Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Cryptojacking Code Found in 11 Open Libraries, Thousands Infected

    A cryptojacking code was found in 11 open-source code libraries written in Ruby, which have been downloaded thousands of times.
    Hackers downloaded the software, infected it with malware, and subsequently reposted it on the RubyGems platform, industry news outlet Decrypt reported on Aug. 21.

  • Malicious cryptojacking code found in 11 Ruby libraries

    Cryptojacking software has been found in 11 code libraries for the programming language Ruby—exposing thousands of people.

    The latest heist, discovered yesterday on code repository Github made use of a package manager called RubyGems, a popular program that allows developers to upload and share improvements on existing pieces of software.

  • Cryptojacking Scripts Found in 11 Open-Source Code Libraries

    According to a Decrypt report, the malware was discovered on Tuesday inside Github code repository, infecting the language manager called RubyGems.

  • First‑of‑its‑kind spyware sneaks into Google Play
  • Open-source spyware bypasses Google Play defenses — twice

    Radio Balouch — the app in question — is a legitimate radio application serving Balouchi music enthusiasts, except that it also included AhMyth, a remote access espionage tool that has been available on GitHub as an open-source project since late 2017.

    Lukas Stefanko, ESET researcher who uncovered the campaign, said the app was uploaded twice on Google Play — once on July 2 and a second time on July 13 — only to be swiftly removed by Google within 24 hours upon being alerted by the security team. It continues to be available on third-party app stores.

    While the service’s dedicated website “radiobalouch.com” is no longer accessible, the attackers also seem to have promoted the app on Instagram and YouTube. The app, in total, attracted over 100 installs.

  • 61 impacted versions of Apache Struts left off security advisories

    Security researchers have reviewed security advisories for Apache Struts and found that two dozen of them inaccurately listed affected versions for the open-source development framework.

    The advisories have since been updated to reflect vulnerabilities in an additional 61 unique versions of Struts that were affected by at least one previously disclosed vulnerability but left off the security advisories for those vulnerabilities.

  • Sectigo Sponsors Automated Certificate Issuance and Renewal in Electronic Frontier Foundation’s Certbot Open Source Software Tool

    Sectigo, the world’s largest commercial Certificate Authority (CA) and a provider of purpose-built and automated PKI management solutions, today announced its sponsorship of Electronic Frontier Foundation’s (EFF) free, open source software tool, Certbot, to support efforts to encrypt the entire internet and build a network that is more structurally private, safe, and protected against censorship.

Linux Foundation: Automotive Grade Linux Announcement and Calling Surveillance Operations "Confidential Computing"

Filed under
Linux
OSS
Security
  • Automotive Grade Linux Announces New Instrument Cluster Expert Group and UCB 8.0 Code Release

    Automotive Grade Linux (AGL), an open source project developing a shared software platform for in-vehicle technology, today announced a new working group focused on Instrument Cluster solutions, as well as the latest code release of the AGL platform, the UCB 8.0.

    The AGL Instrument Cluster Expert Group (EG) is working to reduce the footprint of AGL and optimize the platform for use in lower performance processors and low-cost vehicles that do not require an entire infotainment software stack. Formed earlier this year, the group plans to release design specifications later this year with an initial code release in early 2020.

    “AGL is now supported by nine major automotive manufacturers, including the top three producers by worldwide volume, and is currently being used in production for a range of economy and luxury vehicles” said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “The new Instrument Cluster Expert Group, supported by several of these automakers, will expand the use cases for AGL by enabling the UCB platform to support solutions for lower-cost vehicles, including motorcycles.”

  • Shhh! Microsoft, Intel, Google and more sign up to the Confidential Computing Consortium

    The Linux Foundation has signed up the likes of Microsoft and Google for its Confidential Computing Consortium, a group with the laudable goal of securing sensitive data.

    The group – which also includes Alibaba, Arm, Baidu, IBM, Intel, Red Hat, Swisscom and Tencent – will be working on open-source technologies and standards to speed the adoption of confidential computing.

