Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Russia excluded from virtual White House meeting on ransomware

    The White House on Wednesday will convene a virtual meeting on countering ransomware with senior officials representing 30 countries and the European Union, Biden administration officials said, as part of President Biden’s effort to work with global partners to address cyber threats.

    Ministers and senior officials from a range of countries will take part in the virtual meeting, though the attendees do not include representatives from Russia, which has been a key focus of the Biden administration in trying to root out criminal ransomware groups.

  • How does HTTPS protect you (and how doesn't it?) - The Mozilla Blog

    It’s true that looking for the lock icon and HTTPS will help you prevent attackers from seeing any information you submit to a website. HTTPS also prevents your internet service provider (ISP) from seeing what pages you visit beyond the top level of a website. That means they can see that you regularly visit https://www.reddit.com, for example, but they won’t see that you spend most of your time at https://www.reddit.com/r/CatGifs/. But while HTTPS does guarantee that your communication is private and encrypted, it doesn’t guarantee that the site won’t try to scam you.

    Because here’s the thing: Any website can use HTTPS and encryption. This includes the good, trusted websites as well as the ones that are up to no good — the scammers, the phishers, the malware makers.

    You might be scratching your head right now, wondering how a nefarious website can use HTTPS. You’ll be forgiven if you wonder in all caps HOW CAN THIS BE?

    The answer is that the security of your connection to a website — which HTTPS provides — knows nothing about the information being relayed or the motivations of the entities relaying it. It’s a lot like having a phone. The phone company isn’t responsible for scammers calling you and trying to get your credit card. You have to be savvy about who you’re talking to. The job of HTTPS is to provide a secure line, not guarantee that you won’t be talking to crooks on it.

    That’s your job. Tough love, I know. But think about it. Scammers go to great lengths to trick you, and their motives largely boil down to one: to separate you from your money. This applies everywhere in life, online and offline. Your job is to not get scammed.

  • Security updates for Wednesday [LWN.net]

    Security updates have been issued by Debian (flatpak and ruby2.3), Fedora (flatpak, httpd, mediawiki, redis, and xstream), openSUSE (kernel, libaom, libqt5-qtsvg, systemd, and webkit2gtk3), Red Hat (.NET 5.0, 389-ds-base, httpd:2.4, kernel, kernel-rt, libxml2, openssl, and thunderbird), Scientific Linux (389-ds-base, kernel, libxml2, and openssl), SUSE (apache2-mod_auth_openidc, curl, glibc, kernel, libaom, libqt5-qtsvg, systemd, and webkit2gtk3), and Ubuntu (squashfs-tools).

  • Linux Foundation Raises $10M To Expand And Support Open Source Security Foundation
  • Open Source Security Foundation Raises $10 Million in New Commitments to Secure Software Supply Chains
  • Linux Foundation raises $10M to support open-source security project - SiliconANGLE

    The funding came from members of the foundation. The long lineup: Dell Technologies Inc., Telefonaktiebolaget LM Ericsson, Facebook Inc., Fidelity Investments Inc., GitHub Inc., Google LLC, International Business Machines Corp., Intel Inc., JPMorgan Chase & Co., Microsoft Corp., Morgan Stanley, Oracle Corp., Red Hat Inc., Snyk Inc., VMware Inc., Anchore Inc., Apiiro LLC, AuriStar Technologies Inc., Deepfence Inc., Devgistics, GitLab Inc., Nutanix Inc., Tidelift Inc. and Wind River Systems Inc.

  • The World’s Major Technology Providers and Converge to Improve the Security of Software Supply Chains

    Imagine you have created an open source project that has become incredibly popular. Thousands, if not millions, of developers worldwide, rely on the lines of code that you wrote. You have become an accidental hero of that community — people love your code, contribute to improving it, requesting new features, and encouraging others to use it. Life is amazing, but with great power and influence comes great responsibility.

    When code is buggy, people complain. When performance issues crop up in large scale implementations, it needs to be addressed. When security vulnerabilities are discovered — because no code or its dependencies are always perfect — they need to be remediated quickly to keep your community safe.

More LF

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

OpenSSH, Squid, PostgreSQL Update in Tumbleweed

Three openSUSE Tumbleweed snapshots released this week have brought updates for text editors, browsers, emails clients, database management systems and many other pieces of software. Mozilla Firefox, Thunderbird, nano, and PostgreSQL were all in the latest 20211012 snapshot. A new major version of Firefox 93.0 added support for the optimised image format AVIF, which offers a significant file size reduction as opposed to other image formats. The browser also improved web compatibility for privacy protections and fixed more than a handful of Common Vulnerabilities and Exposures. Thunderbird 91.2.0 addressed many of the same CVEs, fixed some issues with the calendar and fixed the new mail notifications that did not properly take subfolders into account. The 5.9 version of text editor nano added syntax highlighting for YAML files and fetchmail 6.4.22 added a few patches, addressed a CVE related to an IMAP connections and now highlights being compatible with OpenSSL 1.1.1 and 3.0.0. The new major version of postgresql 14 provided improvements for heavy workloads, enhanced distributed workloads and added a couple more predefined roles like pg_read_all_data, pg_write_all_data and pg_database_owner. Other packages to update in the snapshot were GNOME’s document viewer evince 41.2, Flatpak 1.12.1, graphics library gegl 0.4.32, glusterfs 9.3 and many RubyGems and YaST package updates. Read more Also: openSUSE Tumbleweed – Review of the weeks 2021/40 & 41

