LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Wednesday, December 11th, 2019

    Time Event
    3:42p
    [$] OpenBSD system-call-origin verification
    A new mechanism to help thwart return-oriented
    programming     (ROP) and similar attacks has recently been added to the
    OpenBSD kernel. It will block system calls that are not made via the C
    library (libc) system-call wrappers. Instead of being able to string
    together some "gadgets" that make a system call directly, an attacker would
    need to be able to call the wrapper, which is normally at a randomized location.
    3:46p
    Behind the One-Way Mirror (EFF)
    The Electronic Frontier Foundation has posted a detailed
    study     on third-party corporate surveillance on the Internet (and
    beyond). "Both Google and Apple encourage developers to use ad IDs
    for behavioral profiling in lieu of other identifiers like IMEI or phone
    number. Ostensibly, this gives users more control over how they are
    tracked, since users can reset their identifiers by hand if they
    choose. However, in practice, even if a user goes to the trouble to reset
    their ad ID, it’s very easy for trackers to identify them across resets by
    using other identifiers, like IP address or in-app storage. Android’s
    developer policy instructs trackers not to engage in such behavior, but the
    platform has no technical safeguards to stop it. In February 2019, a study
    found that over 18,000 apps on the Play store were violating Google’s
    policy.    "
    4:03p
    Security updates for Wednesday
    Security updates have been issued by Arch Linux (crypto++ and thunderbird), Debian (cacti, freeimage, git, and jackson-databind), Fedora (nss), openSUSE (clamav, dnsmasq, munge, opencv, permissions, and shadowsocks-libev), Red Hat (nss, nss-softokn, nss-util, rh-maven35-jackson-databind, and thunderbird), Scientific Linux (nss, nss-softokn, nss-util, nss-softokn, and thunderbird), SUSE (caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, crowbar-ui, etcd, flannel, galera-3, mariadb, mariadb-connector-c, openstack-dashboard-theme-SUSE, openstack-heat-templates, openstack-neutron, openstack-nova, openstack-quickstart, patterns-cloud, python-oslo.messaging, python-oslo.utils, python-pysaml2, libssh, and strongswan), and Ubuntu (git, libpcap, libssh, and thunderbird).
    11:32p
    [$] Working toward securing PyPI downloads
    An effort to protect package downloads from the Python
    Package Index     (PyPI) has resulted in a Python Enhancement Proposal
    (PEP) and, perhaps belatedly, some discussion in the wider community. The
    basic idea is to use The
    Update Framework     (TUF) to protect PyPI users from some malicious
    actors who are aiming to interfere with the installation and update of
    Python modules. But the name of the PEP and its wording, coupled with some recent typosquatting problems on PyPI, caused
    some confusion along the way. There are some competing interests and
    different cultures coming together over this PEP; the process has not run as
    smoothly as anyone might want, though that seems to be resolving itself at
    this point.

    << Previous Day 2019/12/11
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org