LinuxSecurity.com

In GitHub's new 'Security Lab', fourteen companies unite get together to search, find, and fix security flaws in GitHub-hosted open source projects. Learn more in an interesting ZDNet article:

Nearly four years after the Brave browser inserted its we-will-pay-for-your attention pitch into the adblockers v. publishers war, it’s finally showtime. Brave 1.0 promises privacy, security, speed and ad-watching payouts. Are you using Brave 1.0? If so, we'd love to hear what you think of the browser. Learn more:

Are you an Ubuntu user? Canonical has released a new batch of Linux kernel security updates for all of its supported Ubuntu Linux releases to address the latest Intel CPU vulnerabilities, as well as other important flaws. Learn more:

Have you heard about the latest Intel CPU bug, Zombieland v2? Learn more about this security vulnerability and what Red Hat and other Linux vendors are doing about it in an informative ZDNet article:

Technology should not be separated from policy; however, in reality there is very little intersection between the two. "Policymakers need to recognize this danger, and to welcome a new generation of technologists to help solve the socio-technical policy problems of the 21st century. We need to create ways to speak tech to power -- and power needs to open the door and let technologists in." Read more about this issue and how it can be remedied in a great Schneier on Security article:

Are you a Ring doorbell owner? Have you heard about the security bug that researchers discovered in Ring doorbells that sent Wi-Fi passwords over the network in plain HTTP rather than being encrypted? Learn more:

Intel, Mozilla, Red Hat, and Fastly announced today the creation of the Bytecode Alliance, an open-source foundation that will work to make WebAssembly into a cross-platform runtime that can be used on native mobile, desktop, and server environments, and not just inside browsers. The Bytecode Alliance's main goal is to promote the use of security-hardened WebAssembly tools. Learn more in an interesting ZDNet article: 

Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible­ -- and sometimes invisible­ -- commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works against Facebook Portal and a variety of phones. Learn more in an interesting Schneier on Security blog post:

The popular VPN provider, NordVPN, recently announced a server breach at a third-party data center. This breach has led many users to question what the best strategy is for protecting their privacy and security online. Learn about VPNs and how VPN services can better protect their users in a great EFF article:

We agree with Asheesh Mehra of The Next Web that regulating the application of AI, not the technology itself, will keep the use of AI fair and ethical while still fostering innovation with AI. What is your opinion on this approach? Learn more:

The Indian government has played down fears of mass surveillance in response to concerns that its proposed facial recognition system lacks adequate oversight. What are your thoughts on this system and the privacy concerns surrounding it? Learn more in a great The Next Web article:

Recent attacks on encryption have diverged. On the one hand, we’ve seen Attorney General William Barr call for “lawful access” to encrypted communications, using arguments that have barely changed since the 1990’s. But we’ve also seen suggestions from a different set of actors for more purportedly “reasonable” interventions, particularly the use of client-side scanning to stop the transmission of contraband files, most often child exploitation imagery (CEI). What are your thoughts on client-side scanning and its privacy implications? Learn more in a great EFF article:

All six major browser vendors have plans to support DNS-over-HTTPS (or DoH), a protocol that encrypts DNS traffic and helps improve a user's privacy on the web. Learn more about this protocol, which is already present in all major browsers, that users love and ISPs hate in an interesting ZDNet article:

Microsoft is planning to bring its Defender antivirus to Linux systems next year and will be giving a demo of how security specialists can use Microsoft Defender at the Ignite Conference this week. What are your thoughts on this announcement? Get the details in a great ZDNet article:

Google has discovered a Libarchive vulnerability which can lead to code execution on Linux, FreeBSD and NetBSD. Learn more about the security bug and its implications for Linux users in an informative ZDNet article:

Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called "Delegated Credentials for TLS." Delegated Credentials for TLS is a new simplified way to implement "short-lived" certificates without sacrificing the reliability of secure connections. Learn more about Delegated Credentials for TLS in an informative The Hacker News article:

Americas national security depends on the government getting access to the artificial intelligence breakthroughs made by the technology industry. So says a report submitted to Congress on Monday by the National Security Commission on Artificial Intelligence. It also warns that AI-enhanced national security apparatus like autonomous weapons and surveillance systems will raise ethical questions. Learn more in an interesting Wired article:

Is encryption code speech? Earlier court rulings suggest that it is, legally, and therefore subject to First Amendment protections. What are your thoughts? Learn more in a great CSO article:

The Mozilla Foundation and a group of rights groups and non-profits have penned an open letter to Facebook and Google urging them to halt political advertising until after the upcoming UK General Election due to concerns about disinformation, lack of transparency and the data that is being used to target these ads. What is your opinion on this? We'd love to have a discussion. Learn more: