Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

Debian Pushes Major Kernel Update to Debian Jessie, Fixes Over 20 Security Flaws

Filed under
Security
Debian

Today, June 28, 2016, Debian Project, through Salvatore Bonaccorso, published details about a major Linux kernel security update for the Debian GNU/Linux 8 "Jessie" operating system.

Read more

Security Leftovers

Filed under
Security
  • Chrome vulnerability lets attackers steal movies from streaming services

    A significant security vulnerability in Google technology that is supposed to protect videos streamed via Google Chrome has been discovered by researchers from the Ben-Gurion University of the Negev Cyber Security Research Center (CSRC) in collaboration with a security researcher from Telekom Innovation Laboratories in Berlin, Germany.

  • Large botnet of CCTV devices knock the snot out of jewelry website

    Researchers have encountered a denial-of-service botnet that's made up of more than 25,000 Internet-connected closed circuit TV devices.

    The researchers with Security firm Sucuri came across the malicious network while defending a small brick-and-mortar jewelry shop against a distributed denial-of-service attack. The unnamed site was choking on an assault that delivered almost 35,000 HTTP requests per second, making it unreachable to legitimate users. When Sucuri used a network addressing and routing system known as Anycast to neutralize the attack, the assailants increased the number of HTTP requests to 50,000 per second.

  • Study finds Password Misuse in Hospitals a Steaming Hot Mess

    Hospitals are pretty hygienic places – except when it comes to passwords, it seems.

    That’s the conclusion of a recent study by researchers at Dartmouth College, the University of Pennsylvania and USC, which found that efforts to circumvent password protections are “endemic” in healthcare environments and mostly go unnoticed by hospital IT staff.

    The report describes what can only be described as wholesale abandonment of security best practices at hospitals and other clinical environments – with the bad behavior being driven by necessity rather than malice.

  • Why are hackers increasingly targeting the healthcare industry?

    Cyber-attacks in the healthcare environment are on the rise, with recent research suggesting that critical healthcare systems could be vulnerable to attack.

    In general, the healthcare industry is proving lucrative for cybercriminals because medical data can be used in multiple ways, for example fraud or identify theft. This personal data often contains information regarding a patient’s medical history, which could be used in targeted spear-phishing attacks.

  • Making the internet more secure
  • Beyond Monocultures
  • Dodging Raindrops Escaping the Public Cloud

Security Leftovers

Filed under
Security

Canonical Patches Seven Linux Kernel Vulnerabilities in Ubuntu 16.04, Update Now

Filed under
Linux
Security
Ubuntu

Today, June 27, 2016, Canonical published a new security notice to inform users of the Ubuntu 16.04 LTS (Xenial Xerus) operating system about the availability of an important kernel update.

Read more

Leftovers: Security

Filed under
Security

Security Leftovers

Filed under
Security
  • Teardrop Attack: What Is It And How Does It Work?

    In Teardrop Attack, fragmented packets that are sent in the to the target machine, are buggy in nature and the victim’s machine is unable to reassemble those packets due to the bug in the TCP/IP fragmentation.

  • Updating code can mean fewer security headaches

    Organizations with high rates of code deployments spend half as much time fixing security issues as organizations without such frequent code updates, according to a newly released study.

    In its latest annual state-of-the-developer report, Devops software provider Puppet found that by better integrating security objectives into daily work, teams in "high-performing organizations" build more secure systems. The report, which surveyed 4,600 technical professionals worldwide, defines high IT performers as offering on-demand, multiple code deploys per day, with lead times for changes of less than one hour. Puppet has been publishing its annual report for five years.

  • Over half of world's top domains weak against email spoofing

    Over half of the world's most popular online services have misconfigured servers which could place users at risk from spoof emails, researchers have warned.

    According to Swedish cybersecurity firm Detectify, poor authentication processes and configuration settings in servers belonging to hundreds of major online domains are could put users at risk of legitimate-looking phishing campaigns and fraudulent emails.

Linux Kernel 4.6.3 Has Multiple Networking Improvements, Better SPARC Support

Filed under
Linux
Security

Today, June 24, 2016, renowned Linux kernel developer Greg Kroah-Hartman has announced the general availability of the third maintenance release for the Linux 4.6 kernel series.

Linux kernel 4.6.3 is here two weeks after the release of the second maintenance update in the series, Linux kernel 4.6.2, to change a total of 88 files, with 1302 insertions and 967 deletions. Unfortunately, very few GNU/Linux distributions have adopted the Linux 4.6 series, despite the fact that Greg Kroah-Hartman urged everyone to move to this most advanced kernel branch as soon as possible from Linux 4.5, which reached end of life.

