Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security updates for Wednesday

    Security updates have been issued by Debian (ffmpeg, smarty3, and strongswan), Fedora (udisks2), openSUSE (flatpak, strongswan, util-linux, and xstream), Oracle (redis:5), Red Hat (java-1.8.0-openjdk, java-11-openjdk, openvswitch2.11, redis:5, redis:6, and rh-redis5-redis), SUSE (flatpak, python-Pygments, python3, strongswan, util-linux, and xstream), and Ubuntu (linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-raspi and strongswan).

  • JavaScript Packing Found in More Than 25% of Malicious Sites
  • Textbook Rental Scam - Schneier on Security

    Here’s a story of someone who, with three compatriots, rented textbooks from Amazon and then sold them instead of returning them. They used gift cards and prepaid credit cards to buy the books, so there was no available balance when Amazon tried to charge them the buyout price for non-returned books. They also used various aliases and other tricks to bypass Amazon’s fifteen-book limit. In all, they stole 14,000 textbooks worth over $1.5 million.

  • Amazon textbook rental service scammed for $1.5m

    A 36-year-old man from Portage, Michigan, was arrested on Thursday for allegedly renting thousands of textbooks from Amazon and selling them rather than returning them.

    Andrew Birge, US Attorney for the Western District of Michigan, said Geoffrey Mark Hays Talsma has been indicted on charges of mail and wire fraud, transporting stolen property across state lines, aggravated identity theft, and lying to the FBI.

    Also indicted were three alleged co-conspirators: Gregory Mark Gleesing, 43, and Lovedeep Singh Dhanoa, 25, both from Portage, Michigan, and Paul Steven Larson, 32, from Kalamazoo, Michigan

    From January 2016 through March 2021, according to the indictment, Talsma rented textbooks from the Amazon Rental program in order to sell them for a profit. The indictment describes what occurred as "a sophisticated fraud scheme."

  • Google Releases Security Updates for Chrome

    Google has released Chrome version 95.0.4638.54 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

    CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.

More in Tux Machines

Best Free and Open Source Alternatives to IBM SPSS

International Business Machines Corporation (IBM) is an American multinational technology corporation headquartered in Armonk, New York. They sell computer hardware, middleware and software employing over 370,000 people. IBM acquired Red Hat in 2019. But you can trace IBM’s history of open source far further back. They were one of the earliest champions of open source, backing influential communities like Linux, Apache, and Eclipse, advocating open licenses, open governance, and open standards. Read more

today's leftovers

  • Why Do Windows Users Think Linux Users Are Weird - Invidious

    Linux is such a radically different operating system than the proprietary operating systems like Microsoft Windows. Because of this, Linux tends to attract a different kind of user than Windows.

  • How to install Sublime Text on Elementary OS 6.0 - Invidious

    In this video, we are looking at how to install Sublime Text on Elementary OS 6.0.

  • SGX Deprecation Prevents PC Playback of 4K Blu-ray Discs

    This week Techspot reported that DRM-laden Ultra HD Blu-ray Discs won’t play anymore on computers using the latest Intel Core processors. You may have skimmed right past it, but the table on page 51 of the latest 12th Generation Intel Core Processor data sheet (184 page PDF) informs us that the Intel Software Guard Extensions (SGX) have been deprecated. These extensions are required for DRM processing on these discs, hence the problem. The SGX extensions were introduced with the sixth generation of Intel Core Skylake processors in 2015, the same year as Ultra HD Blu-ray, aka 4K Blu-ray. But there have been numerous vulnerabilities discovered in the intervening years. Not only Intel, but AMD has had similar issues as we wrote about in October.

  • PostgreSQL: pgDay Paris 2022 — Schedule published

    The next edition of the popular PostgreSQL conference pgDay Paris, a PostgreSQL.Org Recognized Community Conference, will be held on March 24, 2022 in the French capital. All of the talks will be in English. Registration is open, and the EARLYBIRD discount is going fast so make sure you grab that while you can!

