Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment: Grinch is not a flaw - has no CVE!!! (Score 5, Informative) 116

by darthcamaro (#48628735) Attached to: Grinch Vulnerability Could Put a Hole In Your Linux Stocking
The linked story is factually incorrect. Red Hat (and others) have publicly stated that this isn't a flaw at all but is in fact an expected and specified feature of PolicyKIt. I spoke with Red Hat on this, which is something that neither of the linked articles in this /. post did. It's not a flaw at all.
Also check out Red Hat Knowledgebase article on this too.

A report has been released detailing an issue that the reporter is naming "Grinch". This report incorrectly classifies expected behavior as a security issue.

+ - Linux Hit by Privilege Escalation Flaw; The Grinch is Not to Blame-> 1

Submitted by darthcamaro
darthcamaro (735685) writes "Some media outlets in the past 24 hours have been reporting on a new alleged flaw in Linux that has been branded as the Grinch. The only problem with the flaw, is that it's not actually a flaw at all, it's a pre-defined feature in PolicyKit.

Basically, this bug report on Grinch was a bit more sensational than it needed to be," Josh Bressers, lead of the Red Hat Product Security Team said.

Ironically though, the same day that the Grinch was disclosed, a bona fide real Linux kernel privilege escalation vulnerability identified as CVE-2014-9322 was disclosed and patched."
Link to Original Source

+ - After a Five Year Delay, Snort 3.0 is Back in Development->

Submitted by darthcamaro
darthcamaro (735685) writes "The world's most popular open-source Intrusion Prevention System (IPS) has long been Snort, but it has been a while since there has been a major upgrade. Back in 2009 an effort started to build a Snort 3.0 but it got shelved. This week, Cisco announced that Snort 3.0 is now in development and it will bring a new policy language engine and a new command line shell.

"The user-friendliness features, for example, might enable users to build a programmatic interface for Snort, so when you run it, it can ask the user what class of attacks to look for," Marty Roesch, Snort founder said

"

Link to Original Source

+ - Red Hat Enterprise Linux 7.1 Set To Beef Up Security->

Submitted by darthcamaro
darthcamaro (735685) writes "Red Hat Enterprise Linux 7.1 is now out as a public beta and it has a long list of new features including improved Ceph storage support and windows Common Internet File System (CIFS) integration. Security is a big item in the new release with a number of new capabilities including support for FreeOTP for two-factor authentication, a new Certificate Authority managements system and an guide for the Security Content Automation Protocol (SCAP)"
Link to Original Source

+ - Cisco, Akamai, EFF and Mozilla Partner for New Free Let's Encrypt SSL Service->

Submitted by darthcamaro
darthcamaro (735685) writes "We all know we should deploy SSL/TLS on our servers but it's not always easier (or cheap) to do properly. That's the reason why the Electronic Frontier Foundation (EFF), Cisco, Akamai and Mozilla have come together for the 'Let's Encrypt' initiative which will provide free certificates backed by a free certificate authority

Peter Eckersley, technology projects director at the EFF said: "To Websites that have been struggling with HTTPS, and Internet users who are frustrated by a lack of privacy and security, we have a simple message: Help is on the way."

"

Link to Original Source

+ - Does Open Source Have Any Natural Enemies?-> 1

Submitted by darthcamaro
darthcamaro (735685) writes "Usually, proprietary closed software is thought off as being the enemy of open source, but that's not necessarily the case. At the OpenStack Summit in Paris, Mark Collier, the Chief Operating Officer of the OpenStack Foundation spent the first half of his keynote bashing Amazon for being a monolith. But he was quick to note at the midway point that Amazon isn't the enemy. In his view, open source doesn't have any enemies.

"Open source is not about enemies; it's about using technology in the way that you want," Collier said. What do you think?

"

Link to Original Source

+ - Are New Domain Names Leading to Confusion for .com and .net?->

Submitted by darthcamaro
darthcamaro (735685) writes "A year ago, there were only 22 Top Level Domain Names, with .com and .net being the most commonly deployed. Now there are hundreds of new names and according to VeriSign (the people that manage .com and .net), it's leading to confusion.
Are you confused by new .xyz / .guru .anything domains?"

