Collaborate Disseminate
When you update a new installation for the first time, or update a long time unmaintained OS, do you just enable a software firewall for all incoming connections (and hope there are no obsolete critical bugs hanging there) or do you take a… Continue reading Security precautions during update
I am well aware that the best approach is to update any dependency, no matter whether it is a development dependency or a runtime/production dependency.
But from a research prospective, I want to know whether a vulnerability in development… Continue reading Are devDependencies in Node.js exploitable?
So I’ve been compiling security advisories for various OSs, including both CentOS and RHEL. What I find confusing is CentOS should be a "similar but different" OS from RHEL counterpart, most notably from support for security patc… Continue reading What’s the difference between CentOS and RHEL security patches? [migrated]
A program A downloads signed executables and other signed configuration files. Configuration files have a signature appended at the end. To verify their integrity and creator, it uses the public key hardcoded in the program A.
In a couple … Continue reading Designing an updater with certificate renewal in mind
I have a completely up-to-date debian bullseye system. However, debsecan tool running on it retrieve more than 800 vulnerable packages.
Does it mean that all of these packages are vulnerable and even if my Debian system is totally up-to-da… Continue reading debsecan still retrieves +800 packages impacted by vulnerabilities on up-to-date bullseye system
What is the list of popular Android ROMs whose releases are cryptographically signed?
Today I learned that LineageOS (arguably the most popular open-source Android ROM) does not cryptographically sign its releases with PGP. As such, they d… Continue reading Android ROMs whose releases are cryptographically signed (gpg) [closed]
I’m new with Lynis, the security tool. I installed it with a package manager and check that it is the latest version:
$ sudo apt-get install lynis
…
lynis is already the newest version (2.1.1-1).
And yet, when I run lynis audit system, … Continue reading How to update Lynis to the latest version?
I’m new with Lynis, the security tool. I installed it with a package manager and check that it is the latest version:
$ sudo apt-get install lynis
…
lynis is already the newest version (2.1.1-1).
And yet, when I run lynis audit system, … Continue reading How to update Lynis to the latest version?
Almost a year ago, I dual-booted Windows 10 and Linux Mint. And since then, I haven’t booted into my Windows 10 OS.
I still remember that the Wi-Fi adapter was off when I shut my Windows 10 down.
Now, since my Windows 10 OS is not up to da… Continue reading Haven’t updated my Windows 10 for more than a year
Java update messages on my computer have recently (~month(s)) started appearing partly in Chinese, meaning that I can’t read part of the message or what looks like a link.
Is this change expected behavior? Is there a way to say "Hey … Continue reading Java update messages have recently started appearing partly in Chinese meaning that I can’t read part of the message. Is this expected behavior? [migrated]