Language Selection

English French German Italian Portuguese Spanish

Security: Patches, Whonix, IPFire and More

Filed under
Security
  • Security updates for Thursday

    Security updates have been issued by CentOS (kernel, ksh, python-pillow, and thunderbird), Debian (opensmtpd, proftpd-dfsg, and rake), Fedora (NetworkManager-ssh), openSUSE (chromium), and SUSE (libexif, mariadb, ovmf, python3, and squid). 

  • Whonix VirtualBox 15.0.0.8.9 - Point Release! - vanguards; TCP ISN Leak Protection; Extensive Hardening!

    This is a point release.

    Download Whonix for VirtualBox:

  • Build your career in Computer Forensics: List of Digital Forensic Tools - Part I

    Digital devices are present everywhere and considered to be the primary source of evidence in the case of cybercrime. Out of all the devices, phones and laptops are the top weapons used in cybercrimes. Regardless of who the device belonged to, either the victim or suspect, it offers an abundance of data to investigate the crime. But retrieving evidence from these devices in a secure environment can be very challenging. To overcome the time constraint and other complications, cyber forensic professionals use digital forensic tools.  

  • What are Open Source Security Approaches? With Examples

    Open source security approaches enable organizations to secure their applications and networks while avoiding expensive proprietary security offerings. 

    An open source approach allows organizations to secure their applications across cloud providers and other platforms using platform-agnostic APIs. These APIs are written by contributors to the open source software code while cloud providers may use open source code that allows the open APIs to connect to the cloud.

    Open source approaches, for security or not, also bring in collaboration across an industry. It isn’t just one organization that benefits from a program or technology, but everyone who contributes to and uses it.

    The open source projects and programs used as examples in this article come from two major open source entities: The Linux Foundation and the Cloud Native Computing Foundation (CNCF). The two also work closely together to further the projects under their purview.

  • Cloud Snooper: Hackers Using Linux Kernel Driver To Attack Cloud Server [Ed: So, if you install malicious software in Linux, due to recklessness or sabotage, it'll do malicious things. How is that a Linux weakness?]

    Whether you’re a Linux user or not, you must have heard the buzzword about the Linux — “Best OS for security.” Well, it is true, but being a computer program, Linux also has some downside that challenges its security.

    Talking about the security risks, recently, SophosLab published a report about a new malware dubbed Cloud Snooper, that can compromise the security of any Linux or other OS based servers by deploying a kernel driver.

  • IPFire on AWS: Update to IPFire 2.25 - Core Update 141

    Today, we have updated IPFire on AWS to IPFire 2.25 - Core Update 141 - the latest official release of IPFire.

    Since IPFire is available on AWS, we are gaining more and more users who are securing their cloud infrastructure behind an easy to configure, yet fast and secure firewall.

    This update adds the rewritten DNS stack and brings many bug fixes to the cloud.

More FUD

  • The “Cloud Snooper” malware that sneaks into your Linux servers [Ed: Sophos citing itself, hyping up the threat is installing malicious software on one's own server]

    SophosLabs has just published a detailed report about a malware attack dubbed Cloud Snooper.

    The reason for the name is not so much that the attack is cloud-specific (the technique could be used against pretty much any server, wherever it’s hosted), but that it’s a sneaky way for cybercrooks to open up your server to the cloud, in ways you very definitely don’t want, “from the inside out”.

    The Cloud Snooper report covers a whole raft of related malware samples that our researchers found deployed in combination.

