Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×

Submission + - Malicious code discovered in popular xz utils (arstechnica.com)

Submitted by Cognitive Dissident
Cognitive Dissident writes: Code designed to compromise SSH connections has been discovered in a widely used compression utility
.

The compression utility, known as xz Utils, introduced the malicious code in versions 5.6.0 and 5.6.1, according to Andres Freund, the developer who discovered it. There are no confirmed reports of those versions being incorporated into any production releases for major Linux distributions, but both Red Hat and Debian reported that recently published beta releases used at least one of the backdoored versions—specifically, in Fedora 40 and Fedora Rawhide and Debian testing, unstable and experimental distributions. Because the backdoor was discovered before the malicious versions of xz Utils were added to production versions of Linux, “it's not really affecting anyone in the real world,” Will Dormann, a senior vulnerability analyst at security firm ANALYGENCE, said in an online interview. “BUT that's only because it was discovered early due to bad actor sloppiness. Had it not been discovered, it would have been catastrophic to the world.”

The really worrying part here is that the developer clearly did it on purpose, and he has been on this project for a solid two years. This raises all sorts of questions about the security of Linux in general. How many other 'deep cover' operatives might be planning or actually in the process of inserting malicious code into the Gnu/Linux code base?

Comment It's Mozilla Sync 1.1 all over again (Score 1) 12

by kmike (#64241132) Attached to: DuckDuckGo's Browser Adds Encrypted, Privacy-Minded Syncing and Backup

Not really. The service as described by DDG strongly reminds me of old Mozilla Weave/Sync 1.1, which had a very sensible design from the security standpoint - your own encryption key never left your device, everything to be backed up was encrypted with it before being sent to the Mozilla servers, thus making your backups not readable to Mozilla. However, in Sync 1.5 and later they "upgraded" the service by integrating it with Firefox accounts. Your encryption key is stored on Mozilla servers now, as a part of your account. New Firefox Sync doesn't have anything in common with older, more private (and secure!) Mozilla Sync 1.1

I only hope this DDG service doesn't follow the Mozilla lead.

Comment Re:well ... (Score 1) 71

by kmike (#64140225) Attached to: How Does FreeBSD Compare to Linux on a Raspberry Pi?

With one substantial difference. Android doesn't present a shell environment, unix utilities and services, compilers and other development tools. OS X provides a complete BSD environment with all the trimmings where the user can interact with it.

But every Android system has a shell and a number of Unix utilities and services, albeit hidden from plain view. You can install any terminal emulator to run a shell where you can interact with system utilities. The shell is also available remotely via "adb shell" if you enable development mode and plug your Android system into a PC.
Compilers and development tools are not available, but that's completely understandable as storage is a precious resource on a phone.

Comment Re:first boot (Score 1) 142

by kmike (#58871096) Attached to: India's First CPUs Are Ready For App Development

Russia does not really count because Baikal's home-grown core is an ARM core. it wasn't *designed* in Russia, although it was taped-out on a Russia fab.

Wrong. Baikal-T1 uses MIPS: http://www.cpu-world.com/news_...
Though you can rightfully argue it's not fully Russian as it uses a commercial core. "Elbrus" line of CPUs, however, is fully "home-grown": https://en.wikipedia.org/wiki/...
I guess "Elbrus' does fall under "designed in Russia", right?

Submission + - India Launches Final Satellite for Its Own Version of GPS

Submitted by vasanth
vasanth writes: India on Thursday entered an exclusive club of five nations that have their own satellite navigation and positioning system with the launch of IRNSS-1G,known as Navic, the country’s seventh navigation satellite.

For many years now, India has been mostly dependent on the Global Positioning System built by the US. However, when the USA denied GPS information during the Kargil war in 1999, the nation felt the need for an indigenous navigation system. The system–previously called the Indian Regional Navigation Satellite System was designed to provide accurate position information to users in India and as far as 1,500 kilometers (932 miles) from its borders.

India has been gaining recognition worldwide as a low-cost option for sending satellites into orbit. In 2014, it put a satellite into the orbit of Mars, becoming the first country in Asia to reach the red planet. India’s space minister Jitendra Singh said on Wednesday that the country also plans to launch a communications satellite that will provide enhanced bandwidth connectivity to rural areas.

The ISRO’s rocket, the Polar Satellite Launch Vehicle, or PSLV, also carried five satellites from the U.K..The space agency said it was the thirty-fourth consecutive successful mission for the PSLV. ISRO plans to launch 22 satellites in another flight of PSLV including 19 satellites from four countries: 13 from the U.S., three from Germany, two from Canada and one from Indonesia.

Comment Re:Misleading google+ figures (Score 1) 274

by kmike (#40696753) Attached to: Facebook Loses Users, Satisfaction Higher at Google+

That's because the numbers from Compete do not correspond to reality. Compete.com is tracking some preselected panel of people, which in no way could represent the entire site usage. And then they stretch and inflate that data, and call it the "site profile".

For the reference, here's another such Google+ profile, from Alexa, which shows no "dramatic growth" whatsoever:
http://www.alexa.com/siteinfo/plus.google.com

Comment Re:But... (Score 1) 745

by kmike (#38336880) Attached to: Is the Earth Special?

And in his Robots and Empire, the Earth is special because of the relative abundance of the radioactive elements like uranium in the Earth crust.

Slashdot Top Deals

You knew the job was dangerous when you took it, Fred. -- Superchicken

Close