Games: Dystopian Army Builder, Hellraid DLC, and More

  • Uh oh, looks like Despot's Game: Dystopian Army Builder is going to suck all my time away | GamingOnLinux

    Despot's Game: Dystopian Army Builder is a brand new release from Konfa Games and tinybuild that sees you command a bunch of naked people and send them through a strange post-apocalyptic labyrinth. Note: personal purchase. Like it Loop Hero, you have no direct control during combat you just watch it play out and hope for the best. Here though you're running through some kind of maze-like dungeon full of strange machines, with multiple people you need to look after. They'll likely die a lot though, don't get too attached, you can buy more naked people. Eventually you might come across the nefarious d’Spot who runs the show and perhaps destroy them to earn your freedom. It blends together quite a few different genres and it feels totally unique. The structure is a bit like The Binding of Isaac with you going from room to room, it's also a strategy game with you buying people and equipping them with various weapons you buy from shops spread throughout the maze and then there's the fusion of auto battling so you can sit back and watch the mess unfold.

  • Techland continue expanding the Hellraid DLC as they try to improve reviews | GamingOnLinux

    When Techland released the Hellraid DLC in August 2020 inspired by their unreleased dark fantasy slasher Hellraid the reviews were not kind, as it was very basic but they've kept at it and another big update is out now.

  • Brawlhalla to get Easy Anti-Cheat, dev puts up Beta with EAC working on Linux with Proton | GamingOnLinux

    Blue Mammoth Games announced that later in October that the platform-fighter Brawlhalla will be getting Easy Anti-Cheat. Thankfully, they've put up a Beta for Linux users playing it on Steam Play Proton and it works.

  • Apple is now funding Blender development joining many big names | GamingOnLinux

    There's apparently absolutely no stopping the Blender train, with the developer announcing that Apple has now joined their development fund.

  • Valve banning games that allow exchanging cryptocurrencies or NFTs | GamingOnLinux

    It seems Valve aren't a big fan of cryptocurrencies or NFTs as they've updated their onboarding guide with a new point about disallowing games that allow you to exchange them. Under the Rules and Guidelines heading where it mentions "What you shouldn’t publish on Steam" there's a new line that states "Applications built on blockchain technology that issue or allow exchange of cryptocurrencies or NFTs".

  • Check out this crowdfunding campaign to learn Godot Engine from GDQuest | GamingOnLinux

    GDQuest, a well-known name in the free and open source Godot Engine land has launched a new crowdfunding campaign aiming to get you to go from zero to hero with Godot programming. A course aimed at anyone and everyone who fancies getting into making games with Godot. The founder of GDQuest, Nathan Lovato, emailed in a little info about it: " Learn to Code From Zero is a course for everyone who wants to learn development. With it, you will learn programming from the very basics to creating a complete video game inspired by the hectic action game Enter the Gungeon. Game development courses typically consist of hours of step-by-step tutorials. They feel nice while you follow along, but as soon as you're left alone, working on your game, you get stuck.

LibreOffice Leftovers

  • Michael Meeks/2021-10-15 Friday

    After Italo's keynote announcement of the new LibreOffice Technology marketing plan at the LibreOffice conference, we lost no time integrating this great way to fairly present the goodness of LibreOffice that we depend on to build Collabora Online & Collabora Office mobile into the product. With new links that can take you to our LibreOffice Technology page where we can celebrate the community & credit all the hard work done under the hood here, and of course the logo. Still a work-in-progress, and will start to appear in our products over the next weeks as/when we refresh them, but so far it looks like this for desktop & mobile [...] up-coming COOL About dialog up-coming COOL About dialog Thanks to Italo & Mike at TDF for developing the concept, and also to Pedro & Elisa, for their work on the code & logos - we'll be iterating it with them over the next days & weeks.

  • Let's do awesome things! Get support for your projects and ideas from our budget - The Document Foundation Blog

    Want to organise a local (or online) LibreOffice event? Need some merchandise to boost your project or community? Then we can help you! The Document Foundation, the non-profit behind LibreOffice, is backed by contributions from ecosystem members and volunteers, as well as donations from end-users. This helps us to maintain TDF, but we can do a lot more too. And next year, we want to do a lot of projects again!

  • Next batch of videos from the LibreOffice Conference 2021 - The Document Foundation Blog

    Here are some more videos from the LibreOffice Conference 2021! Check out the playlist, using the button in the top-right – or scroll down for links to individual videos...

  • Automated bibisect to find source of a bug - LibreOffice Development Blog

    In programming, we usually face bugs that we should fix to maintain or improve our software. In order to fix a bug, first we should find the source of the problem, and there are tools like “Automated bibisect” are available to help, specially when the bug is a regression.

Xubuntu 21.10 released!

The Xubuntu team is happy to announce the immediate release of Xubuntu 21.10. Xubuntu 21.10, codenamed Impish Indri, is a regular release and will be supported for 9 months, until June 2022. If you need a stable environment with longer support time we recommend that you use Xubuntu 20.04 LTS instead. The final release images are available as torrents and direct downloads from xubuntu.org/download/. As the main server might be busy in the first few days after the release, we recommend using the torrents if possible. Xubuntu Core, our minimal ISO edition, is available to download from unit193.net/xubuntu/core/ [torrent]. Find out more about Xubuntu Core here. Read more