Episode 86

9:05
 
แบ่งปัน
 

Manage episode 269505490 series 2423058
โดย Alex Murray and Ubuntu Security Team และถูกค้นพบโดย Player FM และชุมชนของเรา -- ลิขสิทธิ์นี้เป็นของผู้เผยแพร่ ไม่ใช่ Player FM โดยมีการสตรีมเสียงโดยตรงจากเซิร์ฟเวอร์ผู้เผยแพร่ กดปุ่มติดตามเพื่อติดตามการอัพเดทใน Player FM หรือวาง URL ฟีดนี้ไปยังแอพพอดคาสท์อื่น

Overview

This week we discuss the recent announcement of a long-awaited native client for 1password, plus Google Chrome experiments with anti-phishing techniques, and we take a look at security updates for OpenJDK 8, Samba, NSS and more.

This week in Ubuntu Security Updates

13 unique CVEs addressed

[USN-4453-1] OpenJDK 8 vulnerabilities [01:03]

[USN-4451-2] ppp vulnerability [01:29]

[USN-4454-1, USN-4454-2] Samba vulnerability [01:50]

  • 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
  • A remote attacker could send a zero length UDP packet to Samba when acting as a AD DC with NetBIOS over TCP (NBT) enabled - would effectively enter an infinite loop -> CPU-based DoS

[USN-4455-1] NSS vulnerabilities [02:41]

  • 3 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
  • Fixes for various side-channel attacks against elliptic curve crypto implementations - could allow an attacker to infer the private key

Goings on in Ubuntu Security Community

Google Chrome 86 to only show domain in URL bar for phishing experiment [03:20]

  • Will only show just the domain in the URL bar to select users to see if this helps avoid phishing
  • One way to help avoid phishing, particularly for credentials, is to use a password manager that associates credentials with the site in question - so it should only offer to say fill-in your paypal credentials on a paypal.com site - and if it does not this is a hint it is not legitimate
    • Has other benefits too like being able to autogenerate unique passwords per site, sync across devices etc

1password just launched a beta of their Linux client [06:46]

Get in contact

98 ตอน