Tux Machines

Security: Reproducible Builds and More

Posted by Roy Schestowitz on Sep 02, 2023

=> The technical merits of Wayland are mostly irrelevant | Trisquel and Firefox 117 on Talos (POWER)

Reproducible Builds (diffoscope): diffoscope 249 released

=> ↺ Reproducible Builds (diffoscope): diffoscope 249 released

The diffoscope maintainers are pleased to announce the release of diffoscope version 249. This version includes the following changes: [...]

Exploit Code Published for Critical-Severity VMware Security Defect

=> ↺ Exploit Code Published for Critical-Severity VMware Security Defect

He pointed to VMWare’s CVE-2023-34039 advisory (CVSS severity score of 9.8 out of 10) that describes the bug as a network authentication bypass and warns that the issue is being mischaracterized.

“Interestingly, VMware has named this issue “Networks Authentication Bypass”, but in my opinion, nothing is getting bypassed. There is SSH authentication in place; however, VMware forgot to regenerate the keys,” Kheirkha said.

Why is .US Being Used to Phish So Many of Us?

=> ↺ Why is .US Being Used to Phish So Many of Us?

Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States.

=> gemini.tuxmachines.org