Language Selection

English French German Italian Portuguese Spanish

Security News

Filed under
Security
  • Thursday's security updates
  • Capsule8 comes out of stealth to help protect Linux from attacks

    Capsule8 has emerged from stealth mode to unveil its plans for the industry’s first container-aware, real-time threat protection platform designed to protect legacy and next-generation Linux infrastructures from both known and unknown attacks. Founded by experienced hackers John Viega, Dino Dai Zovi and Brandon Edwards, Capsule8 is being built on the real-world experience of its founders in building and bringing to market defensive systems to protect against exploitation of previously unknown vulnerabilities. The company raised seed funding of $2.5 million from Bessemer Venture Partners, as well as individual investors Shardul Shah of Index Ventures and Jay Leek of ClearSky. The funding will help fuel the launch of the Capsule8 platform spring 2017.

  • Bruce Schneier Says Government Involvement in Coding Is Coming

    Security expert Bruce Schneier is painting a grim future for the tech community as the government will start to stick its nose into people’s codes.

    Schneier, present at the RSA Conference, said that until now everyone had this “special right” to code the world as they saw fit. “My guess is we’re going to lose that right because it’s too dangerous to give it to a bunch of techies,” he added, according to The Register.

  • How To Shrink Attack Surfaces with a Hypervisor

    A software environment’s attack surface is defined as the sum of points in which an unauthorized user or malicious adversary can enter or extract data. The smaller the attack surface, the better. We recently sat down with Doug Goldstein (https://github.com/cardoe or @doug_goldstein) to discuss how companies can use hypervisors to reduce attack surfaces and why the Xen Project hypervisor is a perfect choice for security-first environments. Doug is a principal software engineer at Star Lab, a company focused on providing software protection and integrity solutions for embedded systems.

  • Xen Project asks to limit security vulnerability advisories
  • Xen Project wants permission to reveal fewer vulnerabilities
  • Xen Project proposes issuing fewer advisories
  • Verified Boot: From ROM to Userspace

    Amid growing attacks on Linux devices, the 2016 Embedded Linux Conference demonstrated a renewed focus on security. One well-attended presentation at ELC Europe covered the topic of verified boot schemes. In this talk, Marc Kleine-Budde of Pengutronix revealed the architecture and strategies of a recently developed verified boot scheme for a single-core, Cortex-A9 NXP i.MX6 running on the RIoTboard SBC.

  • Yahoo's Security Incompetence Just Took $250 Million Off Verizon's Asking Price

    So last year we noted how Verizon proposed paying $4.8 billion to acquire Yahoo as part of its plan to magically transform from stodgy old telco to sexy new Millennial advertising juggernaut, which, for a variety of reasons, isn't going so well. One of those reasons is the fact that Yahoo failed to disclose the two, massive hacks (both by the same party) that exposed the credentials of millions of Yahoo customers during deal negotiations. The exposure included millions of names, email addresses, phone numbers, birthdates, hashed passwords (using MD5) and "encrypted or unencrypted" security questions and answers.

    As noted previously, Verizon had been using the scandal to drive down the $4.8 billion asking price, reports stating that Verizon was demanding not only a $1 billion reduction in the price, but another $1 billion to cover the inevitable lawsuits by Yahoo customers.

  • Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

    One of the most effective ways the Wordfence team keeps the WordPress community and customers secure is through something we call the ‘Threat Defense Feed’. This is a combination of people, software, business processes and data. It’s an incredibly effective way to keep hackers out and provide our customers with early detection.

  • The 7 security threats to technology that scare experts the most

    What happens if a bad actor turns off your heat in the middle of winter, then demands $1,000 to turn it back on? Or even holds a small city’s power for ransom? Those kinds of attacks to personal, corporate, and infrastructure technology were among the top concerns for security experts from the SANS Institute, who spoke Wednesday during the RSA conference in San Francisco.

    Some of these threats target consumers directly, but even the ones that target corporations could eventually “filter down” to consumers, though the effects might not be felt for some time.

More in Tux Machines

today's howtos

Graphics: VC4 and AMDVLK Driver

  • VC4 display, VC5 kernel submitted
    For VC5, I renamed the kernel driver to “v3d” and submitted it to the kernel. Daniel Vetter came back right away with a bunch of useful feedback, and next week I’m resolving that feedback and continuing to work on the GMP support. On the vc4 front, I did the investigation of the HDL to determine that the OLED matrix applies before the gamma tables, so we can expose it in the DRM for Android’s color correction. Stefan was also interested in reworking his fencing patches to use syncobjs, so hopefully we can merge those and get DRM HWC support in mainline soon. I also pushed Gustavo’s patch for using the new core DRM infrastructure for async cursor updates. This doesn’t simplify our code much yet, but Boris has a series he’s working on that gets rid of a lot of custom vc4 display code by switching more code over to the new async support.
  • V3D DRM Driver Revised As It Works To Get Into The Mainline Kernel
    Eric Anholt of Broadcom has sent out his revised patches for the "V3D" DRM driver, which up until last week was known as the VC5 DRM driver. As explained last week, the VC5 driver components are being renamed to V3D since it ends up supporting more than just VC5 with Broadcom VC6 hardware already being supported too. Eric is making preparations to get this VideoCore driver into the mainline Linux kernel and he will then also rename the VC5 Gallium3D driver to V3D Gallium3D.
  • AMDVLK Driver Gets Fixed For Rise of the Tomb Raider Using Application Profiles
    With last week's release of Rise of the Tomb Raider on Linux ported by Feral Interactive, when it came to Radeon GPU support for this Vulkan-only Linux game port the Mesa RADV driver was supported while the official AMDVLK driver would lead to GPU hangs. That's now been fixed. With the latest AMDVLK/XGL source code as of today, the GPU hang issue for Rise of the Tomb Raider should now be resolved.

AMD Ryzen 7 2700X Linux Performance Boosted By Updated BIOS/AGESA

With last week's initial launch-day Linux benchmarks of the Ryzen 5 2600X / Ryzen 7 2700X some found the Linux performance to be lower than Windows. While the root cause is undetermined, a BIOS/AGESA update does appear to help the Linux performance significantly at least with the motherboard where I've been doing most of my tests with the Ryzen 7 2700X. Here are the latest benchmark numbers. Read more

GNU: The GNU C Library 2.28 and Guix on Android

  • Glibc 2.28 Upstream Will Build/Run Cleanly On GNU Hurd
    While Linux distributions are still migrating to Glibc 2.27, in the two months since the release changes have continued building up for what will eventually become the GNU C Library 2.28. The Glibc 2.28 work queued thus far isn't nearly as exciting as all the performance optimizations and more introduced with Glibc 2.27, but it's a start. Most notable at this point for Glibc 2.28 is that it will now build and run cleanly on GNU/Hurd without requiring any out-of-tree patches. There has been a ton of Hurd-related commits to Glibc over the past month.
  • Guix on Android!
    Last year I thought to myself: since my phone is just a computer running an operating system called Android (or Replicant!), and that Android is based on a Linux kernel, it's just another foreign distribution I could install GNU Guix on, right? It turned out it was absolutely the case. Today I was reminded on IRC of my attempt last year at installing GNU Guix on my phone. Hence this blog post. I'll try to give you all the knowledge and commands required to install it on your own Android device.
  • GNU Guix Wrangled To Run On Android
    The GNU Guix transactional package manager can be made to run on Android smartphones/tablets, but not without lots of hoops to jump through first.