Security Leftovers
-
Twenty years on, virus scanner ClamAV puts out version 1 • The Register
The ClamAV command-line virus scanner used on many Linux boxes has attained an important-looking milestone release: version 1.0.0.
It's not really the first finished version, of course. Open source version numbering is something of a work of fiction, up there with "Of course I love you" and "The check's in the post," but even so, this particular milestone has been a while in coming. ClamAV, which describes itself as "the open-source standard for mail gateway-scanning software", has finally emitted an official one-point-zero version, only six months after its 20th birthday – and what's more, it's a long-term support release, too.
Original developer Tomasz Kojm released the first version, 0.10, on May 8, 2002. As it's open source, since then, it's been ported to almost anything you're likely to find connected to the internet. It's included in the repos of most Linux distros, as well as FreeBSD, OpenBSD and NetBSD. It's also part of Apple's optional extra macOS Server package. Indeed it runs on most things, from OpenVMS to OS/2.
The project was acquired by SourceFire in 2007, which itself was subsequently bought by Cisco in 2013, and which still sponsors development.
-
FBI Warns of Tech Support Scams through Remote Desktop Software
This week, the Federal Bureau of Investigation (FBI) issued a warning about tech support scams that are conning people into giving away access to their financial accounts through remote desktop software. Perhaps the most frightening aspect of the report is the bureau’s admission that the numbers are probably higher than what they reported.
-
Security updates for Thursday [LWN.net]
Security updates have been issued by CentOS (device-mapper-multipath, firefox, hsqldb, krb5, thunderbird, and xorg-x11-server), Debian (libraw), Fedora (freerdp and grub2), SUSE (bcel, emacs, glib2, glibc, grub2, nodejs10, and tomcat), and Ubuntu (linux-azure-fde and snapd).
-
Sirius XM Bug Lets Researchers Hijack Hondas, Nissans, Acuras
Newly revealed research shows that a number of major car brands, including Honda, Nissan, Infiniti, and Acura, were affected by a previously undisclosed security bug that would have allowed a savvy hacker to hijack vehicles and steal user data. According to researchers, the bug was in the car’s Sirius XM telematics infrastructure and would have allowed a hacker to remotely locate a vehicle, unlock and start it, flash the lights, honk the horn, pop the trunk, and access sensitive customer info like the owner’s name, phone number, address, and vehicle details.
-
Sirius XM Software Vulnerability
Cars are just computers with four wheels and an engine. It’s no surprise that the software is vulnerable, and that everything is connected.