  • WordPress 5.9 RC3

    The third Release Candidate (RC3) for WordPress 5.9 is here! Thank you to everyone who has contributed thus far toward testing and filing bugs to help make WordPress 5.9 a great release. WordPress 5.9 is slated to land in just one week—on January 25, 2022. You still have time to help! Since RC2 arrived last week, testers have found and fixed two bugs, 14 fixes from Gutenberg. There has been one additional Gutenberg fix today.

Proprietary Traps: AD, AV1 Patent Pools, More Outsourcing to Microsoft

  • Overcoming A Common Admin Black Hole: Linux Management [Ed: Shilling Microsoft's proprietary junk (AD) and then alleging Linux has a "black hole"]

    I’ll admit that we never “got there” from a governance standpoint with those Linux devices; a silo was predestined because we were built around Active Directory domain controllers that shunned Linux devices.

  • Firefox Gets AV1 VA-API Acceleration Sorted Out

    Thanks to Red Hat developer Martin Stránský, he has managed to get the Video Acceleration API (VA-API) working for AV1 content within the Firefox web browser. After working on it the past month, the necessary bits have come together for supporting AV1 VA-API playback within Firefox on Linux. See the Mozilla.org BugZilla for tracking the progress on the effort. The latest AV1 activity in general for Mozilla can be tracked via hg.mozilla.org.

  • Hacks.Mozilla.Org: Contributing to MDN: Meet the Contributors [Ed: Mozilla outsourced again to Microsoft and its proprietary software; Mozilla became worthless; it'll be history in a few years due to bad leadership]

    If you’ve ever built anything with web technologies, you’re probably familiar with MDN Web Docs. With about 13,000 pages documenting how to use programming languages such as HTML, CSS and JavaScript, the site has about 8,000 people using it at any given moment. MDN relies on contributors to help maintain its ever-expanding and up to date documentation. Supported by companies such as Open Web Docs, Google, w3c, Microsoft, Samsung and Igalia (to name a few), contributions also come from community members. These contributions take many different forms, from fixing issues to contributing code to helping newcomers and localizing content. We reached out to 4 long-time community contributors to talk about how and why they started contributing, why they kept going, and ask what advice they have for new contributors. [...] Since the end of 2020, the translation of MDN articles happen on the new GitHub based platform. [...] Our seasoned contributors suggest starting with reporting issues and trying to fix them, follow the issue trackers and getting familiarized with GitHub.

Hardware: EInk Phone, Arduino, and More

  • Bryan Quigley: Small EInk Phone

    To be shipped with one of the main Linux phone OSes (Manjaro with KDE Plasma, etc).

  • A DIY CAD Mouse You Can Actually Build

    When you spend a lot of time on the computer doing certain more specialised tasks (no, we’re not talking about browsing cat memes on twitter) you start to think that your basic trackpad or mouse is, let’s say, lacking a certain something. We think that something may be called ‘usability’ or maybe ease-of-use? Any which way, lots of heavy CAD users gush over their favourite mouse stand-ins, and one particularly interesting class of input devices is the Space Mouse, which is essentially patented up-to-the-hilt and available only from 3DConnexion. But what about open source alternatives you can build yourselves? Enter stage left, the Orbion created by [FaqT0tum.] This simple little build combines an analog joystick with a rotary knob, with a rear button and OLED display on the front completing the user interface.

  • KiCAD 6.0: What Made It And What Didn’t | Hackaday

    I’ve been following the development of KiCAD for a number of years now, and using it as my main electronics CAD package daily for a the last six years or thereabouts, so the release of KiCAD 6.0 is quite exciting to an electronics nerd like me. The release date had been pushed out a bit, as this is such a huge update, and has taken a little longer than anticipated. But, it was finally tagged and pushed out to distribution on Christmas day, with some much deserved fanfare in the usual places. So now is a good time to look at which features are new in KiCAD 6.0 — actually 6.0.1 is the current release at time of writing due to some bugfixes — and which features originally planned for 6.0 are now being postponed to the 7.0 roadmap and beyond.