Language Selection

English French German Italian Portuguese Spanish

Security: Slingshot, Symantec Certification Authorities, and DDoS Defense

Filed under
Security
  • Potent malware that hid for six years spread through routers

    Slingshot—which gets its name from text found inside some of the recovered malware samples—is among the most advanced attack platforms ever discovered, which means it was likely developed on behalf of a well-resourced country, researchers with Moscow-based Kaspersky Lab reported Friday. The sophistication of the malware rivals that of Regin—the advanced backdoor that infected Belgian telecom Belgacom and other high-profile targets for years—and Project Sauron, a separate piece of malware suspected of being developed by a nation-state that also remained hidden for years.

  • Distrust of Symantec TLS Certificates

    A Certification Authority (CA) is an organization that browser vendors (like Mozilla) trust to issue certificates to websites. Last year, Mozilla published and discussed a set of issues with one of the oldest and largest CAs run by Symantec. The discussion resulted in the adoption of a consensus proposal to gradually remove trust in all Symantec TLS/SSL certificates from Firefox. The proposal includes a number of phases designed to minimize the impact of the change to Firefox users:

  • How Creative DDOS Attacks Still Slip Past Defenses

    Distributed denial of service attacks, in which hackers use a targeted hose of junk traffic to overwhelm a service or take a server offline, have been a digital menace for decades. But in just the last 18 months, the public picture of DDoS defense has evolved rapidly. In fall 2016, a rash of then-unprecedented attacks caused internet outages and other service disruptions at a series of internet infrastructure and telecom companies around the world. Those attacks walloped their victims with floods of malicious data measured up to 1.2 Tbps. And they gave the impression that massive, "volumetric" DDOS attacks can be nearly impossible to defend against.

More in Tux Machines

Ubuntu: Ubuntu 18.04 Install and First Look, Canonical and Trilio Deal, Ubuntu Server Development and Shuttleworth's Controversy

  • Ubuntu 18.04 Install and First Look
    The long anticipated Ubuntu 18.04 “Bionic Beaver” Long Term Support (LTS) release has arrived… Let’s install it and take a look around.
  • Canonical Managed Cloud adds data protection and recovery with Trilio
    Canonical and Trilio announced today a partnership agreement to deliver TrilioVault backup and recovery solutions as part of BootStack, Canonical’s fully managed OpenStack private cloud solution. TrilioVault will also be made available as an option to Ubuntu Advantage support customers. As a result, users already taking advantage of the Ubuntu platform for their OpenStack deployment now have seamless access to the only OpenStack-native data protection solution on the market. Together, the two companies are pushing the boundaries of enterprise OpenStack clouds to become increasingly easier to build, simpler to manage, and more reliable in the event of a disaster.
  • Ubuntu Server development summary – 22 May 2018
  • Ubuntu's Shuttleworth Creates Controversy with OpenStack Summit Vancouver Keynote
    The OpenStack Foundation is facing a bit of drama and controversy as it deals with issues related to a keynote delivered by Ubuntu Linux founder, Mark Shuttleworth at the OpenStack Summit here on May 21. Typically the OpenStack Foundation posts videos of all its session online within 24 hours, but with the Shuttleworth keynote, the video was apparently posted and then promptly removed. During his keynote, Shuttleworth took direct aim at his OpenStack competitor Red Hat, which apparently made some people in the OpenStack Summit community uncomfortable.

Offline Computing – 10 Apps for the Digital Nomad

In today’s always-connected, constantly-inturrupted world, it can often be rewarding to go offline. Disconnecting from the Internet doesn’t mean you have to buy a yurt, live on beans, and get no work done though! While there’s a ton of great apps in the Snap store which rely on a connection to function, there’s also a lot you can do offline. So whether you’re taking a trip that doesn’t offer (reasonably priced) in-flight wifi, or want to live life the digital nomad style, we’ve got some apps for you! These all work offline, so once installed you can work, study & play without a connection. Read more Also: Linux Release Roundup: GNOME Twitch, Shotwell & GIMP

Finally: Historic Eudora email code goes open source

The source code to the Eudora email client is being released by the Computer History Museum, after five years of discussion with the IP owner, Qualcomm. The Mac software was well loved by early internet adopters and power users, with versions appearing for Palm, Newton and Windows. At one time, the brand was so synonymous with email that Lycos used Eudora to brand its own webmail service. As the Mountain View, California museum has noted, "It’s hard to overstate Eudora’s popularity in the mid-1990s." Read more Also: The Computer History Museum Just Made Eudora Open Source

Android Leftovers