LinuxSecurity.com

The Senate Judiciary Committee recently held a hearing on encryption and “lawful access.” That’s the fanciful idea that encryption providers can somehow allow law enforcement access to users’ encrypted data while otherwise preventing the “bad guys” from accessing this very same data. Learn more:

Mozilla announced this week that all developers of Firefox add-ons must enable a two-factor authentication (2FA) solution for their account to prevent supply-chain attacks. The new rule is to enter effect starting in 2020. Learn more:

As Senate Judiciary Committee Chair Lindsey Graham has continued his latest quest to undermine encryption with a hearing whose sole purpose seemed to be to misleadingly argue that encryption represents a "risk to public safety." The Defense Department has weighed in to say that's ridiculous. As you may recall, the DOJ and the FBI have been working overtime to demonize encryption and pretend -- against nearly all evidence -- that widespread, strong encryption somehow undermines its ability to stop criminals. Learn more in an interesting TechDirt article:

Google yesterday rolled a new stable version of the company’s web browser, Chrome 79 for Windows, Mac, Linux, Android, and iOS. The new web browser comes with several security improvements and better secure browsing protections, including a new feature that will automatically alert you if your passwords have been hacked. Learn more:

Are you a Google Chrome user? Google has released the Chrome 79 web browser for all supported platforms, including GNU/Linux, macOS, Windows, Android, and Chrome OS. This release includes 51 security fixes. Learn more:

Five ad industry groups have asked California Attorney General Xavier Becerra to change stipulations about cookie-blocking in the state’s impending, far-reaching, almost-GDPR-but-not-quite privacy law, which goes into effect in the new year. What is your opinion on this request? Learn more: 

For years, developers have been working on this new take on the virtual private network, and now it's finally ready to go. Learn more about this in-kernel VPN, which should be released in the next major Linux kernel release, 5.6, in the first or second quarter of 2020: 

EFF and a coalition of privacy advocates have filed comments with the California Attorney General seeking strong regulations to protect consumer data privacy. The draft regulations are a good step forward, but the final regulations should go further. What are your thoughts on the draft regulations that were published in October? Learn more:

Researchers have discovered a security flaw in macOS, Linux, and several other operating systems that could let attackers hijack a wide range of virtual private network (VPN) connections. Learn more about this networking attack:

Are you an OpenBSD user? OpenBSD, one of the internet’s most popular free operating systems allowed attackers to bypass its authentication controls, effectively leaving the keys in the back door, according to an advisory released this week. The developers of the OpenBSD system have already patched the vulnerability. Learn more: 

A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. Learn more about the bug and how it could impact your system:

Canonical has published a new security advisory today where the company behind the popular Ubuntu Linux operating system apologizes for a regression introduced by the latest Intel microcode firmware update.

Red Hat and CentOS have announced the availability of important kernel security updates for their Red Hat Enterprise Linux 7 and CentOS Linux 7 operating system series that address two security vulnerabilities and numerous other bugs. Learn more:

Aviatrix, a supplier of open source enterprise virtual private networks (VPNs) to customers including BT, Nasa and Shell, has patched a serious vulnerability in its client that could have given an attacker escalation privileges on a machine to which they already had access. Learn more about this vulnerability and its implications for Linux users in an informative Computer Weekly article:

The government claims that the new requirement will prevent fraud for citizens, but critics see it as the furthering of invasive surveillance measures. What are your thoughts? Learn more in an interesting Security Today article:

There is a lot to like about U.S. Sen. Cantwell’s new Consumer Online Privacy Rights Act (COPRA). It is an important step towards the comprehensive consumer data privacy legislation that we need to protect us from corporations that place their profits ahead of our privacy. What is your opinion on this bill? We support it! Learn more in an informative EFF article:

This time last year, the Australian Labor Party waved through the government's encryption Bills, formally known as the Assistance and Access Bill, and threw out the line that it was to keep the nation safe. The Labor Party now says it will fix encryption laws it voted for last year, but legislation is unlikely to pass the House of Representatives. What are your thoughts on this proposed legislation and the implications it would have for citizens' privacy? Learn more:

The use of facial recognition technology is continuing to expand, despite concerns about its accuracy and fairness and about how it could be used by governments to spy on people. These concerns have been heightened following a report by the Financial Times which shows that Chinese groups have a significant influence in shaping international standards regarding the technology. Learn more:

Did you know that Linux is the least targeted OS by malicious ads, accounting for only 0.3% of all malicious ads recorded in a recent study? Most malvertising campaigns (malicious ads) target Windows users, according to statistics shared last week by cyber-security firm Devcon. Chrome OS is the second most targeted, while Linux is the least. Learn more:

Pressure is gathering for a federal privacy law in the US with the introduction of a second bill that would protect consumer data. The Consumer Online Privacy Rights Act from Washington Senator Maria Cantwell not only outlines strict privacy and security rules, but also establishes a dedicated FTC office to enforce them. Cantwell also pointed out in her Bill announcement that it defines privacy as a right in federal law. How do you feel about this bill? Learn more: