Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Oct 18, 2022

WordPress 6.1 Release Candidate 2 (RC2) Now Available

Scarlett Gately Moore: New Debian Packages and Snaps for KDE

↺ USAGov

Cybersecurity Will Not Thrive in Darkness: A Critical Analysis of Proposed Amendments in Bill C-26 to the Telecommunications Act - The Citizen Lab

↺ Cybersecurity Will Not Thrive in Darkness: A Critical Analysis of Proposed Amendments in Bill C-26 to the Telecommunications Act - The Citizen Lab

> On June 14, 2022, the Government of Canada introduced “Bill C-26: An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts.” If passed into law, it will significantly reform the Telecommunications Act as well as impose new requirements on federally regulated critical infrastructure providers. This report, “Cybersecurity Will Not Thrive in Darkness: A Critical Analysis of Proposed Amendments in Bill C-26 to the Telecommunications Act,” offers 30 recommendations to the draft legislation in an effort to correct its secrecy and accountability deficiencies, while suggesting amendments that would impose some restrictions on the range of powers that the government would be able to wield. These amendments must be seriously taken up because of the sweeping nature of the legislation.

> As drafted at time of writing, Bill C-26 would empower the Minister of Industry to compel telecommunications providers to do or refrain from doing anything in the service of securing Canadian telecommunications networks against the threats of interference, manipulation, or disruption. The legislation would authorize the Minister to compel providers to disclose confidential information and then enable the Minister to circulate it widely within the federal government; this information could potentially include either identifiable or de-identified personal information. Moreover, the Minister could share non-confidential information internationally even when doing so could result in regulatory processes or private right of actions against an individual or organization. Should the Minister or other party to whom the Minister shares information unintentionally lose control of the information, there would be no liability attached to the government for the accident.

TOTP for 2FA is incredibly easy to implement. So what's your excuse?

↺ TOTP for 2FA is incredibly easy to implement. So what's your excuse?

> Time-based one-time passwords are one of the more secure approaches to 2FA — certainly much better than SMS. And it’s much easier to implement than SMS as well. The

Security updates for Tuesday [LWN.net]

↺ Security updates for Tuesday [LWN.net]

> Security updates have been issued by Debian (glibc and libksba), Fedora (dhcp and kernel), Red Hat (.NET 6.0, .NET Core 3.1, compat-expat1, kpatch-patch, and nodejs:16), Slackware (xorg), SUSE (exiv2, expat, kernel, libreoffice, python, python-numpy, squid, and virtualbox), and Ubuntu (linux-azure and zlib).

CISA Releases Two Industrial Control Systems Advisories | CISA

↺ CISA Releases Two Industrial Control Systems Advisories | CISA

> CISA released two Industrial Control Systems (ICS) advisories on October 18, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

gemini.tuxmachines.org