Odprtokodni pogled

Opensource view

tuxmachines.org

Syndicate content
Your source for Linux and Open Source news, reviews, and howtos.
Posodobljeno: 24 min 57 sec nazaj

Security: WhatsApp, Flatpak and DNS

Sre, 10/10/2018 - 22:36
  • Hackers Can Take Control Of Your WhatsApp Just With A Video Call: Update Now

    Natalie Silvanovich, a Google Project Zero security researcher, has uncovered a critical security flaw in WhatsApp. The flaw could allow a notorious actor to make a video call and take complete control of your messaging application.

  • Just Answering A Video Call Could Compromise Your WhatsApp Account
  • New Website Claims Flatpak is a “Security Nightmare”

    A newly launched website is warning users about Flatpak, branding the tech a “security nightmare”.

    The ‘Flatkills.org’ web page takes aim at a number of security claims routinely associated with the fledgling Flatpak app packaging and distribution format.

  • DNS Security Still an Issue

    DNS security is a decades-old issue that shows no signs of being fully resolved. Here's a quick overview of some of the problems with proposed solutions and the best way to move forward.

    ...After many years of availability, DNSSEC has yet to attain significant adoption, even though any security expert you might ask recognizes its value. As with any public key infrastructure, DNSSEC is complicated. You must follow a lot of rules carefully, although some network services providers are trying to make things easier.

    But DNSSEC does not encrypt the communications between the DNS client and server. Using the information in your DNS requests, an attacker between you and your DNS server could determine which sites you are attempting to communicate with just by reading packets on the network.

    So despite best efforts of various Internet groups, DNS remains insecure. Too many roadblocks exist that prevent the Internet-wide adoption of a DNS security solution. But it is time to revisit the concerns.

read more

GPUs and Graphics: Nvidia, X.Org Developers' Conference, vRt and ROCm

Sre, 10/10/2018 - 22:29

read more

Kernel: Threading, Streebog, USB 3.0, "Thermal Pressure" and More

Sre, 10/10/2018 - 22:26
  • A Look At Linux Application Scaling Up To 128 Threads

    Arriving last week in our Linux benchmarking lab was a dual EPYC server -- this Dell PowerEdge R7425 is a beast of a system with two AMD EPYC 7601 processors yielding a combined 64 cores / 128 threads, 512GB of RAM (16 x 32GB DDR4), and 20 x 500GB Samsung 860 EVO SSDs. There will be many interesting benchmarks from this server in the days and weeks ahead. For some initial measurements during the first few days of stress testing this 2U rack server, here is a look at how well various benchmarks/applications are scaling from two to 128 threads.

  • Linux Kernel Patches Posted For Streebog - Crypto From Russia's FSB

    Just months after the controversial Speck crypto code was added to the Linux kernel that raised various concerns due to its development by the NSA and potential backdoors, which was then removed from the kernel tree, there is now Russia's Streebog that could be mainlined.

    The Streebog cryptographic hash was developed by Russia's controversial FSB federal security service and other Russian organizations. Streebog is a Russian national standard and a replacement to their GOST hash function. Streebog doesn't have as much controversy as NSA's Speck, but then again it's not as well known but there is are some hypothetical attacks and some papers have questioned some elements of the design. Streebog is considered to be a competitor to the SHA-3 standard from the NIST.

  • The Linux Kernel In 2018 Finally Deems USB 3.0 Ubiquitous Rather Than An Oddity

    The latest news in the "it's about darn time" section is the Linux kernel's default i386/x86_64 kernel configurations will finally ship with USB 3.0 support enabled, a.k.a. CONFIG_USB_XHCI_HCD.

    For many years now pretty much all Linux distribution vendor kernels have been shipping with CONFIG_USB_XHCI_HCD enabled either built-in or as a module... But built-in is pretty much the best to avoid potential issues at start-up time. As of this week, CONFIG_USB_XHCI_HCD=y is finally set for the default configurations on the x86/x86_64-based kernel builds should you be spinning up a defconfig kernel.

  • "Thermal Pressure" Kernel Feature Would Help Linux Performance When Running Hot

    Linaro engineer Thara Gopinath sent out an experimental set of kernel patches today that introduces the concept of "thermal pressure" to the Linux kernel for helping assist Linux performance when the processor cores are running hot.

