Security: X.Org Server, USBHarpoon, Kubernetes Penetration Testing

• Three New Security Advisories Hit X.Org's X11 Library

  It's been a while since last having any big security bulletins for the X.Org Server even though some of the code-base dates back decades and security researchers have said the security is even worse than it looks and numerous advisories have come up in recent years. But it's not because X11 is bug-free as today three more security bulletins were made public affecting libX11. Today's security advisory pertains to three different functions in libX11 that are affected by different issues. The security issues come down to off-by-one writes, a potential out of boundary write, and a crash on invalid reply.

• USBHarpoon: How “Innocent” USB Cables Can Be Manipulated To Inject Malware

  Back in 2014 Black Hat Conference, crypto specialists Karsten Nohl and Jakob Lell introduced the concept of BadUSB — a USB security flaw which allows attackers to turn a USB into a keyboard which can be used to type in commands. Now, a researcher from SYON Security has managed to build a modified USB charging cable that will enable hackers to transfer malware on your PC without you even noticing it. Behind the hood is the BadUSB vulnerability. [...] While BadUSB is gradually climbing the ladder towards the mainstream cyber attacks, people are also coming up with the corresponding firewalls to tackle the new age attacks.

• Open Source 'Kube-Hunter' Does Kubernetes Penetration Testing

  Aqua Security released the open source kube-hunter tool for penetration testing of Kubernetes clusters, used for container orchestration. "You give it the IP or DNS name of your Kubernetes cluster, and kube-hunter probes for security issues -- it's like automated penetration testing," the company said in an Aug. 15 blog post. The tool -- with source code available on GitHub -- is also packaged by the company in a containerized version, which works with the company's kube-hunter Web site where test results can be seen and shared.

Linux-Friendly Hardware From Tranquil PC and Aaeon

• Rugged, Linux-ready mini-PC showcases Ryzen V1000

  Tranquil PC open pre-orders on a fanless, barebones “Mini Multi Display PC” mini-PC with AMD’s Ryzen Embedded V1000 SoC, 4x simultaneous 4K DisplayPort displays, 2x GbE, and up to 32GB DDR4 and 1TB storage. Manchester, UK based Tranquil PC has launched the first mini-PC based on the AMD Ryzen Embedded V1000. The Mini Multi Display PC is named for the Ryzen V1000’s ability to simultaneously drive four 4K displays, a feature supported here with 4x DisplayPorts. The NUC-like, aluminum frame system is moderately rugged, with 0 to 40°C support and IP50 protection.

• Apollo Lake Pico-ITX SBC has dual GbE ports and plenty of options

  Aaeon’s Apollo Lake powered “PICO-APL4” SBC offers a pair each of GbE, USB 3.0, and M.2 connections plus HDMI, SATA III, and up to 64GB eMMC. Aaeon has spun another Pico-ITX form-factor SBC featuring Intel Apollo Lake processors, following the PICO-APL3 and earlier PICO-APL1. Unlike those SBCs, the new PICO-APL4 has dual Gigabit Ethernet ports, among other minor changes.

State Certifies LA County’s New Open-Source Vote Tally System

Los Angeles County’s open-source vote tally system was certified by the secretary of state Tuesday, clearing the way for redesigned vote-by-mail ballots to be used in the November election. “With security on the minds of elections officials and the public, open-source technology has the potential to further modernize election administration, security and transparency,” Secretary of State Alex Padilla said. “Los Angeles County’s VSAP vote tally system is now California’s first certified election system to use open-source technology. This publicly-owned technology represents a significant step in the future of elections in California and across the country.” The system — dubbed Voting Solutions for All People (VSAP) Tally Version 1.0 — went through rigorous security testing by staffers working with the secretary of state as well as an independent test lab, according to county and state officials.

Mesa and NVIDIA Graphics on Linux

• Collabora's Mesa EGLDevice Work To Better Support Multiple GPUs

  As covered earlier this month, Emil Velikov at Collabora has been working on EGLDevice support for Mesa. These EGL extensions originally developed by NVIDIA are being pursued by Mesa developers for better dealing with the enumeration and querying of multiple GPUs on a system. Right now there is the DRI_PRIME environment variable to allow toggling between systems primarily with two GPUs (namely, Optimus notebooks have been the main use-case) but using EGLDevice support by the Mesa drivers the matter of GPU selection for OpenGL rendering can be made by the application/toolkit developer and for other scenarios like multi-GPU systems running without a display server.

• NVIDIA 396.54 Linux Driver Released To Fix A OpenGL/Vulkan Performance Bug

  One day after announcing the GeForce RTX 2070/2080 series, NVIDIA has released a new Linux driver. But it's not a major new driver branch at this time (that's presumably coming closer to the 20 September launch date) with the Turing GPU support, but is a point release delivering a practical bug fix. The sole change listed in today's NVIDIA 396.54 driver update is, "Fixed a resource leak introduced in the 390 series of drivers that could lead to reduced performance after starting and stopping several OpenGL and/or Vulkan applications."