Kali Linux 2020.1 is now live with a long list of improvements, including the highly-anticipated non-root by default that’s supposed to add an extra layer of security by using a standard unprivileged user. Beginning with this release, if you run the live version of Kali, both the default user and password are “kali.” On the other hand, if you install the distro, you are prompted to create a non-root user with administrative privileges.
[Source: Softpedia]
As of this month, the CBS All Access streaming-video platform—home of popular shows including The Late Show with Stephen Colbert and now Star Trek: Picard—stopped working on Linux PCs, regardless of the choice of browser. Ten years ago, this would have been just another day in the life of a Linux user, but it’s a little surprising in 2020. We were originally tipped off to the issue by a few irate readers but quickly found it echoed in multiple threads on Reddit, Stack Exchange, and anywhere else you’d expect to find Linux users congregating.
[Source: Ars Technica]
Security researchers have discovered a vulnerability inside a core email-related library used by many BSD and Linux distributions. The vulnerability, tracked as CVE-2020-7247, impacts OpenSMTPD, an open-source implementation of the server-side SMTP protocol.
The library is normally included with distros that are designed to operate on servers, allowing the server to handle SMTP-related email messages and traffic. The OpenSMTPD library was initially developed for the OpenBSD operating system, but the library was open-sourced, and its “portable version” has also been incorporated into other OSes, such as FreeBSD, NetBSD, and some Linux distros, such as Debian, Fedora, Alpine Linux, and more.
[Source: ZDNet]
In recent articles, ForAllSecure has discussed how we were able to use our next-generation fuzzing solution, Mayhem, to discover previously unknown vulnerabilities in several open source projects, including Netflix DIAL reference, Das U-Boot, and more. In this post, we will follow up on a prior article on using Mayhem to analyze stb and MATIO by reviewing three additional vulnerabilities found in another open source library. Prior to detailing these new vulnerabilities, we will examine some of the factors which can help to identify code which is a good candidate for fuzzing.
[Source: Security Boulevard]
The Free Software Foundation has blown through its self-imposed target of 7,777 signatories in its efforts to persuade Microsoft to make Windows 7 open source.
We noted last week the GNU-gang’s attempt to coax the born-again open-sourcerer formerly known as “The Beast Of Redmond” into making a surprise deposit into GitHub.
The thinking was that since Windows 7 has now come to the end of the road, as far as free security updates are concerned, then perhaps Microsoft might release it as open software?
[Source: The Register]
It would not be an exaggeration to say that the magic of open source software (OSS) is based as much on legal innovation as it is on collaboration. Indeed, the essential innovation that launched free and open source software was not Richard Stallmans GNU Project, but his announcement of a revolutionary new licensing philosophy, and the actual license agreements needed to put that philosophy into effect. Only later did global collaboration among developers explode, riding the wave of Stallman’s licenses, Linus Torvald’s pioneering work in creating the distributed development process, and rapidly increasing telecommunications bandwidth.
[Source: Andy Updegrove]
Zorin, which provides a Linux distro designed to look familiar for migrating Windows and Mac users, has announced a subscription-based management tool for Linux desktops.
Six desktop layouts in Zorin include Windows, macOS, Touch, Ubuntu, and Gnome 3, though the full range is only available in the paid-for Ultimate edition (€39 + VAT). But the free Core edition is fully usable, includes the Windows-like desktop, and most of the software in Ultimate can be added manually. The main reason to purchase Ultimate is for installation support and to help finance the Ireland-based project.
[Source: The Register]
Since major enterprises started taking blockchain seriously and looking at the technology’s potential in their chosen arena, so have a number of popular enterprise-grade blockchain solutions have come to the fore.
Some of these solutions are sold to companies as an all in one solution, slightly deviating from some of the core decentralized and open-sourced pillars of the technology, but the more popular ones are open-sourced and constantly being developed. The likes of Hyperledger Fabric, as well as Sawtooth and Besu, R3 Corda, and Quorum are all open source solutions that have been tracked for developer activity by Blockchain service firm Chainstack.
[Source: Forbes]
Open source software (OSS) is built by communities of developers who contribute their knowledge and time to OSS projects they find appealing. That code can then be used by individuals, communities and organizations in their software products—the only obligation they have is to play under the rules of the license with which the OSS project was published.
This type of knowledge sharing brings many benefits to OSS users as it speeds up software development time and can help companies become more competitive in the market. Unfortunately, there is also a catch. Those benefits also come with certain risks which every OSS user needs to be aware of and take necessary actions to mitigate.
The OSS License: One specific risk to consider involves the OSS license. Not knowing what your obligations are under the license (or not abiding by those obligations) can cause an OSS user to, for example, lose intellectual property or experience a monetary loss.
[Source: DevOps.com]
Looking to aid developers who rely on external software components, Microsoft has introduced a source code analyzer, Microsoft Application Inspector, to help surface features and other characteristics of source code.
Downloadable from GitHub, the cross-platform command-line tool is designed for scanning components prior to use to assist in determining what the software is or what it does. The data it provides can be useful in reducing the time needed to determine what software components do by examining the source code directly rather than relying on documentation.
[Source: InfoWorld]