    While the Linux CPU frequency scaling code already deals with the event of CPU core(s) overheating as to downclock/limit the frequency, the kernel's scheduler isn't currently aware of the CPU capacity restrictions put in place due to that thermal event.

  • Containers are Linux

    Linux is the core of today’s operating system open source software development, and containers are a core feature of Linux. Linux containers and the Kubernetes community supporting them enable agencies to quickly stand up, distribute and scale applications in the hybrid clouds supporting the IT architecture of today’s digitally transformed government.

    But agencies need more than the speed and flexibility of containers and the power of Kubernetes to take full advantage of today’s hybrid cloud environment. They need open source enterprise software with full lifecycle support and a full complement of hardware certifications to ensure portability across platforms.

read more

Programs and Programming: DICOM Viwers, Turtl, Weblate, Rust and Python

Sre, 10/10/2018 - 21:15
  • Excellent Free DICOM Viewers – Medical Imaging Software

    DICOM (an acronym for Digital Imaging and Communications in Medicine) is a worldwide standard in Health IT and is provided by the National Electrical Manufacturers Assocation (NEMA). It’s the standard open image format used to handle, store, print and transmit information in medical imaging. This standard specifies the way medical images and metadata like study or patient related data are stored and communicated over different digital medias.

    DICOM is a binary protocol and data format. The binary protocol specifies a set of networking protocols, the syntax and specification of commands that can be exchanged with these protocols, and a set of media storage services. It’s an entire specification of the elements required to achieve a practical level of automatic interoperability between biomedical imaging computer systems—from application layer to bit-stream encoding.

    DICOM files can be exchanged between two entities that are capable of receiving image and patient data in DICOM format.

  • Encrypted Evernote Alternative Turtl v0.7 Includes Rewritten Server, New Spaces Feature

    Turtl was updated to version 0.7 yesterday, the new release shipping with a rewritten server, among other changes. I'll cover the new version in the second part of this article, after an introduction to Turtl.

    Turtl is a "secure, encrypted Evernote alternative". The free and open source tool, which is considered beta software, can be used to take notes, save bookmarks, store documents and images, and anything else you may need, in a safe place.

    There are Turtl applications available for Linux, Windows, macOS and Android, while an iOS application should also be available in the future. Chrome and Firefox extensions are available to easily bookmark the page you're on, great for quickly saving sites for later.

    The Turtl developers offer the service (hosted server) for free, but a premium service is planned for the future. However, the Turtl server is free and open source software, so you can install and use your own instance.

  • Weblate 3.2.1

    Weblate 3.2.1 has been released today. It's a bugfix release for 3.2 fixing several minor issues which appeared in the release.

  • This Week in Rust 255
  • Code Quality & Formatting for Python

    black, the uncompromising Python code formatter, has arrived in Debian unstable and testing.

    black is being adopted by the LAVA Software Community Project in a gradual way and the new CI will be checking that files which have been formatted by black stay formatted by black in merge requests.

    There are endless ways to format Python code and pycodestyle and pylint are often too noisy to use without long lists of ignored errors and warnings.

read more

GCC: Optimizing Linux, the Internet, and Everything

Sre, 10/10/2018 - 21:02

Software is useless if computers can't run it. Even the most talented developer is at the mercy of the compiler when it comes to run-time performance - if you don’t have a reliable compiler toolchain you can’t build anything serious. The GNU Compiler Collection (GCC) provides a robust, mature and high performance partner to help you get the most out of your software. With decades of development by thousands of people GCC is one of the most respected compilers in the world. If you are building applications and not using GCC, you are missing out on the best possible solution.

GCC is the “de facto-standard open source compiler today” [1] according to LLVM.org and the foundation used to build complete systems - from the kernel upwards. GCC supports over 60 hardware platforms, including ARM, Intel, AMD, IBM POWER, SPARC, HP PA-RISC, and IBM Z, as well as a variety of operating environments, including GNU, Linux, Windows, macOS, FreeBSD, NetBSD, OpenBSD, DragonFly BSD, Solaris, AIX, HP-UX, and RTEMS. It offers highly compliant C/C++ compilers and support for popular C libraries, such as GNU C Library (glibc), Newlib, musl, and the C libraries included with various BSD operating systems, as well as front-ends for Fortran, Ada, and GO languages. GCC also functions as a cross compiler, creating executable code for a platform other than the one on which the compiler is running. GCC is the core component of the tightly integrated GNU toolchain, produced by the GNU Project, that includes glibc, Binutils, and the GNU Debugger (GDB).

Also: AMDGPU Developer Proposes Array Register Files For LLVM - Would Help Performance

read more

Mozilla: TLS Certificate Distrust, Bugzilla Automatic Bug Triaging Challenge, Firefox Nightly and More

Sre, 10/10/2018 - 20:54
  • Delaying Further Symantec TLS Certificate Distrust

    Due to a long list of documented issues, Mozilla previously announced our intent to distrust TLS certificates issued by the Symantec Certification Authority, which is now a part of DigiCert. On August 13th, the next phase of distrust was enabled in Firefox Nightly. In this phase, all TLS certificates issued by Symantec (including their GeoTrust, RapidSSL, and Thawte brands) are no longer trusted by Firefox (with a few small exceptions).

    In my previous update, I pointed out that many popular sites are still using these certificates. They are apparently unaware of the planned distrust despite DigiCert’s outreach, or are waiting until the release date that was communicated in the consensus plan to finally replace their Symantec certificates. While the situation has been improving steadily, our latest data shows well over 1% of the top 1-million websites are still using a Symantec certificate that will be distrusted.

  • Taming triage: Partnering with Topcoder to harness the power of the crowd

    We are excited to announce the launch of the Bugzilla Automatic Bug Triaging Challenge, a crowdsourcing competition sponsored by Mozilla and hosted by Topcoder, the world’s largest network of software designers, developers, testers, and data scientists. The goal of the competition is to automate triaging (categorization by products and software components) of new bugs submitted to Bugzilla, Mozilla’s web-based bug tracking system. By cooperating with Topcoder, Mozilla is expanding its open innovation capabilities to include specialized crowdsourcing communities and competition mechanisms.

    Mozilla’s Open Innovation strategy is guided by the principle of being Open by Design derived from a comprehensive 2017 review of how Mozilla works with open communities. The strategy sets forth a direction of expanding the organisation’s external outreach beyond its traditional base of core contributors: open source software developers, lead users, and Mozilla volunteers. Our cooperation with Topcoder is an example of reaching out to a global community of data scientists.

  • Firefox Nightly: These Weeks in Firefox: Issue 47
  • Community Coordinator role

    The Reps program is evolving in order to be aligned with Mozilla’s changes on how we perceive communities. Part of those changes is the Mission Driven Mozillians project, where the Reps are involved.

  • Announcing a Competition for Ethics in Computer Science, with up to $3.5 Million in Prizes

    Today, computer scientists wield tremendous power. The code they write can be used by billions of people, and influence everything from what news stories we read, to what personal data companies collect, to who gets parole, insurance or housing loans

    Software can empower democracy, heighten opportunity, and connect people continents away. But when it isn’t coupled with responsibility, the results can be drastic. In recent years, we’ve watched biased algorithms and broken recommendation engines radicalize users, promote racism, and spread misinformation.

read more

A Look At Linux Application Scaling Up To 128 Threads

Sre, 10/10/2018 - 20:34

Arriving last week in our Linux benchmarking lab was a dual EPYC server -- this Dell PowerEdge R7425 is a beast of a system with two AMD EPYC 7601 processors yielding a combined 64 cores / 128 threads, 512GB of RAM (16 x 32GB DDR4), and 20 x 500GB Samsung 860 EVO SSDs. There will be many interesting benchmarks from this server in the days and weeks ahead. For some initial measurements during the first few days of stress testing this 2U rack server, here is a look at how well various benchmarks/applications are scaling from two to 128 threads.

This article with these benchmarks is mainly intended for reference purposes for those curious how well different Linux workloads scale up to 128 threads with these multi-core benchmarks available via the Phoronix Test Suite and OpenBenchmarking.org. Tests were done with 2, 4, 8, 16, 32, and 64 cores enabled and then the default configuration of 64 threads plus SMT to yield 128 threads of jaw-dropping power.

read more

Ubuntu: Ubuntu 18.10, Ubuntu in 'Smart' Cities, and Snaps in Numbers

Sre, 10/10/2018 - 20:17
  • Do You Plan to Upgrade to Ubuntu 18.10?

    Such closeness means — shock — it’s almost-very-nearly upgrade decision time for many of us!

