, you find some web pages become entirely inaccessible. You might see an error in your browser that "The page isn't redirecting properly" with a suggestion to check your cookies.
“Fusion 360” is a CAD / CAM program from Autodesk, which is known for 3D modeling software. Although it is a paid graphic design software, students and schoolchildren can download the professional program for Windows and Mac free of charge. With this professional tool, you can design mechanical components and master a wide variety of tasks in product design. You can render your drafts, create animations, and – thanks to cloud support – helps to work in collaboration.
Today we are looking at how to install Clone Hero on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.
If you have any questions, please contact us via a YouTube comment and we would be happy to assist you!
So you want to see a list of all packages installed on your SUSE Linux or OpenSUSE Linux system? Try these simple tips for listing all packages.
We can easily search for packages matching any given search text/words under OpenSUSE or SUSE Enterprise Linux using the zypper command.
How do I find out my Suse Linux / OpenSuse Linux / Suse Enterprise Linux server/desktop version using the command line options? What is the command to find out OpenSUSE Linux version?
This page explains how to find SUSE or OpenSUSE Linux version using the cat command and other commands.
Kubic with Kubernetes 1.22.1 released
The Kubic Project is proud to announce that snapshot 20210901 has been released containing Kubernetes 1.22.1.
