Language Selection

English French German Italian Portuguese Spanish

Security and Linux/FOSS/Proprietary

Filed under
Security
  • Security updates for Monday
  • Why DANE isn't going to win

    1024 bit RSA keys are quite common throughout the DNSSEC system. Getting rid of 1024 bit keys in the PKI has been a long-running effort; doing the same for DNSSEC is likely to take quite a while. Yes, rapid rotation is possible, by splitting key-signing and zone-signing (a good design choice), but since it can’t be enforced, it’s entirely likely that long-lived 1024 bit keys for signing DNSSEC zones is the rule, rather than exception.

  • RealVNC: more open remote access protocols will increase security

    Yes but RFB 5 is new... and it's a closed, secret, previously unpublished protocol (unlike earlier RFB 3.x versions).

    Hmm, still doesn't sound very secure.

    Security in remote access solutions will always be a concern for some it's true.

  • I worked at #HackingTeam, my emails were leaked to WikiLeaks and I’m ok with that

    Is radical transparency the best solution to expose injustice in this technocratic world, a world that is changing faster than law can keep up with?

    That question became even more relevant to me, a privacy activist, when I found myself in the Wikileaks archive, because I worked at Hacking Team 9 years ago.

    [...]

    This is a leak in the public interest, and I really feel that the personal and corporate damage is smaller than the improvement our society can gain from it. But to reach such an improvement, we have to focus on the bigger picture rather than getting distracted by the juicy details.

  • Hackers Remotely Kill a Jeep on the Highway—With Me in It

    Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.

    At that point, the interstate began to slope upward, so the Jeep lost more momentum and barely crept forward. Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver saw me, too, and could tell I was paralyzed on the highway.

  • 470,000 Vehicles At Risk After Hackers "Take Control & Crash" Jeep Cherokee From A Sofa 10 Miles Away

More in Tux Machines

PostgreSQL: pgFormatter v5.2 has been released

Version 5.2 of pgFormatter, a free and reliable tool used to format SQL and PLPGSQL code, has been officially released and is publicly available for download. A demonstration site is available online at http://sqlformat.darold.net/ pgFormatter is the most advanced SQL and PlPgsql code formatter and beautifier dedicated to PostgreSQL. It is provided as a CLI or a CGI program. This is a maintenance release to fix issues reported by users since the last three months. As usual there is also some improvements and new features. Read more Also: PostgreSQL: pgDay Paris 2022 — Call for Papers, Registration, and Sponsors

Tiny four-port net appliance runs Linux on Elkhart Lake

The NCA-1040 runs Linux on Intel’s quad-core, 1.5GHz/3.0GHz Atom x6413E or quad-core, 1.2GHz/3.0GHz Pentium N6415. Both Elkhart Lake processors provide Intel’s new AES-NI instruction set for network security, notes Lanner. The “fanless multi-service gateway” is aimed at “edge environment, branch offices and retail settings for applications such as routing, VoIP, VPN, firewall, IPS/IDS, web filtering, email server, high-volume storage and wireless networking hub,” says the company. Like Aaeon’s very similarly equipped FWS-2280, but unlike the previous Lanner systems, the NCA-1040 supports up to 32GB DDR4 3200 via a single slot. The 4x GbE ports use Intel i211 controllers. There is also an RJ45 console port. Read more

New Videos: Endless OS 4.0.0, KDE Plasma Panels, and Enterprise Linux Security

  1. Linux overview | Endless OS 4.0.0 - Invidious

    In this video, I am going to show an overview of Endless OS 4.0.0 and some of the applications pre-installed.

  2. Me And Plasma Panels Are FRIENDS Again! (DEVLOG) - Kockatoo Tube
  3. Enterprise Linux Security Episode 10 - The worst healthcare breaches of 2021 - Invidious

    Joao and Jay talk about the worst healthcare breaches of 2021, and some lessons that can be learned from these events.

IBM/Red Hat Leftovers

  • 6 edge computing trends to watch in 2022 | The Enterprisers Project

    While many aspects of edge computing aren’t new, the overall picture continues to evolve quickly. For example, “edge computing” encompasses the distributed retail store branch systems that have been around for decades. The term has also swallowed all manner of local factory floor and telecommunications provider computing systems, albeit in a more connected and less proprietary fashion than was the historical norm. Edge computing helps IT and business leaders solve problems as both sensor data and machine learning data proliferates. However, even if we see echoes of older architectures in certain edge computing deployments, we also see developing edge trends that are genuinely new or at least quite different from what existed previously. And they’re helping IT and business leaders solve problems in industries ranging from telco to automotive, for example, as both sensor data and machine learning data proliferates.

  • Digital transformation: Are you using the right metrics? | The Enterprisers Project

    For any digital transformation project to succeed, you need a well-laid-out road map, clear objectives, and bite-sized goals to mark the milestones. And it’s important to put those plans into action and measure their success against the pre-defined relevant metrics. The pandemic made the pace of digital transformation a key performance metric by making it urgent for enterprises to embrace and accelerate digital. Now it’s time to think beyond speed and measure the success of digital transformation against metrics that align with business goals.

  • How customers and partners are meeting growing market demands with Red Hat OpenShift and learning resources

    Which came first: the culture or the technology? Many companies are facing this Catch 22 as they modernize to better meet customer demands. It doesn’t have to be one before the other—actually, they should kind of go hand in hand. This month our customer success spotlights, which span from Europe to Southeast Asia, demonstrate how Red Hat helps customers focus on two critical components of success: helping their people learn new skills and implementing new technology. Let’s see how Red Hat OpenShift and Online Partner Enablement Network have helped customers and partners modernize their environments to keep up with growing market demands.

  • Automating host to host VPN tunnels with RHEL System Roles

    In today's world where organizations frequently use multiple cloud providers, datacenters, and systems in edge environments, secure communication between these distributed systems is essential. Host-to-host VPN tunnels allow for encrypted communication between systems, and are frequently used when traffic needs to traverse untrusted networks such as the public internet. While host-to-host VPN tunnels can be implemented on Red Hat Enterprise Linux (RHEL) manually, this can be time consuming and error-prone. Red Hat introduced the VPN RHEL System Role in RHEL 8.5 to provide an automated solution to implement host-to-host VPN connections, as well as opportunistic mesh VPNs. RHEL System Roles are a collection of Ansible roles and modules that are included in RHEL to help provide consistent workflows and streamline the execution of manual tasks. For more information on VPNs in RHEL, refer to the configuring a VPN with IPsec documentation.

  • Custom WebAssembly extensions in OpenShift Service Mesh

    Red Hat OpenShift Service Mesh 2.1 requires using WebAssembly extensions instead of Istio Mixer to extend Service Mesh functionality. The 2.11 release of Red Hat 3scale API Management also supports using WebAssembly extensions. Thus, the latest release of the 3scale integration for Istio uses the WebAssembly proxy instead of the Istio Mixer component. Developers can use WebAssembly extensions in OpenShift Service Mesh and 3scale to add features directly to the Envoy proxy, thereby moving common functionality out of applications and into the sidecar.

  • Boost Apache Camel performance on Quarkus

    Camel Quarkus is a subproject in the Apache Camel community that enables Camel to run on Quarkus. Apache Camel is the most popular open source community project aimed at solving all things integration. Quarkus is a Java framework tailored for OpenJDK HotSpot and GraalVM, boasting lightning-fast boot times and low memory utilization. This article explains how Camel has evolved over time and why it is now embracing Quarkus. I've included a quick getting started guide that will show you how easy it is to create a Camel Quarkus project and experience the significant performance benefits for yourself.