phoronix.com: Just about 24 hours ago I spread the news about a major vulnerability in X.Org / XKB that makes it trivial for anyone with physical access to a Linux-based desktop system to easily bypass any screensaver lock whether you're using GNOME, KDE, or most other desktop environments. So what's changed in the past day?
mrpogson.com: One of the advantages of FLOSS (Free/Libre Open Source Software) is that it’s not created and distributed in the vacuum of a heavily EULAed/binary/closed environment and anyone can examine the code.
itpro.co.uk: BIND 9 DNS servers across the web have crashed, with a zero-day vulnerability believed to be the cause.
h-online.com: The recent Kernel Summit, LinuxCon Europe and Realtime Workshop events revealed lots of interesting developments from the kernel scene, including a few details of the hack at kernel.org.
datamation.com: For years, one of the biggest benefits of escaping Microsoft Windows was that running a security suite with a Linux distribution was completely unnecessary. There simply wasn't a need for it.
winehq.org: I am sad to say that there was a compromise of the WineHQ database system.
lwn.net: Of the 171 trees that represent work for the next merge window, 89 only exist on kernel.org machines. This means (obviously) that I have not had updates to those 89 trees since the kernel.org servers were taken down.
pcworld.com: The website for the open-source MySQL database was hacked and used to serve malware to visitors Monday.
Also: MySQL at the core of commercial open source
mrpogson.com: A recent bug reported in Ubuntu GNU/Linux is that apt-key fails to properly check the package-signing keys downloaded from an Ubuntu repository. Debian has the same faulty code but thankfully it is disabled.
- Is Linux Still The Safest Operating System?
- Some Linux Foundation crack attack details emerge
- Open Ballot: Is Linux really so secure?