NEWS
NEWS
Updates on technologies, trends, and tools
Mate 1.1 Arrives
The Mate desktop team has announced the arrival of the Mate 1.1 desktop. Mate, which is largely supported by the Mint project, has gained a significant share of the Linux desktop market since it first appeared in 2011. Mate is a fork of the Gnome 2 desktop and was launched when the Gnome team abandoned Gnome 2 development to focus on Gnome 3. The move was controversial at the time, with many users expressing a preference for Gnome 2, but the Gnome team chose not to divide their efforts, which led to an opening for a new project that would provide a continuation of the Gnome 2 code.
The big news for the latest version 1.1 is that Mate now supports both the GTK2 and GTK3 development environments, so users can have the best of both Gnome 2 and Gnome 3. (The developers emphasize that GTK3 support is still experimental.)
Mate originally rocketed to public attention through its association with the popular Mint project, but since then, several other leading Linux distros have included Mate in their package repositories. Mate 1.1 has been in development for 15 months. For more information on the new release, see the announcement at the Mate project website.
RIP SSLv3
The venerable "secure" network protocol Secure Sockets Layer (SSL) v3 has met its end. SSL has co-existed on the Internet alongside its presumed successor TLS for many years, even though experts have long warned of its shortcomings. A recent rash of high-profile incidents, however, including the famous POODLE exploit, have finally caused the Internet Engineering Task Force (IETF) to take action. Request for Comment (RFC) 7568 "Deprecating Secure Sockets Layer Version 3.0" officially states the requirement that SSLv3 should not be supported.
The RFC is unusually blunt, with its all-cap stipulation that "SSLv3 MUST NOT be used." Although most systems today support the safer TLS, many provide fallback support for SSLv3 if an SSL connection is requested. Attackers have perfected the technique of requesting an SSL connection then use one of the many exploits associated with SSL. RFC 7568 states that "Any party receiving a Hello message with the version set to {3,00} MUST respond with a 'protocol_version' alert message and close the connection."
Many OS and application vendors have already turned off support for SSLv3 through patches and security updates.
NoScript Flaw
Security researchers have discovered a major flaw with Mozilla's popular NoScript security add-on. NoScript is supposed to create an environment where JavaScript, Java, and other executable content can only run in scripts that come from a trusted domain.
According to Detectify researcher Linus Särud, NoScript whitelists the entire googleapis.com domain and any subdomain, which means an attacker could create a nefarious script that uses Google services APIs to bypass NoScript. The discovery follows an earlier project by Matthew Bryant, who successfully launched an attack that bypassed whitelist protections.
It isn't clear whether attackers are already using this technique. The discovery challenges the prestige of the Mozilla NoScript plugin, which bills itself as "The best security you can get in a web browser!" According to a report in The Register, the NoScript team immediately responded by adapting the tool to whitelist only Google's hosted libraries at ajax.googleapis.com, which should reduce the threat, although it might require more intervention from the user to get any necessary legitimate sites whitelisted.
Users are encouraged to install updates. Bryant adds, "Please purge your whitelist. Remove everything you don't trust."
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
New Slimbook EVO with Raw AMD Ryzen Power
If you're looking for serious power in a 14" ultrabook that is powered by Linux, Slimbook has just the thing for you.
-
The Gnome Foundation Struggling to Stay Afloat
The foundation behind the Gnome desktop environment is having to go through some serious belt-tightening due to continued financial problems.
-
Thousands of Linux Servers Infected with Stealth Malware Since 2021
Perfctl is capable of remaining undetected, which makes it dangerous and hard to mitigate.
-
Halcyon Creates Anti-Ransomware Protection for Linux
As more Linux systems are targeted by ransomware, Halcyon is stepping up its protection.
-
Valve and Arch Linux Announce Collaboration
Valve and Arch have come together for two projects that will have a serious impact on the Linux distribution.
-
Hacker Successfully Runs Linux on a CPU from the Early ‘70s
From the office of "Look what I can do," Dmitry Grinberg was able to get Linux running on a processor that was created in 1971.
-
OSI and LPI Form Strategic Alliance
With a goal of strengthening Linux and open source communities, this new alliance aims to nurture the growth of more highly skilled professionals.
-
Fedora 41 Beta Available with Some Interesting Additions
If you're a Fedora fan, you'll be excited to hear the beta version of the latest release is now available for testing and includes plenty of updates.
-
AlmaLinux Unveils New Hardware Certification Process
The AlmaLinux Hardware Certification Program run by the Certification Special Interest Group (SIG) aims to ensure seamless compatibility between AlmaLinux and a wide range of hardware configurations.
-
Wind River Introduces eLxr Pro Linux Solution
eLxr Pro offers an end-to-end Linux solution backed by expert commercial support.