Software updates and TUF
You can no longer assume downloading unsigned software is safe. Between programs like FinFisher and the verified incidents of widespread BGP route hacking, it is best to assume that even if you are not targeted by attackers, you might get caught up in a widespread attack. Relying on HTTPS isn't a safe bet anymore, because certificate authorities can issue fake certificates to government departments so that they can intercept SSL communications. What is needed is end-to-end signing of the data, as well as signed metadata – all of which TUF provides.
- FinFisher: http://en.wikipedia.org/wiki/FinFisher
- OpenSSL website compromised: http://www.openssl.org/news/secadv_hack.txt
- TUF – The Update Framework: https://github.com/theupdateframework
- Tor: https://www.torproject.org/
- Survivable key compromise: http://freehaven.net/~arma/tuf-ccs2010.pdf
- OpenGPG card: http://www.g10code.de/p-card.html
- PEP 458: http://www.python.org/dev/peps/pep-0458/
- TUF interface for RubyGems: http://rubyforge.org/pipermail/rubygems-developers/2013-November/007044.html
- Targeted Internet traffic misdirection: http://www.renesys.com/2013/11/mitm-internet-hijacking/
- Further improving digital certificate security: http://googleonlinesecurity.blogspot.ca/2013/12/further-improving-digital-certificate.html
Buy this article as PDF
Upcoming switch to HTML5-only ads is further evidence the Flash is entering its final days.
US government invests $19 billion on enhancing security and replacing ancient computer systems.
But you can still be a non-voting “individual supporter” if you pay the money
Several current systems could fall victim to the attack
Latest Linux engine comes with better graphics and support for Intel's new power-saving chips.
Hackers send a message of beauty and liberation to server logs
Citrix gets excited about new Pi-Powered XenDesktop client system
Linux on Azure cert heralds a new era for Redmond.
Proposals for presentations at the CeBIT Open Source Forum will be accepted through 24 January 2016.
Adobe looks for a new start; renames its embattled Flash tool.