LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Thursday, August 18th, 2016

    Time Event
    12:16a
    [$] LWN.net Weekly Edition for August 18, 2016
    The LWN.net Weekly Edition for August 18, 2016 is available.
    3:39p
    Thursday's security advisories

    Arch Linux has updated chromium (multiple vulnerabilities) and linux-zen (connection hijacking).

    Debian has updated gnupg (flawed random number generation) and libgcrypt20 (flawed random number generation).

    Debian-LTS has updated libupnp (arbitrary file overwrite).

    Fedora has updated bind (F23: denial of service), fontconfig (F23: privilege escalation), and python3 (F23: proxy injection).

    SUSE has updated xen (SLE12: multiple vulnerabilities, one from 2014) and yast2-ntp-client (SLE10: multiple vulnerabilities, most from 2015).

    Ubuntu has updated fontconfig (16.04, 14.04, 12.04: privilege escalation).

    7:01p
    Security against Election Hacking (Freedom to Tinker)
    Over at the Freedom to Tinker blog, Andrew Appel has a two-part series on security attacks and defenses for the upcoming elections in the US (though some of it will obviously be applicable elsewhere too). Part 1 looks at the voting and counting process with an eye toward ways to verify what the computers involved are reporting, but doing so without using the computers themselves (having and verifying the audit trail, essentially). Part 2 looks at the so-called cyberdefense teams and how their efforts are actually harming all of our security (voting and otherwise) by hoarding bugs rather than reporting them to get them fixed.

    "With optical-scan voting, the voter fills in the bubbles next to the names of her selected candidates on paper ballot; then she feeds the op-scan ballot into the optical-scan computer. The computer counts the vote, and the paper ballot is kept in a sealed ballot box. The computer could be hacked, in which case (when the polls close) the voting-machine lies about how many votes were cast for each candidate. But we can recount the physical pieces of paper marked by the voter’s own hands; that recount doesn’t rely on any computer. Instead of doing a full recount of every precinct in the state, we can spot-check just a few ballot boxes to make sure they 100% agree with the op-scan computers’ totals.
    Problem: What if it’s not an optical-scan computer, what if it’s a paperless touchscreen (“DRE, Direct-Recording Electronic) voting computer? Then whatever numbers the voting computer says, at the close of the polls, are completely under the control of the computer program in there. If the computer is hacked, then the hacker gets to decide what numbers are reported. There are no paper ballots to audit or recount. All DRE (paperless touchscreen) voting computers are susceptible to this kind of hacking. This is our biggest problem.    "
    7:47p
    Xenomai project mourns Gilles Chanteperdrix
    The Xenomai project is mourning Gilles Chanteperdrix, a longtime maintainer of the realtime framework, who recently passed away. In the announcement, Philippe Gerum writes: "Gilles will forever be remembered as a true-hearted man, a brilliant mind always scratching beneath the surface, looking for elegance in the driest topics, never jaded from such accomplishment.

    According to Paul Valéry, “death is a trick played by the inconceivable on the conceivable”. Gilles’s absence is inconceivable to me, I can only assume that for once, he just got rest from tirelessly helping all of us.    "
    10:35p
    Microsoft announces PowerShell for Linux and Open Source
    Microsoft has announced the release of its PowerShell automation and scripting platform under the MIT license, complete with a GitHub repository. "Last year we started down this path by contributing to a number of open source projects (e.g. OpenSSH) and open sourcing a number of our own components including DSC resources. We learned that working closely with the community, in the code and with our backlog and issues list, allowed us prioritize and drive the development much more responsively. We’ve always worked with the community but shifting to a fine-grain, tight, feedback loop with the code, energized the team and allowed us to focus on the things that had the most impact for our customers and partners. Now we are going big by making PowerShell itself an open source project and making it available on Mac OS X, Ubuntu, CentOS/RedHat and others in the future."

    << Previous Day 2016/08/18
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org