Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • More than 300 Cisco switch models vulnerable to CIA hack

    A cache of CIA documents was dropped on the internet two weeks ago via WikiLeaks. It was a huge volume of data, some of which detailed CIA tools for breaking into smartphones and even smart TVs. Now, Cisco has said its examination of the documents points to a gaping security hole in more than 300 models of its switches. There’s no patch for this critical vulnerability, but it’s possible to mitigate the risk with some settings changes.

    Cisco’s security arm sent out an advisory on Friday alerting customers that the IOS and IOS XE Software Cluster were vulnerable to hacks based on the leaked documents. The 318 affected switch models are mostly in the Catalyst series, but there are also some embedded systems and IE-series switches on the list. These are enterprise devices that cost a few thousand dollars at least. So, nothing in your house is affected by this particular attack.

  • Assange chastises companies who haven't responded to CIA vulnerability offers

    Wikileaks head Julian Assange slammed companies not taking the site up on the sites offer to share security flaws the CIA had exploited in their products.

    In a screen-shot statement tweeted on Saturday, Wikileaks noted that "Organizations such as Mozilla" had responded to the site's emails offering unreleased security vulnerabilities from leaked CIA files. "Google and other companies" had not.

    "Most of these lagging companies have conflicts of interest due to their classified work with US government agencies. In practice such associations limit industry staff with US security clearances from fixing holes based on leaked information from the CIA. Should such companies choose to not secure their users against CIA or NSA attacks users may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts," the statement read.

    Wikileaks recently published a trove of files leaked from the CIA, including descriptions of hacking techniques. The site made an effort to redact source code showing how to actually accomplish the techniques, although enough code slipped through the cracks for researchers to reverse engineer at least one of the security flaws.

  • Gentoo: 201703-02 Adobe Flash Player: Multiple vulnerabilities

More in Tux Machines

Android Leftovers

Packet radio lives on through open source software

Packet radio is an amateur radio technology from the early 1980s that sends data between computers. Linux has natively supported the packet radio protocol, more formally known as AX.25, since 1993. Despite its age, amateur radio operators continue to use and develop packet radio today. A Linux packet station can be used for mail, chat, and TCP/IP. It also has some unique capabilities, such as tracking the positions of nearby stations or sending short messages via the International Space Station (ISS). Read more

Linux 4.14-rc2

I'm back to my usual Sunday release schedule, and rc2 is out there in all the normal places. This was a fairly usual rc2, with a very quiet beginning of the week, and then most changes came in on Friday afternoon and Saturday (with the last few ones showing up Sunday morning). Normally I tend to dislike how that pushes most of my work into the weekend, but this time I took advantage of it, spending the quiet part of last week diving instead. Anyway, the only unusual thing worth noting here is that the security subsystem pull request that came in during the merge window got rejected due to problems, and so rc2 ends up with most of that security pull having been merged in independent pieces instead. Read more Also: Linux 4.14-rc2 Kernel Released

Manjaro Linux Phasing out i686 (32bit) Support

In a not very surprising move by the Manjaro Linux developers, a blog post was made by Philip, the Lead Developer of the popular distribution based off Arch Linux, On Sept. 23 that reveals that 32-bit support will be phased out. In his announcement, Philip says, “Due to the decreasing popularity of i686 among the developers and the community, we have decided to phase out the support of this architecture. The decision means that v17.0.3 ISO will be the last that allows to install 32 bit Manjaro Linux. September and October will be our deprecation period, during which i686 will be still receiving upgraded packages. Starting from November 2017, packaging will no longer require that from maintainers, effectively making i686 unsupported.” Read more