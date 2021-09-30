Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Submitted by Roy Schestowitz on Tuesday 16th of November 2021 05:16:03 PM Filed under
Security
  • Why I Hate Password Rules

    The other day I was creating a new account on the web. It was financial in nature, which means it gets one of my most secure passwords. I used PasswordSafe to generate this 16-character alphanumeric password:

    :s^Twd.J;3hzg=Q~

    Which was rejected by the site, because it didn’t meet their password security rules.

  • New Federal Government Cybersecurity Incident and Vulnerability Response Playbooks

    The White House, via Executive Order (EO) 14028: Improving the Nation’s Cybersecurity, tasked CISA, as the operational lead for federal cybersecurity, to “develop a standard set of operational procedures (i.e., playbook) to be used in planning and conducting cybersecurity vulnerability and incident response activity” for federal civilian agency information systems. In response, today, CISA published the Federal Government Cybersecurity Incident and Vulnerability Response Playbooks. The playbooks provide federal civilian executive branch (FCEB) agencies with operational procedures for planning and conducting cybersecurity incident and vulnerability response activities. The playbooks provide illustrated decision trees and detail each step for both incident and vulnerability response.

  • Vulnerability allowing an update to be released for any package in the NPM repository [Ed: Once again we're meant to pretend that this isn't Microsoft's fault; it typically blames the victims, to whom it ships malware]

    GitHub has disclosed two incidents in the NPM package repository infrastructure. On November 2, third-party security researchers ( Kajetan Grzybowski and Maciej Piechota ) as part of the Bug Bounty program announced a vulnerability in the NPM repository that allows you to publish a new version of any package using your account, which is not authorized to perform such updates.

  • I will pay you cash to delete your npm module

    npm’s culture presents a major problem for global software security.

  • Google introduced fuzzing testing system ClusterFuzzLite - itsfoss.net

    Google presented the ClusterFuzzLite project , which allows organizing fuzzing testing of code for early detection of potential vulnerabilities at the stage of continuous integration systems operation. Currently, ClusterFuzz can be used to automate fuzzing testing of pull requests in GitHub Actions , Google Cloud Build, and Prow , but support for other CI systems is expected in the future. The project is based on the ClusterFuzz platform , created to coordinate the work of fuzzing-testing clusters, and is distributed under the Apache 2.0 license.

    It is noted that after the introduction of the OSS-Fuzz service by Google in 2016, more than 500 important open source projects were accepted into the continuous fuzzing testing program. Based on the checks carried out, more than 6,500 confirmed vulnerabilities have been eliminated and more than 21,000 errors have been fixed. ClusterFuzzLite continues to evolve fuzzing testing mechanisms with the ability to identify issues earlier in the peer review phase of proposed changes. ClusterFuzzLite has already been introduced into the processes of reviewing changes in systemd and curl projects, and made it possible to identify errors missed by static analyzers and linters that were used at the initial stage of checking new code.

  • The Quickest Way to Set Up HTTPS

    I registered on blogs.perl.org today so that I could comment on posts about object systems. However, the very first thing I encountered was a password page with NO SSL. So, even though I have a ton to say about object systems, my first blog post will instead be about setting up SSL.

    (I’m aware that this is a “legacy server problem” but I also recently learned that it doesn’t matter with traefik.)

    In this grand year of 2021 you can add SSL to any site, on any architecture, for free, by adding 3 files to your server, making one small config change to Apache, and running a service. We are truly living in the future.

»

More in Tux Machines

EverSticky: Sticky Notes App For Your Linux Desktop That Syncs With Evernote

EverSticky is a simple new Qt sticky notes tool for Linux that synchronizes with Evernote and displays rich text formatting. The application lets users quickly take notes using post-it note-like windows displayed on their desktop. The notes are automatically saved, and synchronized to Evernote (including free Evernote accounts) at a given interval or on demand. Eversticky sticky notes The sticky notes are accompanied by a tray icon from where users can create a new note (new notes can also be created by using the + button from an existing sticky note), force sync to Evernote, bring the notes to the foreground, log out of Evernote, and access the application settings. In the settings you'll find options like setting the sync interval, check for application updates, and set the tray icon style to light or dark. Read more

Open Hardware/Modding Leftovers and Advanced Keyboards for Linux

  • Goofoo Cube - A $99 easy-to-assemble 3D printer for beginners (Crowdfunding) - CNX Software
  • Upcycling of software +++ FSFE Translators +++ Router Freedom at risk in

    In our November Newsletter learn why device neutrality and upcycling of software are essential to make (re-)using our hardware more resource-efficient. Read about the key role translators play in the FSFE and about the loss of Router Freedom in Latvia. Watch a new video on Free Software core values, and follow our community events.

  • Machine Learning Shushes Stressed Dogs | Hackaday

    [Clairette] has had a particularly difficult time adapting to her friends leaving every day, but thankfully her human [Nathaniel Felleke] was able to come up with a clever solution. He trained a TinyML neural net to detect when she barked and used and Arduino to play a sound byte to sooth her. The sound bytes in question are recordings of [Nathaniel]’s mom either praising or scolding [Clairette], and as you can see from the video below, they seem to work quite well. To train the network, [Nathaniel] worked with several datasets to avoid overfitting, including one he created himself using actual recordings of barks and ambient sounds within his own house. He used Eon Tuner, a tool by Edge Impulse, to help find the best model to use and perform the training. He uploaded the trained network to an Arduino Nano 33 BLE Sense running Mbed OS, and a second Arduino handled playing sound bytes via an Adafruit Music Maker Featherwing.

  • 6 Best Programmable and Mechanical Keyboards For Linux 2021

    With Windows all keyboards are compatible but most are with Mac as well. If we talk about Linux/Unix then there are few which are compatible with it in which some functions might not work at all or work partially. These are mostly for Ubuntu, CentOS, Debian and even Kali Linux. We have tested the 6 best Mechanical and Programmable Keyboards available for Linux that are suitable for gaming and programming, with typing in mind.

Android Leftovers

Robert Roth: Calculator and GTK4

It was a long time since I last wrote, but important news coming up, so I thought it's time to post again. The kind Christopher Davis has spent some time on porting Calculator to GTK4, a process which looks like complete to me know, with the merge into master happening fairly soon. This was a lot of work, given the framework changes, and would be nice to have some testing mileage on it, so I'm asking the curious people to check it out, and report any issues you may find. Currently it is only available on the merge request branch, but it is fairly easy to try out using Builder. Thanks go out to the developers behind Builder+Flatpak for building up the whole ecosystem which makes development fairly easy without breaking the local environment, and without having to maintain a full JHBuild environment. Read more

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6