Tuesday, November 10th, 2015

Time	Event
12:51a	TPP has provision banning requirements to transfer or access source code (Knowledge Ecology International) Knowledge Ecology International looks at Article 14.17 of the Trans-Pacific Partnership (TPP), which has a provision banning requirements to transfer or provide access to software source code. "I'm wondering how the GPL fares here, and how much money Microsoft spent lobbying to get this included in the TPP, or if the NSA has a role in this. One aspect of this provision is that governments cannot insist on source code transparency, for mass market software, even to address concerns over security or interoperability." (Comment on this)
1:47p	A set of stable kernel updates The 4.2.6, 4.1.13, 3.14.57, and 3.10.93 stable kernel updates have all been released; each contains another set of important fixes. (Comment on this)
4:22p	TensorFlow released Google has released its TensorFlow machine-learning library under the Apache 2.0 license. "TensorFlow is an open source software library for numerical computation using data flow graphs. Nodes in the graph represent mathematical operations, while the graph edges represent the multidimensional data arrays (tensors) communicated between them." For those who are unfamiliar with this type of programming, this basic MNIST tutorial gives a feel for how it works with TensorFlow. (Comment on this)
5:39p	Tuesday's security advisories Debian has updated kernel (multiple vulnerabilities) and unzip (regression in previous update). Fedora has updated firefox (F21: multiple vulnerabilities), icecat (F23; F22; F21: hardened build), nspr (F21: multiple vulnerabilities), nss (F21: multiple vulnerabilities), nss-softokn (F21: multiple vulnerabilities), nss-util (F21: multiple vulnerabilities), and xen (F22; F21: multiple vulnerabilities). openSUSE has updated firefox, nspr, nss, xulrunner, seamonkey (Leap42.1, 13.2, 13.1: multiple vulnerabilities). Red Hat has updated sssd (RHEL6: memory leak). Scientific Linux has updated sssd (SL6: memory leak). Ubuntu has updated kernel (15.10; 15.04; 14.04; 12.04: denial of service), linux-lts-trusty (12.04: denial of service), linux-lts-utopic (14.04: denial of service), and linux-lts-vivid (14.04: denial of service). (Comment on this)
11:45p	Linux Ransomware Debut Fails on Predictable Encryption Key (Bitdefender Labs) Bitdefender Labs takes a look at Linux.Encoder.1 ransomware. "Linux.Encoder.1 is executed on the victim’s Linux box after remote attackers leverage a flaw in the popular Magento content management system app. Once executed, the Trojan looks for the /home, /root and /var/lib/mysql folders and starts encrypting their contents. Just like Windows-based ransomware, it encrypts the contents of these files using AES (a symmetric key encryption algorithm), which provides enough strength and speed while keeping system resources usage to a minimum. The symmetric key is then encrypted with an asymmetric encryption algorithm (RSA) and is prepended to the file, along with the initialization vector used by AES." Once the files are encrypted the hackers demand a fee in exchange for the RSA private key to decrypt the AES symmetric one. However, Bitdefender researchers were able to recover the AES key without having to decrypt it with the RSA private key. One can also thwart this threat with some good backups. (Thanks to Richard Moore) (Comment on this)

<< Previous Day

2015/11/10 [Calendar]

Next Day >>