|
|
Subscribe / Log in / New account

Brief items

Security

Billions of devices imperiled by new clickless Bluetooth attack (ars technica)

Ars technica reports on a set of just-disclosed Bluetooth vulnerabilities in multiple operating systems. "BlueBorne, as the researchers have dubbed their attack, is notable for its unusual reach and effectiveness. Virtually any Android, Linux, or Windows device that hasn't been recently patched and has Bluetooth turned on can be compromised by an attacking device within 32 feet. It doesn't require device users to click on any links, connect to a rogue Bluetooth device, or take any other action, short of leaving Bluetooth on."

Comments (31 posted)

Apache Struts Statement on Equifax Security Breach

The Apache Struts project has put out a statement on the possible role played by a Struts vulnerability in the massive Equifax data breach. "Regarding the assertion that especially CVE-2017-9805 is a nine year old security flaw, one has to understand that there is a huge difference between detecting a flaw after nine years and knowing about a flaw for several years. If the latter was the case, the team would have had a hard time to provide a good answer why they did not fix this earlier. But this was actually not the case here --we were notified just recently on how a certain piece of code can be misused, and we fixed this ASAP. What we saw here is common software engineering business --people write code for achieving a desired function, but may not be aware of undesired side-effects. Once this awareness is reached, we as well as hopefully all other library and framework maintainers put high efforts into removing the side-effects as soon as possible. It's probably fair to say that we met this goal pretty well in case of CVE-2017-9805."

Comments (38 posted)

Security quotes of the week

My personal battle was not to burn down the NSA or the CIA. I even think they actually do have a useful role in society when they limit themselves to the truly important threats that we face and when they use their least intrusive means. We don't drop atomic bombs on flies that land on the dinner table. Everybody gets this except intelligence agencies.
Edward Snowden (Thanks to Paul Wise.)

A Raspberry Pi is a tiny computer designed for [makers] and all sorts of Internet-of-Things types of projects. Make magazine has an article about securing it. Reading it, I am struck by how much work it is to secure. I fear that this is beyond the capabilities of most tinkerers, and the result will be even more insecure IoT devices.
Bruce Schneier

Comments (3 posted)

Kernel development

Kernel release status

The 4.14 merge window remains open; as of this writing, just over 11,000 non-merge changesets have been pulled into the mainline repository for this release.

Stable updates: 4.13.1, 4.12.12, and 4.9.49 were released on September 10.

The 4.13.2, 4.12.13, 4.9.50, 4.4.88, and 3.18.71 updates are all in the review process as of this writing; they can be expected on or after September 14. Among other things, they contain an important fix for a buffer overflow in the Bluetooth stack.

Comments (none posted)

Development

GNOME 3.26 released

The GNOME Project has announced the release of GNOME 3.26 "Manchester". "This release brings refinements to the system search, animations for maximizing and unmaximizing windows and support for color Emoji. Improvements to core GNOME applications include a redesigned Settings application, a new display settings panel, Firefox sync in the Web browser, and many more." There are openSUSE nightly live images that include GNOME 3.26.

Full Story (comments: 26)

LXC 2.1 has been released

The LXC team has announced the release of LXC 2.1. LXC provides a userspace interface for the Linux kernel containment features. New features include resource limit support, support for unprivileged openvswitch networks, a new lxc.cgroup.dir key, support for hybrid cgroup layout, and more.

Comments (2 posted)

Development quotes of the week

I had imagined him to be a grim old man hammering out those words from a stern laptop, so it was a surprise to see him use the same kinds of words but with a sarcastic smile, completely changing the context and tone. That was the first time I truly realized how emails often lack context. Years later, I still try to visualize people when I read their emails.
Siddhesh Poyarekar

So here’s my advice for anyone who wants to make a dent in the future of web development: time to learn how compilers work.
Tom Dale (Thanks to Paul Wise)

Comments (none posted)

Miscellaneous

FSFE: Public Money? Public Code!

The Free Software Foundation Europe has joined several organizations in publishing an open letter urging lawmakers to advance legislation requiring publicly financed software developed for the public sector be made available under a Free and Open Source Software license. "The initial signatories include CCC, EDRi, Free Software Foundation Europe, KDE, Open Knowledge Foundation Germany, openSUSE, Open Source Business Alliance, Open Source Initiative, The Document Foundation, Wikimedia Deutschland, as well as several others; they ask individuals and other organisation to sign the open letter. The open letter will be sent to candidates for the German Parliament election and, during the coming months, until the 2019 EU parliament elections, to other representatives of the EU and EU member states."

Comments (1 posted)

Page editor: Jake Edge
Next page: Announcements>>


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds