Language Selection

English French German Italian Portuguese Spanish

Security: Curl, OpenSUSE, Equifax and Kubernetes

Filed under
Security
  • Report from the curl bounty program

    We announced our glorious return to the “bug bounty club” (projects that run bug bounties) a month ago, and with the curl 7.65.0 release today on May 22nd of 2019 we also ship fixes to security vulnerabilities that were reported within this bug bounty program.

  • OpenSUSE Adds Option To Installer For Toggling Performance-Hitting CPU Mitigations

    With the newly released openSUSE Leap 15.1 they have added an option to their installer for toggling the CPU mitigations around Spectre / Meltdown / Foreshadow / Zombieload to make it very convenient should you choose to retain maximum performance while foregoing the security measures. But it also allows disabling SMT/HT from the installer should you prefer maximum security.

    When installing openSUSE Leap 15.1 today, I was a bit surprised to see a "CPU mitigations" option that allows toggling the value similar to the mitigations= kernel command line option.

  • Equifax just became the first company to have its outlook downgraded for a cyber attack
  • Equifax just became the first company to have its outlook downgraded for a cyber attack

    Moody’s has just slashed its rating outlook on Equifax, the first time cybersecurity issues have been cited as the reason for a downgrade.

    Moody’s lowered Equifax’s outlook from stable to negative on Wednesday, as the credit monitoring company continues to suffer from the massive 2017 breach of consumer data.

    “We are treating this with more significance because it is the first time that cyber has been a named factor in an outlook change,” Joe Mielenhausen, a spokesperson for Moody’s, told CNBC. “This is the first time the fallout from a breach has moved the needle enough to contribute to the change.”

    Equifax could not immediately be reached for comment.

  • Kubernetes security: 4 strategic tips

    As with all things security-related, “fingers crossed!” isn’t exactly a confident posture. Kubernetes offers a lot of powerful security-oriented features, and the community has shown a strong commitment toward the security of the project. But it’s always best to be proactive, especially if you or your teams are still relatively new to containers and orchestration.

    The fundamentals of security hygiene still largely apply, as we noted in our recent article, Kubernetes security: 5 mistakes to avoid. There’s also some new learning to be done to ensure you’re proactively managing the risks inherent in any new system, especially once it’s running in production.

More in Tux Machines

Debian: CUPS, LTS and Archival

  • Praise Be CUPS Driverless Printing

    Last Tuesday, I finally got to start updating $work's many desktop computers to Debian Buster. I use Puppet to manage them remotely, so major upgrades basically mean reinstalling machines from scratch and running Puppet. Over the years, the main upgrade hurdle has always been making our very large and very complicated printers work on Debian. Unsurprisingly, the blog posts I have written on that topic are very popular and get me a few 'thank you' emails per month. I'm very happy to say, thanks to CUPS Driverless Printing (CUPS 2.2.2+), all those trials and tribulations are finally over. Printing on Buster just works. Yes yes, even color booklets printed on 11x17 paper folded in 3 stapled in the middle.

  • Freexian’s report about Debian Long Term Support, August 2019

    Like each month, here comes a report about the work of paid contributors to Debian LTS.

  • Louis-Philippe Véronneau: Archiving 20 years of online content

    mailman2 is pretty great. You can get a dump of an email list pretty easily and mailman3's web frontend, the lovely hyperkitty, is well, lovely. Importing a legacy mailman2 mbox went without a hitch thanks to the awesome hyperkitty_import importer. Kudos to the Debian Mailman Team for packaging this in Debian for us. But what about cramming a Yahoo! Group mailing list in hyperkitty? I wouldn't recommend it. After way too many hours spent battling character encoding errors I just decided people that wanted to read obscure emails from 2003 would have to deal with broken accents and shit. But hey, it kinda works! Oh, and yes, archiving a Yahoo! Group with an old borken Perl script wasn't an easy task. Hell, I kept getting blacklisted by Yahoo! for scraping too much data to their liking. I ended up patching together the results of multiple runs over a few weeks to get the full mbox and attachments. By the way, if anyone knows how to tell hyperkitty to stop at a certain year (i.e. not display links for 2019 when the list stopped in 2006), please ping me.

Running The AMD "ABBA" Ryzen 3000 Boost Fix Under Linux With 140 Tests

Last week AMD's AGESA "ABBA" update began shipping with a fix to how the boost clock frequencies are handled in hopes of better achieving the rated boost frequencies for Ryzen 3000 series processors. I've been running some tests of an updated ASUS BIOS with this adjusted boost clock behavior to see how it performs under Linux with a Ryzen 9 3900X processor. The AGESA 1.0.0.3 ABBA update has an improved boost clock frequency algorithm along with changes to the idle state handling. This AGESA update should better position AMD Ryzen 3000 processors with the boost clock behavior expected by users with better hitting the maximum boost frequency and doing so more aggressively. Read more

Stable kernels 5.2.16, 4.19.74, and 4.14.145

  • Linux 5.2.16
    I'm announcing the release of the 5.2.16 kernel. All users of the 5.2 kernel series must upgrade. The updated 5.2.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.2.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...
  • Linux 4.19.74
  • Linux 4.14.145

Linux Container Technology Explained (Contributed)

State and local governments’ IT departments increasingly rely on DevOps practices and agile development methodologies to improve service delivery and to help maintain a culture of constant collaboration, iteration, and flexibility among all stakeholders and teams. However, when an IT department adopts agile and DevOps practices and methodologies, traditional IT problems still need to be solved. One long-standing problem is “environmental drift,” when the code and configurations for applications and their underlying infrastructure can vary between different environments. State and local IT teams often lack the tools necessary to mitigate the effects of environmental drift, which can hamper collaboration and agility efforts. Read more