OpenSMTPD

  • OpenSMTPD Email Server Vulnerability Threatens Many Linux and BSD Systems [Ed: It is this package, not the operating systems (GNU/Linux rarely uses this)]

    A critical vulnerability has been discovered in the OpenBSD email server OpenSMTPD. Exploiting the flaw could allow remote code execution attacks. The seriousness of the vulnerability poses a threat to the integrity of OpenBSD and Linux systems.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

OSS: SOC, Benchmarks, Mozilla, and Databases

  • #HowTo Cut Costs in the SOC

    This is also a good opportunity to revisit your packet capture solution, where your spending should be focused on hardware and storage. If you’re paying for expensive software licenses as well, check out open source alternatives like Moloch. [...] Look for open source alternatives Whether it’s replacing a point security tool or simply augmenting what you have, try to periodically justify the cost of your commercial tools. Open source projects for blue team have come a LONG way in the last few years, and many of them now rival (or, in our opinion, exceed) the capabilities of expensive commercial tools. Conduct an analysis of alternatives for your big-ticket items on an annual or semi-annual basis. That way, you’ll always have a recent justification for the money you’re spending, and you’ll stay aware of potential challengers. Mitre has posted some guidance on Analyses of Alternatives (AoAs) here. Just keep in mind the total cost – do you have, or can you create, the engineering talent to manage new or open source tools?

  • Phoronix Test Suite 9.6.1 Released For Cross-Platform, Open-Source Benchmarking

    One month after the big Phoronix Test Suite 9.6 release, Phoronix Test Suite 9.6.1 is out as the first and only planned point release to this quarter's feature series. Phoronix Test Suite 9.6.1 comes with some export improvements, continued tweaking of the new (PTS9) results viewer, a new phoronix-test-suite rebuild-test-suite sub-command, reporting of more perf events via the LINUX_PERF module, external dependency updates, and more. On the Phodevi (Phoronix Device Interface) front are improved detection of newer Arm Neoverse cores, Sway compositor version detection, and better CPU model handling on newer Apple Mac computers.

  • Mozilla Mornings on advertising and micro-targeting in the EU Digital Services Act

    On 4 June, Mozilla will host the next installment of Mozilla Mornings – our regular breakfast series that brings together policy experts, policymakers and practitioners for insight and discussion on the latest EU digital policy developments.

  • How Redis scratched an itch — and changed databases forever

    Why would you ever write a new database? Particularly an in-memory database, which, back in 2009, made zero sense to the ruling database class of the time. Salvatore Sanfilippo didn’t really care. He wasn’t trying to change anyone’s minds about what a database should be. He just needed to scale a real-time analytics engine, and MySQL couldn’t do so cost-effectively. [...] In the early days of open source, some of the more well-known projects like Linux and MySQL tried to copycat the functionality of their proprietary, expensive peers (like Unix and Oracle). Over time, these (and other) projects have trended toward innovative, rather than imitative. At the same time, there were always projects, like Redis, that broke new ground or trod old ground in new ways that dramatically expanded the universe of users. And often they started with one person’s “itch.” For example, Daniel Stenberg just needed to be able to download and transfer currency rates for fellow IRC users, but there wasn’t a good way to do that. So he built Curl, which now boasts billions of users. In fact, you probably use Curl every day without knowing it.

  • Why I'm enjoying learning Rust as a Java programmer

    It's been a long time since I properly learned a new language—computer or human. Maybe 25 years. That language was Java, and although I've had to write little bits of C (very, very little) and JavaScript in the meantime, the only two languages I've written much actual code in have been Perl and Java. I'm a co-founder of a project called Enarx, which is written almost entirely in Rust. These days I call myself an "architect," and it's been quite a long time since I wrote any production code. In the lead-up to Christmas 2019, I completed the first significant project I've written in quite a few years: an implementation of a set of algorithms around a patent application in Java. It was a good opportunity to get my head back into code, and I was quite pleased with it. Here are some of my thoughts on Rust, from the point of view of a Java developer with a strong object-oriented background.