    The question is are you the sort of Linux user who likes to run the latest and greatest that open source software has to offer? Or do you prefer to play it safe on the stable foundation of an LTS? Perhaps you’re entirely uncertain?!

  • Ubuntu 18.10 Adds Gallium Nine Support, Latest Mesa 18.2.2

    A couple of graphic-related tidbits ahead of next week’s Ubuntu 18.10 release that some of you might be interested to know about.

    First up, Mesa.

    A feature freeze exception was granted to allow Mesa 18.2.x series in to the Ubuntu 18.10 archives, with Mesa 18.2.2 specifically (i.e the latest update) now ready in the archives.

  • Digital signage: the face of the smart city revolution

    Crucially, this means selecting an operating system and a digital signage solution with strong safety capabilities. Ubuntu is a strong choice for a secure OS, in large part because it restricts outside access to key system files better than most competitors. This makes it more difficult for malware to access a system. Meanwhile, in the signage software space, Broadsign is the clear winner thanks to SOC II and ISAE3402 audits that guarantee stronger SaaS security than what is standard for online banking.

  • Snapistics – Snaps in numbers

    Actions speak louder than words. So do numbers. When we talk about snaps, we often focus on the application packages, and talk about their individual merits. However, a no less important – and interesting – facet is the collective numbers behind the scenes. They tell a compelling story for developers and users alike. They allow us to look back and piece together a puzzle of perception and adoption, and map them onto underlying factors, like the introduction of the new Ubuntu LTS release, the availability of popular software, and deliberate changes introduced to make snaps more robust and accessible.

    Indeed, how do people perceive snaps? How well accepted are snaps in software development circles? Today, we’d like to share some of these figures.

read more

Red Hat and Fedora Picks

Sre, 10/10/2018 - 19:57

read more

Games: Stationeers, Between the Stars, Off Grid, Mark of the Ninja: Remastered, Timespinner

Sre, 10/10/2018 - 18:52
  • RocketWerkz have confirmed their plans to do a Linux version of Stationeers

    A good bit of news to wake up to today! Stationeers a space station construction and management game from developer RocketWerkz should be coming to Linux.

    In their official FAQ on Steam, the developer noted that if it sold at least 300K copies a Linux version would be considered. Someone then made a post on Steam last year, full of users requesting a Linux version of Stationeers. Six pages of replies later, the developer replied a few hours ago with a link to this new post (also added to their FAQ now) confirming their intent to make a Linux version now.

  • Between the Stars looks like an incredible spaceship action game, coming to Linux

    Between the Stars, a spaceship action game with 'traces of RPG, management and roguelike elements' looks set to come to Linux.

  • Off Grid gives you data as your weapon in this stealth hacking game, now crowfunding with Linux support

    I covered this before briefly back in April, as the developer seemed committed to providing a Linux version. Sadly, the demo is currently only on Windows and Mac but I did speak to the developer today where they told me a Linux demo is now a priority with the Kickstarter being live. They've unfortunately had some last minute issues they're trying to solve, so hopefully it won't be long. Update: As the developer noted in our comments, the demo is now on itch.io.

  • Mark of the Ninja: Remastered is out on Steam with Linux support

    Mark of the Ninja: Remastered, the relatively small upgrade over the original is now out with Linux support on Steam.

    Unlike a lot of remasters, Mark of the Ninja: Remastered isn't actually that big of an upgrade overall. It does include enhanced visuals that are no longer compressed down to 720p as it supports up to 4K now. It also has improved character and background art proving some clearer details along with remastered cinematics. On top of that, there's also 5.1 audio support and the Special Edition DLC is also now included as standard.

  • Timespinner, the fun metroidvania is now available on GOG with a Linux build

    After the release on Steam late last month, Timespinner is now available DRM free on GOG for more of you to go exploring. They have the latest patch build too with a couple of bug fixes. Note: Key provided by GOG.

read more

​Cloud Foundry embraces Kubernetes

Sre, 10/10/2018 - 18:44

Cloud Foundry, a prominent open-source Platform-as-a-Service (PaaS) cloud, isn't giving up on BOSH its tool chain for release engineering, deployment, and life-cycle management of large scale distributed services. But Cloud Foundry is making it easier to use Kubernetes both independently and as part of BOSH.

