Language Selection

English French German Italian Portuguese Spanish

Security

Security: IBM, Windows Freezes, 2FA and More

Filed under
Security

Security: Twitter and Facebook

Filed under
Security
  • Twitter banned Kaspersky Lab from advertising in Jan

     

    Twitter has banned advertising from Russian security vendor Kaspersky Lab since January, the head of the firm, Eugene Kaspersky, has disclosed.  

  • When you go to a security conference, and its mobile app leaks your data

     

    A mobile application built by a third party for the RSA security conference in San Francisco this week was found to have a few security issues of its own—including hard-coded security keys and passwords that allowed a researcher to extract the conference's attendee list. The conference organizers acknowledged the vulnerability on Twitter, but they say that only the first and last names of 114 attendees were exposed.

  • The Security Risks of Logging in With Facebook

     

    In a yet-to-be peer-reviewed study published on Freedom To Tinker, a site hosted by Princeton's Center for Information Technology Policy, three researchers document how third-party tracking scripts have the capability to scoop up information from Facebook's login API without users knowing. The tracking scripts documented by Steven Englehardt, Gunes Acar, and Arvind Narayanan represent a small slice of the invisible tracking ecosystem that follows users around the web largely without their knowledge.

  • Facebook Login data hijacked by hidden JavaScript trackers

     

    If you login to websites through Facebook, we've got some bad news: hidden trackers can suck up more of your data than you'd intended to give away, potentially opening it up to abuse.

Security: Updates, IBM, Elytron and Container Vulnerability Scanning

Filed under
Security
  • Security updates for Friday
  • IBM Security launches open-source AI

    IBM Security unveiled an open-source toolkit at RSA 2018 that will allow the cyber community to test their AI-based security defenses against a strong and complex opponent in order to help build resilience and dependability into their systems.

  • Elytron: A New Security Framework in WildFly/JBoss EAP

    Elytron is a new security framework that ships with WildFly version 10 and Red Hat JBoss Enterprise Application Platform (EAP) 7.1. This project is a complete replacement of PicketBox and JAAS. Elytron is a single security framework that will be usable for securing management access to the server and for securing applications deployed in WildFly. You can still use the legacy security framework, which is PicketBox, but it is a deprecated module; hence, there is no guarantee that PicketBox will be included in future releases of WildFly. In this article, we will explore the components of Elytron and how to configure them in Wildfly.

  • PodCTL #32 – Container Vulnerability Scanning

Security Leftovers

Filed under
Security
  • Hackers once stole a casino's high-roller database through a thermometer in the lobby fish tank

    Hackers are increasingly targeting "internet of things" devices to access corporate systems, using things like CCTV cameras or air-conditioning units, according to the CEO of a cybersecurity firm.

    The internet of things refers to devices hooked up to the internet, and it has expanded to include everything from household appliances to widgets in power plants.

    Nicole Eagan, the CEO of Darktrace, told the WSJ CEO Council Conference in London on Thursday: "There's a lot of internet-of-things devices, everything from thermostats, refrigeration systems, HVAC systems, to people who bring in their Alexa devices into the offices. There's just a lot of IoT. It expands the attack surface, and most of this isn't covered by traditional defenses."

  • Certificate Transparency and HTTPS

    CT stands for “Certificate Transparency” and, in simple terms, means that all certificates for websites will need to be registered by the issuing Certificate Authority (CA) in at least two public Certificate Logs.

  • Security updates for Thursday
  • IBM introduces open-source library for protecting AI systems
  • How to combine SSH key authentication and two-factor authentication on Linux
  • openSUSE Heroes loves Let’s Encrypt™ – Expect certificate exchange

    openSUSE loves Let's Encrypt™

    Maybe some of you noticed, that our certificate *.opensuse.org on many of services will expire soon (on 2018-04-23).

    As we noticed that – as well – we decided to put a bit of work into this topic and we will use Let’s Encrypt certificates for the encrypted services of the openSUSE community.

    This is just a short notice / announcement for all of you, that we are working on this topic at the moment. We will announce, together with the deployment of the new certificate, the regarding hashes and maybe some further information on our way of implementing things.

Security Leftovers

Filed under
Security

OSS and Security Leftovers

Filed under
OSS
Security
  • Open-source library for improving security of AI systems

    Attacks against neural networks have recently been flagged as one of the biggest dangers in our modern world where AI systems are increasingly getting embedded in many technologies we use and depend on daily.

    Adversaries can sometimes tamper with them even if they don’t know much about them, and “breaking” the system could result in very dangerous consequences.

    [...]

    The library is written in Python, as it is the most commonly used programming language for developing, testing and deploying Deep Neural Networks.

  • IBM launches open-source library for securing AI systems

    On Tuesday at the RSA conference in San Francisco, IBM announced the launch of the Adversarial Robustness Toolbox to support developers and users of AI that may become the victims of attacks against AI systems including Deep Neural Networks (DNNs).

    According to the tech giant, threat actors may be able to exploit weaknesses in AI systems through very subtle means. Simple, small, and often undetectable alterations in content including images, video, and audio recordings can be crafted to confuse AI systems, even without a deep knowledge of the AI or DNN a cyberattack is targeting.

