Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

Encryption: An Essential Yet Highly Controversial Component of Digital Security - If youve been keeping up with recent security news, you are most likely aware of the heated worldwide debate about encryption that is currently underway. Strong encryption is imperative to securing sensitive data and protecting individuals privacy online, yet governments around the world refuse to recognize this, and are continually aiming to break encryption in an effort to increase the power of their law enforcement agencies.

Linux: An OS Capable of Effectively Meeting the US Governments Security Needs Heading into 2020 - As Open Source has become increasingly mainstream and widely accepted for its numerous benefits, the use of Linux as a flexible, transparent and highly secure operating system has also increasingly become a prominent choice among corporations, educational institutions and government sectors alike. With national security concerns at an all time high heading into 2020, it appears that the implementation of Linux could effectively meet the United States governments critical security needs for application development and installations.

  Arm Chips Vulnerable to PAN Bypass – “We All Know it’s Broken” (Jan 13)
 

Are you aware that memory access protections baked into the ARMv8 64-bit specification are vulnerable to being bypassed? The Arm team has just recently mitigated the bug, which would allow an attacker to circumvent its Privileged Access Never (PAN) controls in the kernel.
  Powerful GPG collision attack spells the end for SHA-1 (Jan 13)
 

New research has heightened an already urgent call to abandon SHA-1, a cryptographic algorithm still used in many popular online services. A new, powerful GPG collision attack on the system which could enable attackers to fake digital certificates has been discovered.
  Securing Kubernetes: Bug bounty program announced (Jan 15)
 

Want to help lock down Kubernetes and make some money while you're at it? The Cloud Native Computing Foundation has a new bug bounty program for you.
  Washington State Lawmakers Introduce Legislation Regulating Data Privacy, Facial Recognition (Jan 17)
 

Following in the footsteps of their West Coast neighbors, Washington state legislators have introduced legislation to regulate consumer data privacy and the governments use of facial recognition software.The data privacy bill would give consumers the right to access and delete data collected about them, while the facial recognition legislation would regulate government use of the software.
  EU considers banning facial recognition technology in public spaces (Jan 17)
 

The European Union is debating a potential ban on the use of facial recognition technologies in public areas which could last for five years, allowing lawmakers to catch up.
  Apps are sharing more of your data with ad industry than you may think (Jan 16)
 

GDPR? The California Consumer Privacy Act (CCPA)?HA!Those laws arent doing squat to protect us from the digital marketing and adtech industry, according to a new report from the Norwegian Consumer Council (NCC).
  Intel Patches Security Vulnerability in Linux and Windows Drivers (Jan 15)
 

Are you aware that Intel has published a total of six advisories for security vulnerabilities impacting its products, including the Intel Processor Graphics on Windows and Linux?
  Google to kill third-party Chrome cookies in two years (Jan 16)
 

Are you a privacy-conscious Google Chrome user? Google doesnt want to block third-party cookies in Chrome right now. It has promised to make them obsolete later, though. Wait " what?
  The Performance Cost To SELinux On Fedora 31 (Jan 20)
 

Following the recent AppArmor performance regression in Linux 5.5 (since resolved), some Phoronix readers had requested tests out of curiosity in looking at the performance impact of Fedora's decision to utilize SELinux by default. Here is how the Fedora Workstation 31 performance compares out-of-the-box with SELinux to disabling it.
  Amazon’s Ring blamed hacks on consumers reusing their passwords. A lawsuit says that’s not true. (Jan 20)
 

Are you an Amazon Ring user? Plaintiffs suing the company say they created unique passwords but were hacked anyway, and that Ring'sdevices lack widely adopted security and privacy precautions.