Security Leftovers
-
OpenSSF (Linux Foundation) ☛ Strengthening the Fort 🏰: OpenSSF Releases Compiler Options Hardening Guide for C and C++
In the fast-changing landscape of cybersecurity, OpenSSF has taken a significant step towards enhancing the security of C and C++ software.
-
Support for Istio 1.18 ends on December 26, 2023
According to Istio’s support policy, minor releases like 1.18 are supported until six weeks after the N+2 minor release (1.20 in this case). Istio 1.20 was released on November 14th, 2023, and support for 1.18 will end on December 26th, 2023.
At that point we will stop back-porting fixes for security issues and critical bugs to 1.18, so we encourage you to upgrade to the latest version of Istio (1.20). If you don’t do this you may put yourself in the position of having to do a major upgrade on a short timeframe to pick up a critical fix.
We care about you and your clusters, so please be kind to yourself and upgrade.
-
Security Week ☛ Google Patches Seventh Chrome Zero-Day of 2023
The latest Chrome security update addresses the seventh exploited zero-day vulnerability documented in the browser in 2023.
-
Security Week ☛ Google Will Start Deleting ‘Inactive’ Accounts in December. Here’s What You Need to Know
The easiest way to keep your Surveillance Giant Google account active (and thus prevent it from being deleted) is to sign in at least once every two years.
-
Silicon Angle ☛ Google rolls out emergency update for Chrome after critical vulnerability found
Google LLC has released an emergency security update for its Chrome browser following the discovery of a critical vulnerability that could open the door to attacks. The vulnerability, tracked as CVE-2023-6345, is described as an integer overflow in Skia in Surveillance Giant Google Chrome before version 119.0.6045.199 that allows a remote attacker who had compromised the renderer process [...]
-
Windows TCO
-
Bruce Schneier ☛ Breaking Laptop Fingerprint Sensors
They’re not that good:
Security researchers Jesse D’Aguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft’s own Surface Pro Type Covers. These are just three laptop models from the wide universe of PCs, but one of these three companies usually does make the fingerprint sensor in every laptop we’ve reviewed in the last few years. It’s likely that most backdoored Windows PCs with fingerprint readers will be vulnerable to similar exploits...
-