Weekly Digest – Week 19, 2021

Articles and News

FragAttacks

FragAttacks is a collection of 12 Wi-Fi fragmentation and aggregation vulnerabilities. The security researchers found that every Wi-Fi product is affected by at least one of the vulnerabilities, most of them by several.

https://www.fragattacks.com/

#wi-fi #wi-fi-security

The Syslog Hell

The author goes on a (totally justified) rant about all the vendor-specific, non-RFC-conform Syslog implementations out there.

https://techblog.bozho.net/the-syslog-hell/

#syslog #monitoring #rfc

Dear EU: Please Don’t Ruin the Root

Bert Hubert on the possible harm local EU regulations could do to the DNS root servers and the Internet.

https://berthub.eu/articles/posts/dont-ruin-the-root/

#dns #dns-root #eu

Poor Disk Performance

Brendnan Gregg reporting on the results of bringing back an old, dusty 80 GB HDD to live.

http://www.brendangregg.com/blog/2021-05-09/poor-disk-performance.html

Observing My Cellphone Switch Towers

The author observed, visualized, and analyzed the cell tower switching behavior of his cellphone.

https://fabiensanglard.net/lte/index.html

#cellphone #lte

Hackers Using Microsoft Build Engine to Deliver Malware Filelessly

Interesting article on how attackers can use MSBuild to filelelessly compromise a machine.

https://thehackernews.com/2021/05/hackers-using-microsoft-build-engine-to.html

#microsoft #fileless-malware

Debugging Random Slow Writes in PostgreSQL

The author analyzes a real-world Postgres performance issue related to the GIN index fast update technique analyzed.

https://iamsafts.com/posts/postgres-gin-performance/

#postgresql #database-performance #gin-index

Projects and Releases

GNU Guix 1.3

Version 1.3 of the declarative, idempotent package manager comes with new installation methods, improved user experience, performance improvements, and POWER9 support.

https://guix.gnu.org/en/blog/2021/gnu-guix-1.3.0-released/

#type:release #guix #package-manager #declarative-package-manager

YunoHost 4.2

YunoHost 4.2, the operating system aiming for simple self-hosting, moved from Python 2 to Python 3 and now comes with a web admin interface rewritten in Vue.js.

https://forum.yunohost.org/t/yunohost-4-2-release-sortie-de-yunohost-4-2/15673

#type:release #self-hosting

containerd 1.5.0

Version 1.5.0 of containerd includes experimental FreeBSD runtime support.

https://github.com/containerd/containerd/releases/tag/v1.5.0

#containerd #container-runtime

Erlang/OTP 24

Erlang/OTP 24 was released, with the JIT compiler probably being the most anticipated feature.

https://www.erlang.org/news/148

#type:release #erlang

eBPF on Windows

eBPF on Microsoft Windows. Currently, work-in-progress.

https://github.com/microsoft/ebpf-for-windows

#ebpf #microsoft-windows

DragonFly BSD 6.0

https://www.dragonflybsd.org/release60/

#bsd #dragonfly-bsd

FreeIPA

https://www.freeipa.org/

»FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System).«

#identity-management #freeipa

OpenSCAP

OpenSCAP is a popular implementation of the Security Content Automation Protocol (SCAP) for automated vulnerability management and compliance evaluation.

https://www.open-scap.org/

#scap #security #vulnerability-management #audit

NetBox

NetBox is an open-source IP address management (IPAM), and datacenter infrastructure management (DCIM) tool initially conceived by the network engineering team at Dropbox.

https://github.com/netbox-community/netbox

#dropbox #ip-address-management #datacenter-infrastructure-management