TuxMachines

Subscribe to TuxMachines feed
Your source for Linux and Open Source news, reviews, and howtos.
Updated: 45 min 42 sec ago

Security Leftovers

Thu, 2018-08-16 22:57
  • How to Protect Your PC From the Intel Foreshadow Flaws
  • AT&T Sued After SIM Hijacker Steals $24 Million in Customer's Cryptocurrency

    It has only taken a few years, but the press, public and law enforcement appear to finally be waking up to the problem of SIM hijacking. SIM hijacking (aka SIM swapping or a "port out scam") involves a hacker hijacking your phone number, porting it over to their own device (often with a wireless carrier employee's help), then taking control of your personal accounts. As we've been noting, the practice has heated up over the last few years, with countless wireless customers saying their entire identities were stolen after thieves ported their phone number to another carrier, then took over their private data.

    Sometimes this involves selling valuable Instagram account names for bitcoin; other times it involves clearing out the target's banking or cryptocurrency accounts. Case in point: California authorities recently brought the hammer down on one 20-year-old hacker, who had covertly ported more than 40 wireless user accounts, in the process stealing nearly $5 million in bitcoin.

    One of the problems at the core of this phenomenon is that hackers have either tricked or paid wireless carrier employees to aid in the hijacking, or in some instances appear to have direct access to (apparently) poorly-secured internal carrier systems. That has resulted in lawsuits against carriers like T-Mobile for not doing enough to police their own employees, the unauthorized access of their systems, or the protocols utilized to protect consumer accounts from this happening in the first place.

  • Voting Machine Vendors, Election Officials Continue To Look Ridiculous, As Kids Hack Voting Machines In Minutes
  • Security updates for Thursday

read more

Debian-Based Q4OS Linux Operating System for Raspberry Pi Goes Stable

Thu, 2018-08-16 22:57

Q4OS emphasizes the Trinity Desktop Environment (TDE), which continues the legacy of the old KDE 3.5 desktop. The latest release, Q4OS 2.5, was available only for 64-bit (x86_64) and 32-bit (i686 PAE) hardware architectures, but now it can also be installed on ARM hardware like the Raspberry Pi, Pine64, and Pinebook.

"Q4OS on Raspberry Pi performs at lightning speed due to its exceptionally low hardware requirements," say the devs in the announcement. "All the native Q4OS features, for example "Desktop profiler" and "Setup tool," are available and fully functional within the Raspberry Pi Q4OS edition."

read more

Games: Tropico 6, 7 Billion Humans, CrossCode, Evergarden

Thu, 2018-08-16 22:03

read more

GNOME 3.30 Desktop Environment Gets Beta 2 Release Ahead of September 5 Launch

Thu, 2018-08-16 20:08

Coming two weeks after the first beta release, the highly anticipated GNOME 3.30 desktop environment received a second beta release today as Michael Catanzaro informed us via an email announcement. This beta 2 release is tagged as GNOME 3.29.91, and it marks the Software String Freeze stage in the development cycle.

But it doesn't look like it was an easy release for the GNOME Release Team, as Michael Catanzaro reports build failures for several components, including GNOME Boxes, which didn't make it for this second beta release. As a consequence, numerous components weren't updated in this beta 2 release.

read more

GNU Linux-Libre 4.18 Kernel Officially Released for Those Who Seek 100% Freedom

Thu, 2018-08-16 20:06

Following in the footsteps of the recently released Linux 4.18 kernel series, the GNU Linux-libre 4.18 kernel is now available for those who don't want to run any proprietary firmware on their Linux-based operating system or the GNU operating system.

Including pretty much the same new features and enhancements as Linux kernel 4.18, the GNU Linux-libre 4.18 kernel cleans up the new psp-dev crypto and icn8505 touchscreen drivers, removes the atom isp driver, and adjusts numerous others.

read more

A Quick Look At The Windows Server vs. Linux Performance On The Threadripper 2990WX

Thu, 2018-08-16 19:53

One of the frequent requests/comments stemming from the launch-day Windows 10 vs. Linux benchmarks on the new AMD Threadripper 2990WX were questions about whether this 32-core / 64-thread processor would do better with Windows Server given Microsoft's obvious tuning of that Windows flavor to high core/thread counts... Well, here are some initial figures with Windows Server 2016 and a Windows Server 2019 preview.

Given the immense interest and speculation about the Windows Server performance on the AMD Threadripper 2990WX, to see if it would give Linux better competition relative to Windows 10, I ran some initial benchmarks so far. I am still doing some more Windows vs. Linux exploration and benchmarking (a lot of other interesting tests from this new hardware) while for today are the Windows Server 2016/2019 results alongside the other operating system tests on this 2990WX system.

read more

Major Zorin OS Linux Release Is Coming This Fall Based on Ubuntu 18.04.1 LTS

Thu, 2018-08-16 19:51

Shipping with the updated HWE (Hardware Enablement) stack from the recently announced Ubuntu 16.04.5 LTS point release, which is powered by the Linux 4.15 kernel from Ubuntu 18.04 LTS (Bionic Beaver), as well as an updated X graphics stack, Zorin OS 12.4 brings all the latest software and security updates from the Ubuntu repositories, along with performance enhancements and bug fixes.

"Zorin OS 12.4 introduces an updated hardware enablement stack. The newly-included Linux kernel 4.15, as well as an updated X server graphics stack," reads the release announcement. "In addition, new patches for system vulnerabilities are included in this release, so you can have the peace of mind knowing that you’re using the most secure version of Zorin OS ever."

read more

Linux Kernel 4.18 Gets First Point Release, It's Now Ready for Mass Deployments

Thu, 2018-08-16 19:49

Linux kernel 4.18 was released on Sunday, August 12, 2018, by Linus Torvalds, and it's currently the most advanced kernel series available for Linux-based operating systems. The first point release, Linux 4.18.1, is now available, which marks the Linux 4.18 kernel series as stable and ready for mass deployments.

All Linux OS vendors are now urged to adopt the latest Linux 4.18 kernel series for their operating systems on supported architectures as it brings various new features, improvements, and updated drivers for better hardware support. Linux kernel 4.18.1 is now available for download from kernel.org or our software portal.

read more

CentOS Linux 7.5 Operating System Is Now Available for IBM POWER9 Architecture

Thu, 2018-08-16 14:04

Released back in May 2018, CentOS Linux 7.5 is based on the Red Hat Enterprise Linux 7.5 operating system and supported 32-bit (i386), 64-bit (x86_64), ARM64 (AArch64), PowerPC 64-bit Little Endian (PPC64el), PowerPC 64-bit (PPC64), and ARMhf architectures. However, the initial release only supported IBM POWER8 processors, but it's now available for IBM POWER9 processors too.

"I am pleased to announce the general availability of CentOS Linux 7 (1804) for POWER9 processors (ppc64le - powerpc 64-bit little endian). This release is derived from Red Hat Enterprise Linux 7.5 ALT," said James O'Connor. "Note this release is 99% equivalent to the existing CentOS 7 Linux 7 (1804) for POWER8 processors (ppc64le - powerpc 64-bit little endian)."

read more

Ubuntu, Debian, RHEL, and CentOS Linux Now Patched Against "Foreshadow" Attacks

Thu, 2018-08-16 14:02

Both Canonical and Red Hat emailed us with regards to the L1 Terminal Fault security vulnerability, which are documented as CVE-2018-3620 for operating systems and System Management Mode (SMM), CVE-2018-3646 for impacts to virtualization, as well as CVE-2018-3615 for Intel Software Guard Extensions (Intel SGX). They affect all Linux-based operating system and machines with Intel CPUs.

"It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS)," reads the Ubuntu security advisory.

read more

Hands-on with Linux Mint Debian Edition 3 Beta

Thu, 2018-08-16 13:54

I have been out of touch for the past six months, because I accepted a teaching position in Amsterdam. The amount of time that required, and the weekly commute from Switzerland (yes, really, weekly), was vastly more than I expected, and left me no time to do justice to my blog. But now I am back again, and determined to manage my time more effectively and keep up with blogging.

Although I haven't been writing, I certainly have been keeping up with news and developments in the Linux world. What really inspired me to get busy and write again was the announcement of LMDE 3 (Cindy) Beta. Hooray! How long have we been waiting for this? It feels like years. Oh, that's because it has been years.

read more

Security Leftovers

Thu, 2018-08-16 12:39
  • Theo on the latest Intel issues

    Theo de Raadt (deraadt@) posted to the tech@ mailing list with some background on how the latest discovered Intel CPU issues relate to OpenBSD.

    [...]

    These 3 issues (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) together
    are the currently public artifacts of this one bug.

  • Putting Stickers On Your Laptop Is Probably a Bad Security Idea

    Mitchell said political stickers, for instance, can land you in secondary search or result in being detained while crossing a border. In one case, Mitchell said a hacker friend ended up missing a flight over stickers.

  • Video Shows Hotel Security at DEF CON Joking About Posting Photos of Guests' Belongings to Snapchat

    But the room check captured on video suggests the walkthroughs are subject to abuse by hotel personnel who may use them as opportunity to snoop on guests or take and post images for amusement. And accounts of other searches that involved hotel security staff refusing to show ID or showing insufficient ID, and displaying bullying and threatening behavior to guests in occupied rooms, raises questions about the legality of the searches and the tactics and training of security personnel.

  • Researchers in Finland detect vulnerability in password management software

    Researchers identified a security gap in more than 10 applications used by millions around the world, including an app used by Finland's population registry.

  • Trump ends Obama-era rules on US-led cyberattacks: report

     

    The memorandum required that an extensive interagency process take place before the U.S. government embarks on any cyberattacks. Trump reversed the rules to try and ease some of those restrictions, which critics argued were detrimental to launching the attacks quickly, according to the Journal.

read more

Red Hat News

Thu, 2018-08-16 09:33

read more

Debian Turns 25! Here are Some Interesting Facts About Debian Linux

Thu, 2018-08-16 09:25

One of the oldest Linux distribution still in development, Debian has just turned 25. Let’s have a look at some interesting facts about this awesome FOSS project.

read more

Linux Foundation Zephyr Project Attracts IoT Developers and Tech Giants

Thu, 2018-08-16 08:44

The Linux Foundation has always been committed to welcoming companies and organizations of all sizes as part of its heritage and ongoing vision for opening technology for all to experiment with and to build things.

The Zephyr Project, an open source project to build a real-time operating system (RTOS) for the Internet of Things (IoT), announced last week they grew their community of contributors with support for more than 100 developer boards and the addition of six new members.

These industry and academic leaders include Antmicro, DeviceTone, SiFive, the Beijing University of Posts and Telecommunications, The Institute of Communication and Computer Systems (ICCS) and Northeastern University.

read more

Pages