    The theory goes that while approaches to encrypting data at rest and in transit have supposedly been dealt with, assuming one ignores the depressingly relentless splurts of user information from careless vendors, keeping it safe while in use is quite a bit more challenging. Particularly as workloads spread to the cloud and IoT devices.

  • Tech giants come together to form cloud security watchdog

    Some of the world’s biggest technology companies are joining forces to improve the security of files in the cloud. This includes Google, IBM, Microsoft, Intel, and many others.

    The news first popped up on the Linux Foundation, where it was said that the Confidential Computing Consortium will work to bring industry standards and identify the proper tools to encrypt data used by apps, devices and online services.

    At the moment, cloud security solutions focus to protect data that’s either resting, or is in transit. However, when the data is being used is “the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data.”

  • Tech firms join forces to boost cloud security

    Founding members of the group – which unites hardware suppliers, cloud providers, developers, open source experts and academics – include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.

    [...]

    “The earliest work on technologies that have the ability to transform an industry is often done in collaboration across the industry and with open source technologies,” said Jim Zemlin, executive director at the Linux Foundation.

    “The Confidential Computing Consortium is a leading indicator of what is to come for security in computing and will help define and build open technologies to support this trust infrastructure for data in use.”

  • Google, Intel and Microsoft form data protection consortium
  • Intel Editorial: Intel Joins Industry Consortium to Accelerate Confidential Computing

    Leaders in information and infrastructure security are well versed in protecting data at-rest or in-flight through a variety of methods. However, data being actively processed in memory is another matter. Whether running on your own servers on-prem, in an edge deployment, or in the heart of a cloud service provider’s data center, this “in-use” data is almost always unencrypted and potentially vulnerable.

  • Confidential Computing: How Big Tech Companies Are Coming Together To Secure Data At All Levels

    Data today moves constantly from on-premises to public cloud and the edge, which is why it is quite challenging to protect. While there are standards available that aim to protect data when it is in rest and transit, standards related to protecting it when in use do not exist. Protecting data while in use is called confidential computing, which the Confidential Computing Consortium is aiming to create across the industry.

    The Confidential Computing Consortium, created under the Linux Foundation, will work to build up guidelines, systems and tools to ensure data is encrypted when it’s being used by applications, devices and online services. The consortium says that encrypting data when in use is “the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data.” Members focused on the undertaking are Alibaba, ARM, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.

  • IT giants join forces for full-system data security

    Apple is conspiciously missing from the consortium, despite using both Intel hardware and inhouse designed ARM-based processors.

    Of the first set of commitments, Intel will release its Software Guard Extensions (SGX) software development kit as open source through the CCC.

  • Google, Intel, and Microsoft partner to improve cloud security

    Some of the biggest names in tech have banded together in an effort to promote industry-wide security standards for protecting data in use.

  • Alibaba, Baidu, Google, Microsoft, Others Back Confidential Computing Consortium

    The Confidential Computing Consortium aims to help define and accelerate open-source technology that keeps data in use secure. Data typically gets encrypted by service providers, but not when it’s in use. This consortium will focus on encrypting and processing the data “in memory” to reduce the exposure of the data to the rest of the system. It aims to provide greater control and transparency for users.

  • Microsoft, Intel and others are doubling down on open source Linux security

    In other words, the operating system could be compromised by some kind of malware, but the data being used in a program would still be encrypted, and therefore safe from an attacker.

  • Microsoft, Intel, and Red Hat Back Confidential Computing

    The Linux Foundation’s latest project tackles confidential computing with a group of companies that reads like a who’s who of cloud providers, chipmakers, telecom operators, and other tech giants.

    Today at the Open Source Summit the Linux Foundation said it will form a new group called the Confidential Computing Consortium. Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent all committed to work on the project, which aims to accelerate the adoption of confidential computing.

Security: One More Steam Windows Client Local Privilege Escalation 0day, New FOSS Patches, Major Metapackage Makeover in Kali and Securing Crypto Wallets

Filed under
Security
  • One more Steam Windows Client Local Privilege Escalation 0day

    Not long ago I published an article about Steam vulnerability. I received a lot of feedback. But Valve didn’t say a single word, HackerOne sent a huge letter and, mostly, kept silence. Eventually things escalated with Valve and I got banned by them on HackerOne — I can no longer participate in their vulnerability rejection program (the rest of H1 is still available though).

    You can read the story in more detail in previous article, here is a couple of words about current situation.

    And it’s sad and simple — Valve keeps failing. Last patch, that should have solved the problem, can be easily bypassed (https://twitter.com/general_nfs/status/1162067274443833344) so the vulnerability still exists. Yes, I’ve checked, it works like a charm.

    But this article is not about an old vulnerability, it’s about new one. Since Valve decided to read a public report instead of private report one more time, I won’t take that pleasure away from them.

  • Security updates for Thursday

    Security updates have been issued by Fedora (nginx), openSUSE (ImageMagick and putty), Red Hat (Ansible, atomic-openshift-web-console, ceph, and qemu-kvm-rhev), SUSE (kvm, libssh2_org, postgresql96, qemu, and wavpack), and Ubuntu (libzstd and openjpeg2).

  • Major Metapackage Makeover

    With our 2019.3 Kali release imminent, we wanted to take a quick moment to discuss one of our more significant upcoming changes: our selection of metapackages. These alterations are designed to optimize Kali, reduce ISO size, and better organize metapackages as we continue to grow.

    Before we get into what’s new, let’s briefly recap what a metapackage is. A metapackage is a package that does not contain any tools itself, but rather is a dependency list of normal packages (or other metapackages). This allows us to group related tools together. For instance, if you want to be able to access every wireless tool, simply install the kali-tools-wireless metapackage.

  • Securing Your Crypto Wallet

    When it came time to create my CryptocurrencyOS, based on Linux Mint I wanted to solve some practical user and security issues. The end result was for people to have their own crypto wallets in a secure, opensource, environment and encourage more adoption of cryptocurrency. I applied some of my experience with some of the products I developed for compevo and Techrich.

    The first problem is that a lot of people don’t even know how to find or download a wallet (at least safely, since there are a lot of fake / malware wallets that steal people’s coins). If they don’t know how to avoid the above, then how would they be able to secure their computer?

Red Hat Enterprise Linux 6 and CentOS 6 Receive Important Kernel Security Update

Filed under
Linux
Red Hat
Security

The new Linux kernel security update is marked by the Red Hat Product Security team as having an "Important" security impact due to the fact that it patches several critical flaws, including the Spectre SWAPGS gadget vulnerability (CVE-2019-1125) affecting x86 processors.

Also patched are a security vulnerability (CVE-2019-5489) leading to page cache side-channel attacks, an issue in the Salsa20 encryption algorithm that could allow local attackers to cause a denial of service (CVE-2017-17805), and a flaw (CVE-2018-17972) that let unprivileged users inspect kernel stacks of arbitrary tasks.

Read more

Useful security software from the Snap Store

Filed under
Security
Ubuntu

Once upon a time, password management was a simple thing. There were few services around, the Internet was a fairly benign place, and we often used the same combo of username and password for many of them. But as the Internet grew and the threat landscape evolved, the habits changed.

In the modern Web landscape, there are thousands of online services, and many sites also require logins to allow you to use their full functionality. With data breaches a common phenomenon nowadays, tech-savvy users have adopted a healthier practice of avoiding credentials re-use. However, this also creates a massive administrative burden, as people now need to memorize hundreds of usernames and their associated passwords.

The solution to this fairly insurmountable challenge is the use of secure, encrypted digital password wallets, which allow you to keep track of your endless list of sites, services and their relevant credentials.

KeePassXC does exactly that. The program comes with a simple, fairly intuitive interface. On first run, you will be able to select your encryption settings, including the ability to use KeePassXC in conjunction with a YubiKey. Once the application is configured, you can then start adding entries, including usernames, passwords, any notes, links to websites, and even attachments. The contents are stored in a database file, which you can easily port or copy, so you also gain an element of extra flexibility – as well as the option to back up your important data.

