Language Selection

English French German Italian Portuguese Spanish


Security Leftovers

Filed under
  • As U.S. indicts foreign hackers, American cyber spies fear arrests in tit-for-tat action

    Federal prosecutors call it a “naming and shaming” strategy against hackers working for adversary nations, but former U.S. cyber spies worry they will be the ones ending up in a foreign prison.

    Repeatedly in recent years, U.S. prosecutors have filed criminal charges against hackers working for foreign governments, saying that even if the hackers never get hauled into a U.S. courtroom, the indictments serve as a warning shot across the bow of nations like China, Iran and Russia.

  • Linus Torvalds Slams AMD CPU flaw security report

    The spectre and meldown security vulnerabilities have woken up the industry to potential security flaws in hardware that can be exploited to compromise the integrity of the native computer security role based authentication.

    Now a new report has indicated potential vulnerabilities on AMD, but Linus Torvalds has jumped into this discussion and shot down this report is not technically sound.

  • Gray Hat


    Marcus Hutchins stopped one of the most dangerous cyberattacks ever. Then the FBI arrested him. Does a hacker [sic] hero always have to have a past?

  • [Crackers] could kill patients by attacking their pacemakers, warns Royal Academy of Engineering


    The experts cautioned that pacemakers or wearable health monitors which are linked up to the [I]nternet or internal computer networks could also provide a gateway for [crackers] to plant ransomware into systems, potentially crippling in the NHS or government departments.

  • Security Vulnerability Hidden in Scarlett Johansson Image

Security Leftovers

Filed under

If you hitch a ride with a scorpion… (Coverity)

Filed under

I haven’t seen a blog post or notice about this, but according to the Twitters, Coverity has stopped supporting online scanning for open source projects. Is anybody shocked by this? Anybody?


Not sure what the story is with Coverity, but it probably has something to do with 1) they haven’t been able to monetize the service the way they hoped, or 2) they’ve been able to monetize the service and don’t fancy spending the money anymore or 3) they’ve pivoted entirely and just aren’t doing the scanning thing. Not sure which, don’t really care — the end result is the same. Open source projects that have come to depend on this now have to scramble to replace the service.


I’m not going to go all RMS, but the only way to prevent this is to have open tools and services. And pay for them.

Read more

Security: 17 Things

Filed under

A list for protecting yourself and others from the most common and easiest-to-pull-off security crimes.

I spend a lot of time giving information security advice, such as why RMF (Risk Management Framework) is too top-heavy for implementing risk management practices in small or R&D-focused organizations, what the right Apache SSL settings really are or how static analysis can help improve C code. What I'm asked for the most though isn't any of those things; it's the everyday stuff that even non-technical people can do to protect themselves from the looming but nebulous threat of an information security accident.

Read more

Security: CPU Patches, PostgreSQL, Apple 'Back Door'

Filed under
  • Canonical Releases Spectre/Meltdown Patches for Ubuntu 17.10 for Raspberry Pi 2

    Canonical published two security advisories on Thursday to announce the availability of Spectre mitigations for the ARM64 (AArch64) hardware architecture on its Ubuntu 17.10 and Ubuntu 16.04.4 LTS systems.

    In January, Canonical released several kernel updates for Ubuntu 17.10 (Artful Aardvark) and other supported Ubuntu releases with software mitigations against the Spectre and Meltdown security vulnerabilities. These patches were first released for 64-bit (amd64) architectures, and then for 32-bit (i386), PPC64el, and s390x systems.

    Today, the company announced the availability of new kernel updates that address both the Meltdown and Spectre security vulnerabilities for the ARM64 (AArch64) hardware architecture, patching the Raspberry Pi 2 kernel for Ubuntu 17.10, as well as its derivatives.

  • Oracle Patches Spectre for Red Hat

    The Red Hat community has patiently awaited a retpoline kernel implementation that remediates CVE-2017-5715 (Spectre v2) and closes all Meltdown and Spectre vulnerabilities that have captured headlines this year.

    Red Hat's initial fixes rely upon microcode updates for v2 remediation, a decision that leaves the vast majority of AMD64-capable processors in an exploitable state. Intel's new microcode has proven especially problematic; it performs badly and the January 2018 versions were plagued with stability issues that crashed many systems. It is a poor solution to a pressing problem.

  • ​Meet the Scarlett Johansson PostgreSQL malware attack

    t's not the first time an image has been used to give a victim malware, but it may be the first time it's been used so narrowly. According to the security firm Imperva, their StickyDB database management system (DBMS) honeypot has uncovered an attack that places malware, which cryptomines Monero, on PostgreSQL DBMS servers. Its attack vector? An image of Hollywood star Scarlett Johansson.

    Now, you might ask, "How many PostgreSQL DBMS servers are out there on the internet to be attacked?" The answer: "More than you'd expect." A Shodan search revealed almost 710,000 PostgreSQL servers ready to be hacked. It appears there are so many of them because it's way too easy, especially on Amazon Web Services (AWS), to set up PostgreSQL servers without security.

