Language Selection

English French German Italian Portuguese Spanish

Security News

Filed under
Security
  • Security updates for Tuesday
  • EU updates smartphone secure development guideline

    The European Union Agency for Network and Information Security (ENISA) has published an updated version of its Smartphone Secure Development Guidelines. This document details the risks faced by developers of smartphone application, and provides ways to mitigate these.

  • CloudLinux 7 Users Get New Beta Linux Kernel Update That Addresses CVE-2017-6074

    CloudLinux's Mykola Naugolnyi announced today the availability of a new Beta kernel for the CloudLinux 7 operating system series, which patches a recently discovered and critical security flaw.

  • Linus Torvalds shrugged off warnings about 'insecure' SHA-1 in 2005

    LINUX FOUNDER Linus Torvalds was warned in 2005 that the use of the SHA-1 hash to sign code in Linux and Git was insecure and urged to shift to something better protected, but rejected the advice outright.

    Free software evangelist John Gilmore warned Torvalds ten years ago that "SHA1 has been broken; it's possible to generate two different blobs that hash to the same SHA1 hash".

    Gilmore penned his warning to Torvalds in April 2005, when MD5 had already been cracked and SHA1 remained "hard to crack" - but still crackable.

  • Subversion SHA1 Collision Problem Statement — Prevention and Remediation Options

    You probably saw the news last week that researchers at Google had found a scenario where they were able to break the SHA1 algorithm by creating two PDF files with differing content that produced the same hash. If you are following this story then you may have also seen that the Webkit Subversion repository had problems after a user committed these example files to their repository so that they could be used in test cases for SHA1 collisions.

  • making git-annex secure in the face of SHA1 collisions

    git-annex has never used SHA1 by default. But, there are concerns about SHA1 collisions being used to exploit git repositories in various ways. Since git-annex builds on top of git, it inherits its foundational SHA1 weaknesses. Or does it?

  • SSH Fingerprint Verification via Tor

    OpenSSH (really, are there any other implementations?) requires Trust on First Use for fingerprint verification.

    Verification can be especially problematic when using remote services like VPS or colocation.

    How can you trust that the initial connection isn’t being Man In The Middle’d?

  • Almost all Windows vulnerabilities are enabled by liberal 'admin rights'

    NEARLY OF THE VULNERABILITIES THAT AFFECT Microsoft's Windows operating system could be mitigated through a little careful control.

    Avecto, a security company, is the source of the latest revelation in this direction, and it says that 94 per cent of security problems could have been killed off if admin rights had been removed from the affected computer.

    This makes a lot of sense, since a computer that cannot be molested by a user cannot be molested by a third party. 94 per cent is just one example of the differences that can be made and Avecto says that in the case of Internet Explorer 100 per cent of risks are mitigated when rights are removed.

  • More on Bluetooth Ingenico Overlay Skimmers

    This blog has featured several stories about “overlay” card and PIN skimmers made to be placed atop Ingenico-brand card readers at store self-checkout lanes. I’m revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles.

"Almost All Windows vulnerabilities are enabled by liberal admin

MS already has almost total control over the systems of Win10 users, now they just need a little more to make it "safe." I call BS.

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
--Benjamin Franklin, 1759

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Linux: To recurse or not

Linux and recursion are on very good speaking terms. In fact, a number of Linux command recurse without ever being asked while others have to be coaxed with just the right option. When is recursion most helpful and how can you use it to make your tasks easier? Let’s run through some useful examples and see. Read more

Today in Techrights

Android Leftovers

today's leftovers

  • MX Linux Review of MX-17 – For The Record
    MX Linux Review of MX-17. MX-17 is a cooperative venture between the antiX and former MEPIS Linux communities. It’s XFCE based, lightning fast, comes with both 32 and 64-bit CPU support…and the tools. Oh man, the tools available in this distro are both reminders of Mepis past and current tech found in modern distros.
  • Samsung Halts Android 8.0 Oreo Rollouts for Galaxy S8 Due to Unexpected Reboots
    Samsung stopped the distribution of the Android 8.0 Oreo operating system update for its Galaxy S8 and S8+ smartphones due to unexpected reboots reported by several users. SamMobile reported the other day that Samsung halted all Android 8.0 Oreo rollouts for its Galaxy S8/S8+ series of Android smartphones after approximately a week since the initial release. But only today Samsung published a statement to inform user why it stopped the rollouts, and the cause appears to be related to a limited number of cases of unexpected reboots after installing the update.
  • Xen Project Contributor Spotlight: Kevin Tian
    The Xen Project is comprised of a diverse set of member companies and contributors that are committed to the growth and success of the Xen Project Hypervisor. The Xen Project Hypervisor is a staple technology for server and cloud vendors, and is gaining traction in the embedded, security and automotive space. This blog series highlights the companies contributing to the changes and growth being made to the Xen Project and how the Xen Project technology bolsters their business.
  • Initial Intel Icelake Support Lands In Mesa OpenGL Driver, Vulkan Support Started
    A few days back I reported on Intel Icelake patches for the i965 Mesa driver in bringing up the OpenGL support now that several kernel patch series have been published for enabling these "Gen 11" graphics within the Direct Rendering Manager driver. This Icelake support has been quick to materialize even with Cannonlake hardware not yet being available.
  • LunarG's Vulkan Layer Factory Aims To Make Writing Vulkan Layers Easier
    Introduced as part of LunarG's recent Vulkan SDK update is the VLF, the Vulkan Layer Factory. The Vulkan Layer Factory aims to creating Vulkan layers easier by taking care of a lot of the boilerplate code for dealing with the initialization, etc. This framework also provides for "interceptor objects" for overriding functions pre/post API calls for Vulkan entry points of interest.