The Cloud Foundry Foundation is doing this by accepting two new projects: Eirini and CF Containerization. This comes after last year's adoption of Cloud Foundry Container Runtime (CFCR), which started Cloud Foundry's integration of Kubernetes. CRCR makes it possible to deploy and manage Kubernetes clusters using the BOSH release engineering tool chain.

Also: The Linux Foundation – Open Networking Summit Europe: Integrate | Automate | Accelerate

5 alerting and visualization tools for sysadmins

read more

GNU: GNU Guix, GNU Guile, Parabola GNU/Linux-libre

Sre, 10/10/2018 - 18:18
  • GNU Guix: A packaging tutorial for Guix

    GNU Guix stands out as the hackable package manager, mostly because it uses GNU Guile, a powerful high-level programming language, one of the Scheme dialects from the Lisp family.

    Package definitions are also written in Scheme, which empowers Guix in some very unique ways, unlike most other package managers that use shell scripts or simple languages.

  • GNU Guile 2.9.1 (beta) released

    We are delighted to announce GNU Guile 2.9.1, the first beta release in preparation for the upcoming 3.0 stable series.

    This release adds support for just-in-time (JIT) native code generation, speeding up all Guile programs. Currently support is limited to x86-64 platforms, but will expand to all architectures supported by GNU Lightning.

  • Parabola GNU/Linux-libre: Important notice for OpenRC users on i686

    To avoid any trouble, you should explicitly install the 'audit' package before attempting to upgrade the system. If you upgrade without first installing the 'audit' package, then you will need to chroot into the system and install it.

read more

You Can Now Run Ubuntu 18.04 on Raspberry Pi 3 with BunsenLabs' Helium Desktop

Sre, 10/10/2018 - 18:16

RaspEX Build 181010 is now available for Raspberry Pi users, made specifically for the latest Raspberry Pi model, the Raspberry Pi 3 Model B+, and featuring the super fast and lightweight Helium Desktop from the Debian-based BunsenLabs Linux distribution, a continuation of the acclaimed CrunchBang Linux.

The new RaspEX BunsenLabs build remains based on the latest Ubuntu 18.04 LTS (Bionic Beaver) operating system series, using packages from the Debian GNU/Linux 9 "Stretch" and Linaro open source software for ARM SoCs. RaspEX is compatible with Raspberry Pi 2, Raspberry Pi 3, and Raspberry Pi 3 Model B+.

read more

Red Hat Converges CoreOS Features In OpenShift Container Platform 3.11

Sre, 10/10/2018 - 18:14

Red Hat announced the general availability of its OpenShift Container Platform 3.11 release on Oct. 10, providing organizations with new capabilities for managing cloud native Kubernetes deployments.

Among the key highlights of the OpenShift Container Platform 3.11 release are multiple components that have been integrated from the CoreOS Tectonic distribution of Kubernetes, including a new cluster administrator console. Red Hat has also integrated CoreOS' Operator concept into OpenShift making it easier for organizations to deploy cloud native applications.

"This is the initial release for us to deliver on our converged roadmap that we announced at Red Hat Summit earlier this year," Brian Gracely, director, Product Strategy, OpenShift, at Red Hat, told eWEEK. "There are three primary feature sets that come into OpenShift 3.11 from the CoreOS acquisition."

Also: Red Hat Openshift Container Platform 3.11 is Now Generally Available

Red Hat Expands Scope of OpenShift Platforms Based on Kubernetes

Red Hat OpenShift Update Is Heavy on Integration of CoreOS Features

read more

GNOME Plans to Retire Application Menus from the GNOME 3.32 Desktop Environment

Sre, 10/10/2018 - 18:01

With the recent release of the GNOME 3.30 "Almería" desktop environment, which already got its first point release and hit the stable repositories of some of the major GNU/Linux distributions, GNOME 3.32 "Taipei" has now entered development and the first milestone should hit the testing channels later this week.

We don't know much about the new features and improvements coming to the GNOME 3.32 desktop environment, due for release next year on March 13, 2019, but it looks like one existing feature won't be available anymore in this upcoming release, as developer Allan Day announced the deprecation of application menus.

Also: GNOME 3.32 Planning To Retire Application Menus

read more

CentOS 6 and RHEL 6 Get Important Kernel Security Update for FragmentSmack Flaw

Sre, 10/10/2018 - 17:59

According to the RHSA-2018:2846 and CESA-2018:2846 security advisories, the new kernel security update is marked as "Important" by Red Hat's security team as it patches two security vulnerabilities (CVE-2018-5391 and CVE-2018-14634) discovered in the Linux kernel packages for the Red Hat Enterprise Linux 6 and CentOS Linux 6 operating system series.

