Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • People Think Their Passwords Are Too Awesome For Two Factor Authentication. They’re Wrong.
  • Security updates for Thursday
  • Let's Encrypt Now Trusted by All Major Root Programs

    Now, the CA’s root is directly trusted by almost all newer versions of operating systems, browsers, and devices. Many older versions, however, still do not directly trust Let’s Encrypt.

    While some of these are expected to be updated to trust the CA, others won’t, and it might take at least five more years until most of them cycle out of the Web ecosystem. Until that happens, Let’s Encrypt will continue to use a cross signature.

  • WPA2 flaw lets attackers easily crack WiFi passwords

    The security flaw was found, accidentally, by security researcher Jens Steube while conducting tests on the forthcoming WPA3 security protocol; in particular, on differences between WPA2's Pre-Shared Key exchange process and WPA3's Simultaneous Authentication of Equals, which will replace it. WPA3 will be much harder to attack because of this innovation, he added.

  • ​Linux kernel network TCP bug fixed

    Another day, another bit of security hysteria. This time around the usually reliable Carnegie Mellon University's CERT/CC, claimed the Linux kernel's TCP network stack could be "forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (DoS)."

  • State of Security for Open Source Web Applications 2018

    ach year, we publish a set of statistics summarizing the vulnerabilities we find in open source web applications. Our tests form part of Netsparker's quality assurance practices, during which we scan thousands of web applications and websites. This helps us to add to our security checks and continuously improve the scanner's accuracy.

    This blog post includes statistics based on security research conducted throughout 2017. But first, we take a look at why we care about open source applications, and the damage that can be caused for enterprises when they go wrong.

  • New Actor DarkHydrus Targets Middle East with Open-Source Phishing [Ed: Headline says "Open-Source Phishing," but this is actually about Microsoft Windows and Office (proprietary and full of serious bugs)]

    Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign.

    Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign, mounted by a newly-named threat group known as DarkHydrus. In a twist on the norm, the group is leveraging the open-source Phishery tool to carry out its dark work.

    The attacks follow a well-worn pattern, according to Palo Alto Networks’ Unit 42 group: Spear-phishing emails with attached malicious Microsoft Office documents are leveraging the “attachedTemplate” technique to load a template from a remote server.

More in Tux Machines

A Quick Look At The Windows Server vs. Linux Performance On The Threadripper 2990WX

One of the frequent requests/comments stemming from the launch-day Windows 10 vs. Linux benchmarks on the new AMD Threadripper 2990WX were questions about whether this 32-core / 64-thread processor would do better with Windows Server given Microsoft's obvious tuning of that Windows flavor to high core/thread counts... Well, here are some initial figures with Windows Server 2016 and a Windows Server 2019 preview. Given the immense interest and speculation about the Windows Server performance on the AMD Threadripper 2990WX, to see if it would give Linux better competition relative to Windows 10, I ran some initial benchmarks so far. I am still doing some more Windows vs. Linux exploration and benchmarking (a lot of other interesting tests from this new hardware) while for today are the Windows Server 2016/2019 results alongside the other operating system tests on this 2990WX system. Read more

Major Zorin OS Linux Release Is Coming This Fall Based on Ubuntu 18.04.1 LTS

Shipping with the updated HWE (Hardware Enablement) stack from the recently announced Ubuntu 16.04.5 LTS point release, which is powered by the Linux 4.15 kernel from Ubuntu 18.04 LTS (Bionic Beaver), as well as an updated X graphics stack, Zorin OS 12.4 brings all the latest software and security updates from the Ubuntu repositories, along with performance enhancements and bug fixes. "Zorin OS 12.4 introduces an updated hardware enablement stack. The newly-included Linux kernel 4.15, as well as an updated X server graphics stack," reads the release announcement. "In addition, new patches for system vulnerabilities are included in this release, so you can have the peace of mind knowing that you’re using the most secure version of Zorin OS ever." Read more

Linux Kernel 4.18 Gets First Point Release, It's Now Ready for Mass Deployments

Linux kernel 4.18 was released on Sunday, August 12, 2018, by Linus Torvalds, and it's currently the most advanced kernel series available for Linux-based operating systems. The first point release, Linux 4.18.1, is now available, which marks the Linux 4.18 kernel series as stable and ready for mass deployments. All Linux OS vendors are now urged to adopt the latest Linux 4.18 kernel series for their operating systems on supported architectures as it brings various new features, improvements, and updated drivers for better hardware support. Linux kernel 4.18.1 is now available for download from kernel.org or our software portal. Read more

Stable kernels 4.18.1, 4.17.15, 4.14.63, 4.9.120 and 4.4.148