Tag: linux

Intel Planning To End Legacy BIOS Support By 2020, Report Says

Michael Larabel, writing for Phoronix: Intel is planning to end “legacy BIOS” support in their new platforms by 2020 in requiring UEFI Class 3 or higher. Making rounds this weekend is a slide deck from the recent UEFI Plugfest. Brian Richardson of Intel talked about the “last mile” barriers to removing legacy BIOS support from systems. By 2020, they will be supporting no less than UEFI Class 3, which means only UEFI support and no more legacy BIOS or CSM compatibility support mode. But that’s not going to force on UEFI Secure Boot unconditionally: Secure Boot enabled is considered UEFI Class 3+. Intel hasn’t removed legacy BIOS / CSM support yet due to many customers’ software packages still relying upon legacy BIOS, among other reasons. Removing the legacy BIOS support will mitigate some security risks, needs less validation by vendors, allows for supporting more modern technologies, etc. Read more of this story at Slashdot.

View the original here:
Intel Planning To End Legacy BIOS Support By 2020, Report Says

After 12 Years, Mozilla Kills ‘Firebug’ Dev Tool

An anonymous reader quotes InfoWorld: The Firebug web development tool, an open source add-on to the Firefox browser, is being discontinued after 12 years, replaced by Firefox Developer Tools. Firebug will be dropped with next month’s release of Firefox Quantum (version 57). The Firebug tool lets developers inspect, edit, and debug code in the Firefox browser as well as monitor CSS, HTML, and JavaScript in webpages. It still has more than a million people using it, said Jan Honza Odvarko, who has been the leader of the Firebug project. Many extensions were built for Firebug, which is itself is an extension to Firefox… The goal is to make debugging native to Firefox. “Sometimes, it’s better to start from scratch, which is especially true for software development, ” Odvarko said. Read more of this story at Slashdot.

Read this article:
After 12 Years, Mozilla Kills ‘Firebug’ Dev Tool

Ubuntu 17.10 Artful Aardvark Released

Canonical has made available the download links for Ubuntu 17.10 “Artful Aardvark”. It comes with a range of new features, changes, and improvements including GNOME as the default desktop, Wayland display server by default, Optional X.org server session, Mesa 17.2 or Mesa 17.3, Linux kernel 4.13 or kernel 4.14, new Subiquity server installer, improved hardware support, new Ubuntu Server installer, switch to libinput, an always visible dock using Dash to Dock GNOME Shell extension, and Bluetooth improvements with a new BlueZ among others. Read more of this story at Slashdot.

See more here:
Ubuntu 17.10 Artful Aardvark Released

Samsung To Let Proper Linux Distros Run on Galaxy Smartphones

An anonymous reader shares a report: Samsung has announced it will soon become possible to run actual proper Linux on its Note8, Galaxy S8 and S8+ smartphones — and even Linux desktops. Yeah, yeah, we know Android is built on Linux, but you know what we mean. Samsung said it’s working on an app called “Linux on Galaxy” that will let users “run their preferred Linux distribution on their smartphones utilizing the same Linux kernel that powers the Android OS.” “Whenever they need to use a function that is not available on the smartphone OS, users can simply switch to the app and run any program they need to in a Linux OS environment, ” Samsung says. The app also allows multiple OSes to run on a device. Linux desktops will become available if users plug their phones into the DeX Station, the device that lets a Galaxy 8 run a Samsung-created desktop-like environment when connected to the DeX and an external monitor. Read more of this story at Slashdot.

