Feed aggregator

Linux 7.0.6 Released To Finish Mitigating the Dirty Frag Vulnerability  Phoronix

Linux is Getting a Kill Switch!  It's FOSS

New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks  SecurityWeek

New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks  SecurityWeek

New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks  SecurityWeek

New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks  SecurityWeek

New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks  SecurityWeek

New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks  SecurityWeek

New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks  SecurityWeek

New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks  SecurityWeek

New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks  SecurityWeek

New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks  SecurityWeek

1. New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks  SecurityWeek
2. 'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros  Dark Reading
3. Linux bitten by second severe vulnerability in as many weeks  Ars Technica

Public Linux Code Commits Trigger Early Dirty Frag Disclosure  Open Source For You

Sonatype joins Linux Foundation registry working group  SecurityBrief UK

Linux Foundation Backs Open Drivers To Improve Linux Hardware Compatibility  Open Source For You

The NY Times recently published the article “Her Life Savings Mysteriously Disappeared After a Systems Glitch” (gift link), where a woman logs into her Fidelity account one day and finds that her accounts are missing online and Fidelity dismisses her as crazy:

Fidelity Investments sent messages alerting her that her phone number and email address had been removed from her profile — and to contact Fidelity if she hadn’t done it. Alarmed, she quickly logged in, “only to find that all of my accounts had disappeared and my balance showed zero dollars.”

[…] Now in full panic mode, she called Fidelity on her way into her clinic; it told her that she didn’t have any accounts there.

“Are you sure you shouldn’t be calling Schwab?” Ms. Gruntmane recalled one representative saying, referring to Charles Schwab. “Are you sure it’s with us?”

Even if her account was closed or deleted, the reps told her, they could usually see that. They also refused to connect her with the fraud department, Ms. Gruntmane recalled, for the same reason — if there wasn’t any trace of her accounts, how could there be a fraud?

I recommend reading the entire article for the details, but in the end she was able to regain control of her accounts because she was able to provide an account number. Fidelity claims there was an uncommon technical glitch due to her opening some accounts with a Individual Taxpayer Identification Number (ITIN) and others with her Social Security number.

The most important takeaway:

From here on in, she said, she’s going to be sure to keep physical evidence of her accounts and balances in a secure place. Her tale serves as a reminder that we all should adopt that habit.

Every time I say it, I know I sound like an old man, but I still like receiving paper statements in the mail for my important accounts. I either use a locked mailbox and/or a PO Box, and this way, even if something happens to me, my wife will be notified by paper statements about overdue bills and major accounts. I also download online versions periodically and store them on an external USB drive, making sure I have a complete collection at the end of each year. For some accounts, I might just print out a year-end statement.

However, I’m sure many folks just assume that the online statements will always be available, as they usually promise to store them for 7 years to whatnot when they repeatedly bug you to go “eco-friendly”. Consider what would happen today if this “uncommon” glitch happened to you. Do you know all your account numbers? What if it was your primary checking account? Do you have backups?

Even JP Morgan Chase CEO Jamie Dimon recently admitted that their greatest risk was now “cybersecurity”, basically hacking due to AI. The “Godfather of AI” Geoffrey Hinton himself divides his assets across multiple banks and brokerages due to the risk of theft due to AI. I agree that it’s only a matter of time before a big hack occurs to one brokerage or another. Splitting your assets and maintaining a historical physical record of your asset ownership won’t solve every potential problem, but they are both precautions that I am taking.