The first security flaw addressed in this important kernel update is CVE-2018-5391, a security vulnerability known as FragmentSmack and discovered in the way Linux kernel handled reassembly of fragmented IPv6 and IPv4 packets, which could allow a remote attacker to cause a denial of service on the vulnerable systems by sending specially crafted packets, leading to a CPU saturation.

read more

Security: G+, SSH, GAO, Flatpak, Telecommunications (Interception and Access) Act 'Extended', More on China's Alleged Supply Chain Attacks

Sre, 10/10/2018 - 17:52
  • Pete Zaitcev: Ding-dong, the witch is dead

    One thing that comes across very strongly is how reluctant people are to run their own infrastructure. For one thing, the danger of a devastating DDoS is absolutely real. And then you have to deal with spam. Those who do not have the experience also tend to over-estimate the amount of effort you have to put into running "dnf update" once in a while.

    Personally, I think that although of course it's annoying, the time wasted on the infra is not that great, or at least it wasn't for me. The spam can be kept under control with a minimal effort. Or, could be addressed in drastic ways. For example, my anime blog simply does not have comments at all. As far as DoS goes, yes, it's a lottery. But then the silo platform can easily die (like G+), or ban you. This actually happens a lot more than those hiding their heads in the sand like to admit. And you don't need to go as far as to admit to your support of President Trump in order to get banned. Anything can trigger it, and the same crazies that DoS you will also try to deplatform you.

  • (SSH) Keys to Unix Security

    Root accounts are the keys to powerful IT systems, the backbone of your entire infrastructure. They use privileged credentials to control shell access, file transfers, or batch jobs that communicate with other computers or apps, often accessed remotely, with local configuration. They can be the trickiest of all types of privileged accounts to secure, particularly if they are based on Unix or Linux.

  • Cyber Tests Showed 'Nearly All' New Pentagon Weapons Vulnerable To Attack, GAO Says [iophk: "Windows TCO"]

    Still, the tests cited in the report found "widespread examples of weaknesses in each of the four security objectives that cybersecurity tests normally examine: protect, detect, respond, and recover."

    [...]

    In several instances, simply scanning the weapons' computer systems caused parts of them to shut down.

    [...]

    When problems were identified, they were often left unresolved. The GAO cites a test report in which only one of 20 vulnerabilities that were previously found had been addressed. When asked why all of the problems had not been fixed, "program officials said they had identified a solution, but for some reason it had not been implemented. They attributed it to contractor error," the GAO says.

  • Flatpak - a security nightmare

    Let's hope not! Sadly, it's obvious Red Hat developers working on flatpak do not care about security, yet the self-proclaimed goal is to replace desktop application distribution - a cornerstone of linux security.

    And it's not only about these security problems. Running KDE apps in fakepak? Forget about desktop integration (not even font size). Need to input Chinese/Japanese/Korean characters? Forget about that too - fcitx has been broken since flatpak 1.0, never fixed since.

    The way we package and distribute desktop applications on Linux surely needs to be rethinked, sadly flatpak is introducing more problems than it is solving.

  • Encryption bill will hit family violence victims: claim

    In a submission to the public consolation on the draft bill, Carolyn Worth, the manager of SECASA, said the broadening of the Telecommunications (Interception and Access) Act 1979 was unwarranted and would be detrimental to all citizens, especially those with a background of family violence and/or sexual assault.

    The period for public comment on the bill, which is officially known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, ended on 10 September after the draft was released on 14 August.

  • Bloomberg says big US telco hit by hardware tampering

    Apparently undeterred by strong criticism of a supply chain attack story it published last week, Bloomberg has put out another yarn, dealing with a similar theme, this time about a "major US telecommunications company" that allegedly encountered doctored hardware made by the US company Supermicro Computer.

  • RiskIQ Detects and Mitigates New Magecart Supply Chain Attack

    "If you own an e-commerce company, it's best to remove the third-party code from your checkout pages whenever possible," said Yonathan Klijnsma, Head Researcher at RiskIQ. "Many payment service providers have already taken this approach by prohibiting third-party code from running on pages where customers enter their payment information."

read more

sfy39587f05