Linux PCs, servers, gadgets can be crashed by ‘Ping of Death’ network packets

With CVE-2019-11477, a string of TCP SACK responses will cause the Linux kernel to unexpectedly hit an internal data structure limit, triggering a fatal panic. The others affecting Linux will force the system to consume resources, thus slowing it down, as Red Hat explained in its technical summary today.

Source: Sad SACK: Linux PCs, servers, gadgets can be crashed by ‘Ping of Death’ network packets • The Register

9 Best Twitter Clients for Linux That You Will Love to Use

Therefore, in this post, we shall present you some of the best Twitter desktop applications that you can install in Linux, however, the list is not in any particular order but has a selection of applications that offer exciting features and functions for effective and reliable blogging service management.

Source: 9 Best Twitter Clients for Linux That You Will Love to Use

System76 Linux computer maker offers a sneak peek into its new manufacturing facility

Exactly when these new computers both designed and manufactured by System76 will become available for purchase is anyone’s guess. Quite frankly, based on the System76’s blog post, it seems they are still at very early stages. With that said, it will be interesting to see what is born inside that factory in Colorado.

Source: System76 Linux computer maker offers a sneak peek into its new manufacturing facility

Linus Torvalds says Linux kernel v5.0 ‘should be meaningless’

With the removal of old architecture and other bits of tidying up, with v4.17 RC1 there were more lines of code removed than added: something described as “probably a first. Ever. In the history of the universe. Or at least kernel releases.”

Source: Linus Torvalds says Linux kernel v5.0 ‘should be meaningless’

​Linux totally dominates supercomputers

In 1993/1994, at NASA’s Goddard Space Flight Center, Donald Becker and Thomas Sterling designed a Commodity Off The Shelf (COTS) supercomputer: Beowulf. Since they couldn’t afford a traditional supercomputer, they built a cluster computer made up of 16 Intel 486 DX4 processors, which were connected by channel bonded Ethernet. This Beowulf supercomputer was an instant success.

Source: ​Linux totally dominates supercomputers | ZDNet

Linux first appeared on the Top500 in 1998. Before Linux took the lead, Unix was supercomputing’s top operating system. Since 2003, the Top500 was on its way to Linux domination. By 2004, Linux had taken the lead for good.

0-days hitting Fedora and Ubuntu open desktops to a world of hurt

The exploit ending in .flac works as a drive-by attack when a Fedora 25 user visits a booby-trapped webpage. With nothing more than a click required, the file will open the desktop calculator. With modification, it could load any code an attacker chooses and execute it with the same system privileges afforded to the user. While users typically don’t have the same unfettered system privileges granted to root, the ones they do have are plenty powerful.

Source: 0-days hitting Fedora and Ubuntu open desktops to a world of hurt

Here’s a blurb from the researcher’s blog post about this:

Resolving all the above, I present here a full, working, reliable, 0day exploit for current Linux distributions (Ubuntu 16.04 LTS and Fedora 25). It’s a full drive-by download in the context of Fedora. It abuses cascading subtle side effects of an emulation misstep that at first appears extremely difficult to exploit but ends up presenting beautiful and 100% reliable exploitation possibilities.

Source: Redux: compromising Linux using… SNES Ricoh 5A22 processor opcodes?!

“Most serious” Linux privilege-escalation bug ever is under active exploit

The vulnerability, a variety known as a race condition, was found in the way Linux memory handles a duplication technique called copy on write. Untrusted users can exploit it to gain highly privileged write-access rights to memory mappings that would normally be read-only. More technical details about the vulnerability and exploit are available here, here, and here. Using the acronym derived from copy on write, some researchers have dubbed the vulnerability Dirty COW.

Source: “Most serious” Linux privilege-escalation bug ever is under active exploit (updated)

DRIVE IT YOURSELF: USB CAR

What we are going to do is a basic variant of a process generally known as reverse engineering. You start examining the device with common tools (USB is quite descriptive itself). Then you capture the data that the device exchanges with its existing (Windows) driver, and try to guess what it means. This is the toughest part, and you’ll need some experience and a bit of luck to reverse engineer a non-trivial protocol.

via DRIVE IT YOURSELF: USB CAR | Linux Voice.