Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • The Lingering Mess from Default Insecurity

    These vulnerable devices tend to coalesce in distinct geographical pools with deeper pools in countries with more ISPs that shipped them direct to customers without modification. SEC Consult said it found heavy concentrations of the exposed Ubiquiti devices in Brazil (480,000), Thailand (170,000) and the United States (77,000).

    SEC Consult cautions that the actual number of vulnerable Ubiquiti systems may be closer to 1.1 million. Turns out, the devices ship with a cryptographic certificate embedded in the router’s built-in software (or “firmware”) that further weakens security on the devices and makes them trivial to discover on the open Internet. Indeed, the Censys Project, a scan-driven Internet search engine that allows anyone to quickly find hosts that use that certificate, shows exactly where each exposed router resides online.

  • Public Beta: December 3, 2015

    Let’s Encrypt will enter Public Beta on December 3, 2015. Once we’ve entered Public Beta our systems will be open to anyone who would like to request a certificate. There will no longer be a requirement to sign up and wait for an invitation.

    Our Limited Beta started on September 12, 2015. We’ve issued over 11,000 certificates since then, and this operational experience has given us confidence that our systems are ready for an open Public Beta.

  • ​Linux ransomware rising? Linux.Encoder.1 now infects thousands of websites [Ed: Tung hypes up already-patched Magento bug]

    The security firm said the ransomware was infecting Linux web servers by exploiting unpatched instances of the widely-used Magento CMS.

More in Tux Machines

Android Leftovers

IPFire 2.25 - Core Update 151 released

IPFire 2.25 - Core Update 151 has been released. It comes with various package updates and a number of bug fixes in IPFire Location and security improvements in the SSH service. Since the rollout of our new location database, we have made various improvements on the software implementation to increase accuracy and speed. These are now all included in this Core Update. In addition to that, we now show whether an IP address is marked as an "anonymous proxy", "satellite provider" or "anycast" which helps debugging network issues and investigating attacks. Read more

10 Useful Free and Open Source JavaScript Frameworks

JavaScript is an extremely popular prototype-based scripting language that is one of the core technologies of the World Wide Web. It provides for enhanced user interfaces and dynamic websites. JavaScript can, for example, check information entered into a form to ensure it conforms to what is expected by a database. JavaScript should not be confused with Java. While both are used to write computer software that can run inside a web browser, they are unrelated programming languages; Java offers a lot more than a programming language. There is a wide range of open source JavaScript frameworks that are available to help speed up the development process of websites. The purpose of this article is to help newcomers to JavaScript narrow the field to a manageable number to explore. The frameworks offer a wide range of features, such as Document Object Model querying and manipulation, Asynchronous JavaScript and XML (Ajax) request handling, and an interface widget library being a few examples. Read more

How to define a product in the open source software supply chain

In the first article in this series, "Is open source a development model, business model, or something else?" I introduced the concept that open source is part of the supply chain for software products. But to truly understand open source as a supply chain, you must have a decent understanding of what a product is. A product can be thought of as a business, and as legendary business guru Peter Drucker said, "The purpose of business is to create and keep a customer." Drucker's statement means a business or product must be useful enough to pay for, or it will fail. Product differentiation is the thing that creates and retains customers. Even in the stone age of 1999, when I started my career, the concept of software products existed—you could go to a store and purchase boxed copies of Red Hat Linux on compact discs (though floppies were still very much in use). The idea of software products existing might sound like a joke, and it is, but in the 1940s and 1950s (when computers, as we know them, were created), software was not a component of value that was bought and sold. There was no market for software. You couldn't buy it, sell it, or access it online. Read more