Read more

Also: US Hangs Tough on Restricting Huawei’s Participation in Standards Development

11 Best Linux Distro for hacking and programming

Filed under
Development
Linux
Security

When it comes to choosing a Linux distribution for hacking or programming, there are a number of points that you should keep in mind. The operating system should run smoothly on your system, and if you are installing one on your primary computer, you should always go for the one that you know how to use properly.

But using an operating system for more specific purposes like cybersecurity, which I have discussed here, isn’t that straightforward.

Kali Linux is one of the best cybersecurity operating systems, but there are many which offer more streamlined functionalities. I recommend you to try out at least a few of the most intriguing Kali Linux alternatives I have discussed here before you finally make your decision.
So that was my list of top 10 Kali Linux alternatives, that is worth your time. Do you have anything to add? Feel free to comment on the same down below.

Read more

Security Leftovers

Filed under
Security
  • NSA Researchers Talk Development, Release of Ghidra SRE Tool

    The National Security Agency released its classified Ghidra software reverse-engineering (SRE) tool as open source to the cybersecurity community on April 4. NSA researchers Brian Knighton and Chris Delikat shared how Ghidra was built and the process of releasing it at Black Hat 2019. Ghidra is a framework developed by the NSA’s Research Directorate for the agency’s cybersecurity mission. It’s designed to analyze malicious code to give security pros a better understanding of potential vulnerabilities in their networks and systems.

  • Linux Is Being Hit with Zero-Day Exploits/ Zero-Day Attacks [Ed: This is not news. If you have a system that is unpatched for months, despite many warnings, it is a risk, no matter the OS/kernel.]

    It was once the popular opinion that Linux was immune to zero-day exploits. However, even before the Equifax exploit, vulnerabilities were found in Linux distributions like Fedora and Ubuntu. In particular, back in 2016, a security researcher discovered that you could exploit a Linux system by playing a specific music file. Then, in 2017, a group of attackers used Struckshock vulnerability to carry on the attack on Equifax. These zero-day attacks are Advanced Persistent Attacks that exploit recently discovered vulnerabilities. Read on to learn more about what are zero-day exploits and how they can affect a Linux system.

  • Intel, Google, Microsoft, and Others Launch Confidential Computing Consortium for Data Security

    Major tech companies including Alibaba, Arm, Baidu, IBM, Intel, Google Cloud, Microsoft, and Red Hat today announced intent to form the Confidential Computing Consortium to improve security for data in use.

  • Intel, Google, Microsoft, and others launch Confidential Computing Consortium for data security

    Major tech companies including Alibaba, Arm, Baidu, IBM, Intel, Google Cloud, Microsoft, and Red Hat today announced intent to form the Confidential Computing Consortium to improve security for data in use. Established by the Linux Foundation, the organization plans to bring together hardware vendors, developers, open source experts, and others to promote the use of confidential computing, advance common open source standards, and better protect data.

    “Confidential computing focuses on securing data in use. Current approaches to securing data often address data at rest (storage) and in transit (network), but encrypting data in use is possibly the most challenging step to providing a fully encrypted lifecycle for sensitive data,” the Linux Foundation said today in a joint statement. “Confidential computing will enable encrypted data to be processed in memory without exposing it to the rest of the system and reduce exposure for sensitive data and provide greater control and transparency for users.”

Security: Patches, Security Flaws Caused by Compiler Optimisations, Microsoft Updates Break Windows Again

Filed under
Security
  • Security updates for Wednesday

    Security updates have been issued by Fedora (ghostscript, pango, and squirrelmail), openSUSE (libcryptopp, squid, tcpdump, and wireshark), SUSE (flatpak), and Ubuntu (giflib and NLTK).

  • Security flaws caused by compiler optimizations

    An optimizing compiler is one that tries to maximize some attribute(s) of an executable program at the expense of other attribute(s). Usually the goal is to improve performance or code size at the expense of compiler time and the possibility to debug the program at a later stage. Most modern compilers support some sort of optimization. Normally code optimized for performance is the usual preference. In cases where space is a constraint like embedded systems, developers also prefer code optimized for size.