Read more

Syndicate content

More in Tux Machines

Leftovers: OSS

  • Google and GitHub are Opening a New Window on Open Source
    Where can you find millions of open source code repositories? That would be on GitHub, of course, and with all those code repositories, one would think that analyzing them would lead to some interesting conclusions about open source in general, correct? That's the thinking behind a new offering from GitHub in partnership with Google. The two have produced a new open dataset on Google BigQuery, a low cost analytics data warehouse service in the cloud, so that anyone can get data-driven insights based on more than 2.8 million open source GitHub repositories. The move brings new data analytics capabilities to BigQuery.
  • Open Source Gospel From Cisco’s Lauren Clooney
    Companies that traditionally focused on proprietary software are now playing catch up in order to compete by utilizing open source development.
  • My condolences, you’re now the maintainer of a popular open source project
    Marc Andreessen, creator of the Netscape web browser, famously said "software is eating the world." I’d like to posit that it’s actually open source software that’s eating the world, and I have a couple of data points to back me up. First, a conclusion from the 2015 Future of Open Source survey: “Seventy-eight percent of respondents said their companies run part or all of its operations on OSS and 66 percent said their company creates software for customers built on open source. This statistic has nearly doubled since 2010.”
  • Tip: Try these open-source investigative journalism tools
    The Investigative Reporters and Editors conference took place in mid-June in New Orleans, and one of the sessions at the event looked at open-source tools for investigations. This 'Steal my tool' session highlighted a number of useful open-source investigative platforms, which Sam Berkhead, engagement editor at IJNet, listed in this article published after the conference.
  • DuckDuckGo: The Little Search Engine That Gives Back Big
    The company’s website says, “DuckDuckGo is a general purpose search engine that is intended to be your starting place when searching the Internet. Use it to get way more instant answers, way less spam and real privacy, which we believe adds up to a much better overall search experience.” [...] Proprietor Gabriel Weinberg says his once-personal project (founded in 2008) isn’t making anyone wealthy, but he and his workers live decently, and he says they’re doing well enough that giving money to open source projects doesn’t hurt their budget.
  • Understanding open source licenses
    Open source licenses are licenses that comply with the Open Source Definition — in brief, they allow software to be freely used, modified, and shared. To be approved by the Open Source Initiative (also known as the OSI), a license must go through the Open Source Initiative’s license review process. There has been an increase release of open source software from the day of Linux. Today most popular frame works like bootstrap and software such as Atom IDE used by developers are open source. We often never worry about using open source code but do you know what the license under which the frame you’re using was released means?
  • Build your own open source solar panels
    Do-it-yourself electricity generation is still difficult and expensive. The inventors of the SunZilla project aim to make it easier, cleaner, portable, quiet, and completely open source. The SunZilla system is designed to replace diesel and gasoline-powered generators for portable and emergency power: camping, events, mobile phone charging station, provide power to refugee camps, or keep the lights on during a power outage. Two people can set it up in a few minutes. It is modular and plug-and-play. Leonie Gildein is one of the five SunZilla engineers, and kindly answered some questions about the project.
  • Lessons From The Downfall Of A $150M Crowdfunded Experiment In Decentralized Governance
    Hype around blockchain has risen to an all-time high. A technology once perceived to be the realm of crypto-anarchists and drug dealers has gained increasing popular recognition for its revolutionary potential, drawing billions in venture-capital investment by the world's leading financial institutions and technology companies. Regulators, rather than treating blockchain platforms (such as Bitcoin or Ethereum) and other "distributed ledgers" merely as tools of illicit dark markets, are beginning to look at frameworks to regulate and incorporate this important technology into traditional commerce.
  • Openfunds launches global standard for fund data interchange
    The standard is published on the openfunds website and can be used by anyone free of charge.

Hadoop and Spark

Openwashing

Leftovers: Software

  • Pitivi 0.96 — Cogito Ergo Proxy
  • Pitivi 0.96 Released With Proxy Editing Support
    In addition to proxy editing, Pitivi 0.96 also has timeline changes, transformation box, setting changes, user interface improvements, the start of allowing custom keyboard shortcuts, and support for Flatpak packages.
  • Calamares 2.3 Universal Linux OS Installer Released with Full-Disk Encryption
    Today, June 30, 2016, the Calamares team was proud to announce the final release and immediate availability for download of the Calamares 2.3 distribution-independent system installer. Calamares is currently being used in numerous popular operating systems, including, but not limited to, KaOS, Apricity OS, Chakra GNU/Linux, Netrunner, Sabayon, and OpenMandriva. It is the universal installer framework that many GNU/Linux distributions should adopt as it's now one of the most advanced system installers.
  • etcd3: A new etcd
    Over the past few months, CoreOS has been diligently finalizing the etcd3 API beta, testing the system and working with users to make etcd even better. Today etcd v3.0.0, the distributed key value store developed by CoreOS, is available. In practice, etcd3 is already integrated into a large-scale distributed system, Kubernetes, and we have implemented distributed coordination primitives including distributed locks, elections, and software transactional memory, to ensure the etcd3 API is flexible enough to support a variety of applications. Today we’re proud to announce that etcd3 is ready for general use.
  • Zend Framework 3 Released!
    After 17 months of effort, hundreds of releases, tens of thousands of commits by hundreds of contributors, and millions of installs, we're pleased to announce the immediate availability of Zend Framework 3.
  • ANNOUNCE: virt-viewer 4.0 release
  • Virt-Manager's Virrt-Viewer 4.0 Released