Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox

    A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service (DoS) condition.

    "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox," the advisory reads. "Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DoS) of Oracle VM VirtualBox"

  • How the SAML Standard Provides Single Sign-On Services – CloudSavvy IT

    Single Sign-On and zero trust networks depend on securely passing identification details back and forth between users, identity providers, and service providers. SAML is the glue that lets that happen.

  • Security updates for Thursday

    Security updates have been issued by Fedora (busybox, getdata, and php), Mageia (couchdb, freerdp, openexr, postgresql, python-reportlab, and rsh), openSUSE (bind, java-1_8_0-openjdk, and kernel), SUSE (java-1_7_0-openjdk), and Ubuntu (icu).

  • What is the OSI Model - 7 Layers of OSI Model Explained

    International Organization for Standardization (ISO) developed the OSI model in 1984.

    OSI model is an acronym for Open System Interconnect.

    The OSI model is a model that allows us to categorize network communications and divide different activities of the network in seven conceptual layers.
    This model tries to explain how the data of an application passes through the device and out in the physical network using the seven conceptual steps or layers.

    In simpler words, it explains how one application performs different steps to communicate its data to another application running on a different device.

    The OSI model was created for creating a common industry standard, which could have helped inter-operability between different vendors.

    However, this model did not gain a lot of popularity. So it is used as a reference or a teaching tool today. The OSI model does not directly match the networking systems we use in reality, but it is still useful because it describes the several processes used in electronic communication.

  • New Linux malware hides in cron jobs with invalid dates [Ed: This is not a "Linux" issue; it's about applications that run over the Web and have holes in them, maybe because admins do not patch them]

    Security researchers have discovered a new remote access trojan (RAT) for Linux that keeps an almost invisible profile by hiding in tasks scheduled for execution on a non-existent day, February 31st.

    Dubbed CronRAT, the malware is currently targeting web stores and enables attackers to steal credit card data by deploying online payment skimmers on Linux servers.

More in Tux Machines

Okular PDF digital signature improvements coming "soon" thanks to NLnet

Starting on January I will be working on a project named "Improve Okular digital signature support" that has received a grant from the NLnet foundation as part of the NGI Assure fund. This will allow me to work part time on Okular (in case it's not clear I work on Okular on a "when I have time-hobby" basis right now), the planned improvements are: 1. Support for signing unsigned signatures. I know it sounds confusing, think about it like something like the old "sign here" boxes on printed paper forms. Read more

FPGA SoC modules gain networking carrier and new PolarFire SoC model

Enclustra’s “Mercury+ PE3” carrier for its FPGA/SoC Mercury/Mercury+ modules can act as an SBC or plug into a PC via PCIe x8. It offers QSFP+, 4x SFP+, FireFly, and 2x GbE. We also examine a new “Mercury+ MP1” module based on the RISC-V based PolarFire SoC. In May, Switzerland based Enclustra announced a Mercury+ ST1 baseboard for its FPGA/SoC powered Mercury and Mercury+ compute modules. These include a Xilinx Zynq UltraScale+ MPSoC based Mercury+ XU6 module that was announced at the same time. Now the company has unveiled a more feature-rich Mercury+ PE3 board for the Mercury/Mercury+ product line. Farther below, we report on a similarly “in development” Mercury+ MP1 module based on Microchip’s based PolarFire SoC, which includes RISC-V based CPU cores and Microchip’s PolarFire FPGA. Read more

IBM/Red Hat/Fedora Leftovers

  • IBM applauds Knative’s application to join the Cloud Native Computing Foundation

    Today, Knative applied to become an incubating project at the Cloud Native Computing Foundation. Today’s news is a major step in the right direction for the future of Knative. Knative adds the necessary components that enable Kubernetes users to more quickly deploy and manage their workloads on Kubernetes — but without the need to become Kubernetes experts. Additionally, Knative adds “serverless” runtime semantics, allowing users to reap the benefit of features such as quick load-based scaling and scaling to zero when idle.

  • 3 ways to optimize Ansible Automation Platform for scale and performance | Enable Sysadmin

    Try these settings to optimize performance with Ansible Automation Platform on a massive scale.

  • Introduction to Ansible prompts and runtime variables

    This tutorial is part of a series we dedicated to Ansible. Previously we talked about the Ansible basics, then we focused on some Ansible modules we can use to perform some very common administration tasks, and we also talked about Ansible loops. In this article, instead, we learn how to create interactive prompts we can use to ask for user input and how to pass variables at runtime.

  • MIXAL on Fedora | Adam Young’s Web Log

    The examples in The Art of Computer Programming (TAOCP) are in the MIXAL programming language. In order to see these examples run, I want to install the tools on my Fedora box. They are packaged as RPMS, so this is trivial. Here are the steps to run and debug a sample program in MIXAL.

  • Fedora Contributor Annual Survey Data Set Available – Fedora Community Blog

    Over the summer of 2021, the Fedora Council held the first annual Contributor Survey. The survey received 800 complete responses, which exceeded the goal of 500. We have processed the data, which are available for download. Coordination of the survey was a wonderful community effort. Fedora Council member Aleksandra Fedorova proposed and led the survey effort with support from Marie Nordin (FCAIC). Many teams across the Fedora Project contributed, including: the Mindshare Committee, the Outreach Revamp Team, the Design Team, the Websites & Apps Team, and the Community Platform Engineering Team. Aleksandra and Marie presented a session at Nest with Fedora which goes further into the process and outcomes. Over the last couple months, the work of cleaning up the dataset has been underway. This has been a slow process as there are just a couple of people working on that regularly. An example of “cleaning” would be folks who chose “Other”, filled in “idk”, when the option “I don’t know” existed. Those answers need to be integrated in order to have a more accurate dataset. We removed fill-in answers due to the fact that some people identified themselves, intentionally or not. As we process the data, we are noting feedback to improve the survey for 2022.

WordPress 5.9 Beta 1

WordPress 5.9 Beta 1 is now available for testing! This version of the WordPress software is under development. You don’t want to run this version on a production site. Instead, it is recommended that you run this on a test site. This will allow you to test out the new version. Read more Also: People of WordPress: Devin Maeztri