    Code optimization is both an art as well as a science. Various compilers use different techniques for optimizing code.

  • To patch Windows or not: Do you want BlueKeep bug or broken Visual Basic apps?

    Microsoft says apps that use Visual Basic 6 (VB6), VBA, and VBScript "may stop responding with error" after its updates from this Tuesday have been installed.

    "After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an 'invalid procedure call error'," Microsoft says.

    The issue affects all supported versions of Windows 10, Windows 7, Windows 8.1, and their corresponding server versions.

    "Microsoft is presently investigating this issue and will provide an update when available," the company said.

    Microsoft didn't offer an explanation for the problem but it did flag earlier this month that it will move ahead with sunsetting VBScript, by disabling it in IE11 by default via an update in this week's patch.

    "The change to disable VBScript will take effect in the upcoming cumulative updates for Windows 7, 8, and 8.1 on August 13, 2019," Microsoft warned in a blog. The change brought these versions of Windows in line with Windows 10.

Latest Debian GNU/Linux Security Patch Addresses 14 Vulnerabilities, Update Now

Filed under
Linux
Security

Available for the Debian GNU/Linux 10 "Buster" and Debian GNU/Linux 9 "Stretch" operating system series, the new Linux kernel security update addresses a total of 14 vulnerabilities discovered by various security researchers. The Debian Project urges all users to update their installations as soon as possible.

Among the security flaws patched, we can mention a race condition in the libsas subsystem that supports Serial Attached SCSI (SAS) devices, a potential double-free in the block subsystem, as well as two issues that could make it easier for attackers to exploit other vulnerabilities.

Read more

Security: Sphinx, Ransomware, Webmin, YubiKey

Filed under
Security
  • Exposed Sphinx Servers Are No Challenge for Hackers [Ed: That’s the same agency and the same troll site that initially promoted the lies and the FUD about VLC]

    A popular open-source text search server, Sphinx offers impressive performance for indexing and searching data in databases or just in files. It is cross-platform, available for Linux, Windows, macOS, Solaris, FreeBSD, and a few other operating systems.

    [...]

    CERT-Bund posted the warning on Twitter today alerting network operators and providers about the risk of running Sphinx servers with a default configuration that are open on the web.

    The organization highlights that Sphinx lacks any authentication mechanisms. Exposing it on the web gives an attacker the possibility "to read, modify or delete any data stored in the Sphinx database."

  • Ransomware Hits Texas Local Governments [iophk: Windows TCO]

    The attack was observed on the morning of August 16 and appears to have been launched by a single threat actor, the DIR announcement reads.

    The State Operations Center (SOC) was activated soon after the attack reports started to come in, and DIR says that all of the entities that were actually or potentially affected appear to have been identified and notified.

    A total of twenty-three entities have been confirmed as impacted so far, and the responders are working on bringing the affected systems back online.

  • Webmin Backdoored for Over a Year

    The security hole impacts Webmin 1.882 through 1.921, but most versions are not vulnerable in their default configuration as the affected feature is not enabled by default. Version 1.890 is affected in the default configuration. The issue has been addressed with the release of Webmin 1.930 and Usermin version 1.780.

  • The YubiKey 5Ci is the 'first' iOS-compatible security key

    Like other YubiKey options in the 5 series, the YubiKey 5Ci supports multiple authentication protocols, including IDO2/WebAuthn, FIDO U2F, OTP (one-time-password), PIV (Smart Card), and OpenPGP.

Syndicate content

More in Tux Machines

GNU Parallel 20190822 ('Jesper Svarre') released [stable]

GNU Parallel 20190822 ('Jesper Svarre') [stable] has been released. It is available for download at: http://ftpmirror.gnu.org/parallel/ No new functionality was introduced so this is a good candidate for a stable release. GNU Parallel is 10 years old next year on 2020-04-22. You are here by invited to a reception on Friday 2020-04-17. Read more

KDE ISO Image Writer – Release Announcement

My GSoC project comes to an end and I am going to conclude this series of articles by announcing the release of a beta version of KDE ISO Image Writer. Read more Also: How I got a project in Labplot KDE