today's howtos

Best Linux distros for small businesses in 2020

Linux has become increasingly friendly for use by individuals and businesses, partly as an attempt to lure users away from Windows, but also because Linux has come to power not just the wider internet but also most cloud services. This means while Linux may seem like an intimidating option at first, it could actually be helpful in the longer run for those who need to develop their wider IT skills without proving so much of a challenge as initially feared. As Linux is free it means you don't have to worry about licensing fees, and there are a number of virtual machine software platforms that will allow you to install different Linux (or other operating systems) on your existing computer. In fact, Windows 10 now famously ships with Linux as a virtual machine environment. However, if you would prefer to avoid virtual machines you could instead use an older desktop PC and simply install a Linux distro as the main operating system. Most Linux distros have low resource needs, but do watch out that hardware drivers you need are supported. So what's the best choice for your small business? We've approached this selection with a few criteria in mind. Stability must come first: if you're putting a distro to work, uptime is critical. Solid support provision comes a close second. Here therefore are the Linux distros we think are best for small business users. Read more

Python Programming

  • [Community Bonding Period] What is Automatic Differentiation?

    The optimization process of deep learning models is based on the gradient descent method. Deep learning frameworks such as PyTorch and Tensorflow can be divided into three parts: model api, gradient calculation and gpu acceleration. Gradient calculation plays an important role, and the core technology of this part is automatic differentiation.

  • The Factory Method Design Pattern in Python

    In this article, we'll be diving into the Factory Method Design Pattern, implemented in Python. Design Patterns define tried and tested solutions to various recurring problems in software development. They do not represent actual code, but rather ways in which we can organize our code for the optimum results. In a world of limited resources, Design Patterns help us achieve the most results with the least amount of used resources. It is also important to note that Design Patterns do not apply to all situations and it is crucial to assess the problem at hand in order to choose the best approach for that particular scenario. Design Patterns are divided into a few broad categories, though mainly into Creational Patterns, Structural Patterns, and Behavioral Patterns. The Factory Method pattern is a Creational Design Pattern.

  • Python Regex in a nutshell

    Regular expression is one of the tools that make programming easy and Python programming is not an excemption. In this article, I write on Python regex expecially and how I manage to keep a hang of them as they are kind of very easy to forget. Let me start with definition of regular expression, what I understand regular expression to be. Regular expression is a tool that allows us to search string of data using the pattern that matches the information we seek. Imagine it like this: Your boss have a chunk of nebulous and ovelwemingly obfuscating string of data and she has instructed you to fetch all the emails in that data. So instead of having to look up the emails one after the other in a 5000-line string of data, all you need to do is to define a regular expression pattern that matches email to help you get all the emails in that string of data.

  • Financial Independence - simulating ODEs with python

    Imagine one day you wake up and you know you are free to do whatever you like for the rest of your life… and… money is no longer a problem. You became truly financially independent and you no longer need to work to make it the next year. Does it sound appealing? While it may sound so, the path towards that goal is certainly not easy (unlike what Youtube Ads say about it). There exist many factors to be taken into consideration when dealing with your finance and reasoning is often obscured by the complexity. In this article, we are going to attack the problem mathematically and programmatically. We will model your wallet using a set of ordinary differential equations (ODEs) and we will later solve using scipy library and Python. At each stage, we will try to link the mathematical formulae with python code and explain the reasoning behind it. The goal will be to make the model explainable and expandable. We will create it step by step and, hopefully, that will reward us with a more intuitive understanding of both underlying math as well as the code.

  • PyDev of the Week: Cristi Vlad

    This week we welcome Cristi Vlad (@CristiVlad25) as our PyDev of the Week! Cristi teaches cybersecurity with Python on his Youtube Channel. He has also authored some books and writes on his blog. You can see his books there too. [...] I always loved numbers. With a Master’s Degree in Civil Engineering, I decided to pass on a great job opportunity in the field upon finishing my studies and to try my shot at computer stuff. There was something about the combination of entrepreneurship and improving my physiology that had a hard pull on me. So I began studying how to improve my physical and mental capacity, I delved into biochemistry, human anatomy and the scientific literature of sorts and I ended up writing 7 books on physical improvement. With an innate curiosity, I always tried teaching myself computer programming but, failed miserably for a couple of times. I tried learning JAVA, as I wanted to also wear the hat of Android developer. This was between 2011 and 2015.