Google's Fuchsia OS to Support Android Apps, Linux Servers with Poorly Configured IPMI Cards Prone to Attack, LinuxGizmos' 2019 SBC Catalog Is Out, USB Type-C Becoming More Secure and Epic Games Not Planning to Provide a Linux Version of Its Store
News briefs for January 4, 2019.
Google's Fuchsia OS will have Android app support via Android Runtime. According to 9To5Google, it was expected that Fuchsia would support Android apps, and now "that suspicion has been confirmed by a new change found in the Android Open Source Project, and we can say with confidence that Fuchsia will be capable of running Android apps using the Android Runtime." The article also notes that "How exactly Fuchsia will use the Android Runtime from there is still unclear. This is includes whether the Android Runtime is able to work as expected to replace Linux kernel calls with equivalents from Fuchsia's Zircon kernel or if ART will run inside of a Linux virtual machine using Machina, Fuchsia's virtual machine system."
Linux servers equipped with poorly configured IPMI (Intelligent Platform Management Interface) cards are prone to attack. ITPro Today reports that "since November, black hat hackers have been using the cards to gain access in order to install JungleSec ransomware that encrypts data and demands a 0.3 bitcoin payment (about $1,100 at the current rate) for the unlock key". The post recommends that to secure against these attacks, make sure the IPMI password isn't the default and "access control lists (ACLs) should be configured to specify the IP addresses that have access the IPMI interface, and to also configure IPMI to only listen on internal IP addresses, which would limit access to admins inside the organization's system."
LinuxGizmos has published its 2019 catalog of open-spec Linux hacker boards. These are all "hacker-friendly, open-spec SBCs that run Linux or Android", and LinuxGizmos provides "recently updated descriptions, specs, pricing, and links to details for all 122 SBCs."
USB Type-C is becoming more secure with the launch of the USB Type-C Authentication Program. eWeek reports that the USB-IF (USB-Implementers Forum) is "taking a cryptographic approach to helping protect USB users and devices against potential risks". In addition, "With the authentication specification, compliance with USB specifications is validated in an effort to prevent potentially dangerous devices and chargers from connecting to a system. The specification can also limit the risk of malicious software that might be embedded within a USB device from attacking a system. According to the USB-IF, the authentication specification enables implementors of the standard to authenticate certified USB Type-C chargers, devices, cables and power sources."
Epic Games says it doesn't currently plan to provide a Linux version of its store. GamingOnLinux, quoted this tweet from Sergey Galyonkin, Director of Publishing Strategy for Epic Games, in response to a question on Reddit: "It really isn't on the roadmap right now. Doesn't mean this won't change in the future, it's just we have so many features to implement."