Linux Foundation: Automotive Grade Linux Announcement and Calling Surveillance Operations "Confidential Computing"

  • Automotive Grade Linux Announces New Instrument Cluster Expert Group and UCB 8.0 Code Release

    Automotive Grade Linux (AGL), an open source project developing a shared software platform for in-vehicle technology, today announced a new working group focused on Instrument Cluster solutions, as well as the latest code release of the AGL platform, the UCB 8.0. The AGL Instrument Cluster Expert Group (EG) is working to reduce the footprint of AGL and optimize the platform for use in lower performance processors and low-cost vehicles that do not require an entire infotainment software stack. Formed earlier this year, the group plans to release design specifications later this year with an initial code release in early 2020. “AGL is now supported by nine major automotive manufacturers, including the top three producers by worldwide volume, and is currently being used in production for a range of economy and luxury vehicles” said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “The new Instrument Cluster Expert Group, supported by several of these automakers, will expand the use cases for AGL by enabling the UCB platform to support solutions for lower-cost vehicles, including motorcycles.”

  • Shhh! Microsoft, Intel, Google and more sign up to the Confidential Computing Consortium

    The Linux Foundation has signed up the likes of Microsoft and Google for its Confidential Computing Consortium, a group with the laudable goal of securing sensitive data. The group – which also includes Alibaba, Arm, Baidu, IBM, Intel, Red Hat, Swisscom and Tencent – will be working on open-source technologies and standards to speed the adoption of confidential computing. The theory goes that while approaches to encrypting data at rest and in transit have supposedly been dealt with, assuming one ignores the depressingly relentless splurts of user information from careless vendors, keeping it safe while in use is quite a bit more challenging. Particularly as workloads spread to the cloud and IoT devices.

  • Tech giants come together to form cloud security watchdog

    Some of the world’s biggest technology companies are joining forces to improve the security of files in the cloud. This includes Google, IBM, Microsoft, Intel, and many others. The news first popped up on the Linux Foundation, where it was said that the Confidential Computing Consortium will work to bring industry standards and identify the proper tools to encrypt data used by apps, devices and online services. At the moment, cloud security solutions focus to protect data that’s either resting, or is in transit. However, when the data is being used is “the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data.”

  • Tech firms join forces to boost cloud security

    Founding members of the group – which unites hardware suppliers, cloud providers, developers, open source experts and academics – include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent. [...] “The earliest work on technologies that have the ability to transform an industry is often done in collaboration across the industry and with open source technologies,” said Jim Zemlin, executive director at the Linux Foundation. “The Confidential Computing Consortium is a leading indicator of what is to come for security in computing and will help define and build open technologies to support this trust infrastructure for data in use.”

  • Google, Intel and Microsoft form data protection consortium
  • Intel Editorial: Intel Joins Industry Consortium to Accelerate Confidential Computing

    Leaders in information and infrastructure security are well versed in protecting data at-rest or in-flight through a variety of methods. However, data being actively processed in memory is another matter. Whether running on your own servers on-prem, in an edge deployment, or in the heart of a cloud service provider’s data center, this “in-use” data is almost always unencrypted and potentially vulnerable.

  • Confidential Computing: How Big Tech Companies Are Coming Together To Secure Data At All Levels

    Data today moves constantly from on-premises to public cloud and the edge, which is why it is quite challenging to protect. While there are standards available that aim to protect data when it is in rest and transit, standards related to protecting it when in use do not exist. Protecting data while in use is called confidential computing, which the Confidential Computing Consortium is aiming to create across the industry. The Confidential Computing Consortium, created under the Linux Foundation, will work to build up guidelines, systems and tools to ensure data is encrypted when it’s being used by applications, devices and online services. The consortium says that encrypting data when in use is “the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data.” Members focused on the undertaking are Alibaba, ARM, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.

  • IT giants join forces for full-system data security

    Apple is conspiciously missing from the consortium, despite using both Intel hardware and inhouse designed ARM-based processors. Of the first set of commitments, Intel will release its Software Guard Extensions (SGX) software development kit as open source through the CCC.

