Language Selection

English French German Italian Portuguese Spanish

Security: Updates, ZombieLoad, FTP, Hack.lu, Hacking SETI, and Microsoft Chaos

Filed under
Security
  • Security updates for Thursday
  • ZombieLoad Mitigation Costs For Intel Haswell Xeon, Plus Overall Mitigation Impact

    With tests over the past week following the disclosure of the Microarchitectural Data Sampling (MDS) vulnerabilities also known as "Zombieload", we've looked at the MDS mitigation costs (and now the overall Spectre/Meltdown/L1TF/MDS impact) for desktop CPUs, servers, and some laptop hardware. I've also begun doing some tests on older hardware, such as some Phoronix readers curious how well aging Intel Haswell CPUs are affected.

  • How to enhance FTP server security [Ed: It just needs to be abandoned]
  • Hack.lu 2019 Call for Papers, Presentations and Workshops

    The purpose of the hack.lu convention is to give an open and free playground where people can discuss the implication of new technologies in society. hack.lu is a balanced mix convention where technical and non-technical people can meet each others and share freely all kind of information. The convention will be held in the Grand-Duchy of Luxembourg in October (22-24.10.2019). The most significant new discoveries about computer network attacks and defenses, commercial security solutions, and pragmatic real world security experience will be presented in a three days series of informative tutorials. We would like to announce the opportunity to submit papers, and/or lightning talk proposals for selection by the hack.lu technical review committee. This year we will be doing workshops on the first day PM and talks of 1 hour or 30 minutes in the main track for the three days.

  • Hacking SETI
  • Legal Threats Make Powerful Phishing Lures

    On or around May 12, at least two antivirus firms began detecting booby-trapped Microsoft Word files that were sent along with some various of the following message: [...]

  • US officials say foreign election [cracking] is inevitable

    "Systems that are connected to the Internet, if they're targeted by a determined adversary with enough time and resources, they will be breached," Hickey said. "So, we need to be focusing on resilience."

  • Why a Windows flaw patched nine days ago is still spooking the Internet

    The vulnerability resides in Microsoft’s proprietary Remote Desktop Protocol, which provides a graphical interface for connecting to another computer over the Internet. Exploiting the vulnerability—which is present in older versions of Windows but not the much better secured Windows 8 and 10—requires only that an attacker send specific packets to a vulnerable RDP-enabled computer. In a testament to the severity, Microsoft took the highly unusual step of issuing patches for Windows 2003, XP, and Vista, which haven’t been supported in four, five, and seven years, respectively.

  • Serial publisher of Windows 0-days drops exploits for 2 more unfixed flaws

    In Tuesday’s disclosure, SandboxEscaper wrote that the Task Scheduler vulnerability works by exploiting a flaw in the way the Task Scheduler processes changes to discretionary access control list permissions for an individual file. An advisory published Wednesday by US Cert confirmed that the exploit worked against both 32-bit and 64-bit versions of Windows 10.

More in Tux Machines

GNU lightning 2.1.3 released!

GNU lightning is a library to aid in making portable programs 
that compile assembly code at run time. 
Development: 
http://git.savannah.gnu.org/cgit/lightning.git 
Download release: 
ftp://ftp.gnu.org/gnu/lightning/lightning-2.1.3.tar.gz 
  2.1.3 main features are the new RISC-V port, currently supporting 
only Linux 64 bit, and a major rewrite of the register live and 
unknown state logic, so that a long standing issue with a live 
register not accessed for several consecutive blocks could be 
incorrectly assumed dead. 
The matrix of built and tested environments is: 
aarch64	 Linux (Linaro, Foundation_v8pkg) 
alpha	 Linux (QEMU) 
armv7l	 Linux (QEMU) 
armv7hl	 Linux (QEMU) 
hppa	 Linux (32 bit, QEMU) 
i686	 Linux and Cygwin 
ia64	 Linux 
mips	 Linux (32 bit) 
powerpc32	Linux 
powerpc64	Linux and AIX 
powerpc64le	Linux 
riscv	 Linux (64 bit, QEMU) 
s390	 Linux (Hercules) 
s390x	 Linux (Hercules) 
sparc	 Linux (QEMU) 
sparc64	 Linux (QEMU) 
x32	 Linux (QEMU) 
x86_64	 Linux and Cygwin 

Read more

Programming: Python and C++

  • Python alternative to Docker

    Deploying a Python app to a server is surprisingly hard. Without blinking, you’ll be dealing with virtual environments and a host of other complications. The landscape of deployment methods is huge. What if I told you that there is a way to build your app into a single file and it isn’t a Docker container? In this article, we’re going to look at common ways of deploying Python apps. We’ll explore the touted benefits of Docker containers to understand why containers are so popular for web apps. Finally, we’ll look at an alternative to Docker that may be a lot simpler for your Python web app and compare and contrast this alternative against Docker.

  • How to Convert a Python String to int

    Integers are whole numbers. In other words, they have no fractional component. Two data types you can use to store an integer in Python are int and str. These types offer flexibility for working with integers in different circumstances. In this tutorial, you’ll learn how you can convert a Python string to an int. You’ll also learn how to convert an int to a string.

  • Free Coaching For PyGotham Speakers

    I help organize PyGotham, NYC’s annual conference about the Python programming language. For the third year in a row, we’re giving our speakers free sessions with a professional speaking coach, opera singer Melissa Collom. In the past we’ve limited coaching to first-time speakers, but we’re now able to coach everyone.

  • 8 Excellent C++ Natural Language Processing Tools

    Natural language processing (NLP) is a set of techniques for using computers to detect in human language the kinds of things that humans detect automatically. Natural language processing (NLP) is an exciting field of computer science, artificial intelligence, and computational linguistics concerned with the interactions between computers and human (natural) languages. It includes word and sentence tokenization, text classification and sentiment analysis, spelling correction, information extraction, parsing, meaning extraction, and question answering.

today's howtos

The [EndeavourOS] September release has arrived

The ISO contains: Linux kernel 5.2.14 Mesa 19.1.6 Systemd 243.0 Firefox 69 (Quantum) Arc-x-icons, a more complete and updated version than the Arc icon set used previously. The new EndeavourOS welcome launcher on both the live environment as on the installed system. It’s a one-click menu to the wiki for the basic system commands and setting up your hardware. Our Nvidia-installer is now installed by default which now also installs the dkms drivers. Gtop system monitor, a nice terminal-based system load monitor that launches from the panel. Read more