Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

Emerging Technology and Privacy: What You Need to Know - As technology evolves and the use of Artificial Intelligence and Machine Learning becomes increasingly mainstream, consumers are more concerned than ever before about protecting their privacy. Awareness surrounding how activities are being tracked and how personal information is being accessed and used is growing. The worlds biggest companies are frequently being challenged on the ways that they collect and utilize peoples data.

An Open-Source Success Story: Apache SpamAssassin Celebrates 18 Years of Effectively Combating Spam Email - Apache SpamAssassin celebrates its 18th birthday this year, a huge accomplishment for everyone who has contributed to the open-source project for nearly the past two decades. SpamAssassin, a renowned and respected open-source anti-spam platform, provides a secure, reliable framework upon which companies can build highly effective spam filtering and email security solutions.

  Pentagon publishes AI guidelines (Nov 4)
 

As the specter of killer warrior robots looms large, the Pentagon has published a set of ethical guidelines for its use of artificial intelligence. Its a document designed to guide the use of AI in both combat and non-combat military scenarios. Learn more about these guidelines for the use of AI:
  US Department of Justice push for encryption backdoors might run afoul of First Amendment (Nov 5)
 

Is encryption code speech? Earlier court rulings suggest that it is, legally, and therefore subject to First Amendment protections. What are your thoughts? Learn more in a great CSO article:
  Russia’s sovereign internet law comes into force (Nov 4)
 

The Russian government calls it the sovereign internet law and from 1 November it compels the countrys ISPs to forward all data arriving and departing from their networks through special gateway servers. What are your thoughts on this new form of government surveillance? Let's have a discussion. Learn more in a great Naked Security article:
  Kernel Address Space Isolation Is Still Being Explored For Better Security (Nov 4)
 

IBM developers and others continue exploring the potential for address space isolation in the Linux kernel to reduce the risk of leaking sensitive data in attacks like L1 Terminal Fault (L1TF), MDS, and other vulnerabilities. Though this does increase the complexity of the kernel code and the performance hit is still to be evaluated. Learn more in an interesting Phoronix article:
  DNS-over-HTTPS will eventually roll out in all major browsers, despite ISP opposition (Nov 8)
 

All six major browser vendors have plans to support DNS-over-HTTPS (or DoH), a protocol that encrypts DNS traffic and helps improve a user's privacy on the web. Learn more about this protocol, which is already present in all major browsers, that users love and ISPs hate in an interesting ZDNet article:
  Mozilla Urges Facebook and Google to Pause Political Ads (Nov 5)
 

The Mozilla Foundation and a group of rights groups and non-profits have penned an open letter to Facebook and Google urging them to halt political advertising until after the upcoming UK General Election due to concerns about disinformation, lack of transparency and the data that is being used to target these ads. What is your opinion on this? We'd love to have a discussion. Learn more:
  Microsoft: Defender ATP is coming to Linux in 2020 (Nov 7)
 

Microsoft is planning to bring its Defender antivirus to Linux systems next year and will be giving a demo of how security specialists can use Microsoft Defender at the Ignite Conference this week. What are your thoughts on this announcement? Get the details in a great ZDNet article:
  Libarchive vulnerability can lead to code execution on Linux, FreeBSD, NetBSD (Nov 6)
 

Google has discovered a Libarchive vulnerability which can lead to code execution on Linux, FreeBSD and NetBSD. Learn more about the security bug and its implications for Linux users in an informative ZDNet article:
  Hackers Can Silently Control Your Google Home, Alexa, Siri With Laser Light (Nov 5)
 

A team of cybersecurity researchers has discovered a clever technique which relies on a vulnerability in MEMS microphones embedded in voice-controllable systems to remotely inject inaudible and invisible commands into voice-controlled devices " all just by shining a laser at the targeted device instead of using spoken words. Learn more about this hack and how to protect yourself against it in real-life in a great The Hacker News article:
  Red Hat Enterprise Linux 8.1 Debuts With Added Developer Tools, Security & Automation (Nov 7)
 

Red Hat, Inc. today announced the general availability of Red Hat Enterprise Linux 8.1, the latest version of the world's leading enterprise Linux platform. The first minor release of the Red Hat Enterprise Linux 8 platform, Red Hat Enterprise Linux 8.1 enhances the manageability, security and performance of the operating system underpinning the open hybrid cloud while also adding new capabilities to drive developer innovation. Learn more aboutRed Hat Enterprise Linux 8.1:
  Explained: How New 'Delegated Credentials' Boosts TLS Protocol Security (Nov 6)
 

Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called "Delegated Credentials for TLS."Delegated Credentials for TLS is a new simplified way to implement "short-lived" certificates without sacrificing the reliability of secure connections. Learn more aboutDelegated Credentials for TLS in an informative The Hacker News article:
  Why Adding Client-Side Scanning Breaks End-To-End Encryption (Nov 8)
 

Recent attacks on encryption have diverged. On the one hand, weve seen Attorney General William Barr call for lawful access to encrypted communications, using arguments that have barely changed since the 1990s . But weve also seen suggestions from a different set of actors for more purportedly reasonable interventions , particularly the use of client-side scanning to stop the transmission of contraband files, most often child exploitation imagery (CEI). What are your thoughts on client-side scanning and its privacy implications? Learn more in a great EFF article:
  Report: The Government and Tech Need to Cooperate on AI (Nov 6)
 

Americas national security depends on the government getting access to the artificial intelligence breakthroughs made by the technology industry.So says a report submitted to Congress on Monday by the National Security Commission on Artificial Intelligence.It also warns that AI-enhanced national security apparatus like autonomous weapons and surveillance systems will raise ethical questions. Learn more in an interesting Wired article:
  India is going ahead with its facial recognition program despite privacy concerns (Nov 11)
 

The Indian government has played down fears of mass surveillance in response to concerns that its proposed facial recognition system lacks adequate oversight. What are your thoughts on this system and the privacy concerns surrounding it? Learn more in a great The Next Web article:
  We’ve got to regulate the application of AI — not the tech itself (Nov 11)
 

We agree with Asheesh Mehra ofThe Next Web that regulating the application of AI, not the technology itself, will keep the use of AI fair and ethical while still fostering innovation with AI. What is your opinion on this approach? Learn more: