Home Blog Page 4

Android: New StrandHogg vulnerability is being exploited in the wild

Security researchers from Promon, a Norwegian firm specialized in in-app security protections, said they identified a bug in the Android operating system that lets malicious apps hijack legitimate app, and perform malicious operations on their behalf.

In a comprehensive report published today, the research team said the vulnerability can be used to trick users into granting intrusive permissions to malicious apps when they tap and interact with legitimate ones. The vulnerability — which Promon named StrandHogg — can also be used to show fake login (phishing) pages when taping on a legitimate application.

[Source: ZDNet]

Helm Package Manager for Kubernetes Moves Forward

The official release of version 3.0 of the Helm package manager for Kubernetes is designed to make it easier for IT organizations to discover and securely deploy software on Kubernetes clusters more easily. Taylor Thomas, a core contributor to Helm who is also a software developer for Nike, says for the last year the committee that oversees the development of Helm under the auspices of the Cloud Native Computing Foundation (CNCF) has been structuring the package manager to rely more on the application programming interfaces (APIs) that Kubernetes exposes to store records of installation.

Helm Charts, which are collections of YAML files describing a related set of Kubernetes resources, now can be rendered on the client, eliminating the need for the Tiller resource management tool resident in the previous release of Helm that ran on the Kubernetes cluster.

[Source: Container Journal]

With Approaching Another Year Closer To Year 2038, Linux 5.5 Brings More Y2038 Fixes

With approaching another year closer to the Year 2038 problem, where on 19 January 2038 the number of seconds for the Unix timestamp can no longer be stored in a signed 32-bit integer, Linux 5.5 is bringing more Y2038 preparations. Y2038 fixes have been ongoing for years to mitigate the kernel against the Year 2038 problem, particularly for 32-bit platforms. Most of the Year 2038 preparations have been made to the Linux kernel to transition to 64-bit time_t even on 32-bit architectures, among other workarounds.

[Source: Phoronix]

Microsoft: We’re creating a new Rust-based programming language for secure coding

Microsoft can’t throw away old Windows code, but the company’s research under Project Verona is aiming to make Windows 10 more secure with its recent work on integrating Mozilla-developed Rust for low-level Windows components. The company recently revealed that its trials with Rust over C and C++ to remove insecure code from Windows had hit its targets. But why did Microsoft do this?

The company has partially explained its security-related motives for experimenting with Rust, but hasn’t gone into much detail about the reasons for its move.

[Source: ZDNet]

Linux phones need to succeed and it isn’t just about privacy

AI Gesture Tracking

Android and iOS may be the mobile platforms today but there have always been attempts to push other horses into the race. Most of them used the Linux kernel just like Android but a few were more direct efforts to bring some of the Linux desktop stack to mobile in one form or another. Thanks to changes in the industry, particularly in electronic components and production, there has been a steady rise of such attempts to create true Linux and truly open source phones, with Purism’s Librem 5 and PINE64’s PinePhone leading the way.

These are primarily targeted at a small hobbyist market and at users that value privacy and security above all else. But while those are valid and desirable goals, it’s actually important that these Linux phones become more mainstream in order to cultivate a healthier and better mobile market in general.

[Source: SlashGear]

US Air Force says they are developing an Open Source Jet Engine

Dark Sky With Clouds and Birds

The economies of scale generally dictate that anything produced in large enough numbers will eventually become cheap. But despite the fact that a few thousand of them are tearing across the sky above our heads at any given moment, turbine jet engines are still expensive to produce compared to other forms of propulsion. The United States Air Force Research Laboratory is hoping to change that by developing their own in-house, open source turbine engine that they believe could reduce costs by as much as 75%.

[Source: Hackaday]

Best Black Friday 2019 Chromebook deals

There are lots of Chromebooks on sale this Black Friday. But why should you settle for just a cheap Chromebook, when you can get a really good one for less money? Answer: You shouldn’t. Here are some of the best deals out there on the best Chromebooks.

Before launching you into the list, there are a few things you should keep in mind for Chromebook buyers. First, unlike Windows PCs or Macs, you don’t need pricey hardware to get a great laptop experience. The Linux-based Chrome OS runs well on relatively low-end hardware. But Chrome OS gives you far more than just a Chrome-view of the internet these days.

[Source: ZDNet]

Raytheon Leans on Red Hat to Advance DevSecOps

Raytheon Company is partnering with Red Hat to drive the adoption of DevSecOps workflows and processes it developed around the OpenShift application development and deployment platform. Jon Check, senior director for cyber protection solutions for Raytheon Intelligence, Information and Services, said Raytheon has developed a set of DevSecOps practices for organizations building applications deployed in highly secure environments, involving government contracts.

[Source: DevOps.com]

Amazon’s cloud unit readies more powerful data center chip

Amazon.com Inc’s (AMZN.O) cloud computing unit has designed a second, more powerful generation of data center processor chip, two sources familiar with the matter told Reuters, the latest sign that the company is pouring money into custom silicon for its fastest-growing business. The new Amazon Web Services chip uses technology from Softbank Group Corp-owned Arm Holdings, the sources said. One of the sources familiar with the matter said it will be at least 20% faster than Amazon’s first Arm-based chip, named Graviton, which was released last year as a low-cost option for easier computing tasks.

[Source: Reuters]

New Chromebook Buyers To Get 3 Months Of Disney+ For Free

If you are looking to pick up affordable Chromebooks as holiday gifts, Google has an interesting offer for you! The company is giving Chromebook buyers three months of Disney+ for free with the purchase of new devices. As part of the deal, new subscribers can get three months of Disney+ when they activate a new Chromebook between November 25, 2019 and January 31, 2020. The free streaming offer should be redeemed by January 31, 2020, Google mentioned on its site while announcing the offer.

[Source: TFiR]