All Activity
This stream auto-updates
- Today
-
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4604-1 security@debian.org https://www.debian.org/security/ Hugo Lefeuvre January 19, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cacti CVE ID : CVE-2019-16723 CVE-2019-17357 CVE-2019-17358 Debian Bug : 947374 947375 941036 Multiple issues have been found in cacti, a server monitoring system, potentially resulting in SQL code execution or information disclosure by authenticated users. CVE-2019-16723 Authenticated users may bypass authorization checks for viewing a graph by submitting requests with modified local_graph_id parameters. CVE-2019-17357 The graph administration interface insufficiently sanitizes the template_id parameter, potentially resulting in SQL injection. This vulnerability might be leveraged by authenticated attackers to perform unauthorized SQL code execution on the database. CVE-2019-17358 The sanitize_unserialize_selected_items function (lib/functions.php) insufficiently sanitizes user input before deserializing it, potentially resulting in unsafe deserialization of user-controlled data. This vulnerability might be leveraged by authenticated attackers to influence the program control flow or cause memory corruption. For the oldstable distribution (stretch), these problems have been fixed in version 0.8.8h+ds1-10+deb9u1. Note that stretch was only affected by CVE-2018-17358. For the stable distribution (buster), these problems have been fixed in version 1.2.2+ds1-2+deb10u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4605-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 19, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-11 CVE ID : CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2655 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes. For the stable distribution (buster), these problems have been fixed in version 11.0.6+10-1~deb10u1.
-
Post the funniest thing you saw on the Internets today
securitybreach replied to amenditman's topic in The Restaurant at the Edge of the Universe
- Yesterday
-
Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices
V.T. Eric Layton replied to securitybreach's topic in Security & Networking
It's not your computer you need to protect. It's your PRIVACY. -
Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices
Robert replied to securitybreach's topic in Security & Networking
My router allows you to make Virtual Lans so I made one for the TVs and Blu-Ray player, and a second for the video security system. Hopefully this is enough extra security to protect my computer. -
Exploit Fully Breaks SHA-1, Lowers the Attack Bar
V.T. Eric Layton replied to securitybreach's topic in Security & Networking
By the way, Josh... I thought this sounded familiar, but my over 50 brain couldn't remember, so I had to search. Seems that SHA1 has been compromised for quite some time already... https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html -
You may want to reconsider that after reading this: Intel's Mitigation For CVE-2019-14615 Graphics Vulnerability Obliterates Gen7 iGPU Performance https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html I also have several Nvidia cards GTX970 and GTX560 Ti. The GTX560 Ti has issues with Nvidia driver but is fine with Nouveau. I can't say I prefer them to AMD as I never had AMD, but I never had any reason to change as performance is satisfactory. All software can be subject to regressions/bugs and all hardware can be subject to design faults. I'm not going to lose any sleep over either.
-
Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices
securitybreach replied to securitybreach's topic in Security & Networking
Its just like it was in 80s-mid 90s of computing, security hasn't caught up with the technology yet. There is no such thing as security on LoT devices yet. -
Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices
V.T. Eric Layton replied to securitybreach's topic in Security & Networking
Yeah, it's bad enough that the NSA has video (from your IoT fridge) on their servers of you sneaking into the kitchen at night in your underwear to swipe that last piece of chocolate meringue pie your spouse was saving for lunch tomorrow. -
Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices
ebrke replied to securitybreach's topic in Security & Networking
I really am not a luddite (I hope), but it seems to me that 95% of the devices now being sold with internet connectivity don't need it or shouldn't have it. Result is people who don't know how to properly handle security for the devices get in trouble and sue the manufacturer. It's a very rare that my sympathy is with the manufacturer, but in these cases it usually is. I try not to be judgmental, but people who put an internet enabled camera in their child's room are begging for a bad outcome if they're not smart enough to recognize their limitations with technology. -
Linus Torvalds isn't worried about Microsoft taking over Linux
securitybreach replied to V.T. Eric Layton's topic in Bruno's All Things Linux
Nice- 1 reply
-
- 1
-
-
Linus Torvalds isn't worried about Microsoft taking over Linux
V.T. Eric Layton posted a topic in Bruno's All Things Linux
By Steven J. Vaughan-Nichols for Linux and Open Source | October 7, 2019 -- 13:35 GMT (06:35 PDT) | Topic: Enterprise Software And you shouldn't be either. Every company wants to rule Linux -- none of them can or ever will. LINK to full article @ ZDNet- 1 reply
-
- 2
-
-
Post the funniest thing you saw on the Internets today
securitybreach replied to amenditman's topic in The Restaurant at the Edge of the Universe
-
I hope you're not running proprietary Nvidia drivers.
-
I'll be the one, lone voice here for OpenSuSE, which so far has accepted my older hardware without problems. Now that I've said that, I hope it will remain true--I just downloaded the net install for Leap 15.1 and plan to try to install it next week.
-
True... to a point. I prefer Nvidia because it was better supported than AMD/Radeon in Linux. I don't know if that is still the case these days, though. My GTX560 isn't ancient, but it's not top-o-the-line at the moment, so It uses legacy drivers provided by Nvidia. No troubles until this newer kernel (4.4.208) attempted upgrade in Slackware.
-
Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices
V.T. Eric Layton replied to securitybreach's topic in Security & Networking
Weeeeeeeeeee! What fun! -
Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices
securitybreach posted a topic in Security & Networking
https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/ -
Post the funniest thing you saw on the Internets today
securitybreach replied to amenditman's topic in The Restaurant at the Edge of the Universe
-
Exploit Fully Breaks SHA-1, Lowers the Attack Bar
securitybreach replied to securitybreach's topic in Security & Networking
Well the problem is that lots of linux distros use them along with md5 to check their ISOs. As well as Github, and others who still use SHA1. -
I'm glad Mr. Starkweather chose to ignore his supervisor's comments!
