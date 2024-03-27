Security Leftovers
Qubes OS 4.1 reaches EOL on 2024-06-18
Qubes OS 4.1 is scheduled to reach end-of-life (EOL) on 2024-06-18, approximately three months from the date of this announcement.
LWN ☛ Security updates for Tuesday
Security updates have been issued by CentOS (kernel), Debian (firefox-esr), Fedora (webkitgtk), Mageia (curaengine & blender and gnutls), Red Hat (firefox, grafana, grafana-pcp, libreoffice, nodejs:18, and thunderbird), SUSE (glade), and Ubuntu (crmsh, debian-goodies, linux-aws, linux-aws-6.5, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-oracle, linux-azure, linux-azure-5.4, linux-oracle, linux-oracle-5.15, pam, and thunderbird).
Emmanuel Kasper: Adding a private / custom Certificate Authority to the firefox trust store
Today at $WORK I needed to add the private company Certificate Authority (CA) to Firefox, and I found the steps were unnecessarily complex. Time to blog about that, and I also made a Debian wiki article of that post, so that future generations can update the information, when Firefox 742 is released on Debian 17.
SANS ☛ New tool: linux-pkgs.sh, (Sun, Mar 24th)
During a recent GNU/Linux forensic engagement, a colleague asked if there was anyway to tell what packages were installed on a victim image.
BBC ☛ Hackers threaten to publish huge cache of NHS Scotland data - BBC News
It comes two weeks after NHS Dumfries and Galloway was hit with a cyber attack on its IT systems.
Bruce Schneier ☛ On Secure Voting Systems [Ed: And why do these on computers at all? The "use cases" are too few and risks are far too high.]
Andrew Appel shepherded a public comment—signed by twenty election cybersecurity experts, including myself—on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but it’s general in nature.
Security Week ☛ Apple Patches Code Execution Vulnerability in iOS, macOS
Apple has released iOS 17.4.1 and macOS Sonoma 14.4.1 with patches for an arbitrary code execution vulnerability.
Perl ☛ Hotel hotspot hijinks
Ever been staying at a hotel and gotten annoyed that you always have to open a browser to log in for wireless access? Yup, me too. A recent instance was particularly frustrating and I had to pull out my favourite Swiss Army chainsaw in order to make my life a bit easier.
The situation
So, the background story is that I was staying at a hotel in the mountains for a few days. As is the fortunate case these days1, the hotel had wireless access. The weird part, though, was that each room had a separate username and password. “Fair enough”, I thought and promptly opened my laptop and then Firefox to enter my login data to get the dearly-awaited connectivity. Using Firefox (or any other browser for that matter) was necessary because the login page was accessed via a captive portal. That’s the thing you get directed through when you see a login banner like this pop up in your browser: [...]