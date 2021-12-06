Language Selection

English French German Italian Portuguese Spanish

Security and Proprietary Issues

Submitted by Roy Schestowitz on Friday 1st of April 2022 10:35:29 AM Filed under
Security
  • Freedom From Coercion – Purism

    This past week, as part of escalating sanctions between the West and Russia because of the war in Ukraine, the FCC added the security company Kaspersky (creator of the popular Kaspersky Anti-Virus software) to its “security threat list” which means products from that company aren’t eligible for FCC funds. It’s important to note that this wasn’t due to a particular backdoor that was discovered in Kaspersky products. Instead this was because of the threat that Kaspersky (a Russian company) could be coerced by the Russian government to add a backdoor. Because Kaspersky’s software is proprietary, it would be incredibly challenging to audit the software and all future updates for backdoors.

    A Russian bank has issued a warning of its own, advising customers to avoid updating software, in response to actual malicious code a developer added to their NodeJS library. In this case, the guidance wasn’t to avoid using the software, just to avoid updating that software and if an update is necessary, to review the code carefully. This distinction is critical, and points to a fundamental freedom that free software provides (freedom 1, the freedom to study how the program works) that leads to another freedom: the freedom from coercion.

  • Linux secure networking security bug found and fixed | ZDNet

    Nothing is quite as vexing as a security hole in a security program. Xiaochen Zou, a graduate student at the University of California, Riverside, went looking for bugs in Linux and found a whopper. This vulnerability, CVE-2022-27666, in IPSec's esp6 (Encapsulating Security Payload) crypto module can be abused for local privilege escalation.

    [...]

    This is bad enough that both Red Hat and the National Institute of Standards and Technologies (NIST) give the hole a high Common Vulnerability Scoring System (CVSS) score of 7.8. Or, as I like to call vulnerabilities with such high scores, it's a "Fix it now!" bug.

  • “Ransomware Protection” in Windows doesn’t stop Ransomware, but does break old games, LibreOffice, and random applications. – BaronHK's Rants

    “Ransomware Protection” in Windows doesn’t stop Ransomware, but does break old games, LibreOffice, and random applications.

    MakeTechEasier posted an article about Windows “Ransomware Protection” and how to enable it.

    [...]

    To Microsoft, it doesn’t matter if it is secure. What matters is that you have a lot of pretty buttons and dials and shit that say something vaguely security-related.

    Windows Web sites are even over there cheering that you can set the default Web browser again after Microsoft disabled that for a year to strong arm people with Edge. How dumb is that?

  • Chrome 101: Federated Credential Management Origin Trial, Media Capabilities for WebRTC, and More

    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 101 is beta as of March 31, 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android.

»

More in Tux Machines

Android Leftovers

Canonical Masters and Buzzwords

  • Ubuntu Blog: MasterClass: Concept design [Ed: Canonical a week ago contradicts today's Canonical. With "master" in their headline. Same at IBM. Double standards.]

    The purpose of a trash in this case is to allow users to undo deletions. Based on this purpose, when the main action “delete” is performed, we know that it is an action we could undo. The structure of this trash is in a folder structure, meaning, it can contain both folders and files. This is important because the structure allows us to understand which actions can be taken with this concept. Finally, we have a behaviour. The behaviour shows us that whenever we delete a file or a folder, it is actually moved to a different folder called “Trash”. This will allow us to move it back to its original directory if we changed our minds. Only if we decide to “Empty trash” will we entirely remove the files in our “Trash” folder.

  • Operator Day hosted by Canonical

    Software operators are crucial elements in the Kubernetes landscape. They implement operational tasks covering everyday application management. They help human operators, administrators to run their applications efficiently and effectively. On Operator Day, Canonical speakers and guests share knowledge and insights about the journey from configuration management to application management. Canonical provides an entirely OSS-based platform and framework for software operators – Juju and the Charmed Operators. The various sessions will cover software operators, what they represent, how to use them, how to create them and how we can take advantage of them. We are delighted to see the rising interest in Kubernetes Operators. And of course, we are happy to cover this demand with the fourth edition of the Operator Day for the Kubecon EU 2022. Because of the uncertainties with planning travels between countries remain, we decided to run the event entirely virtually.

Peergos: Open-Source Google Drive Alternative for Self-Hosting

Google Drive is one of the most popular cloud storage services. And, for all the right reasons, it offers flexible pricing, regional pricing, and many other advantages. Unfortunately, it does not offer end-to-end encryption. Moreover, it is not an open-source offering. Read more

Best Free and Open Source Alternatives to Adobe After Effects

Adobe is a large multinational computer software company with over 22,000 employees. Its flagship products include Photoshop, Illustrator, InDesign, Premiere Pro, XD, Acrobat DC, and the Portable Document Format (PDF). The products are wrapped up and marketed as the Creative Cloud, a subscription-only way of accessing more than 20 desktop and mobile apps and services for photography, design, video, web, UX, and more. We are long-standing admirers of Adobe’s products. They develop many high quality proprietary programs. It’s true there are security and privacy concerns in relation to some of their products. And there’s considerable criticism attached to their pricing practices. But the real issue is Adobe Creative Cloud does not support Linux. And there’s no prospect of support forthcoming. Read more

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6