Tux Machines

Linux Foundation and Proprietary Stuff

Posted by Roy Schestowitz on Jan 13, 2023

=> Nobara Project – More Than Making Fedora Easy To Use | New Pop!_OS Update Makes (Some) Computers Faster

Juniper Networks Releases Security Updates for Multiple Products | CISA

=> ↺ Juniper Networks Releases Security Updates for Multiple Products | CISA

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

DER Entitlements: The (Brief) Return of the Psychic Paper

=> ↺ DER Entitlements: The (Brief) Return of the Psychic Paper

Last year, I spent a lot of time researching the security of applications built on top of XMPP, an instant messaging protocol based on XML. More specifically, my research focused on how subtle quirks in XML parsing can be used to undermine the security of such applications. (If you are interested in learning more about that research, I did a talk on it at Black Hat USA 2022. The slides and the recording can be found here and here).

At some point, when a part of my research was published, people pointed out other examples (unrelated to XMPP) where quirks in XML parsing led to security vulnerabilities. One of those examples was a vulnerability dubbed Psychic Paper, a really neat vulnerability in the way Apple operating system checks what entitlements an application has.

OpenSSF Outlook Q1 2023: How to avoid the next Log4Shell and other OSS security reflections [Ed: Log4Shell flaws is 2021 news. In 2023 the 'Linux' Foundation still brings it up for FUD.]

=> ↺ OpenSSF Outlook Q1 2023: How to avoid the next Log4Shell and other OSS security reflections | ↺ In 2023 the 'Linux' Foundation still brings it up for FUD

2023 Predictions: Open Networking, Edge, Access - Core

=> ↺ 2023 Predictions: Open Networking, Edge, Access - Core

It’s that time of year again! Time to look back on the success and challenges of the past year, both of which we saw much of in 2022. Another year of a global pandemic, an uncertain economy, and more colorful geopolitical issues. But also stronger open source communities, more innovation, and integration across verticals as the industry marches toward digital innovation. That said, read below for my predictions as we head into 2023 and a look back at where we netted out on 2022 predictions.

[..]

With further technology export and import bans and increased geo-specific regulation (e.g. EU), Open Source will remain the neutral platform where innovation happens. OSS development will continue to comply with the changing legislation, allowing country-specific requirements (security, data, federation, compliance, etc.) and be upstreamed into Open Source Networking and connectivity projects.

=> gemini.tuxmachines.org