NEWS
NEWS
Updates on technologies, trends, and tools.
Dyreza Malware is Back
The Proofpoint security firm reports that attackers have shifted the focus of the powerful Dyreza malware tool to operate outside of the banking sector. Dyreza gained fame as a man-in-the-middle banking trojan used to steal passwords for online banking accounts. Proofpoint reports that Dyreza is increasing attacking fulfillment services for online shopping sites.
According to a report in the Register, Dyreza uses "Word macros to compromise phished users in what is an old attack vector that has gained latent popularity."
Kernel Developer Matthew Garrett Forks the Linux Kernel
Prominent Linux kernel developer Matthew Garrett announced he is forking the Linux kernel. Garrett, who was instrumental in exposing the problems with Linux compatibility in UEFI secure boot a few years ago, says he is frustrated with the disrespect and argumentative tone of the Linux development community.
In his personal blog, Garrett writes, "I remember having to deal with interminable arguments over the naming of an interface because Linus has an undying hatred of BSD securelevel, or having my name forever associated with the deepthroating of Microsoft because Linus couldn't be bothered asking questions about the reasoning behind a design before trashing it."
Kernel leader Linus Torvalds has come under fire in the past for using harsh language and negative criticism. Another noted kernel developer, Sarah Sharp, who was the Linux kernel coordinator for the FOSS Outreach Program for Women and maintainer of the USB 3.0 host controller driver, also dropped out of the kernel community recently for similar reasons. In her own blog post, Sharp does not single out Linus specifically but takes on the whole kernel culture. "I could not work with people who helpfully encouraged newcomers to send patches, and then argued that maintainers should be allowed to spew whatever vile words they needed to in order to maintain radical emotional honesty. I did not want to work professionally with people who were allowed to get away with subtle sexist or homophobic jokes … ."
Time will tell if these recent defections will cause a change in kernel community attitudes. Both Sharp and Garrett seem to doubt that reform will come anytime soon. The presence of an alternative kernel development tree maintained by a programmer of Garrett's stature and experience certainly adds a new dimension to the drama. Forks happen from time to time in the open source community, which is both the curse and the magic of Free Software. The question is, does Garrett really want to start an alternative development effort, or does he just want to implement his own changes without the tension and theater of the Linux kernel development war zone.
Bugzilla Bug
The Bugzilla bug database system has a flaw that could allow an attacker to access the database and read about potential exploits before the patch is released to the public. The problem affects Bugzilla implementations that use email-based permissions. Login names longer than 127 characters are "silently truncated in MySQL," which could allow an attacker to assign permissions to an email address that is different from the address originally requested.
The fix for this bug is included in the Bugzilla 4.2.15, 4.4.10, and 5.0.1 releases. All Bugzilla users are encouraged to upgrade.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.