Language Selection

English French German Italian Portuguese Spanish

Security News

Filed under
Security
  • Thursday's security updates
  • Capsule8 comes out of stealth to help protect Linux from attacks

    Capsule8 has emerged from stealth mode to unveil its plans for the industry’s first container-aware, real-time threat protection platform designed to protect legacy and next-generation Linux infrastructures from both known and unknown attacks. Founded by experienced hackers John Viega, Dino Dai Zovi and Brandon Edwards, Capsule8 is being built on the real-world experience of its founders in building and bringing to market defensive systems to protect against exploitation of previously unknown vulnerabilities. The company raised seed funding of $2.5 million from Bessemer Venture Partners, as well as individual investors Shardul Shah of Index Ventures and Jay Leek of ClearSky. The funding will help fuel the launch of the Capsule8 platform spring 2017.

  • Bruce Schneier Says Government Involvement in Coding Is Coming

    Security expert Bruce Schneier is painting a grim future for the tech community as the government will start to stick its nose into people’s codes.

    Schneier, present at the RSA Conference, said that until now everyone had this “special right” to code the world as they saw fit. “My guess is we’re going to lose that right because it’s too dangerous to give it to a bunch of techies,” he added, according to The Register.

  • How To Shrink Attack Surfaces with a Hypervisor

    A software environment’s attack surface is defined as the sum of points in which an unauthorized user or malicious adversary can enter or extract data. The smaller the attack surface, the better. We recently sat down with Doug Goldstein (https://github.com/cardoe or @doug_goldstein) to discuss how companies can use hypervisors to reduce attack surfaces and why the Xen Project hypervisor is a perfect choice for security-first environments. Doug is a principal software engineer at Star Lab, a company focused on providing software protection and integrity solutions for embedded systems.

  • Xen Project asks to limit security vulnerability advisories
  • Xen Project wants permission to reveal fewer vulnerabilities
  • Xen Project proposes issuing fewer advisories
  • Verified Boot: From ROM to Userspace

    Amid growing attacks on Linux devices, the 2016 Embedded Linux Conference demonstrated a renewed focus on security. One well-attended presentation at ELC Europe covered the topic of verified boot schemes. In this talk, Marc Kleine-Budde of Pengutronix revealed the architecture and strategies of a recently developed verified boot scheme for a single-core, Cortex-A9 NXP i.MX6 running on the RIoTboard SBC.

  • Yahoo's Security Incompetence Just Took $250 Million Off Verizon's Asking Price

    So last year we noted how Verizon proposed paying $4.8 billion to acquire Yahoo as part of its plan to magically transform from stodgy old telco to sexy new Millennial advertising juggernaut, which, for a variety of reasons, isn't going so well. One of those reasons is the fact that Yahoo failed to disclose the two, massive hacks (both by the same party) that exposed the credentials of millions of Yahoo customers during deal negotiations. The exposure included millions of names, email addresses, phone numbers, birthdates, hashed passwords (using MD5) and "encrypted or unencrypted" security questions and answers.

    As noted previously, Verizon had been using the scandal to drive down the $4.8 billion asking price, reports stating that Verizon was demanding not only a $1 billion reduction in the price, but another $1 billion to cover the inevitable lawsuits by Yahoo customers.

  • Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

    One of the most effective ways the Wordfence team keeps the WordPress community and customers secure is through something we call the ‘Threat Defense Feed’. This is a combination of people, software, business processes and data. It’s an incredibly effective way to keep hackers out and provide our customers with early detection.

  • The 7 security threats to technology that scare experts the most

    What happens if a bad actor turns off your heat in the middle of winter, then demands $1,000 to turn it back on? Or even holds a small city’s power for ransom? Those kinds of attacks to personal, corporate, and infrastructure technology were among the top concerns for security experts from the SANS Institute, who spoke Wednesday during the RSA conference in San Francisco.

    Some of these threats target consumers directly, but even the ones that target corporations could eventually “filter down” to consumers, though the effects might not be felt for some time.

More in Tux Machines

Security Leftovers

  • Security updates for Thursday
  • Security Tips for Installing Linux on Your SysAdmin Workstation
    Once you’ve chosen a Linux distro that meets all the security guidelines set out in our last article, you’ll need to install the distro on your workstation.
  • Fedora 26 crypto policy Test Day today (2017-03-30)!
  • Open-source developers targeted in sophisticated malware attack
    For the past few months, developers who publish their code on GitHub have been targeted in an attack campaign that uses a little-known but potent cyberespionage malware. The attacks started in January and consisted of malicious emails specifically crafted to attract the attention of developers, such as requests for help with development projects and offers of payment for custom programming jobs. The emails had .gz attachments that contained Word documents with malicious macro code attached. If allowed to execute, the macro code executed a PowerShell script that reached out to a remote server and downloaded a malware program known as Dimnie.
  • A scramble at Cisco exposes uncomfortable truths about U.S. cyber defense
    When WikiLeaks founder Julian Assange disclosed earlier this month that his anti-secrecy group had obtained CIA tools for hacking into technology products made by U.S. companies, security engineers at Cisco Systems (CSCO.O) swung into action. The Wikileaks documents described how the Central Intelligence Agency had learned more than a year ago how to exploit flaws in Cisco's widely used Internet switches, which direct electronic traffic, to enable eavesdropping. Senior Cisco managers immediately reassigned staff from other projects to figure out how the CIA hacking tricks worked, so they could help customers patch their systems and prevent criminal hackers or spies from using the same methods, three employees told Reuters on condition of anonymity.
  • NTPsec: a Secure, Hardened NTP Implementation
    Network time synchronization—aligning your computer's clock to the same Universal Coordinated Time (UTC) that everyone else is using—is both necessary and a hard problem. Many internet protocols rely on being able to exchange UTC timestamps accurate to small tolerances, but the clock crystal in your computer drifts (its frequency varies by temperature), so it needs occasional adjustments. That's where life gets complicated. Sure, you can get another computer to tell you what time it thinks it is, but if you don't know how long that packet took to get to you, the report isn't very useful. On top of that, its clock might be broken—or lying. To get anywhere, you need to exchange packets with several computers that allow you to compare your notion of UTC with theirs, estimate network delays, apply statistical cluster analysis to the resulting inputs to get a plausible approximation of real UTC, and then adjust your local clock to it. Generally speaking, you can get sustained accuracy to on the close order of 10 milliseconds this way, although asymmetrical routing delays can make it much worse if you're in a bad neighborhood of the internet.
  • Zelda Coatings
    I assume that every permutation of scams will eventually be tried; it is interesting that the initial ones preyed on people's avarice and dishonesty: "I will transfer millions to your bank account, then you share with me" - with subsequent scams appealing to another demographic: "I want to donate a large sum to your religious charity" - to perhaps capture a more virtuous but still credulous lot. Where will it end ?

Tizen and Android

Linux and Linux Foundation

Mesa and Intel Graphics