Language Selection

English French German Italian Portuguese Spanish

Red Hat Risk Reflex (The Linux Security Flaw That Isn't)

Filed under
Red Hat
Security

News headlines screaming that yet another Microsoft Windows vulnerability has been discovered, is in the wild or has just been patched are two a penny. Such has it ever been. News headlines declaring that a 'major security problem' has been found with Linux are a different kettle of fish. So when reports of an attack that could circumvent verification of X.509 security certificates, and by so doing bypass both secure sockets layer (SSL) and Transport Layer Security (TLS) website protection, people sat up and took notice. Warnings have appeared that recount how the vulnerability can impact upon Debian, Red Hat and Ubuntu distributions. Red Hat itself issued an advisory warning that "GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification... An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid." In all, at least 200 operating systems actually use GnuTLS when it comes to implementing SSL and TLS and the knock-on effect could mean that web applications and email alike are vulnerable to attack. And it's all Linux's fault. Or is it?

Read more ►

More in Tux Machines

Tiny quad-core ARM mini-PC runs Ubuntu with Cinnamon

A startup is pitching a $129-$199 “Imp” mini-PC on Indiegogo based on a quad-core Odroid-U3 SBC, with HDMI streaming and an Ubuntu/Cinnamon Linux desktop. A day after reporting on one Israeli-based, non-Android ARM mini-PC — SolidRun’s $100 CuBoxTV with OpenElec Linux — here comes another. Aside from the usual hyperbole found on crowdfunding pages — are we really “democratizing the digital home experience” or just buying an embedded ARM computer? — the Ubuntu-based Imp mini-PC looks like a pretty good deal. Read more

Ready to give Linux a try? These are the 5 distros you need to consider

There are so many Linux distributions that choosing one can be overwhelming for a new user. One might be too intimidating for a user to even try, while another might be too simplified, blocking that user from knowing how Linux systems actually function. I have been using Linux as my primary OS since 2005 and have tried all major (and quite a lot of minor) distributions. I have learned that not every distribution is for everyone. Since I also assist people in migrating to Linux, I have chosen the 5 distros that I recommend to new users based on their level of comfort and desire to learn (or not learn) more about Linux. Read more

Review of the new Firefox browser built for developers

Mozilla recently announced a new browser version for developers on the 10th anniversary of the Firefox browser. The Usersnap team and I took a look at whether it works well for the web development process, offers developers a variety of possible applications, and if it keeps up with the Google Chrome dev tools. Read more

Mapping the world with open source

In the world of geospatial technology, closed source solutions have been the norm for decades. But the tides are slowly turning as open source GIS software is gaining increasing prominence. Paul Ramsey, senior strategist at the open source company Boundless, is one of the people trying to change that. Ramsey has been working with geospatial software for over ten years, as programmer and consultant. He founded the PostGIS spatial database project in 2001, and is currently an active developer and member of the project steering committee. Ramsey serves as an evangelist for OpenGeo Suite, works with the Boundless business development team to share about their collection of offerigns, and speaks and teaches regularly at conferences around the world. Read more