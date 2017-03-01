Language Selection

Security
  • Researchers find “severe” flaw in WordPress plugin with 1 million installs

    More than 1 million websites running the WordPress content management system may be vulnerable to hacks that allow visitors to snatch password data and secret keys out of databases, at least under certain conditions.

    The vulnerability stems from a "severe" SQL injection bug in NextGEN Gallery, a WordPress plugin with more than 1 million installations. Until the flaw was recently fixed, NextGEN Gallery allowed input from untrusted visitors to be included in WordPress-prepared SQL queries. Under certain conditions, attackers can exploit the weakness to pipe powerful commands to a Web server's backend database.

  • Botnets

    Botnets have existed for at least a decade. As early as 2000, hackers were breaking into computers over the Internet and controlling them en masse from centralized systems. Among other things, the hackers used the combined computing power of these botnets to launch distributed denial-of-service attacks, which flood websites with traffic to take them down.

    But now the problem is getting worse, thanks to a flood of cheap webcams, digital video recorders, and other gadgets in the "Internet of things." Because these devices typically have little or no security, hackers can take them over with little effort. And that makes it easier than ever to build huge botnets that take down much more than one site at a time.

  • Yahoo boss Marissa Mayer loses millions in bonuses over security lapses

    Yahoo chief executive Marissa Mayer will lose her annual bonus and the company’s top lawyer has been removed over their mishandling of security breaches that exposed the personal information of more than 1 billion users.

    Mayer’s cash bonus is worth about $2m a year and her personal cost from the security flaws increased when the board also accepted her offer to relinquish an annual stock award worth millions of dollars.

    Mayer, whose management team was found by an internal review to have reacted too slowly to one breach in 2014, said on Wednesday she wanted the board to distribute her bonus to Yahoo’s entire workforce of 8,500 employees. The board did not say if it would do so.

  • Unlimited randomness with the ChaosKey?

    A few days ago I ordered a small batch of the ChaosKey, a small USB dongle for generating entropy created by Bdale Garbee and Keith Packard. Yesterday it arrived, and I am very happy to report that it work great! According to its designers, to get it to work out of the box, you need the Linux kernel version 4.1 or later. I tested on a Debian Stretch machine (kernel version 4.9), and there it worked just fine, increasing the available entropy very quickly. I wrote a small test oneliner to test. It first print the current entropy level, drain /dev/random, and then print the entropy level for five seconds.

  • Startup Offers Free ‘Bug Bounty’ Help to Open Source Projects

    Many people don't realize much of the Internet is built on free software. Even giant companies like Facebook, Google, and Amazon rely extensively on big libraries of code—known as "open source" software"—written by thousands of programmers, who share their work with everyone.

    But no software is perfect. Like the proprietary code developed by many companies, open source software contains flaws that hackers can exploit to steal information or spread viruses. That's why a new initiative to patch those holes is important.

  • 50 Google Engineers Volunteered to Patch Thousands of Java Open Source Projects

    A year ago, several Google engineers got together and lay the foundation of Operation Rosehub, a project during which Google employees used some of their official work time to patch thousands of open source projects against a severe and widespread Java vulnerability.

    Known internally at Google as the Mad Gadget vulnerability, the issue was discovered at the start of 2015 but came to everyone's attention in November 2015 after security researchers from Foxglove Security showcased how it could be used to steal data from WebLogic, WebSphere, JBoss, Jenkins, and OpenNMS Java applications.

AMD Ryzen 7 1800X Linux Benchmarks

The day many of you have been waiting for is finally here: AMD Zen (Ryzen) processors are shipping! Thanks to AMD coming around at the last minute, I received a Ryzen 7 1800X yesterday evening and have been putting it through its paces. Here is my walkthrough of the Linux experience for the AMD Ryzen and new motherboard and a number of the initial Linux benchmarks for this high-end Zen CPU while much more coverage is coming in the hours and days ahead. Read more

today's howtos

Tizen News

  • Smartphone App: G Antivirus – Anti Malware and Data Security app is now available on Tizen Store
    All Tizen phones have only one antivirus security app which is made by Intel named McAfee Security. Kaspersky Lab, who has been a long time Tizen partner, announced their security solution for Tizen based IoT devices; but this is not a solution for smartphones. Today, an app developer Gagandeep Singh, has added a new antivirus security app named G Antivirus to the Tizen Store. As the name suggests the security app will scan your files for any potential virus.
  • Smartphone App: Wings for Twitter, a new twitter client released in Tizen Store
    Last month, a Twitter app client was added to the Tizen Store by KDF named ‘Client for Twitter’. Today, another Twitter client for Tizen smartphones has been added by app developer Kamil Nimisz, named Wings for Twitter. First impressions are that this is a good Twitter app for you to use on your Tizen smartphone. Very simple, easy to use, fast, secure, and synced across all devices etc. aNother great feature of this app is the ability to support multiple twitter accounts.
  • Smartphone App: Hound Player available in Tizen Store
    Samsung video player, VLC player and MX player (Using ACL Technology) are already 3 of the best video player apps available in the Tizen store as of today. Now, another developer has added a new video player app named Hound Player (previously doMovie) by Victor Sindee with lots of exciting features.

GNOME News

  • GNOME Games 3.24
    GNOME 3.24 will be out in a few weeks and with it will come Games 3.24. This new version will offer a few new features and many refinements, some of which have been implemented by new contributors theawless and Radhika Dua, kudos to them!
  • GNOME ED update – Week 9
    As mentioned in my previous post, I’ll be posting regularly with an update on what I’ve been up to as the GNOME Executive Director, and highlighting some cool stuff around the project! [...] A fairly lengthy and wide-ranging interview with myself has been published at cio.com. It covers a bit of my background (although mistakenly says I worked for Collabora Productivity, rather than Collabora Limited!), and looks at a few different areas on where I see GNOME and how it sits within the greater GNU/Linux movement – I cover “some uncomfortable subjects around desktop Linux”. It’s well worth a read.
  • GTK+ 3.22.9 Released for GNOME 3.22 Users with HiDPI and Wayland Improvements
    The release cycle of the GTK+ 3.22 toolkit is nowhere near the end of life, and a new point release appeared on the official FTP servers of the GNOME Project, versioned 3.22.9. GTK+ 3.22.9 has been released at the end of February two weeks after the launch of the eighth maintenance update to the GTK+ 3.22 stable series, which is targeted to users of the GNOME 3.22 desktop environment. GTK+ 3.22.9 is a modest update that adds a bunch of bug fixes and improvements for Wayland support, as well as HiDPI.
  • GNOME 3.24's Epiphany to Add New Search Engine Dialog, Improve Incognito Mode
    The GNOME developers are currently preparing to unleash the second and last Beta milestone for the upcoming GNOME 3.24 desktop environment, due for release on March 22, 2017. Therefore, we can't help but notice that many of the core components and applications from the GNOME 3.24 Stack have been updated lately, including the Epiphany web browser, which was bumped to version 3.23.91 (3.24 Beta 2). Quite a bunch of improvements and some new features have been added in this second Beta release of Epiphany 3.24, among which we can mention the implementation of a new search engine dialog, along with support for search engine bangs.

