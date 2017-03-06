Language Selection

Monday 6th of March 2017 07:00:23 PM
Security
  • Third-Party Vendor Issues Temporary Patch for Windows GDI Vulnerability [Ed: Microsoft is so negligent when it comes to patching that some random companies out there attempt to patch binaries]

    A vulnerability discovered by Google Project Zero security researchers and left without a patch by Microsoft received a temporary fix from third-party security vendor ACROS Security.

    The vulnerability, tracked as CVE-2017-0038, is a bug in Windows GDI (Graphics Device Interface), a library that Windows uses to process graphics and formatted text, for both the video display and when sending data to local printers.

    According to Google researchers, attackers could leverage malformed EMF files to expose data found in the victim's memory, which can then be leveraged to bypass ASLR protection and execute code on the user's computer.

  • HackerOne opens up bug bounties to open source

    HackerOne is bringing bug hunting and software testing to open source developers to help make open source software more secure and safer to use.

    A lot of modern tools and technologies depend on open source software, so a security flaw can wind up having a widespread impact -- the Heartbleed flaw in OpenSSL, for example. Many open source projects still rely on the "thousand eyes" concept when it comes to software security -- that anyone being able to see the source code means defects are found and fixed faster. While it's true to some extent, it doesn't apply if no one is actually looking at the code, as we've learned repeatedly over the past few years.

  • WordPress 4.7.3 Security and Maintenance Release

    WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

Flash ROMs with a Raspberry Pi

I previously wrote a series of articles about my experience flashing a ThinkPad X60 laptop with Libreboot. After that, the Libreboot project expanded its hardware support to include the ThinkPad X200 series, so I decided to upgrade. The main challenge with switching over to the X200 was that unlike the X60, you can't perform the initial Libreboot flash with software. Instead, you actually need to disassemble the laptop to expose the BIOS chip, clip a special clip called a Pomona clip to it that's wired to some device that can flash chips, cross your fingers and flash. Read more

How Linux Conquered the Data Center

Some of the people who worked to create the original Linux operating system kernel remember this time with almost crystal clarity, as though a bright flashbulb indelibly etched its image on the canvasses of their minds. It was the weekend before the 18th anniversary of the first moon landing: July 20, 1998. Red Hat was continuing to gather together names of new allies and prospective supporters for its enterprise Linux. Several more of the usual suspects had joined the party: Netscape, Informix, Borland’s Interbase, Computer Associates (now CA), Software AG. These were the challengers in the Windows software market, the names to which the VARs attached extra discounts. As a single glimpse of the Softsel Hot List or the Ingram Micro D sales chart would tell any CIO studying the market, none of these names were the leaders in their respective software categories, nor were they expected to become leaders. Read more

Which is the fastest web browser for Linux PC/laptops

Web browsers are one the most important constituents of any computer in today’s world. Without web browser, there can be no Internet and surfing. So which web browser is most popular among Linux users. According to a survey done by LinuxQuestions, Mozilla’s Firefox was all time favorite among Linux users with nearly a 51.7 percent of them using Firefox. Google’s Chrome came in second with a mere 15.67 percent. The rest of the vote being divided between a multitude of obscure browsers.mostly in single percentages. Read more

UK GDS: ‘Give IT staff time to work on open source’

Public administrations that want to maintain open source software solutions should give their IT staff time to work on these and other open source projects, recommends Anna Shipman, the Open Source Lead at the UK’s Government Digital Service (GDS). Developers can then apply patches, look at outstanding issues, or deal with pull requests, all tasks that “don’t necessarily fit in the schedule of work you have for your team”, said Shipman, speaking at the GOTO conference in Berlin last November. Read more