  • Google, Intel, and Microsoft partner to improve cloud security

    Some of the biggest names in tech have banded together in an effort to promote industry-wide security standards for protecting data in use.

  • Alibaba, Baidu, Google, Microsoft, Others Back Confidential Computing Consortium

    The Confidential Computing Consortium aims to help define and accelerate open-source technology that keeps data in use secure. Data typically gets encrypted by service providers, but not when it’s in use. This consortium will focus on encrypting and processing the data “in memory” to reduce the exposure of the data to the rest of the system. It aims to provide greater control and transparency for users.

  • Microsoft, Intel and others are doubling down on open source Linux security

    In other words, the operating system could be compromised by some kind of malware, but the data being used in a program would still be encrypted, and therefore safe from an attacker.

  • Microsoft, Intel, and Red Hat Back Confidential Computing

    The Linux Foundation’s latest project tackles confidential computing with a group of companies that reads like a who’s who of cloud providers, chipmakers, telecom operators, and other tech giants. Today at the Open Source Summit the Linux Foundation said it will form a new group called the Confidential Computing Consortium. Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent all committed to work on the project, which aims to accelerate the adoption of confidential computing.

IBM/Red Hat: OpenShift, CUDA, Jim Whitehurst, VMworld and RHELvolution

  • Red Hat Launches OpenShift Service Mesh to Accelerate Adoption of Microservices and Cloud-Native Applications

    Red Hat, Inc., the world's leading provider of open source solutions, today announced the general availability of Red Hat OpenShift Service Mesh to connect, observe and simplify service-to-service communication of Kubernetes applications on Red Hat OpenShift 4, the industry’s most comprehensive enterprise Kubernetes platform. Based on the Istio, Kiali and Jaeger projects and enhanced with Kubernetes Operators, OpenShift Service Mesh is designed to deliver a more efficient, end-to-end developer experience around microservices-based application architectures. This helps to free developer teams from the complex tasks of having to implement bespoke networking services for their applications and business logic.

  • CUDA 10.1 U2 Adds RHEL8 Support, Nsight Compute Tools For POWER

    NVIDIA last week quietly released a second update to CUDA 10.1. CUDA 10.1 Update 2 brings Red Hat Enterprise Linux 8.0 support, continued POWER architecture support improvements, and other additions.

  • IBM Stock and Jim Whitehurst’s Toughest Test

    What analysts say they want from IBM stock is Red Hat CEO Jim Whitehurst in current CEO Virginia Rometty’s chair. They want Red Hat running IBM. That wasn’t the promise when this deal was put together. The promise was that Red Hat would get autonomy from IBM, not that IBM would lose its autonomy to Red Hat. But Whitehurst’s concept of an Open Organization has excited analysts who don’t even know what it is. If IBM became an Open Organization, these analysts think, it would replace the top-down structure IBM has used for a century with an organic system in which employees and customers are part of the product design process. Instead of selling gear or even solutions, IBM would become a corporate change agent.

  • Going to VMWorld? Learn to help data scientists and application developers accelerate AI/ML initiatives

    IT experts from around the world are headed to VMworld 2019 in San Francisco to learn how they can leverage emerging technologies from VMware and ecosystem partners (e.g. Red Hat, NVIDIA, etc.) to help achieve the digital transformation for their organizations. Artificial Intelligence (AI)/Machine Learning (ML) is a very popular technology trend, with Red Hat OpenShift customers like HCA Healthcare, BMW, Emirates NBD, and several more are offering differentiated value to their customers. Investments are ramping up across many industries to develop intelligent digital services that help improve customer satisfaction, and gain competitive business advantages. Early deployment trends indicate AI/ML solution architectures are spanning across edge, data center, and public clouds.

  • RHELvolution 2: A brief history of Red Hat Enterprise Linux releases from RHEL 6 to today

    In the previous post, we looked at the history of Red Hat Enterprise Linux from pre-RHEL days through the rise of virtualization. In this one we'll take a look at RHEL's evolution from early days of public cloud to the release of RHEL 8 and beyond.