Link to Original Source

+ - The Carder Who Loved Me (aka how to entrap a Credit Card Criminal)->

Submitted by darthcamaro
darthcamaro (735685) writes "Credit card theft is the bane of the modern world and credit card thieves — known as Carders — are growing in number. Big retail breaches are giving these carders lots of numbers to play with, but thankfully law enforcement is up to the task of tracking down the carders. In a session at the SecTor security conference in Toronto, Grayson Lenik, recounted a story of how a good looking undercover female agent convinced a card to come to Las Vegas to marry her. It didn't end well for the carder — or his friends."
Link to Original Source

+ - OpenStack Juno Released!-> 1

Submitted by darthcamaro
darthcamaro (735685) writes "The OpenStack Juno release is now generally available. This the 10th major release for the open-source cloud platform and introduces the Sahara Data Processing Service as the major new project. That's not the only new feature in Juno though, with 310 new features in total. The new features include cloud storage policy, improved IPv6 support, a rescue mode and improved multi-cloud federation capabilities."
Link to Original Source

+ - Red Hat Enterprise Linux 6.6's Big New Feature is Red Hat Enterprise Linux 7 ->

Submitted by darthcamaro
darthcamaro (735685) writes "Red Hat is out today with Red Hat Enterprise Linux 6.6 (RHEL), providing its users with a long list of incremental updates. While many of those updates are new to RHEL 6, they are not new to RHEL 7, the newer version of Red Hat's flagship enterprise Linux product. High-availability, security and peformance features from RHEL 7 now land in RHEL 6.6. Going a step further, Red Hat is now providing a RHEL 6 Docker Image, so RHEL 7 users can run RHEL 6 applications on RHEL 7 without any changes.

As to why RHEL 6 applications cannot just simply run natively on RHEL 7, Bhavna Sarathy, technology product manager in the Platform Business Unit at Red Hat explained explained that applications that were built and certified to run on Red Hat Enterprise Linux 6 have to be rebuilt and re-certified to run on Red Hat Enterprise Linux 7, as the software stack between the two major releases is vastly different.

"

Link to Original Source

+ - Xen Cloud Fix Shows the Right Way To Patch Open-Source Flaws-> 1

Submitted by darthcamaro
darthcamaro (735685) writes "Amazon, Rackspace and IBM have all patched their public clouds over the last several days due to a vulnerability in the Xen hypervisor. According to a new report, the Xen project was first advised of the issue two weeks ago, but instead of the knee jerk type reactions we've seen with Heartbleed and now Shellshock, the Xen project privately fixed the bug and waited until all the major Xen deployment were patched before any details were released. Isn't this the way that all open-source projects should fix security issues?"
Link to Original Source

+ - Marten Mickos' Plan for OpenStack? Total Victory->

Submitted by darthcamaro
darthcamaro (735685) writes "Marten Mickos is not yet officially part of HP and it's OpenStack cloud (yet) but he will be soon. On Sept 11 Mickos' company Eucalyptus announced that it was being acquired by HP, though the deal has not yet officially closed. That's not stopping Mickos from making bold predictions about OpenStack — an effort that he has been a competitor against for most of the last four years. Speaking at the OpenStack Silicon Valley event Mickos laid out his plan

"For the last one and a half decades, I have been trying to reach full victory for open source," Mickos said.

"

Link to Original Source

+ - Should Docker Move to a Non-Profit Foundation?->

Submitted by darthcamaro
darthcamaro (735685) writes "Docker has become the new hotness in virtualization technology — but it is still a project that is led by the backing of a single vendor — Docker Inc. Is that a problem? Should there be an open-source Foundation to manage the governance and operation of the Docker project? In a video interview — Docker founder and Benevolent Dictator for Life Solomon Hykes says — No."
Link to Original Source

+ - Millions of IPv4 Addresses Reclaimed - IPv4 is not dead ! (yet).->

Submitted by darthcamaro
darthcamaro (735685) writes "Back in 2011, IANA said it had allocated its last /8 block of freely available IPv4 address space. As it turns out, here we are in 2014 and IANA has now reclaimed several million IPv4 addresses that it is now giving to regional internet registries. While that means that unallocated IPv4 space is still available, don't get your hopes up that it's limitless, ARIN only has just over one million IPv4 addresses left for the Americas."
Link to Original Source

+ - Google Introduce HTML 5.1 Tag to Chrome->

Submitted by darthcamaro
darthcamaro (735685) writes "Forget about HTML5, that's already passe — Google is already moving on to HTML5.1 support for the upcoming Chrome 38 release. Currently only a beta, one of the biggest things that web developers will notice is the use of the new "picture" tag which is a container for multiple image sizes/formats. Bottom line is it's a new way to think about the "IMG" tag that has existed since the first HTML spec."
Link to Original Source

"The way of the world is to praise dead saints and prosecute live ones." -- Nathaniel Howe

Working...