Software updates and TUF
You can no longer assume downloading unsigned software is safe. Between programs like FinFisher and the verified incidents of widespread BGP route hacking, it is best to assume that even if you are not targeted by attackers, you might get caught up in a widespread attack. Relying on HTTPS isn't a safe bet anymore, because certificate authorities can issue fake certificates to government departments so that they can intercept SSL communications. What is needed is end-to-end signing of the data, as well as signed metadata – all of which TUF provides.
- FinFisher: http://en.wikipedia.org/wiki/FinFisher
- OpenSSL website compromised: http://www.openssl.org/news/secadv_hack.txt
- TUF – The Update Framework: https://github.com/theupdateframework
- Tor: https://www.torproject.org/
- Survivable key compromise: http://freehaven.net/~arma/tuf-ccs2010.pdf
- OpenGPG card: http://www.g10code.de/p-card.html
- PEP 458: http://www.python.org/dev/peps/pep-0458/
- TUF interface for RubyGems: http://rubyforge.org/pipermail/rubygems-developers/2013-November/007044.html
- Targeted Internet traffic misdirection: http://www.renesys.com/2013/11/mitm-internet-hijacking/
- Further improving digital certificate security: http://googleonlinesecurity.blogspot.ca/2013/12/further-improving-digital-certificate.html
Buy this article as PDF
The company is collaborating with Google and Intel to use Kubernetes as an engine for Fuel
Customers can take a free test drive of SLES for HPC on the Azure Cloud
San Francisco-based chip company announces their first fully open source chip platform.
The whole distro gets rebuilt on glibc 2.3
Ubuntu Vendor tries to solve app packaging and distribution problem across distributions.
Founder of ownCloud launches the Nextcloud project.
Will The Machine change the way future programmers think about memory?
The new Torus distributed storage system is available under an open source license on GitHub
Juries decides Google’s use of Java APIs Was Fair Use