17 articles tagged #security
The Linux kernel CNA team reviews stable kernel bug fixes to assign CVEs based on cve.org's vulnerability definition. They focus on commits that fix exploitable issues, like certain WARN_ON triggers, ignoring non-security bug fixes. The process involves team voting and community input, issuing about 60 CVEs weekly. Users are advised to apply all stable updates rather than cherry-picking fixes.
A UK medical center displayed system usernames and passwords on a public whiteboard, highlighting a major security flaw despite guidelines. This underscores human error as a key vulnerability, with passkeys suggested as a more secure future alternative.
Canonical's `upki` project brings browser-grade PKI to Linux, focusing on certificate revocation via CRLite. v0.1.0 is out, with future plans for CT enforcement and Merkle Tree Certs.
The author forgot a Bitwarden master password word. They reverse-engineered the local client's crypto to brute-force the missing word, highlighting a potential crypto design flaw.
Many Android alternatives remove Google for privacy, like GrapheneOS (Pixel) or /e/OS (various phones, Fairphone). True alternatives like Linux-based OSes are less ready for daily use. iOS is an option, but still tied to Apple.