See the original article here:
Samsung To Let Proper Linux Distros Run on Galaxy Smartphones

Microsoft Has Already Fixed the Wi-Fi Attack Vulnerability; Android Will Be Patched Within Weeks

Microsoft says it has already fixed the problem for customers running supported versions of Windows. From a report: “We have released a security update to address this issue, ” says a Microsoft spokesperson in a statement to The Verge. “Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected.” Microsoft is planning to publish details of the update later today. While it looks like Android and Linux devices are affected by the worst part of the vulnerabilities, allowing attackers to manipulate websites, Google has promised a fix for affected devices “in the coming weeks.” Google’s own Pixel devices will be the first to receive fixes with security patch level of November 6, 2017, but most other handsets are still well behind even the latest updates. Security researchers claim 41 percent of Android devices are vulnerable to an “exceptionally devastating” variant of the Wi-Fi attack that involves manipulating traffic, and it will take time to patch older devices. Read more of this story at Slashdot.

Read the article:
Microsoft Has Already Fixed the Wi-Fi Attack Vulnerability; Android Will Be Patched Within Weeks

Researcher Turns HDD Into Rudimentary Microphone

An anonymous reader writes from Bleeping Computer: Speaking at a security conference, researcher Alfredo Ortega has revealed that you can use your hard disk drive (HDD) as a rudimentary microphone to pick up nearby sounds. This is possible because of how hard drives are designed to work. Sounds or nearby vibrations are nothing more than mechanical waves that cause HDD platters to vibrate. By design, a hard drive cannot read or write information to an HDD platter that moves under vibrations, so the hard drive must wait for the oscillation to stop before carrying out any actions. Because modern operating systems come with utilities that measure HDD operations up to nanosecond accuracy, Ortega realized that he could use these tools to measure delays in HDD operations. The longer the delay, the louder the sound or the intense the vibration that causes it. These read-write delays allowed the researcher to reconstruct sound or vibration waves picked up by the HDD platters. A video demo is here. “It’s not accurate yet to pick up conversations, ” Ortega told Bleeping Computer in a private conversation. “However, there is research that can recover voice data from very low-quality signals using pattern recognition. I didn’t have time to replicate the pattern-recognition portion of that research into mine. However, it’s certainly applicable.” Furthermore, the researcher also used sound to attack hard drives. Ortega played a 130Hz tone to make an HDD stop responding to commands. “The Linux kernel disconnected it entirely after 120 seconds, ” he said. There’s a video of this demo on YouTube. Read more of this story at Slashdot.

Read this article:
Researcher Turns HDD Into Rudimentary Microphone

Code-execution flaws threaten users of routers, Linux, and other OSes

Enlarge (credit: Christiaan Colen ) Google researchers have discovered at least three software bugs in a widely used software package that may allow hackers to execute malicious code on vulnerable devices running Linux, FreeBSD, OpenBSD, NetBSD, and macOS, as well as proprietary firmware. Dnsmasq , as the package is known, provides code that makes it easier for networked devices to communicate using the domain name system and the Dynamic Host Configuration Protocol . It’s included in Android, Ubuntu, and most other Linux distributions, and it can also run on a variety of other operating systems and in router firmware. A blog post published Monday by security researchers with Google said they recently found seven vulnerabilities in Dnsmasq, three of which were flaws that allowed the remote execution of malicious code. One of the code-execution flaws, indexed as CVE-2017-14493, is a “trivial-to-exploit, DHCP-based, stack-based buffer overflow vulnerability.” Combined with a separate information leak bug Google researchers also discovered, attackers can bypass a key protection known as address space layout randomization, which is designed to prevent malicious payloads included in exploits from executing. As a result, exploits result in a simple crash, rather than a security-compromising hack. By chaining the code-execution and information leak exploits together, attackers can circumvent the defense to run any code of their choosing. Read 2 remaining paragraphs | Comments

See more here:
Code-execution flaws threaten users of routers, Linux, and other OSes

The Ataribox will cost under $300 and ship next spring

Atari has so far kept pretty schtum about its forthcoming Ataribox , but in an email newsletter it’s now revealed a few nuggets of information that should tide fans over until the console’s Indiegogo launch this fall. As the newly-released pictures show, design-wise you can expect an Atari 2600 influence with a modern twist (and yes, that is real wood). Inside, the console will be powered by an AMD customized processor and run Linux, so you’ll be able to tinker with the OS and access games bought from other platforms, as well as do all the usual PC-for-TV things, such as streaming, listening to music and navigating social media. Frustratingly, there’s still no word on pre-loaded games, although the company says it’ll “start talking titles very soon”. However, it has said it plans on shipping in late spring 2018, with an expected price tag of $250-$300 (£185-£225). Fans who get involved with the Indiegogo campaign, coming this fall, will be able to get their hands on special editions and exclusive pricing. And by then they’ll be chomping at the bit.

