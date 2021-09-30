Security Leftovers
Security updates for Monday
Security updates have been issued by Arch Linux (bind, chromium, freerdp, opera, webkit2gtk, and wpewebkit), Debian (cron, cups, elfutils, ffmpeg, libmspack, libsdl1.2, libsdl2, opencv, and tiff), Fedora (java-latest-openjdk, stb, and thunderbird), Mageia (cairo, cloud-init, docker, ffmpeg, libcaca, php, squid, and webkit2), openSUSE (busybox, chromium, civetweb, containerd, docker, runc, dnsmasq, fetchmail, flatpak, go1.16, krb5, ncurses, python, python-Pygments, squid, strongswan, transfig, virtualbox, wireguard-tools, and xstream), Red Hat (binutils, devtoolset-10-gcc, and flatpak), SUSE (libvirt, opensc, and transfig), and Ubuntu (webkit2gtk).
Top 7 Laravel Security Practices Every Developer Should Know
Laravel is an open-source development platform that contains a PHP framework, which is one of the most used scripting languages of the 21st century. In spite of its numerous advantages, most Laravel development Agencies are still looking for ways to make the platform and applications made from it more secure.
Laravel has a good name for assurance to protect the website and applications. However, if any potential loophole is detected, a capable team within Laravel is always ready to take care of it promptly. Furthermore, there are multiple ways to improve the security of Laravel as no framework can ever claim to have guaranteed security.
With the growing popularity and prominence of Laravel, it is crucial to understand the ways to secure the website and applications. Therefore, in this article, we will talk about the Top effective Laravel-based security practices that as a developer you should know to ensure full security!
Josh Bressers: Episode 295 – Open source security isn’t free
Josh and Kurt talk about Josh’s electric car and new job. We then talk about the recent UAParser.js malware incident. There have been a lot of calls to do more to secure open source, but nobody seems to have any concrete proposals or suggestions to fund any of these activities.
Hiding Vulnerabilities in Source Code
Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think about.
Trojan Source: Invisible Vulnerabilities
Today we are releasing Trojan Source: Invisible Vulnerabilities, a paper describing cool new tricks for crafting targeted vulnerabilities that are invisible to human code reviewers.
Until now, an adversary wanting to smuggle a vulnerability into software could try inserting an unobtrusive bug in an obscure piece of code. Critical open-source projects such as operating systems depend on human review of all new code to detect malicious contributions by volunteers. So how might wicked code evade human eyes?
We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic. One particularly pernicious method uses Unicode directionality override characters to display code as an anagram of its true logic. We’ve verified that this attack works against C, C++, C#, JavaScript, Java, Rust, Go, and Python, and suspect that it will work against most other modern languages.
This potentially devastating attack is tracked as CVE-2021-42574, while a related attack that uses homoglyphs – visually similar characters – is tracked as CVE-2021-42694. This work has been under embargo for a 99-day period, giving time for a major coordinated disclosure effort in which many compilers, interpreters, code editors, and repositories have implemented defenses.
Microsoft: Windows KB5006674, KB5006670 updates break printing
Microsoft says Windows customers are experiencing issues with network printing after installing the Windows 11 KB5006674 and Windows 10 KB5006670 updates issued with this month's Patch Tuesday, on October 12.
Users attempting to connect to printers shared on Windows print servers might encounter multiple errors preventing them from printing over the network.
Motrix: A Beautiful Cross-Platform Open-Source Download Manager
There are plenty of download managers available for Linux. If you want to download something and have the ability to manage them, you can choose any of the download managers available. However, if you want a good-looking download manager that offers a modern user experience without compromising on the feature set, I’ve something that you might like. Motrix is a no-nonsense download manager that provides a clean look out of the box. It is free and open-source software.
Games: Web Sites for GNU/Linux Gaming and Latest From Gaming on Linux
Xfce’s Apps Update for October 2021: New Releases of Ristretto, Xfce Terminal, Whisker Menu, Xfdashboard
The month of October 2021 brought some great application releases for users of the lightweight Xfce desktop environment, starting with the powerful Ristretto image viewer, which has been updated to version 0.12.0, a release that introduces the ability to choose the default scale, support for entering full-screen mode by double clicking on the image, and the ability to keep the scale in memory for each loaded image.
Fwupd 1.7.1 Released with Support for Dell Atomic Dock, Steelseries Stratus Controller
Fwupd 1.7.1 is packed with several new features, including the ability to allow you to specify the fwupdmgr device-test foo --json command for unattended testing, support for inhibiting the ModemManager device in mbim-qdu, support for loading remotes from /var/lib/fwupd/remotes.d, as well as the ability to use a file name when using set-approved-firmware.
