Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Mozilla Attack & Defense: Inspecting Just-in-Time Compiled JavaScript

    The security implications of Just-in-Time (JIT) Compilers in browsers have been getting attention for the past decade and the references to more recent resources is too great to enumerate. While it’s not the only class of flaw in a browser, it is a common one; and diving deeply into it has a higher barrier to entry than, say, UXSS injection in the UI. This post is about lowering that barrier to entry.

    If you want to understand what is happening under the hood in the JIT engine, you can read the source. But that’s kind of a tall order given that the folder js/ contains 500,000+ lines of code. Sometimes it’s easier to treat a target as a black box until you find something you want to dig into deeper. To aid in that endeavor, we’ve landed a feature in the js shell that allows you to get the assembly output of a Javascript function the JIT has processed. Disassembly is supported with the zydis disassembly library (our in-tree version).

    To use the new feature; you’ll need to run the js interpreter. You can download the jsshell for any Nightly version of Firefox from our FTP server – for example here’s the latest Linux x64 jsshell. Helpfully, these links always point to the latest version available, historical versions can also be downloaded.

  • Security updates for Tuesday

    Security updates have been issued by CentOS (dovecot), Debian (gnome-shell and teeworlds), Mageia (libetpan and zeromq), openSUSE (libxml2), Red Hat (chromium-browser and librepo), SUSE (compat-openssl098, firefox, kernel, openssl, and shim), and Ubuntu (gupnp).

  • Google Launches Confidential VMs, GKE Nodes, to Encrypt Data In-Use [Ed: The Linux Foundation is paying this publisher to participate in Google PR ploy, portraying servers controlled by Google as some sort of privacy magic]

    Google is hoping to make confidential computing — the encryption of data in-use — as easy as the click of a button for cloud native users. To this end, the company has released into general availability Confidential Virtual Machines (VMs), unveiled as a beta in July, as well as beta launched Google Kubernetes Engine (GKE) Confidential Nodes.

  • House approves bill to secure internet-connected federal devices against cyber threats

    The legislation would also require private sector groups providing devices to the federal government to notify agencies if the [Internet]-connected device has a vulnerability that could leave the government open to attacks.

    The bill is sponsored in the House by Reps. Robin Kelly (D-Ill.) and Will Hurd (R-Texas) and more than two dozen others.

  • Microsoft ends support for Office 2010: What you can do

    If the whole Microsoft thing is getting too complicated or too expensive for your pocketbook, we've reviewed the major alternative programs to Office, including Google's online application, LibreOffice, FreeOffice and more. Because they're all free, there's little risk to trying them.

More in Tux Machines

Open Source Lightweight Directory Access Protocol Solutions

LDAP (Lightweight Directory Access Protocol) is an application protocol for accessing directory services. It runs on a layer above the TCP/IP stack incorporating simplified encoding methods, and offers a convenient way to connect to, search, and modify Internet directories, specifically X.500-based directory services. It is an open, vendor-neutral, industry standard application protocol. LDAP utilizes a client-server model. This protocol is specifically targeted at management applications and browser applications that provide read/write interactive access to directories. The main benefit of using an LDAP server is that information for an entire organization can be consolidated into a central repository. LDAP supports Secure Sockets Layer (SSL) and Transport Layer Security (TLS), so that sensitive data can be protected. LDAP servers are used for a variety of tasks including, but not limited to, user authentication, machine authentication, user/system groups, asset tracking, organization representation, and application configuration stores. Read more

Telegram for Ubuntu 20.04 LTS, Mint Ulyana and Latest Fedora

This is for you who want to have Telegram application on Ubuntu Focal Fossa and latest GNU/Linux Mint 20 Ulyana and Fedora 32. You can also practice this on other great OSes released just recently most notably MX Patito Feo and deepin 20. This means you can enjoy the fastest instant messenger on latest free software operating systems released this year for your computer and laptop. Enjoy Telegram! Read more

Introducing Precursor

Precursor is a mobile, open source electronics platform. Similar to how a Raspberry Pi or an Arduino can be transformed into an IoT gadget with the addition of a couple breakout boards, some solder, and a bit of code, Precursor is a framework upon which you can assemble a wide variety of DIY mobile applications. Precursor is unique in the open source electronics space in that it’s designed from the ground-up to be carried around in your pocket. It’s not just a naked circuit board with connectors hanging off at random locations: it comes fully integrated—with a rechargeable battery, a display, and a keyboard—in a sleek, 7.2 mm (quarter-inch) aluminum case. Read more

today's howtos