Feed aggregator

12-Year-Old Sudo Vulnerability Exposes Linux Systems to Root Privilege Escalation  gbhackers.com

12-Year-Old Sudo Vulnerability Exposes Linux Systems to Root Privilege Escalation  gbhackers.com

Today, we open sourced our Zero-Knowledge Proof (ZKP) libraries, fulfilling a promise and building on our partnership with Sparkasse to support EU age assurance.Today, we open sourced our Zero-Knowledge Proof (ZKP) libraries, fulfilling a promise and building on our partnership with Sparkasse to support EU age assurance.

Linux 6.17 To Finish Clearing Out Old Code For OpenMoko Devices  Phoronix

Lenovo Legion Go S HID Driver Posted For Linux  Phoronix

12-Year-Old Sudo Linux Vulnerability Enables Privilege Escalation to Root User  CyberSecurityNews

12-Year-Old Sudo Linux Vulnerability Enables Privilege Escalation to Root User  CyberSecurityNews

12-Year-Old Sudo Linux Vulnerability Enables Privilege Escalation to Root User  CyberSecurityNews

New evidence from a 300-year-old supernova remnant in the Large Magellanic Cloud suggests that some Type Ia supernovae may result from a "double detonation" -- where a helium shell ignites first, triggering a second core explosion in a white dwarf before it reaches critical mass. "While the physics of the process itself are interesting, the key question this raises is whether type Ia supernovae really are all equally bright," writes Ars Technica's John Timmer. "If they can detonate with substantially less mass than is needed for direct ignition of the core, then it's possible that some of them could be considerably less bright." However, the research team notes that additional factors -- such as the influence of binary systems or secondary detonations -- could further complicate the picture. Ars Technica reports: "The detonations in the carbon-oxygen core and the helium-rich shell result in qualitatively different yield products," the researchers behind the new work write in a paper describing it. In the paper, they focus on calcium, which there are two ways of producing. One is from the outer shell of helium, via fusion before the detonation dilutes the material. A second batch of calcium is produced through the fusion of the core material as it's ejected in the supernova, which prevents further fusion events from converting it to even heavier elements. (Material deeper in the core does end up getting fused into heavier material.) Because it's produced by both of the detonations, models predict that the expanding sphere of debris will contain two different shells of calcium, with some space in between them. To find evidence for these shells, the researchers checked an older supernova remnant, which allows enough time for the movement of material to separate the shells by enough distance that they can be resolved from Earth. They focused their observations on a supernova remnant named SNR 0509-67.5, located in the nearby Large Magellanic Cloud. SNR 0509-67.5 is estimated to be a bit over 300 years old, meaning material has had enough time to move a significant distance away from the site of the explosion. Imaging using a spectrograph on the Very Large Telescope allowed them to resolve what, in effect, was a spherical sulfur sandwich, with the role of the bread played by calcium. In other words, if you were to travel away from the site of the explosion, you would first hit a layer of ionized calcium, followed by ionized sulfur, and then run into a second layer of ionized calcium. This is exactly what computer models that simulate double detonations predict. So, the researchers suggest it is strong support for that hypothesis. The researchers say that the details suggest that SNR 0509-67.5 was a white dwarf with roughly the same mass as the Sun when it exploded, and that its explosion was likely triggered by the detonation of a helium shell with only three percent of the Sun's mass.

Read more of this story at Slashdot.

Libreboot 25.06 Released With Support For Two More Outdated Systems  Phoronix

Linux Users Urged to Patch Critical Sudo CVE  Infosecurity Magazine

Linux Foundation CKA Certification 50% Discount 2025  London Daily News

Critical sudo flaw allows unprivileged Linux users to gain root access  Cybernews

Wayback gives X11 desktops a fighting chance in a Wayland world  theregister.com

Steam on Linux dips slightly as AMD takes CPU crown  Fudzilla.com

Astronomers have detected a mysterious "interstellar object," dubbed A11pl3Z, speeding through the solar system at 152,000 mph. If confirmed, it would be just the third known interstellar visitor, following 'Oumuamua and Comet Borisov. The visiting space object will pass near Mars and the Sun later this year before leaving the solar system forever. Live Science reports: The newly discovered object, currently dubbed A11pl3Z, was first spotted in data collected between June 25 and June 29 by the Asteroid Terrestrial-impact Last Alert System (ATLAS), which automatically scans the night sky using telescopes in Hawaii and South Africa. The mystery object was confirmed by both NASA's Center for Near Earth Object Studies and the International Astronomical Union's Minor Planet Center on Tuesday (July 1), according to EarthSky.org. A11pl3Z is most likely a large asteroid, or maybe a comet, potentially spanning up to 12 miles (20 kilometers). It is traveling toward the inner solar system at around 152,000 mph (245,000 km/h) and is approaching us from the part of the night sky where the bar of the Milky Way is located. Based on A11pl3Z's speed and trajectory, experts think it originated from beyond the sun's gravitational influence and has enough momentum to shoot straight through our cosmic neighborhood without slowing down. However, more observations are needed to tell for sure.

