Language Selection

English French German Italian Portuguese Spanish

Security, FUD, Openwashing and Threats

Filed under
Server
Security
  • Security updates for Tuesday

    Security updates have been issued by Debian (curl and otrs2), Fedora (NetworkManager-ssh and python-psutil), Mageia (ipmitool, libgd, libxml2_2, nextcloud, radare2, and upx), openSUSE (inn and sudo), Oracle (kernel, ksh, python-pillow, and thunderbird), Red Hat (curl, kernel, nodejs:10, nodejs:12, procps-ng, rh-nodejs10-nodejs, ruby, and systemd), SUSE (dpdk, firefox, java-1_7_1-ibm, java-1_8_0-ibm, libexif, libvpx, nodejs10, nodejs8, openssl1, pdsh, slurm_18_08, python-azure-agent, python3, and webkit2gtk3), and Ubuntu (libapache2-mod-auth-mellon, libpam-radius-auth, and rsync).

  • New Critical RCE Bug in OpenBSD SMTP Server Threatens Linux Distros [Ed: Typical FUD associating "Linux" with a package that GNU/Linux distros do not come with]

    Security researchers have discovered a new critical vulnerability in the OpenSMTPD email server. An attacker could exploit it remotely to run shell commands as root on the underlying operating system.

  • New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers [Ed: Again attributing to operating systems bugs in pertinent packages they may not even have]

    OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems.
    OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers.
    It was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems.

  • Y2K bug has a 2020 echo

    The New Scientist reports on problems with software caused by an echo of the Y2K bug that had every excited in the late 1990s.

    It turns out one of the fixes then was to kick various software cans down the road to 2020. In theory that gave people 20 years to find long term answers to the problems. In some cases they might have expected software refreshes to have solved the issue.

    [...]

    This happens because Unix time started on January 1 1970. Time since then is stored as a 32-bit integer. On January 19 2038, that integer will overflow.

    Most modern applications and operating systems have been patched to fix this although there are some compatibility problems. The real issue comes with embedded hardware, think of things like medical devices, which will need replacing some time in the next 18 years.

  • The “Cloud Snooper” malware that sneaks into your Linux servers [Ed: They don't want to mention that people actually need to install this malware on GNU/Linux for dangers to become viable. Typical Sophos FUD/sales.]
  • Cybersecurity alliance launches first open source messaging framework for security tools [Ed: Openwash of proprietary software firms]

    Launched by the Open Cybersecurity Alliance (OCA), a consortium of cybersecurity vendors including IBM, Crowdstrike, and McAfee, on Monday, the OCA said that OpenDXL Ontology is the "first open source language for connecting cybersecurity tools through a common messaging framework."

  • Microsoft uses its expertise in malware to help with fileless attack detection on Linux [Ed: Truly laughable stuff as Microsoft specialises in adding back doors, then abusing those who speak about it]
  • Azure Sphere, Microsoft's Linux-Powered IoT Security Service, Launches [Ed: Microsoft is Googlebombing "Linux" again; you search for Linux news, you get Microsoft Azure (surveillance) and proprietary malware, instead.]

'Security'

Microsoft news disguised as "Linux"

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Python Programming

  • PyCharm IDE 2020.1 Released with Interactive Rebasing

    PyCharm IDE 2020.1 was released a day ago as the first major release in 2020. The new version features interactive rebasing, smarter debugging, and JetBrains Mono font.

  • Flask Delicious Tutorial : Building a Library Management System Part 3 - Routes

    I have configured what we need in this repo: DeliciousFlask-3.1. Download it, and run app.py (If you are new to python see Part2). In this part we explore some concepts related to routes.

  • Talk Python to Me: #259 From Academia to Tech Industry and Python

    Did you come to Python from the academic side of the world? Maybe got into working with code for research or lab work and found you liked coding more than your first field of study. Whatever the reason, many people make the transition from the academic world over to tech and industry. On this episode, you'll meet three women who have made this transition, and you'll hear their stories. I'm excited to speak with Jennifer Stark, Kaylea Haynes, and Eslene Bikoumou about their journey to the tech field.

  • Test and Code: 108: PySpark - Jonathan Rioux

    Apache Spark is a unified analytics engine for large-scale data processing. PySpark blends the powerful Spark big data processing engine with the Python programming language to provide a data analysis platform that can scale up for nearly any task. Johnathan Rioux, author of "PySpark in Action", joins the show and gives us a great introduction of Spark and PySpark to help us decide how to get started and decide whether or not to decide if Spark and PySpark are right you.

  • Temporary Contact Number based Contact Tracing

    I have already talked here before about privacy preserving contact tracing to fight Covid-19 but I figured I give an update to this. I have spent the last week now investigating different approaches to this and my view has changed quite a bit. I strongly believe that contact tracing through phone apps is one of our best chances to return to normal and without losing our civil liberties. If you want to understand why, have a look at previous post about this topic. [...] If your local government is planning on implementing a covid tracing app it might be worth directing them towards Co-Epi. It already has an implementation of many of the same ideas in their GitHub repository. If they do want a centralized approach the Singaporean government Open Sourced their application under GPL3 under the name BlueTrace. It avoids largely unnecessary cloud infrastructure from what I can tell.

today's howtos

Jupiter Broadcasting (Bought by Linux Academy, Now Cloud Guru) Publishes Last Shows

  • Hiatus | Choose Linux 33

    Choose Linux enters indefinite hiatus.

  • Goodbye from Linux Action News

    In what turns out to be our final publication, we say goodbye.

  • 2020-04-09 | Linux Headlines

    The Fintech Open Source Foundation is joining The Linux Foundation, Samsung releases user-space exFAT tools for Linux, Docker Compose is getting a formal specification with the help of a new open source community, and the latest Windows 10 Insider Preview includes File Explorer integration in the Windows Subsystem for Linux.

  • Compromised Networking | Self-Hosted 16

    We share some WiFi tips and essential network ideas. And discuss one of our most significant compromises in the show so far.

Android Leftovers