On the Lawrence Systems Forums
Tony Bemus, Tom Lawrence, Phil Porada and Jay LaCroix
Sound bites by Mike Tanner
The LawrenceSystems YouTube Channel Where videos
Jay’s Bash Prompt https://pastebin.com/kzPjE8y4
UniFi security issue?
A real Linux distribution for phones and other mobile devices.
Pine64 had announced the phone a few months ago and now the company is ready with the prototypes and plans to ship development kits in Q1 2019.
The Document Foundation announces LibreOffice 6.2
Microsoft is no longer off the chain
Wells Fargo Down
Google asks Supreme Court to overrule disastrous ruling on API copyrights
Rubrik Data Leak is Another Cloud Misconfiguration Horror Story
Cisco Router Vulnerability Gives Window into Researchers’ World
Open Standards for testing security
RIP “Do Not Track,” the Privacy Standard Everyone Ignored
More GNOME Performance Optimizations Being Tackled Thanks To Canonical
Ubuntu’s Work On New Desktop Installer Continues, Evaluating ZFS Desktop Support
Firefox taking a hard line against noisy video, banning it from autoplaying
How to Disable Recommended Extensions in Firefox
ZaReason Gamerbox 9400: The ultimate Linux gaming PC
MX Linux Review
@Jay, pulse audio in a container
As of February 1st, 2019 the internet has passed DNS Flag Day.
The current DNS is unnecessarily slow and inefficient because of efforts to accommodate a few DNS systems that are not in compliance with DNS standards established 20 years ago (1999).
To ensure further sustainability of the system it is time to end these accommodations and remediate the non-compliant systems. This change will make most DNS operations slightly more efficient, and also allow operators to deploy new functionality, including new mechanisms to protect against DDoS attacks.
Extension mechanisms for DNS (EDNS) is a specification for expanding the size of several parameters of the Domain Name System (DNS) protocol which had size restrictions that the Internet engineering community deemed too limited for increasing functionality of the protocol.
What did you as an internet user have to do? Nothing! DNS administrators and DNS programmers did the heavy lifting.
The new cryptographic attack isn’t new, per-se. It’s yet another variation of the original 1998 Bleichenbacher oracle attack.
These failure in regards to implementing proper mitigations has resulted in many TLS-capable servers, routers, firewalls, VPNs, and coding libraries still being vulnerable to Bleichenbacher attack variations, which found and exploited problems in the incorrect mitigation procedures.
The attack leverages a side-channel leak via cache access timings of these implementations in order to break the RSA key exchanges of TLS implementations. The attack is interesting from multiple points of view (besides the fact that it affects many major TLS implementations):
It affects all versions of TLS (including TLS 1.3) and QUIC. This is the only known downgrade attack on TLS 1.3.
It uses state-of-the-art cache attack techniques such as Flush+Reload, Prime+Probe, and Branch-Prediction.
The attack is very efficient. They’ve found ways to actively target any browser, slow some of them down, or use the long tail distribution to repeatedly try to break a session.
This content is published under the Attribution-Noncommercial-Share Alike 3.0 Unported license.