Lately, I've been a bit annoyed by my Chromium browser no longer
working with flash, seemed to disable the flash plugin automatically
(running Linux Mint 17). Usual workaround was to paste the URL in
Firefox. But, alas, there is a fix for that: Pepper Flash Player.
Check out the link below for instructions (applies to Ubuntu 14.04,
Linux Mint 17, Pinguy OS 14.04 And Elementary OS 0.3):
http://goo.gl/CNJ8Bt
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
"Tor - Privacy oriented encrypted anonymizing service, has announced
the launch of its next version of Tor Browser Bundle, Tor version 4.0,
which disables SSL3 to prevent POODLE attack and uses new transports
that are intended to defeat the Great Firewall of China and other
extremely restrictive firewalls."
-- source: http://thehackernews.com/2014/10/privacy-tools-tor-browser-40-and-tails.html
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
'Drupal has patched a critical SQL injection vulnerability in version
7.x of the content management system that can allow arbitrary code
execution. The flaw lies in an API that is specifically designed to
help prevent against SQL injection attacks. "Drupal 7 includes a
database abstraction API to ensure that queries executed against the
database are sanitized to prevent SQL injection attacks," the Drupal
advisory says. "A vulnerability in this API allows an attacker to send
specially crafted requests resulting in arbitrary SQL execution.
Depending on the content of the requests this can lead to privilege
escalation, arbitrary PHP execution, or other attacks."'
-- source: http://it.slashdot.org/story/14/10/15/2048218
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
"Docker is teaming up with Microsoft to bring its open container
technology to the next release of Windows Server. Docker Engine will
work with the next release of Windows Server and images will be
available in Docker Hub, which will also integrate directly into
Microsoft Azure. The partnership moves Docker beyond Linux for the
first time with new multi-container application capabilities for cloud
and enterprise developers."
-- source: http://slashdot.org/story/14/10/15/1656244
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
"SSL 3.0 is nearly 15 years old, but support for it remains
widespread. Most importantly, nearly all browsers support it and, in
order to work around bugs in HTTPS servers, browsers will retry failed
connections with older protocol versions, including SSL 3.0. Because a
network attacker can cause connection failures, they can trigger the
use of SSL 3.0 and then exploit this issue. Disabling SSL 3.0 support,
or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this
issue, but presents significant compatibility problems, even today.
Therefore our recommended response (PDF) is to support
TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused
by retrying failed connections and thus prevents attackers from
inducing browsers to use SSL 3.0. It also prevents downgrades from TLS
1.2 to 1.1 or 1.0 and so may help prevent future attacks."
-- source: http://it.slashdot.org/story/14/10/15/000239
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
For those that use IRC...
"A detailed analysis has been done of the Linux backdoor used in the
freenode hack. It employed port knocking and encryption to provide
security against others using it. This seems a little more
sophisticated than your average black-hat hacker."
-- source: http://linux.slashdot.org/story/14/10/14/2142214
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
'If you're looking for an alternative to TrueCrypt, you could do worse
than VeraCrypt, which adds iterations and corrects weaknesses in
TrueCrypt's API, drivers and parameter checking. According to the
article, "In technical terms, when a system partition is encrypted,
TrueCrypt uses PBKDF2-RIPEMD160 with 1,000 iterations. For standard
containers and other (i.e. non system) partitions, TrueCrypt uses at
most 2,000 iterations. What Idrassi did was beef up the transformation
process. VeraCrypt uses 327,661 iterations of the PBKDF2-RIPEMD160
algorithm for system partitions, and for standard containers and other
partitions it uses 655,331 iterations of RIPEMD160 and 500,000
iterations of SHA-2 and Whirlpool, he said. While this makes VeraCrypt
slightly slower at opening encrypted partitions, it makes the software
a minimum of 10 and a maximum of about 300 times harder to brute
force."'
-- source: http://it.slashdot.org/story/14/10/13/2234251
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
'Stefan Wold has announced the release of Lunar Linux 1.7.0, a
source-based distribution with a complete application management
system: "You better believe it, the day you all have been waiting for
has finally arrived. The Lunar team proudly announces the final
release of Lunar Linux 1.7.0, code name 'Sinus Successus'. Like the
phoenix rising from the ashes Lunar Linux is back with a vengeance; a
lot of overhauling has been done all over the core tools, packages,
installer and the ISO builder. Even though our journey to reach this
milestone has been a long one we hope that the changes and quality
improvements we've made was worth the wait. So what are you waiting
for? Go grab a copy of Lunar Linux while it is hot! New features in
1.7.0: out with sysvinit and in with systemd; Linux kernel 3.16.3, GCC
4.9.1 and glibc 2.19; added support for the Btrfs file system; GRUB 2
or LILO, pick your poison; improved installer; now with initrd
support; a bunch of updated modules."'
-- source: http://distrowatch.com/?newsid=08641
If you like compiling stuff, this should be an interesting distro. I
wonder, how it compares to Gentoo? Anybody feel like giving it a spin
and maybe share some insights at the next meeting?
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
Hi everyone
The year is coming to an end and it is once again time for an AGM.
This year's AGM will take place on November 24th, usual place at uni, MS4.G.02.
Agenda:
- Possible nomination of additional secretary by committee
- President's Report
- Treasurer's Report
- Election of 2015 Committee
- Consumption of pizza
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
"The Linux Foundation, the nonprofit organization dedicated to
accelerating the growth of Linux and collaborative development, today
announced the founding of the Dronecode Project. The Project will
bring together existing open source drone projects and assets under a
nonprofit structure governed by The Linux Foundation. The result will
be a common, shared open source platform for Unmanned Aerial Vehicles
(UAVs). Founding members include 3D Robotics, Baidu, Box, DroneDeploy,
Intel, jDrones, Laser Navigation, Qualcomm, SkyWard, Squadrone System,
Walkera and Yuneec. Dronecode includes the APM UAV software platform
and associated code, which until now has been hosted by 3D Robotics, a
world leader in advanced UAV autopilot and autonomous vehicle control.
The company was co-founded by Chris Anderson, formerly editor-in-chief
of Wired"
-- source: http://news.slashdot.org/story/14/10/13/1152208
Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174
