Posts

Google funds Linux project to fix vulnerabilities and enhance security

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Linux

Source: Computerworld

Google, the search engine company and the Android-maker, has recently announced to be backing a project by Linux to make the Operating System harder to hack by fixing its vulnerabilities and enhancing its security. Google mentioned in a report on Thursday that it is funding a project to increase the security of Linux by re-writing the core parts “Kernel” of the Linux Operating System in Rust programming language which is basically a modernization effort to make it harder for the hackers to attack Linux-based devices.

Linux has been around for quite a while, and the Operating System is written on C Programming language which was developed back in 1972, and now with the modern advancements of the 21st century where the hackers have got all the skills and tools required for major hacking, anything written in C programming language can easily be entered into. We can say that time has outgrown Linux’s security, and now, Google will fund the project to modernise Linux and increase its overall security.

Making changes in the Kernel of Linux by replacing the written software with Rust programming language will mark a significant cultural shift in the open-source software project which is a substantial foundation to Google’s Android Operating System and Chrome OS along with other resources on the internet, as mentioned in a report by CNET.

Rust is a programming language developed by Mozilla, the developer of Firefox. The programming language is now run independently by Rust Foundation and it is known to be the most popular programming language for over five years. Rust makes it safer for software developers to write in memory as it continuously checks for hiding malicious problems or viruses in and around the memory area. According to a survey, Rust is considered to be the best alternative to decades-old C and C++ programming languages.

Linux and Google have pitched in Miguel Ojeda, whose written parts of the software used in the Large Hadron Collider particle accelerator, for writing the software for Linux in Rust programming language. As sources suggest, Google is funding the contract and the project which is being extended through the Internet Security…

Source…

Google backs Linux project to make Android, Chrome OS harder to hack

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Google said Thursday it’s funding a project to increase Linux security by writing parts of the operating system’s core in the Rust programming language, a modernization effort that could bolster the security of the internet and smartphones .



icon: Miguel Ojeda


© Provided by CNET
Miguel Ojeda

If the project succeeds, it’ll be possible to add new elements written in Rust into the heart of Linux, called the kernel. Such a change would mark a major technological and cultural shift for an open-source software project that’s become foundational to Google’s Android and Chrome operating systems as well as vast swaths of the internet. 

Miguel Ojeda, who’s written software used by the Large Hadron Collider particle accelerator and worked on programming language security, is being contracted to write software in Rust for the Linux kernel. Google is paying for the contract, which is being extended through the Internet Security Research Group, a nonprofit that’s also made it easier to secure website communications through the Let’s Encrypt effort.



icon


© Miguel Ojeda


Adding Rust modules to the Linux kernel would improve security by closing some avenues for hackers can use to attack phones, computers or servers. Since it was launched in 1991, Linux has been written solely in the powerful but old C programming language. The language was developed in 1972 and is more vulnerable to hacks than contemporary programming languages.

Loading...

Load Error

Better security for Linux is good news for everyone but hackers. In addition to the Android and Chrome OSes, Google services like YouTube and Gmail all rely on servers running Linux. It also powers Amazon and Facebook, and is a fixture in cloud computing services.

It isn’t clear if Linux kernel leaders will accommodate Rust. Linus Torvalds, the founder of Linux, has said he’s open to change if Rust for Linux champions prove its worth. Ojeda has proposed 13 changes needed to allow Rust modules in Linux to get things started.

Google already has taken some early steps to make it possible to use Rust for Linux Android. Getting buy-in at the highest levels of the Linux kernel project means many other software projects could benefit, too.

Google credits the…

Source…

How to build a computer security pentesting machine with a Raspberry Pi – Overview



The Linux Foundation’s demands to the University of Minnesota for its bad Linux patches security project

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


To say that Linux kernel developers are livid about a pair of University of Minnesota (UMN) graduate students playing at inserting security vulnerabilities into the Linux kernel for the purposes of a research paper “On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits” is a gross understatement. 

Greg Kroah-Hartman, the Linux kernel maintainer for the stable branch and well-known for being the most generous and easy-going of the Linux kernel maintainers, exploded and banned UMN developers from working on the Linux kernel. That was because their patches had been “obviously submitted in bad faith with the intent to cause problems.” 

The researchers, Qiushi Wu and Aditya Pakki, and their graduate advisor, Kangjie Lu, an assistant professor in the UMN Computer Science & Engineering Department of the UMN then apologized for their Linux kernel blunders. 

That’s not enough. The Linux kernel developers and the Linux Foundation’s Technical Advisory Board via the Linux Foundation have asked UMN to take specific actions before their people will be allowed to contribute to Linux again. We now know what these demands are.

The letter, from Mike Dolan, the Linux Foundation’s senior VP and general manager of projects, begins:

It has come to our attention that some University of Minnesota (U of MN) researchers appear to have been experimenting on people, specifically the Linux kernel developers, without those developers’ prior knowledge or consent. This was done by proposing known-vulnerable code into the widely-used Linux kernel as part of the work “On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits”; other papers and projects may be involved as well. It appears these experiments were performed without prior review or approval by an Institutional Review Board (IRB), which is not acceptable, and an after-the-fact IRB review approved this experimentation on those who did not consent.

This is correct. Wu and Lu opened their note to the UMN IRB by stating: “We recently finished a work that studies the patching process…

Source…