  • This Black Box Can ‘Unlock Your iPhone’ For Cops; Images Leaked

    The debate whether law enforcement agencies should be given exclusive access to iOS-powered Apple devices started when the FBI was unable to unlock San Bernardino shooter’s iPhone. Eventually, FBI found other ways to get inside Apple’s secured digital fortress, through an Israel-based company called Cellebrite.

    In the latest news, we have come across about a new iPhone unlocking device called GrayKey that can be used by law enforcement guys to harvest passcode of an iPhone and other iOS-powered devices such as iPads and iPods.

Security: HIPAA, Updates, Let’s Encrypt

Filed under

Security: Torvalds Rant Over AMD Flaws/Report, Intel Microcode Updates, Yahoo and Kubernetes

Filed under
  • Linus Torvalds Roasts CTS Labs After They Exposed AMD Chip Vulnerabilities

    Just a couple of days back, CTS researchers exposed more than a dozen ‘critical’ vulnerabilities in AMD chips marketed under the brand names Ryzen and Epyc. The company also claimed that a backdoor exists in AMD processors. Their revelation came with a well-decorated website, a whitepaper, and a video.

  • Torvalds wades into CTS Labs' AMD chip security report
  • Linux Torvalds casts shade on CTS Labs' AMD CPU flaw security report
  • Intel Rolls Out Updated, Post-Spectre CPU Microcode (20180312)

    Intel has published the Intel Processor Microcode Package for Linux 20180312 release with the latest improvements around the microcode-based approach for Spectre CPU vulnerability mitigation, succeeding their microcode updates from earlier in the year.

  • Judge Says Yahoo Still On The Hook For Multiple Claims Related To Three Billion Compromised Email Accounts

    A federal judge is going to let a bunch of people keep suing Yahoo over its three-year run of continual compromise. Yahoo had hoped to get the class action suit tossed, stating that it had engaged in "unending" efforts to thwart attacks, but apparently it just wasn't good enough to prevent every single one of its three billion email accounts from falling into the hands of hackers.

  • 3 best practices for securing Kubernetes environments

    The Kubernetes orchestration platform is such a gigantic open source project that its evolution is inherently rapid. The pace of change significantly increases the importance of adhering to security best practices when using the ever-changing Kubernetes platform to automate deployment, scaling, and management of containerized cloud-native applications.

    Ultimately, effective security also supports the entire Kubernetes project, since the technology's overall adoption depends on the confidence and trust that Kubernetes earns and establishes. That said, standard security procedures and practices that work well in traditional environments are often inadequate for securing Kubernetes environments, where traffic is vastly more dynamic, and where there must be security in place around the pods, containers, nodes, and images.

​Linus Torvalds slams CTS Labs over AMD vulnerability report

Filed under

CTS Labs, a heretofore unknown Tel Aviv-based cybersecurity startup, has claimed it's found over a dozen security problems with AMD Ryzen and EPYC processors. Linus Torvalds, Linux's creator, doesnt buy it.

Read more

Security: AMD, Updates, Reproducible Builds and More

Filed under
  • Israeli firm dumps AMD flaws with 24 hours notice

    Security researchers from a previously unknown Israeli company, CTS Labs, have disclosed 13 flaws in AMD processors. All can be taken advantage of only by an attacker who has already gained admin privileges within the system in question.

  • “Backdoor” Found In AMD CPUs, Researchers Discover 13 Critical Vulnerabilities In RYZEN And EPYC
  • Security updates for Wednesday
  • Reproducible Builds: Weekly report #150
  • ACME v2 and Wildcard Certificate Support is Live

    We’re pleased to announce that ACMEv2 and wildcard certificate support is live! With today’s new features we’re continuing to break down barriers for HTTPS adoption across the Web by making it even easier for every website to get and manage certificates.

    ACMEv2 is an updated version of our ACME protocol which has gone through the IETF standards process, taking into account feedback from industry experts and other organizations that might want to use the ACME protocol for certificate issuance and management some day.

    Wildcard certificates allow you to secure all subdomains of a domain with a single certificate. Wildcard certificates can make certificate management easier in some cases, and we want to address those cases in order to help get the Web to 100% HTTPS. We still recommend non-wildcard certificates for most use cases.

  • Samba critical flaws: Patch now but older open instances have 'far worse issues'
  • An overview of online ad fraud

    I have researched various aspects of the online advertisement industry for a while, and one of the fascinating topics that I have come across which I didn’t know too much about before is ad fraud. You may have heard that this is a huge problem as this topic hits the news often, and after learning more about it, I think of it as one of the major threats to the health of the Web, so it’s important for us to be more familiar with the problem.

    People have done a lot of research on the topic but most of the material uses the jargon of the ad industry so they may be inaccessible to those who aren’t familiar with it (I’m learning my way through it myself!) and also you’d need to study a lot to put a broad picture of what’s wrong together, so I decided to summarize what I have learned so far, expressed in simple terms avoiding jargon, in the hopes that it’s helpful. Needless to say, none of this should be taken as official Mozilla policy, but rather this is a hopefully objective summary plus some of my opinions after doing this research at the end.