Read the article:
The Ataribox will cost under $300 and ship next spring

Some phones and laptops are vulnerable to ‘BlueBorne’ exploit

Armis security has identified a new vulnerability in computers and mobile devices that leaves them susceptible to attack via Bluetooth. The exploit, dubbed “BlueBorne, ” doesn’t require user permission or to even pair with devices — it can simply connect over the air and access networks or install malware. Armis previously alerted most affected parties back in April, but as of today, it’s mostly Android devices that remain vulnerable to attack. There are technically several distinct attack vectors spread across current mobile operating systems. As Armis noted in its BlueBorne info page, Apple’s iOS beyond version 9.3.5 are vulnerable, but that vector was ironed out in iOS 10. Microsoft released an update today to all Windows versions that closes the vulnerability, with details listed here . Google’s Android, however, is spread across so much hardware that the onus to update falls on third-party manufacturers, who might not patch out the vulnerability in time. For its part, Google released protective patches for Nougat (7.0) and Marshmallow (6.0) as part of its September security update . “We have released security updates for these issues, and will continue working with other affected platforms across the industry to develop protections that help keep users safe, ” a Google spokesperson told Engadget. The other wildcard here: Linux-based devices. Armis informed Linux device operators of the vulnerability very late (last month, as opposed to back in April when it divulged to the other mobile OS providers). Accordingly, Armis wasn’t aware of patches for Linux operating systems, meaning anything running BlueZ are vulnerable to one of the vectors, while those with Linux version 3.3-rc1 can be attacked by another. This includes Samsung’s Gear S3 smartwatch, its smart TVs and family hub. While using Bluetooth is a canny way to automatically infiltrate user devices without permission, it means BlueBorne is bound by the signal frequency’s short range, and only affects devices with Bluetooth turned on. But since the exploit is so different to the typical attack vector, users wouldn’t even be alerted if their device gets compromised, leading to a hypothetical nightmare scenario (detailed in the video below) wherein a user spreads the “infection” to vulnerable phones and tablets simply by walking in their vicinity. Worried your device might be vulnerable? Check Armis’ page on the exploit along with the respective white paper (PDF) explaining BlueBorne in detail. Via: The Verge Source: Armis , US-CERT

Read More:
Some phones and laptops are vulnerable to ‘BlueBorne’ exploit

Linux Kernel 4.13 Officially Released

prisoninmate writes: As expected, the Linux 4.13 kernel series was made official this past weekend by none other than its creator, Linus Torvalds, which urges all Linux users to start migrating to this version as soon as possible. Work on Linux kernel 4.13 started in mid-July with the first Release Candidate (RC) milestone, which already gave us a glimpse of the new features coming to this major kernel branch. There are, of course, numerous improvements and support for new hardware through updated drivers and core components. Highlights of Linux kernel 4.13 include Intel’s Cannon Lake and Coffee Lake CPUs, support for non-blocking buffered I/O operations to improve asynchronous I/O support, support for “lifetime hints” in the block layers and the virtual filesystem, AppArmor enhancements, and better power management. There’s also AMD Raven Ridge support implemented in the AMDGPU graphics driver, which received numerous improvements, support for five-level page tables was added in the s390 architecture, and the structure randomization plugin was added as part of the build system. Read more of this story at Slashdot.

Continue reading here:
Linux Kernel 4.13 Officially Released