'Drupal has patched a critical SQL injection vulnerability in version
7.x of the content management system that can allow arbitrary code
execution. The flaw lies in an API that is specifically designed to
help prevent against SQL injection attacks. "Drupal 7 includes a
database abstraction API to ensure that queries executed against the
database are sanitized to prevent SQL injection attacks," the Drupal
advisory says. "A vulnerability in this API allows an attacker to send
specially crafted requests resulting in arbitrary SQL execution.
Depending on the content of the requests this can lead to privilege
escalation, arbitrary PHP execution, or other attacks."'
-- source: http://it.slashdot.org/story/14/10/15/2048218
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
"Docker is teaming up with Microsoft to bring its open container
technology to the next release of Windows Server. Docker Engine will
work with the next release of Windows Server and images will be
available in Docker Hub, which will also integrate directly into
Microsoft Azure. The partnership moves Docker beyond Linux for the
first time with new multi-container application capabilities for cloud
and enterprise developers."
-- source: http://slashdot.org/story/14/10/15/1656244
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
"SSL 3.0 is nearly 15 years old, but support for it remains
widespread. Most importantly, nearly all browsers support it and, in
order to work around bugs in HTTPS servers, browsers will retry failed
connections with older protocol versions, including SSL 3.0. Because a
network attacker can cause connection failures, they can trigger the
use of SSL 3.0 and then exploit this issue. Disabling SSL 3.0 support,
or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this
issue, but presents significant compatibility problems, even today.
Therefore our recommended response (PDF) is to support
TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused
by retrying failed connections and thus prevents attackers from
inducing browsers to use SSL 3.0. It also prevents downgrades from TLS
1.2 to 1.1 or 1.0 and so may help prevent future attacks."
-- source: http://it.slashdot.org/story/14/10/15/000239
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
For those that use IRC...
"A detailed analysis has been done of the Linux backdoor used in the
freenode hack. It employed port knocking and encryption to provide
security against others using it. This seems a little more
sophisticated than your average black-hat hacker."
-- source: http://linux.slashdot.org/story/14/10/14/2142214
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
'If you're looking for an alternative to TrueCrypt, you could do worse
than VeraCrypt, which adds iterations and corrects weaknesses in
TrueCrypt's API, drivers and parameter checking. According to the
article, "In technical terms, when a system partition is encrypted,
TrueCrypt uses PBKDF2-RIPEMD160 with 1,000 iterations. For standard
containers and other (i.e. non system) partitions, TrueCrypt uses at
most 2,000 iterations. What Idrassi did was beef up the transformation
process. VeraCrypt uses 327,661 iterations of the PBKDF2-RIPEMD160
algorithm for system partitions, and for standard containers and other
partitions it uses 655,331 iterations of RIPEMD160 and 500,000
iterations of SHA-2 and Whirlpool, he said. While this makes VeraCrypt
slightly slower at opening encrypted partitions, it makes the software
a minimum of 10 and a maximum of about 300 times harder to brute
force."'
-- source: http://it.slashdot.org/story/14/10/13/2234251
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
'Stefan Wold has announced the release of Lunar Linux 1.7.0, a
source-based distribution with a complete application management
system: "You better believe it, the day you all have been waiting for
has finally arrived. The Lunar team proudly announces the final
release of Lunar Linux 1.7.0, code name 'Sinus Successus'. Like the
phoenix rising from the ashes Lunar Linux is back with a vengeance; a
lot of overhauling has been done all over the core tools, packages,
installer and the ISO builder. Even though our journey to reach this
milestone has been a long one we hope that the changes and quality
improvements we've made was worth the wait. So what are you waiting
for? Go grab a copy of Lunar Linux while it is hot! New features in
1.7.0: out with sysvinit and in with systemd; Linux kernel 3.16.3, GCC
4.9.1 and glibc 2.19; added support for the Btrfs file system; GRUB 2
or LILO, pick your poison; improved installer; now with initrd
support; a bunch of updated modules."'
-- source: http://distrowatch.com/?newsid=08641
If you like compiling stuff, this should be an interesting distro. I
wonder, how it compares to Gentoo? Anybody feel like giving it a spin
and maybe share some insights at the next meeting?
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
Hi everyone
The year is coming to an end and it is once again time for an AGM.
This year's AGM will take place on November 24th, usual place at uni, MS4.G.02.
Agenda:
- Possible nomination of additional secretary by committee
- President's Report
- Treasurer's Report
- Election of 2015 Committee
- Consumption of pizza
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
"The Linux Foundation, the nonprofit organization dedicated to
accelerating the growth of Linux and collaborative development, today
announced the founding of the Dronecode Project. The Project will
bring together existing open source drone projects and assets under a
nonprofit structure governed by The Linux Foundation. The result will
be a common, shared open source platform for Unmanned Aerial Vehicles
(UAVs). Founding members include 3D Robotics, Baidu, Box, DroneDeploy,
Intel, jDrones, Laser Navigation, Qualcomm, SkyWard, Squadrone System,
Walkera and Yuneec. Dronecode includes the APM UAV software platform
and associated code, which until now has been hosted by 3D Robotics, a
world leader in advanced UAV autopilot and autonomous vehicle control.
The company was co-founded by Chris Anderson, formerly editor-in-chief
of Wired"
-- source: http://news.slashdot.org/story/14/10/13/1152208
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
"The company has, quietly, and without fanfare, flipped the switch
required to allow Google Chrome users on Ubuntu (and other modern
Linux distributions) to watch movies and TV shows in the browser.
If you’ve been following this long, protracted saga — which has been
about as enjoyable as a binge-watch of the US Inbetweeners remake —
then this news won’t be too out of the blue.
Last month Netflix engineer Paul Adolph pledged to remove the
user-agent filter, the final hurdle in preventing Ubuntu users from
streaming content, once a newer version of the security library (nss3)
was rolled out to users.
That roll out took place in late September. "
-- source: http://goo.gl/ekPj73
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
'Spotify can aptly be called the "Netflix for music." The company
started off in 2008 and by 2014 it boasts more than 40 million users
with 10 million paid subscribers. The Swedish company is yet another
example of how Linux and open source enable businesses to serve
millions of customers using state-of-the-art, shared technologies.'
-- source: http://www.linux.com/news/enterprise/case-studies/790458
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
