Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Feb 03, 2024

Red Hat and Fedora Leftovers
GNOME and KDE: Mingle and KDE Itinerary
↺ Road lying ahead in the Forest Greece

OpenSSF (Linux Foundation) ☛ OpenSSF Champions a More Secure Future in Collaboration with Public Sector [Ed: Open-Source Software Security Initiative (OS3I) is now for Open Source"

↺ OpenSSF Champions a More Secure Future in Collaboration with Public Sector
↺ Open-Source Software Security Initiative (OS3I) is now for Open Source"
As the Open Source Security Foundation (OpenSSF), our core mission is to safeguard the open source software (OSS) ecosystem and make it more secure. In 2023, we embraced a significant opportunity to further this mission by working with the US government, including its Open-Source Software Security Initiative (OS3I).

Silicon Angle ☛ FTC orders software maker Blackbaud to overhaul cybersecurity practices

↺ FTC orders software maker Blackbaud to overhaul cybersecurity practices
Blackbaud Inc., a publicly traded software maker that experienced a large-scale data breach in 2020, has agreed to settle a lawsuit that the Federal Trade Commission brought over the incident. The FTC announced the agreement on Thursday.

Bruce Schneier ☛ David Kahn

↺ David Kahn
David Kahn has died. His groundbreaking book, The Codebreakers was the first serious book I read about codebreaking, and one of the primary reasons I entered this field.
↺ died
↺ The Codebreakers
He will be missed.
↺ died
↺ The Codebreakers

LinuxSecurity ☛ Critical Glibc Flaws Put Major GNU/Linux Distros at Risk

↺ Critical Glibc Flaws Put Major GNU/Linux Distros at Risk
Four significant vulnerabilities have been discovered in the GNU C Library (glibc) , a fundamental component of most GNU/Linux distributions. These vulnerabilities pose a significant risk to millions of GNU/Linux systems, as they can allow attackers to gain full root access and execute remote code on affected systems.

Software Freedom Conservancy ☛ Without software right to repair, your devices are not secure

↺ Without software right to repair, your devices are not secure
A blog post from Software Freedom Conservancy.
↺ blog post
Once upon a time, you bought a baby monitor so you could see how your child was doing without disturbing them. You heard about a critical security vulnerability in GNU/Linux and asked a friend with some know-how to see if your baby monitor was affected. They told you it was definitely vulnerable, and anyone who knew how to exploit it could watch your child from anywhere in the world, without your knowledge.
So you asked them: What can I do? And they said the manufacturer had not provided a fix, and they tried to get complete source code for GNU/Linux (as the manufacturer is required to provide), but the manufacturer refused. And they told you that without the complete source code to GNU/Linux (including the scripts used to control compilation, and especially installation of the executable) they couldn't fix your baby monitor (nor could any third party, not even a sophisticated software repair company), even though a fix was available and ready to be applied.
Sound like a fairy tale? Unfortunately it's not. This situation is all too real, and will be increasingly common as more and more people rely on out-of-compliance devices running GNU/Linux and other copylefted code (i.e. code with built-in software right to repair) for crucial parts of their lives. This is one major reason why we at Software Freedom Conservancy (SFC) care so much about defending your software right to repair: it has huge impacts on how you live, and how (and whether) you can secure yourself and your loved ones.
↺ blog post
gemini.tuxmachines.org