Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Server Hardening

    Server hardening. The very words conjure up images of tempering soft steel into an unbreakable blade, or taking soft clay and firing it in a kiln, producing a hardened vessel that will last many years. Indeed, server hardening is very much like that. Putting an unprotected server out on the Internet is like putting chum in the ocean water you are swimming in—it won't be long and you'll have a lot of excited sharks circling you, and the outcome is unlikely to be good. Everyone knows it, but sometimes under the pressure of deadlines, not to mention the inevitable push from the business interests to prioritize those things with more immediate visibility and that add to the bottom line, it can be difficult to keep up with even what threats you need to mitigate, much less the best techniques to use to do so. This is how corners get cut—corners that increase our risk of catastrophe.

  • There are no secure smartphones.
  • OpenSSH Flaw Could Leak Crypto Keys
  • How To Patch and Protect OpenSSH Client Vulnerability CVE-2016-0777 and CVE-2016-0778 [ 14/Jan/2016 ]

    The OpenSSH project released an ssh client bug info that can leak private keys to malicious servers. A man-in-the-middle kind of attack identified and fixed in OpenSSH are dubbed CVE-2016-0777 and CVE-2016-0778. How do I fix OpenSSH's client vulnerability on a Linux or Unix-like operating system?

More in Tux Machines

Android Leftovers

FreeBSD-Based TrueOS 17.12 Released

The FreeBSD-based operating system TrueOS that's formerly known as PC-BSD has put out their last stable update of 2017. TrueOS 17.12 is now available as the latest six-month stable update for this desktop-focused FreeBSD distribution that also offers a server flavor. TrueOS continues using OpenRC as its init system and this cycle they have continued improving their Qt5-based Lumina desktop environment, the Bhyve hypervisor is now supported in the TrueOS server install, improved removable device support, and more. Read more

An introduction to Joplin, an open source Evernote alternative

Joplin is an open source cross-platform note-taking and to-do application. It can handle a large number of notes, organized into notebooks, and can synchronize them across multiple devices. The notes can be edited in Markdown, either from within the app or with your own text editor, and each application has an option to render Markdown with formatting, images, URLs, and more. Any number of files, such as images and PDFs, can be attached to a note, and notes can also be tagged. I started developing Joplin when Evernote changed its pricing model and because I wanted my 4,000+ notes to be stored in a more open format, free of any proprietary solution. To that end, I have developed three Joplin applications, all under the MIT License: for desktop (Windows, MacOS, and Linux), for mobile (Android and iOS), and for the terminal (Windows, MacOS, and Linux). All the applications have similar user interfaces and can synchronize with each other. They are based on open standards and technologies including SQLite and JavaScript for the backend, and Terminal Kit (Node.js), Electron, and React Native for the three front ends. Read more

Open Source OS Still supporting 32-bit Architecture and Why it’s Important

One after the other, Linux distributions are dropping 32-bit support. Or, to be accurate, they drop support for the Intel x86 32-bit architecture (IA-32). Indeed, computers based on x86_64 hardware (IA-64) are superior in every way to their 32-bits counterpart: they are more powerful, run faster, are more compact, and more energy efficient. Not mentioning their price has considerably decreased in just a few years. If you have the opportunity to switch to 64 bits, do it. But, to quote a mail I received recently from Peter Tribble, author of Tribblix: “[… ] in the developed world we assume that we can replace things; in some parts of the developing world older IA-32 systems are still the norm, with 64-bit being rare.” Read more