  • IBM releases new toolbox to protect AI from adversarial attacks

    IBM is releasing an open-source software library to combat against adversarial attacks in deep neural networks (DNNs). DNNs are machine learning models that are capable of recognizing patterns.

  • Build a serverless framework at home: Go on, bit of open sourcey hijinx won't hurt

    First unveiled at SpringOne Platform in December, riff is still an early project. It emerged from the Spring Cloud Data Flow, a data integration project to run Java code as microservices created under Pivotal's open source Java-focused Spring framework.

    "Riff is the next step in that evolution," says Jürgen Leschner, a riff organiser who works at Pivotal. Instead of running microservices that persist in containers, serverless models hide the containers from the developers and operations teams entirely. Instead, when a developer calls a software function, the container orchestration system (in riff's case, Kubernetes) spins one up and then kills it off silently.

    [...]

    The benefits of open source serverless

    What do these open source serverless options bring to the party? Unless you're using them to slurp services on the AWS platform and minimise container fees by weeding out idle compute power, why bother?

    Efficiency for developers is one driver, says Leschner. "Developers don’t have to worry about building the connectors and boilerplate stuff into their code. They can package a simpler project and the boilerplate is already in the platform."

  • Failure to secure open source code spurs DevSecOps boom [Ed: Yet another one of those 'journalists' who help marketing from anti-FOSS entity because it's disguised as 'research']

    A survey of over 2,000 IT pros shows that fear of data breaches is increasing investments in DevSecOps tools, particularly automated security tools and oversight of open source software.

  • Security updates for Wednesday

Security: Russia, Librem, and Apple's Faux Security

Filed under
Security
  • U.S. & U.K. Issue Joint Warning About Risks of Russian Cyberattacks
  • Demonstrating Tamper Detection with Heads

    We are excited about the future of Heads on Librem laptops and the extra level of protection it can give customers. As a result we’ve both been writing about it a lot publicly and working on it a lot privately. What I’ve realized when I’ve talked to people about Heads and given demos, is that many people have never seen a tamper-evident boot process before. All of the concepts around tamper-evident boot are pretty abstract and it can be difficult to fully grasp how it protects you if you’ve never seen it work.

    We have created a short demo that walks through a normal Heads boot process and demonstrates tamper detection. In the interest of keeping the demo short I only briefly described what was happening. In this post I will elaborate on what you are seeing in the video.

  • Stop Using Six Digit Numeric iPhone Passcodes Right Now

Security Leftovers

Filed under
Security
  • Security updates for Tuesday
  • McAfee's Upgraded Cloud Security Protects Containers [Ed: Looks like marketing/spam from ECT]
  • Has a Russian intelligence agent hacked your wifi? [iophk: "AV is not relevant; there are two main ways to avoid malware" : *BSD and */Linux"]

    In short, a global, invisible, low-level conflict is taking place across the internet and it is possible that your router has been conscripted as a foot soldier. Maybe it is worth getting your firewall and antivirus checked out after all.

  • 55 Infosec Professionals Sign Letter Opposing Georgia’s Computer Crime Bill

    In a letter to Georgia Gov. Nathan Deal, 55 cybersecurity professionals from around the country are calling for a veto for S.B. 315, a state bill that would give prosecutors new power to target independent security researchers.

    This isn’t just a matter of solidarity among those in the profession. Georgia represents our nation’s third largest information security sector. The signers have clients, partners, and offices in Georgia. They attend conferences in Georgia. They teach and study in Georgia or recruit students from Georgia. And they all agree that S.B. 315, which would create a new crime of "unauthorized access," would do more harm than good.

Security and FUD Leftovers

Filed under
Security

Security: Open Source Security Podcast, Old JavaScript Crypto Flaw and New FUD-based Marketing

Filed under
Security
Syndicate content

More in Tux Machines

Thunderbolt 3 in Fedora 28

  • The state of Thunderbolt 3 in Fedora 28
    Fedora 28 is around the corner and I wanted to highlight what we did to make the Thunderbolt 3 experience as smooth as possible. Although this post focuses on Fedora 28 for what is currently packaged and shipping, all changes are of course available upstream and should hit other distributions in the future.
  • Thunderbolt 3 Support Is In Great Shape For Fedora 28
    Red Hat developers have managed to deliver on their goals around improving Thunderbolt support on the Linux desktop with the upcoming Fedora 28 distribution update. This has been part of their goal of having secure Thunderbolt support where users can authorize devices and/or restrict access to certain capabilities on a per-device basis, which is part of Red Hat's Bolt project and currently has UI elements for the GNOME desktop.

New Heptio Announcements

Android Leftovers

New Terminal App in Chome OS Hints at Upcoming Support for Linux Applications

According to a Reddit thread, a Chromebook user recently spotted a new Terminal app added to the app drawer when running on the latest Chrome OS Dev channel. Clicking the icon would apparently prompt the user to install the Terminal app, which requires about 200 MB of disk space. The installation prompt notes the fact that the Terminal app can be used to develop on your Chromebook. It also suggests that users will be able to run native apps and command-line tools seamlessly and securely. Considering the fact that Chrome OS is powered by the Linux kernel, this can only mean one thing. Read more