Read more of this story at Slashdot.

The Linux Foundation Establishes an Open Standard for Interoperability among AI Agents  iblnews.org

An anonymous reader quotes a report from TechCrunch: A security vulnerability in a stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator. The bug, which was discovered by security researcher Eric Daigle, spilled the spyware app's full database of email addresses and plaintext passwords that Catwatchful customers use to access the data stolen from the phones of their victims. [...] According to a copy of the database from early June, which TechCrunch has seen, Catwatchful had email addresses and passwords on more than 62,000 customers and the phone data from 26,000 victims' devices. Most of the compromised devices were located in Mexico, Colombia, India, Peru, Argentina, Ecuador, and Bolivia (in order of the number of victims). Some of the records date back to 2018, the data shows. The Catwatchful database also revealed the identity of the spyware operation's administrator, Omar Soca Charcov, a developer based in Uruguay. Charcov opened our emails, but did not respond to our requests for comment sent in both English and Spanish. TechCrunch asked if he was aware of the Catwatchful data breach, and if he plans to disclose the incident to its customers. Without any clear indication that Charcov will disclose the incident, TechCrunch provided a copy of the Catwatchful database to data breach notification service Have I Been Pwned. The stalkerware operation uses a custom API and Google's Firebase to collect and store victims' stolen data, including photos and audio recordings. According to Daigle, the API was left unauthenticated, exposing sensitive user data such as email addresses and passwords. The hosting provider temporarily suspended the spyware after TechCrunch disclosed this vulnerability but it returned later on HostGator. Despite being notified, Google has yet to take down the Firebase instance but updated Google Play Protect to detect Catwatchful. While Catwatchful claims it "cannot be uninstalled," you can dial "543210" and press the call button on your Android phone to reveal the hidden app. As for its removal, TechCrunch has a general how-to guide for removing Android spyware that could be helpful.

Read more of this story at Slashdot.

"Slashdot regularly posts milestones on CO2 levels reported by the Mauna Loa Observatory," writes longtime Slashdot reader symbolset, pointing to a new article highlighting how the Trump administration's proposed budget would eliminate funding for the lab's carbon dioxide monitoring. "Continuous observation records since 1958 will end with the new federal budget as ocean and atmospheric sciences are defunded." From a report: [I]t's the Mauna Loa laboratory that is the most prominent target of the President Donald Trump's climate ire, as measurements that began there in 1958 have steadily shown CO2's upward march as human activities have emitted more and more of the planet-warming gas each year. The curve produced by the Mauna Loa measurements is one of the most iconic charts in modern science, known as the Keeling Curve, after Charles David Keeling, who was the researcher who painstakingly collected the data. His son, Ralph Keeling, a professor at the Scripps Institution of Oceanography at UC San Diego, now oversees collecting and updating that data. Today, the Keeling Curve measurements are made possible by the National Oceanic and Atmospheric administration, but the data gathering and maintenance of the historical record also is funded by Schmidt Sciences and Earth Networks, according to the Keeling Curve website. In the event of a NOAA shut down of the lab, Scripps could seek alternate sources of funding to host the instruments atop the same peak or introduce a discontinuity in the record by moving the instruments elsewhere in Hawaii. The proposal to shut down Mauna Loa had been made public previously but was spelled out in more detail on Monday when NOAA submitted a budget document (PDF) to Congress. It made more clear that the Trump administration envisions eliminating all climate-related research work at NOAA, as had been proposed in Project 2025, the conservative blueprint for overhauling the government. It would do this in large part by cutting NOAA's Office of Oceanic and Atmospheric Research entirely, including some labs that are also involved in improving weather forecasting. NOAA has long been one of the world's top climate science agencies, but the administration would steer it instead towards being more focused on operational weather forecasting and warning responsibilities.

Read more of this story at Slashdot.

Apple's expansion in India has hit a snag as Foxconn has sent over 300 Chinese workers back to China, potentially reducing production efficiency just as mass manufacturing of the iPhone 17 begins. AppleInsider reports: It's not known why Foxconn has done this, nor is it clear whether workers have been laid off or redeployed to the company's facilities in China. The move, though, does follow Beijing officials reportedly working to prevent firms moving away from China. Those officials are said to have been verbally encouraging China's local governments and regulatory bodies to curb exports of equipment or technologies to India and Southeast Asia. Overall, China has been making it harder for skilled labor to leave the country. It's not clear how any changes have specifically affected Chinese workers who had already left.What is clear is that Foxconn has used many experienced Chinese engineers as it attempts to rapidly expand in India. It's said, too, that Chinese managers have been vital in training Foxconn staff in India. Since that training has been ongoing for some years, and since at least most of Foxconn's production lines have been set up, it's said that there will not be an impact on the quality of manufacturing. But one source said the changes will impact efficiency on the production line.

Read more of this story at Slashdot.