An anonymous reader quotes a report from the BBC: TikTok will not introduce end-to-end encryption (E2EE) -- the controversial privacy feature used by nearly all its rivals -- arguing it makes users less safe. E2EE means only the sender and recipient of a direct message can view its contents, making it the most secure form of communication available to the general public. Platforms such as Facebook, Instagram, Messenger and X have embraced it because they say their priority is maximizing user privacy. But critics have said E2EE makes it harder to stop harmful content spreading online, because it means tech firms and law enforcement have no way of viewing any material sent in direct messages. The situation is made more complex because TikTok has long faced accusations that ties to the Chinese state may put users' data at risk. TikTok has consistently denied this, but earlier this year the social media firm's US operations were separated from its global business on the orders of US lawmakers. TikTok told the BBC it believed end-to-end encryption prevented police and safety teams from being able to read direct messages if they needed to. It confirmed its approach to the BBC in a briefing about security at its London office, saying it wanted to protect users, especially young people from harm. It described this stance as a deliberate decision to set itself apart from rivals. "Grooming and harassment risks are very real in DMs [direct messages] so TikTok now can credibly argue that it's prioritizing 'proactive safety' over 'privacy absolutism' which is a pretty powerful soundbite," said social media industry analyst Matt Navarra. But Navarra said the move also "puts TikTok out of step with global privacy expectations" and might reinforce wariness for some about its ownership.

Read more of this story at Slashdot.

Continuing its product launches this week, Apple today announced the "MacBook Neo," an all-new, low-cost Mac featuring the A18 Pro chip. It starts at $599 and begins shipping on Wednesday, March 11. MacRumors reports: The MacBook Neo is the first Mac to be powered by an iPhone chip; the A18 Pro debuted in 2024's iPhone 16 Pro models. Apple says it is up to 50% faster for everyday tasks than the bestselling PC with the latest shipping Intel Core Ultra 5, up to 3x faster for on-device AI workloads, and up to 2x faster for tasks like photo editing. The MacBook Neo features a 13-inch Liquid Retina display with a 2408-by-1506 resolution, 500 nits of brightness, and an anti-reflective coating. The display does not have a notch, instead featuring uniform, iPad-style bezels. It is available in Silver, Indigo, Blush, and Citrus color options. The colored finishes extend to the Magic Keyboard in lighter shades and come with matching wallpapers. It weighs 2.7 pounds. There are two USB-C ports. One is a USB-C 2 port with support for speeds up to 480 Mb/s and one is a USB-C 3 port with support for speeds up to 10 Gb/s. There is also a headphone jack. The MacBook Neo also offers a 16-hour battery life, 8GB of unified memory, Wi-Fi 6E and Bluetooth 6 connectivity, a 1080p front-facing camera, dual mics with directional beamforming, and dual side-firing speakers with Spatial Audio.

Read more of this story at Slashdot.

Intel has formally unveiled its Xeon 6+ "Clearwater Forest" data-center processor with up to 288 cores, built on the company's new Intel 18A process and using Foveros Direct packaging. The chip targets telecom, cloud, and edge-AI workloads with massive parallelism, large caches, and high-bandwidth DDR5-8000 memory. Tom's Hardware reports: Intel's Xeon 6+ processors with up to 288 cores combine 12 compute chiplets containing 24 energy-efficient Darkmont cores per tile that are produced using 18A manufacturing technology, two I/O tiles made on Intel 7 production node, as well as three active base tiles made on Intel 3 fabrication process. The compute tiles are stacked on top of the base dies using Intel's Foveros Direct 3D technology, whereas lateral connections are enabled by Intel's EMIB bridges. Intel's 'Darkmont' efficiency cores have received rather meaningful microarchitectural upgrades. Each core integrates a 64 KB L1 instruction cache, a broader fetch and decode pipeline, and a deeper out-of-order engine capable of tracking more in-flight operations. The number of execution ports has also been increased in a bid to improve both scalar and vector throughput under heavily threaded server workloads. From a cache hierarchy standpoint, the design groups cores into four-core blocks that share approximately 4 MB of L2 cache per block. As a result, the aggregate last-level cache across the full package surpasses 1 GB, roughly 1,152 MB in total. This unusually large pool is intended to keep data close to hundreds of active cores and reduce dependence on external memory bandwidth, which in turn is meant to both increase performance and lower power consumption. Platform-wise, the processor remains drop-in compatible with the current Xeon server socket, so the CPU has 12 memory channels that support DDR5-8000, 96 PCIe 5.0 lanes with 64 lanes supporting CXL 2.0.

Read more of this story at Slashdot.