Security Leftovers
-
Securing the Open-Source supply chain with Ubuntu Pro on Google Cloud
It’s official: since the outbreak of the COVID-19 pandemic, cybercrime has increased by 600%. Among these, ransomware attacks are estimated to cost $6 trillion in 2021 alone. And there were nearly 550,000 ransomware attacks per day in 2020. The question is: are your workloads secure enough? In this blog, we will discuss how to make your Open Source workloads more secure in one second.
-
Google to Pay Hackers $31,337 for Exploiting Patched Linux Kernel Flaws
Google on Monday announced that it will pay security researchers to find exploits using vulnerabilities, previously remediated or otherwise, over the next three months as part of a new bug bounty program to improve the security of the Linux kernel.
-
Google just tripled its bounty for Linux kernel bugs. Here's why
-
GCC & LLVM Patches Pending To Fend Off Trojan Source Attacks - Phoronix
Making rounds today are the "Trojan Source" attacks by which text displayed to the end-user/developer doesn't match what is actually being executed. The problem stems from Unicode standards and could lead to malicious code being inadvertently introduced into upstream code-bases that could be overlooked during code review processes, etc. GCC and LLVM/Clang are among the early compilers preparing defenses against Trojan Source style attacks.
-
Trojan Source attack for introducing code changes invisible to the developer - itsfoss.net
Researchers at the University of Cambridge have published a new technique for subtly substituting malicious code in peer-reviewed sources. The prepared attack method ( CVE-2021-42574 ) is presented under the name Trojan Source and is based on the formation of text that looks different to the compiler / interpreter and the person viewing the code. Examples of application of the method are demonstrated for various compilers and interpreters supplied for C, C ++ (gcc and clang), C #, JavaScript (Node.js), Java (OpenJDK 16), Rust, Go and Python.
The method is based on the application of special Unicode characters in the comments to the code, which change the display order of bidirectional text. With the help of such control characters, some parts of the text can be displayed from left to right, and others from right to left. In everyday practice, such control characters can be used, for example, to insert Hebrew or Arabic strings into a file with code. But if you combine lines with different text directions in one line, using the specified characters, passages of text displayed from right to left can overlap the already existing ordinary text displayed from left to right.
- Login or register to post comments
- Printer-friendly version
- 1968 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago