Tux Machines
Posted by Roy Schestowitz on Jul 15, 2023
=> KDE: LabPlot 2.10.1, Annual Report, Akademy, and GSoC | today's howtos
=> ↺ Reproducible Builds (diffoscope): diffoscope 244 released
The diffoscope maintainers are pleased to announce the release of diffoscope version 244. This version includes the following changes:
=> ↺ Frank Ch. Eigler: no trust in black box ai
I'm a software guy, and have been a while. I've had the pleasure of witnessing or studying many a software failure, and even causing a few. Comes with part of the job. When a software system fails, we open it up, take a look at how it works, make a patch, then close 'er up and release a new version. Done, more or less, usually. This is possible because the "how it works" part - the computer program - is generally available for inspection and modification. This is especially true in the free/open-source part of the industry, where all the program source code is available to end-users.
=> ↺ free/open-source part of the industry
=> ↺ free/open-source part of the industry
=> ↺ Frank Ch. Eigler: hash attack
Apple has announced that it will start scanning your personal files on your devices for "Child Sexual Abuse Material", as identified by its cryptographic hash. It will apparently match hashes against a database of hash codes of "known" bad content distributed by some sort of well-meaning activist organization. A match will apparently trigger an automatic disabling of one's Apple account, just for starters.
=> ↺ announced | ↺ cryptographic hash
=> ↺ announced | ↺ cryptographic hash
=> ↺ Critical Cisco SD-WAN Vulnerability Leads to Information Leaks
A critical vulnerability in the Cisco SD-WAN vManage software could allow unauthenticated attackers to retrieve information from vulnerable instances.
=> ↺ Hackers Target Reddit Alternative Lemmy via Zero-Day Vulnerability
Several instances of the Reddit alternative Lemmy were hacked in recent days by attackers who had exploited a zero-day vulnerability.
=> ↺ IDS Comparisons with DShield Honeypot Data, (Thu, Jul 6th)
An Intrustion Detection System (IDS) can be helpful to identify suspicious activity. The information recieved from these tools needs to be tuned to the environment so the tool can highlight what is unusual. When looking at honeypot data, it is anticipated to see internet scanners and malicious traffic.
=> ↺ Google Researchers Discover In-the-Wild Exploitation of Zimbra Zero-Day
Google researchers have discovered that a Zimbra zero-day vulnerability has been exploited in the wild, with users being advised to manually patch their installations.
This release fixes the security vulnerabilities described in our July 14th post, ISTIO-SECURITY-2023-002.
This release note describes what’s different between Istio 1.18.0 and 1.18.1. There will be an additional security release made on or after July 25th, 2023 that will fix numerous security defects with the highest security defect considered high severity. For more information, please see the announcement.
=> ↺ ISTIO-SECURITY-2023-002 | ↺ announcement
This release fixes the security vulnerabilities described in our July 14th post, ISTIO-SECURITY-2023-002.
This release note describes what’s different between Istio 1.17.3 and 1.17.4.
This release fixes the security vulnerabilities described in our July 14th post, ISTIO-SECURITY-2023-002.
This release note describes what’s different between Istio 1.16.5 and 1.16.6.
=> gemini.tuxmachines.org This content has been proxied by September (3851b).Proxy Information
text/gemini;lang=en-GB