Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

Emerging Technology and Privacy: What You Need to Know - As technology evolves and the use of Artificial Intelligence and Machine Learning becomes increasingly mainstream, consumers are more concerned than ever before about protecting their privacy. Awareness surrounding how activities are being tracked and how personal information is being accessed and used is growing. The worlds biggest companies are frequently being challenged on the ways that they collect and utilize peoples data.

An Open-Source Success Story: Apache SpamAssassin Celebrates 18 Years of Effectively Combating Spam Email - Apache SpamAssassin celebrates its 18th birthday this year, a huge accomplishment for everyone who has contributed to the open-source project for nearly the past two decades. SpamAssassin, a renowned and respected open-source anti-spam platform, provides a secure, reliable framework upon which companies can build highly effective spam filtering and email security solutions.


  PHP RCE flaw actively exploited to pop NGINX servers (Oct 28)
 

A recently patched vulnerability (CVE-2019-11043) in PHP is being actively exploited by attackers to compromise NGINX web servers, threat intelligence firm Bad Packets has confirmed . Learn more:

  NordVPN Breached (Oct 28)
 

NordVPN suffered a breach nineteen months ago, which has only recently been disclosed to the public. VPN security in general is questionable. What VPNs do you use, and why should they be considered trustworthy? Learn more about the NordVPN breach in an interesting Schneier on Security article:

  BBC News Goes Dark with Censor-Busting Tor Site (Oct 28)
 

Have you heard that the BBC has launched a Tor-based version of its news website, to help circumvent state efforts to censor the free flow of information worldwide? This announcement highlights the benefits of the dark web to many users around the world. Learn more:

  Dark Web Site Taken Down without Breaking Encryption (Oct 28)
 

The US government has successfully taken down a dark web site without any encryption backdoors, demonstrating that backdoors in communications systems which compromise cryptography for everyone are not necessary to combat crime. Learn more in a great Schneier on Security article:

  Mind-reading technology: The security, privacy and inequality threats we will face (Oct 29)
 

Brain computer interface technology is developing fast. But just because we can read data from others' minds, should we? One thing is for sure: the implications that BCIs would have on privacy, security and inequality should be taken into account. What are your thoughts on this? Learn more:

  PHP team fixes nasty site-owning remote execution bug (Oct 29)
 

The PHP development team has fixed a bug that could allow remote code execution in some setups of the programming language. Get the details:

  Former FBI General Counsel Jim Baker Chooses Encryption Over Backdoors (Oct 30)
 

In an extraordinary essay , the former FBI general counsel Jim Baker makes the case for strong encryption over government-mandated backdoors. What is your opinion on this? Learn more in a great Schneier on Security article:

  The Ethics Board of One of the Largest Vendors of Police Tech Makes the Case Against ALPRs (Oct 31)
 

Automated License Plate Readers (ALPRs)"a mass surveillance technology that allows law enforcement to record the location and travel patterns of nearly every driver on the road"are poorly regulated, threaten privacy, and worsen the racial and economic inequalities already ingrained in our justice system. What are your thoughts on this privacy threat and how it should be handled? Learn more in an interesting EFF article:

  NordVPN strengthens security measures following server breach (Oct 30)
 

Following an attack that breached one of its servers, NordVPN istaking several steps in an effort to show customers that it can still provide secure access to the internet. Learn more:

  Top Linux developer on Intel chip security problems: 'They're not going away.' (Oct 31)
 

The same Intel CPU speculative execution problems which led to Meltdown and Spectre security issues are still alive and well and Greg Kroah-Hartman, the stable Linux kernel maintainer, says we're going to see Intel chip security problems for years to come. Learn more about this issue:

  New Chrome 0-day Bug Under Active Attacks – Update Your Browser Now! (Nov 1)
 

Are you a Google Chrome user? If so, you should update your browser now, as two new high severity Chrome zero-day bugs are being actively exploited by attackers. Learn more about the vulnerabilities and how to protect your system:

  Mozilla to stop supporting sideloaded extensions in Firefox (Nov 1)
 

Starting in March 2020, with Firefox 74, Firefox users will no longer be able to side load extensions.This method has been available to Firefox extension developers since the browser's early days; however,Mozilla has announced plans to discontinue supporting sideloaded extensions, citing security risks. Do you agree with Mozilla's decision? Learn more:

  Kernel Address Space Isolation Is Still Being Explored For Better Security (Nov 4)
 

IBM developers and others continue exploring the potential for address space isolation in the Linux kernel to reduce the risk of leaking sensitive data in attacks like L1 Terminal Fault (L1TF), MDS, and other vulnerabilities. Though this does increase the complexity of the kernel code and the performance hit is still to be evaluated. Learn more in an interesting Phoronix article:

  Russia’s sovereign internet law comes into force (Nov 4)
 

The Russian government calls it the sovereign internet law and from 1 November it compels the countrys ISPs to forward all data arriving and departing from their networks through special gateway servers. What are your thoughts on this new form of government surveillance? Let's have a discussion. Learn more in a great Naked Security article:

  Pentagon publishes AI guidelines (Nov 4)
 

As the specter of killer warrior robots looms large, the Pentagon has published a set of ethical guidelines for its use of artificial intelligence. Its a document designed to guide the use of AI in both combat and non-combat military scenarios. Learn more about these guidelines for the use of AI: