While it's true that an NSA analyst sent out an email about KDBUS security, it hopefully shouldn't raise any alarm bells. The thread in question is about credential faking for KDBUS and why it's even there. Stephen Smalley of the NSA was asking why there's support for credential faking for this soon-to-be-in-kernel code while it wasn't part of the original D-Bus daemon in user-space. The preference of Stephen Smalley is to actually get rood of this functionality that could be abused.
The results are fascinating.The Census Project is very, very good at identifying projects which are still widely popular, but which are hardly maintained. This is the sweet spot for the Core Infrastructure Initiative to look into to try to identify lurking issues and help find a way to fix them before they become problems for our core infrastructure.
The open-source OpenSSL cryptographic library project came out today with a high-severity security advisory and patched a single vulnerability, identified as CVE-2015-1793. OpenSSL is a widely used technology that helps to enable Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption for Web data transport for both servers and end-user devices.
A 'HIGH SEVERITY' BUG is currently unpatched in OpenSSL, the open source software used to encrypt internet communications, and a new version is due to be released on 9 July.
There's a critical vulnerability in some versions of the widely used OpenSSL code library that in some cases allows attackers to impersonate cryptographically protected websites, e-mail servers, and virtual private networks, according to an advisory issued early Thursday morning.
We heard another big OpenSSL vulnerability would be announced soon and today it's been made public: OpenSSL's latest "high" severity security vulnerability.
The OpenSSL project has disclosed a new certificate validation vulnerability.
The latest OpenSSL security hole isn't a bad one as these things go. It's no Heartbleed, Freak, or Logjam. But it's serious enough that, if you're running alpha or beta operating systems, you shouldn't delay patching it.
Fortunately, the affected OpenSSL versions are not commonly used in enterprise operating systems. For example, it doesn't impact shipping and supported versions of Red Hat Enterprise Linux (RHEL) or Ubuntu. In the case of Ubuntu, it does affect the 15.10 development release, but the patch is already available.
The OPNsense 15.7 release added i386 and NanoBSD support, LibreSSL support, re-based to FreeBSD 10.1, added OpenDNS support, intrusion detection support, new local/remote backlist options, some security fixes, and added many other new features.
bsdtalk 254 [Ogg]
The ecosystem is based on Security-Enhanced Linux (SELinux), but it adds role-based access control with a policy for each role, so no one can get to the system root and the root can’t see user data. All access is logged, so any attempts to penetrate the system can be traced. Policies are based on roles such as security admin, audit admin and sysadmin, and each file is tagged with a security level so some users can see it while others can’t.
The main features at a glance:
Using Sencha ExtJS 5.1.1 framework for the WebGUI
Add a new dashboard and widgets
Many internal improvements and bugfixes
Improved the internal network interface backend
Add Wi-Fi support. Only WPA & WPA2 is supported
Add VLAN support
The network interface configuration page has been modified. Now only the configuration values are displayed. Use the dashboard widget to show the state of all network interfaces.
The public key of the user must now be specified in the RFC 4716 SSH public key file format. It is possible to add multiple keys.
Option to turn off the collection of system performance statistics.
Use the browser local storage to store the WebGUI state (e.g. displayed grid columns, column width, …) instead of cookies.