Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • Your Smartphone Can Be Hacked Due To A Backdoor In Your Processor

    A new security vulnerability has been reported in the smartphones which use MediaTek Processors. MediaTek company is a Taiwan-based company which manufacturers processors for the budget range smartphones. The security bug was found because a debug feature was not closed on the smartphone after testing.

    A new bug has surfaced lately on the Android smartphones or tablets which use a MediaTek processor. These devices are vulnerable to remote hacking via a backdoor. This security vulnerability was discovered by a security researcher, Justin Case. The MediaTek company has been informed about the flaw. This security vulnerability is apparently due to a debug tool which was left open by MediaTek in the shipped devices.

  • Using IPv6 with Linux? You’ve likely been visited by Shodan and other scanners
  • Trojanized Android games hide malicious code inside images

    Over 60 Android games hosted on Google Play had Trojan-like functionality that allowed them to download and execute malicious code hidden inside images.

    The rogue apps were discovered by researchers from Russian antivirus vendor Doctor Web and were reported to Google last week. The researchers dubbed the new threat Android.Xiny.19.origin.

  • Google fixes multiple Wi-Fi flaws, mediaserver bugs in Android
  • On WebKit Security Updates

    Major desktop browsers push automatic security updates directly to users on a regular basis, so most users don’t have to worry about security updates. But Linux users are dependent on their distributions to release updates. Apple fixed over 100 vulnerabilities in WebKit last year, so getting updates out to users is critical.

More in Tux Machines

Linux Foundation: New Members, Certifications and Microsoft Entryism

ETSI/GNU/Linux-based MANO

  • ETSI Open Source MANO announces Release FOUR, moving faster than ever
    ETSI is pleased to announce the availability of OSM Release FOUR. Bringing a large set of new features and enhancements, this version is the most ambitious and innovative OSM Release to date and constitutes a huge leap forward in terms of functionality, user experience and maturity. This new Release brings substantial progress thanks to a number of architectural improvements, which result in a more efficient behaviour and much leaner footprint – up to 75% less RAM consumption. Additionally, its new northbound interface, aligned with ETSI NFV work, and the brand-new cloud-native setup, facilitate OSM’s installation and operation, while making OSM more open and simpler to integrate with pluggable modules and external systems, such as the existing OSS.
  • Open Source MANO Release FOUR lands
    In monitoring, ETSI says OSM Release FOUR's alarm and metric settings are easier to use, and a new policy manager adds push notifications and reactive policy configuration, which the standards body says “opens the door to closed-loop operations”. The monitoring module uses Apache Kafka as its message passing bus, and the module also implements a flexible plugin model so sysadmins can BYO monitoring environment.

today's howtos part 2

Programming: GitLab, Security, Power and Jakarta EE

  • GitLab 10.8 open sources push mirroring
    GitLab 10.8 was released this week with the open sourcing of a highly requested feature. The company announced its push mirroring capability is now open sourced. Push mirroring was originally introduced as a paid feature, but GitLab says it is one of the most frequently requested to be moved into the open-source codebase. This move will add a few new use cases for GitLab Core users, such as freelance developers being able to mirror client repos and users migrating to GitLab being able to use push mirroring to ease the migration path.
  • How Security Can Bridge the Chasm with Development
    Enhancing the relationships between security and engineering is crucial for improving software security. These six steps will bring your teams together. There's always been a troublesome rift between enterprise security teams and software developers. While the friction is understandable, it's also a shame, because the chasm between these teams makes it all the more challenging to build quality applications that are both great to use and safe.
  • Which Programming Languages Use the Least Electricity?
    Can energy usage data tell us anything about the quality of our programming languages? Last year a team of six researchers in Portugal from three different universities decided to investigate this question, ultimately releasing a paper titled “Energy Efficiency Across Programming Languages.” They ran the solutions to 10 programming problems written in 27 different languages, while carefully monitoring how much electricity each one used — as well as its speed and memory usage.
  • How Java EE found new life as Jakarta EE
    The title of this post may seem strange, but if you look a bit into Java EE's recent history, it will make sense. Originally, Sun started and ran Java Enterprise Edition, and later Oracle took over after it acquired Sun. Specifications were driven by a Sun/Oracle-governed process. At more or less regular intervals, they made a new version of the specification available, which was implemented by the server vendors. Those vendors had to license the technology compatibility kits (TCKs) and brand from Oracle. Let's fast-forward a bit. In 2013, Java EE 7 was released, and Oracle began work on EE8, but it did not progress quickly. Meanwhile, new technologies like Docker and Kubernetes came along and changed the way applications run. Instead of running a single fat server process on a big machine, the software is now split into smaller, independent services that run in a (usually) Docker container orchestrated by Kubernetes.