Security: AMD and Samba Flaws

Filed under
Syndicate content

More in Tux Machines

today's leftovers

  • Zorin OS 12.3 Linux Distro Released: Download The Perfect Windows Replacement
    While listing out the best distros for a Linux beginner, the ease of use and installation are the most critical factors. Such qualities make distros like Linux Mint, Ubuntu, and Zorin OS the most recommended options. In case you’re also concerned about your privacy and security, a shift to the world of Linux becomes a more obvious option. Calling itself a replacement for Windows and macOS, Zorin OS has been established as a beginner-friendly option that offers a smooth ride while making the transition. The latest Zorin OS 12.3 release works to strengthen the basics of the operating system and polishes the whole experience.
  • Ramblings about long ago and far away
    I had originally run MCC (Manchester Computer Center Interim Linux) in college but when I moved it was easier to find a box of floppies with SLS so I had installed that on the 486. I would then download software source code from the internet and rebuild it for my own use using all the extra flags I could find in GCC to make my 20Mhz system seem faster. I instead learned that most of the options didn't do anything on i386 Linux at the time and most of my reports about it were probably met by eye-rolls with the people at Cygnus. My supposed goal was to try and set up a MUD so I could code up a text based virtual reality. Or to get a war game called Conquer working on Linux. Or maybe get xTrek working on my system. [I think I mostly was trying to become a game developer by just building stuff versus actually coding stuff. I cave-man debugged a lot of things using stuff I had learned in FORTRAN but it wasn't actually making new things.]
  • EzeeLinux Show 18.13 | Running Linux On Junk
    A talk about the advantages of running Linux on junk hardware.
  • Best 50 HD Wallpapers for Ubuntu
    Wallpapers are useful in many ways depending on the visual it contains for example if there is a motivational quote on it, it helps to motivate you. The images are the best type of wallpaper because they have an impact on the mind of a human being. So if you are a working professional and have to work continuously on a computer then your desktop cab be a source of inspiration and happiness. So today we are going to share 50 best HD Wallpapers for your Ubuntu which will keep your desktop fresh.
  • Ubuntu Tried Adding Synaptics Support Back To GNOME's Mutter
    GNOME developers previously dropped support for Synaptics and other input drivers from Mutter in favor of the universal libinput stack that is also Wayland-friendly. Canonical developers tried to get Synaptics support on X11 added back into Mutter but it looks clear now that was rejected. Canonical's Will Cooke reported in this week's Ubuntu happenings that they were trying to add upstream support for Synaptics to Mutter, complementing the libinput support. While it's great Canonical trying to contribute upstream to GNOME, Synaptics support was previously dropped as being a maintenance burden and with libinput support getting into rather good shape.
  • Long live Release Engineering
    y involvement in Fedora goes back to late 2003 early 2004 somewhere as a packager for I started by getting a few packages in to scratch some of my itches and I saw it as a way to give back to the greater open source community. Around FC3 somewhere I stepped up to help in infrastructure to rebuild the builders in plague, the build system we used before koji and that we used for EPEL(Something that I helped form) for awhile until we got external repo support in koji. I was involved in the implementation of koji in Fedora, I joined OLPC as a build and release engineer, where I oversaw a move of the OS they shipped from FC6 to F8, and laid a foundation for the move to F9. I left OLPC when Red Hat opensourced RHN Satellite as “spacewalk project” I joined Red Hat as the release engineer for both, after a brief period there was some reorganisation in engineering that resulted in me handing off the release engineering tasks to someone closer the the engineers working on the code. As a result I worked on Fedora full time helping Jesse Keating. When he decided to work on the internal migration from CVS to git I took over as the lead. [...] Recently I have accepted a Job offer to become the manager of a different team inside of Red Hat.

Linux 4.17 Spring Cleaning To Drop Some Old CPU Architectures and Recent Torvalds Interview

  • Linux 4.17 Spring Cleaning To Drop Some Old CPU Architectures
    Longtime Linux kernel developer Arnd Bergmann is working to drop a number of old and obsolete CPU architectures from the next kernel cycle, Linux 4.17. The obsolete CPU architectures set to be removed include Blackfin, CRIS, FR-V, M32R, MN10300, META (Metag), and TILE. Managing to escape its death sentence is the Unicore32 architecture with its port maintainer claiming it's still actively being used and maintained.
  • [Older] Linus Torvalds Interview by Kristaps

    Interviewer: we all know who Linus is, but not many people know he’s also a proficient diver. Why don’t we start at the beginning: where you first started diving, and when you started to take diving seriously.  

    Actually, it was related to open source, in some way. [...]

Software: KDE, DocKnot and More

  • This week in Usability & Productivity, part 10
    Today’s Usability & Productivity status is jam-packed with awesome stuff that I think you’re all really gonna love.
  • DocKnot 1.03
    This is the software that I use to generate documentation for my software. Currently, it just handles README,, and the top-level web page for the package.
  • Linux Release Roundup: Amarok Sees First Release in 3 Years
    The past 7 days have been pretty dang busy in Linux release land. We’ve taken a look at the best GNOME 3.28 features, recapped the latest Firefox 59 changes, and made ourselves comfortable with the latest changes to Linux audiobook player Cozy.

today's howtos/technical