-
Exploit Fully Breaks SHA-1, Lowers the Attack Bar
zlim replied to securitybreach's topic in Security & Networking
So who is still using this? It is also been blocked in IE 11. I guess only those who choose to ignore warnings would go to dangerous sites. -
Windows 7 Gets Final Monthly Rollup Update Before End Of Life
zlim replied to Corrine's topic in Security & Networking
What a lovely desktop picture! -
Personally, I like Nvidia cards. As long as you use the nvidia driver, in my experience, they work flawlessly. That said, I do not use older cards so none of these issues plague me. I just got a Asus ROG GTX 1070 8gb the other week that replaced my aging GTX 970 4gb and I didn't have to reinstall the drivers or anything. I just replaced it and carried on. Unfortunately for a lot of people, most Linux distros nowadays are not designed to be ran on older systems. There are some distros that cater to older machines but most of your popular distros will require up to date hardware. The key is to not use bleeding edge hardware as the drivers may not be there yet but also do not use too old of hardware or it won't be supported. At one time Linux was great for older hardware but that is really not the case as much nowadays for mainstream distros. Best thing that can be done is to use those that cater to older hardware or use a more lightweight environment. For instance, Gnome requires a minimum of 4GB of ram (at minimum) to run on Ubuntu: https://help.ubuntu.com/community/Installation/SystemRequirements
-
I do have a relatively recent (GTX 1060) Nvidia GPU in my Windows Box but that is because my train sims are optimized for Nvidia. I won't upgrade again though as long as I have this system. Anything more powerful will only bottleneck my Sandy Bridge CPU. I have an Nvidia card in my old dual core desktop that I use as a jukebox in the workroom. But as I said earlier, Nouveau works well enough to give me a display. I've had trouble with AMD in the past but once you get the FOSS driver working, it is great. AMD on Linux seems to be best with old tech anyway. Really Intel is the best bet of all, assuming you don't need hard core 3D capability.
-
Okay, I've finally taken SB's advice and started tinkering with VMM in attempt to replace Virtualbox (VB). I do like the idea of a "native" Linux virtualization solution, and VMM seems to be WAY overkill for my limited use-case scenario. That's okay though, as I'd rather "grow into" software than "grow out of" it. There isn't much documentation regarding VMM, especially compared to VB; and the documentation available seems to be way over my head, using concepts and terminology that sound greek to me. But a little background first... I have intentions of migrating away from Lubuntu and their 3-year LTS support cycle. To that end, I'm looking at jumping over to Debian Stable, with their approximately 5 year support window. I've assembled a Debian 10 LXQT VM in VB, but replacing VB with VMM. I've taken a Refracta Snapshot, copied to usb stick with "dd", and successfully installed to testbed laptop with Refracta Installer. So far, so good, and I'm pretty happy with everything. The last piece of my "beta test" is to install Windows VMs, but using VMM in place of VB (VB is no longer supported by Debian 10; VMM is the recommended replacement). I'm noticing that VMM has MANY more options for VM customization than VB. So many that it's a little overwhelming...I thought I knew a little about VMs from being able to manipulate my VB VMs to solve numerous VM issues over the years....from driver issues, to expanded disk issues, to formatting issues, to snapshots, etc.... So I was comfortable (perhaps cocky?) to jump over to VMM and give it a go. I've created a Test-Win7VM using VMMs recommended defaults, installing from a Win7.iso installation disk. Everything worked as expected, although it can't be updated (discontinued support), the monitor resolution isn't native (not a big deal, but would like to resolve), and no sound (incorrect default driver?). We'll come back to this later and see what I can learn by "fixing" these issues, but let me continue to the REAL concern I need help with. With a successful creation of Windows VM in VMM, I could "load up" the VM with software that I use in Windows, such as Appraisal Dictionary, appraisal software, Quickbooks, etc... But ideally, I already have a Win7 VM and a Win10 VM in VB, both with vdi (or maybe vmdk?) disks. I copied over my Win7 VB disk and created a Win7 VM in VMM, using the existing Win7.vdi, just like I have done numerous times before in VB. However, when starting the VMM machine, it "hangs" on the Win7 boot splash image and freezes. I can only "force close" from the VMM menu option. Googling suggests this is a very common occurrence with Win VMs and I need to choose a "VNC viewer" rather than "Spice", and I should choose "cirrus" as VGA driver rather than QXL. WTH are they talking about? Looking through the VMM options, I can see the Display categories for Spice vs VNC servers; and I can see the Video categories for "QXL" vs "VGA" vs "Virtio". But I see nothing for a selection of "cirrus". I've also seen some convoluted references to BIOS vs UEFI and that when booting from BIOS, "SeaBIOS" is preferable. I've made no specific selections, but I did note that VMM is booting with "SeaBIOS". While I can install Win VMs from scatch, then load them up with the softwares I need, this seems counter-intuitive to the point of a VM. I'd really like to just boot a Win VM with my CURRENTLY EXISTING windows disk...like pulling a metal disk from computer A and connecting it to computer B, and continuing with business as usual. I could save TENS of man-hours if I can do this in the manner described. So, as the resident KVM/Qemu/Virt-Machine Manager expert here at BATL....what am I doing wrong SB? Can I do what I'd like to do, as described? If so, how? Or am I relegated to creating virgin WinVMs and "loading them up" all over again with needed software?
