Security: Patches, Belgian eID, Microsoft Cracked (Yet Again!), and Reproducible Builds
-
Security updates for Thursday
Security updates have been issued by AlmaLinux (kernel, less, libreoffice, nodejs:18, nodejs:20, rear, thunderbird, and varnish), Debian (pillow), Fedora (dotnet7.0), SUSE (sngrep, texlive-specs-k, tomcat, tomcat10, and xorg-x11-server), and Ubuntu (nss, squid, and util-linux).
-
Wouter Verhelst: OpenSC and the Belgian eID
Getting the Belgian eID to work on Linux systems should be fairly easy, although some people do struggle with it.
For that reason, there is a lot of third-party documentation out there in the form of blog posts, wiki pages, and other kinds of things. Unfortunately, some of this documentation is simply wrong. Written by people who played around with things until it kind of worked, sometimes you get a situation where something that used to work in the past (but wasn't really necessary) now stopped working, but it's still added to a number of locations as though it were the gospel.
And then people follow these instructions and now things don't work anymore.
-
Silicon Angle ☛ CISA issues emergency directive to federal agencies amid Russian hacks of Abusive Monopolist Microsoft accounts
The U.S. Cybersecurity and Infrastructure Agency today issued an emergency directive mandating that all federal agencies take steps to guard against attacks from a Russian hacking group using compromised Abusive Monopolist Microsoft Corp. accounts.
-
Reproducible Builds: Reproducible Builds in March 2024
Welcome to the March 2024 report from the Reproducible Builds project! In our reports, we attempt to outline what we have been up to over the past month, as well as mentioning some of the important things happening more generally in software supply-chain security. As ever, if you are interested in contributing to the project, please visit our Contribute page on our website.