Skip to content

Category: Hackerterrorcybercyber

On Sandboxing, and Linux distro differences

Dan Walsh, Redhat, SELinux Developer, weeps when you disable SELinux

On one end of the spectrum, LearntEmail points to Stop Disabling SELinux and asks us to instead set up proper sandboxes to contain software: SELinux – A Real-World Guide.

On the other hand, Kristaps Dz explains how differences in Linux Distros, Libraries and other environmental factors make it very hard to define sandboxes in a portable way (seccomp, in this case), so that they can be shipped with an application, such as the Let’s Encrypt ACME client he develops. The LWN Article pointing to this has interesting discussion.

There is a lot to be learnt between these two extremes, for example why we can’t have nice things.

2 Comments

Mandatory Widevine (Browser Video DRM) in Chrome

Changes are coming to Chrome. Not all of them are good.

For example the ability to actually view the details of a TLS certificate in Chrome has been moved far away into a hard to reach Developer menu.

Most Chrome plugins have been disabled and removed, and the chrome://plugins page will go away very soon (Chrome 57 and later). The remaining Plugins cannot any longer be disabled (Bug report). This will also silently re-enable disabled plugins.

One of them is the Widevine video DRM plugin, and that is widely seen as very problematic, for security and legal reasons.

Leave a Comment

It’s not an APT, it’s just you sucking at basic IT

Dr. Ian Levy

So El Reg has spoken to Dr. Ian Levy, the chief technical director of GCHQ. And Levy goes:

“If you call it an advanced persistent threat, you end up with a narrative that basically says ‘you lot are too stupid to understand this and only I can possibly help you – buy my magic amulet and you’ll be fine.’ It’s medieval witchcraft, it’s genuinely medieval witchcraft.”

and continues

He pointed out that a UK telco had recently been taken offline using a SQL injection flaw that was older than the hacker alleged to have used it. That’s not advanced by any stretch of the imagination, he said.

So there you have it. It’s not an APT. It’s you sucking at running an IT organisation.

Leave a Comment