Security: Dropbox, FUD, CNCF, 'Cloud'
-
Dropbox has some genuinely great security reporting guidelines, but reserves the right to jail you if you disagree
Dropbox's position, however reasonable in many of its aspects, is woefully deficient, because the company reserves the right to invoke DMCA 1201 and/or CFAA and other tools that give companies the power to choose who can say true things abour mistakes they've made.
This is not normal. Before DRM in embedded software and cloud connectivity, became routine there were no restrictions on who could utter true words about defects in a product. [...]
-
Hackers Infect Linux Servers With Monero Miner via 5-Year-Old Vulnerability [Ed: A five-year-old vulnerability implies total neglect by sysadmins, not a GNU/Linux weakness]
Attackers also modified the local cron jobs to trigger a "watchd0g" Bash script every three minutes, a script that checked to see if the Monero miner was still active and restarted XMRig's process whenever it was down.
-
GitHub: Our dependency scan has found four million security flaws in public repos [Ed: No, GitHub just ran a scan for old versions being used and reused. It cannot do this for proprietary software, but the issues are there and the risks are no better.]
GitHub says its security scan for old vulnerabilities in JavaScript and Ruby libraries has turned up over four million bugs and sparked a major clean-up by project owners.
The massive bug-find total was reached within a month of the initiative's launch in November, when GitHub began scanning for known vulnerabilities in certain popular open-source libraries and notifying project owners that they should be using an updated version.
-
Envoy CNCF Project Completes Security Audit, Delivers New Release
The Cloud Native Computing Foundation (CNCF) has begun a process of performing third-party security audits for its projects, with the first completed audit coming from the Envoy proxy project.
The Envoy proxy project was created by ride-sharing company Lyft and officially joined the CNCF in September 2017. Envoy is a service mesh reverse proxy technology that is used to help scale micro-services data traffic.
-
Hybrid cloud security: Emerging lessons [Ed: 'Cloud' and security do not belong in the same headline because 'cloud' is a data breach, typically involving a company giving all its (and customers') data to some spying giant abroad]
- Login or register to post comments
- Printer-friendly version
- 4582 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago