Wednesday, November 18th, 2015

Time	Event
3:55p	[$] Supporting secure DNS in glibc One of the many weak links in Internet security is the domain name system (DNS); it is subject to attacks that, among other things, can mislead applications regarding the IP address of a system they wish to connect to. That, in turn, can cause connections to go to the wrong place, facilitating man-in-the-middle attacks and more. The DNSSEC protocol extensions are meant to address this threat by setting up a cryptographically secure chain of trust for DNS information. When DNSSEC is set up properly, applications should be able to trust the results of domain lookups. As the discussion over an attempt to better integrate DNSSEC into the GNU C Library shows, though, ensuring that DNS lookups are safe is still not a straightforward problem. (Comment on this)
4:05p	Microsoft's Visual Studio Code open-sourced Microsoft has announced that its Visual Studio Code tool is now available under the MIT license. "Code combines the streamlined UI of a modern editor with rich code assistance and navigation, and an integrated debugging experience – without the need for a full IDE." The code for Code can be found in its GitHub repository. (Comment on this)
5:17p	Security advisories for Wednesday Arch Linux has updated jenkins (multiple vulnerabilities). Debian-LTS has updated libpng (multiple vulnerabilities) and openafs (multiple vulnerabilities). Fedora has updated cyrus-imapd (F22: information disclosure) and pdns (F22: denial of service). openSUSE has updated dracut (13.2: unspecified vulnerability) and putty (Leap42.1, 13.2, 13.1: memory corruption). Red Hat has updated nss, nss-util, nspr (RHEL6.2, 6.4, 6.5, 6.6: code execution). Ubuntu has updated lxcfs (15.10, 15.04: privilege escalation). (Comment on this)

<< Previous Day

2015/11/18 [Calendar]

Next Day >>