LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Friday, March 26th, 2021

    Time Event
    1:51p
    Google’s top security teams unilaterally shut down a counterterrorism operation (Technology Review)
    Technology review covers
    the controversy     that has resulted from Google's disclosure
    and fixing     of a number of security vulnerabilities being exploited by
    Western intelligence agencies. "Instead of focusing on who was
    behind and targeted by a specific operation, Google decided to take broader
    action for everyone. The justification was that even if a Western
    government was the one exploiting those vulnerabilities today, it will
    eventually be used by others, and so the right choice is always to fix the
    flaw today.    "
    2:51p
    Security updates for Friday
    Security updates have been issued by Debian (firefox-esr, jquery, openssl, and thunderbird), openSUSE (openssl-1_1 and tor), Oracle (firefox and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (libzypp, zypper and openssl-1_1), and Ubuntu (firefox, ldb, openssl, and ruby2.0).
    3:46p
    [$] The uninvited Internet of things
    The "Internet of things" (IoT), being the future paradise that awaits us
    when all of our devices are connected to the net, is a worrisome prospect
    to just about anybody who has thought about its security and privacy
    implications. It would be problematic even if the design of all connected
    devices included security and privacy as absolute requirements — but that
    is not the way these devices are made. Currently, it is possible to opt
    out of much of the IoT experience with a bit of attention and discipline.
    In the near future, though, that situation is likely to change and it is
    not clear what we can do about it.
    7:57p
    Buffer overruns, license violations, and bad code: FreeBSD 13’s close call (Ars Technica)
    For those wanting more details on the saga of the WireGuard implementation
    that was almost released in FreeBSD 13 (a story that LWN covered recently), this
    Ars Technica story     digs in deep. "Despite not having any kernel
    developers on-staff, Ars was able to verify at least some of Donenfeld's
    claims directly, quickly, and without external assistance. For instance,
    finding a validation function which simply returned true—and printf
    statements buried deep in cryptographic loops—required nothing more
    complicated than grep.    "

    << Previous Day 2021/03/26
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org