Language Selection

English French German Italian Portuguese Spanish

Security

Kali Tools Website Launched, 1.0.9 Released

Filed under
GNU
Linux
Security

Now that we have caught our breath after the Black Hat and DEF CON conferences, we have put aside some time to fix an annoying bug in our 1.0.8 ISO releases related to outdated firmware as well as regenerate fresh new ARM and VMware images (courtesy of Offensive Security) for our new 1.0.9 release.

Read more

Is Open Source an Open Invitation to Hack Webmail Encryption?

Filed under
OSS
Security

While the open source approach to software development has proven its value over and over again, the idea of opening up the code for security features to anyone with eyeballs still creates anxiety in some circles. Such worries are ill-founded, though.

One concern about opening up security code to anyone is that anyone will include the NSA, which has a habit of discovering vulnerabilities and sitting on them so it can exploit them at a later time. Such discoveries shouldn't be a cause of concern, argued Phil Zimmermann, creator of PGP, the encryption scheme Yahoo and Google will be using for their webmail.

Read more

Open source software: The question of security

Filed under
OSS
Security

The logic is understandable - how can a software with source code that can easily be viewed, accessed and changed have even a modicum of security?

opensource-security-question
Open source software is safer than many believe.
But with organizations around the globe deploying open source solutions in even some of the most mission-critical and security-sensitive environments, there is clearly something unaccounted for by that logic. According to a November 28 2013 Financial News article, some of the world's largest banks and exchanges, including Deutsche Bank and the New York Stock Exchange, have been active in open source projects and are operating their infrastructure on Linux, Apache and similar systems.

Read more

GNU hackers discover HACIENDA government surveillance and give us a way to fight back

Filed under
GNU
Security

GNU community members and collaborators have discovered threatening details about a five-country government surveillance program codenamed HACIENDA. The good news? Those same hackers have already worked out a free software countermeasure to thwart the program.

According to Heise newspaper, the intelligence agencies of the United States, Canada, United Kingdom, Australia, and New Zealand, have used HACIENDA to map every server in twenty-seven countries, employing a technique known as port scanning. The agencies have shared this map and use it to plan intrusions into the servers. Disturbingly, the HACIENDA system actually hijacks civilian computers to do some of its dirty work, allowing it to leach computing resources and cover its tracks.

Read more

Black Hat 2014: Open Source Could Solve Medical Device Security

Filed under
OSS
Security

On the topic of source code liability, Greer suggests that eventually software developers, including medical device development companies, will be responsible for the trouble their software causes (or fails to prevent). I think it’s fair to say that it is impossible to guarantee a totally secure system. You cannot prove a negative statement after all. Given enough time, most systems can be breached. So where does this potential liability end? What if my company has sloppy coding standards, no code reviews, or I use a third-party software library that has a vulnerability? Should hacking be considered foreseeable misuse?

Read more

Linux kernel devs made to finger their dongles before contributing code

Filed under
Development
Linux
Security

Beginning on Monday, the security of the Linux kernel source code has become a little bit tighter with the addition of two-factor authentication for the kernel's Git code repositories.

Contributing code changes to the Linux kernel sources at Kernel.org already required more than just a password, even before the change. Developers must use their own unique SSH public keys to login to the Git repositories. But not even this added security layer was truly failsafe – as the software's maintainers found out in 2011 when their servers were rooted.

Read more

We still believe in Linus’ law after Heartbleed bug, says Elie Auvray of Jahia

Filed under
Interviews
OSS
Security

Jahia was incepted in 2002 in Switzerland – the name comes from the contraction of Java (our core language) and Bahia (which means “bay” in Brazil). To support the international growth of the project, Jahia Solutions Group was later formed (in 2005) with offices throughout Europe and Jahia Inc. (the US subsidiary) was created in 2008. Jahia has now offices in Geneva, Paris, Toronto, Chicago, Washington, DC, Dusseldorf and Klagenfurt – and outsourced support centers in Australia and Nicaragua.

Read more

PiPhone interview with Dave Hunt

Filed under
Development
Linux
Interviews
Security

Turning your Raspberry Pi into a mobile phone is a lot simpler than you’d think, albeit a little chunky. Linux User talks to Dave Hunt about one of his many pet projects.

Read more

German researchers develop defense software: Potential protection against the "Hacienda" intelligence program

Filed under
GNU
Linux
Security

Grothoff and his students at TUM have developed the "TCP Stealth" defense software, which can inhibit the identification of systems through both Hacienda and similar cyberattack software and, as a result, the undirected and massive takeover of computers worldwide, as Grothoff explains. "TCP Stealth" is free software that has as its prerequisites particular system requirements and computer expertise, for example, use of the GNU/Linux operating system. In order to make broader usage possible in the future, the software will need further development.

Read more

Best Alternatives to Tor: 12 Programs to Use Since NSA, Hackers Compromised Tor Project

Filed under
GNU
Linux
Security
Debian

Tor May Have Been Compromised, Linux Based OS's Like Tails Offer The Best Supplement

Read more

Syndicate content

More in Tux Machines

Matching databases to Linux distros

Relational database management systems (RDBMSs) aren’t the sort of thing to get most folk out of bed in the morning – unless, of course, you happen to think they’re one of the most brilliant concepts ever dreamed up. These days you can’t sneeze without someone turning it into a table value in a database somewhere - and in combination with the freely available Linux operating system, there’s no end to them. Most Linux distros make it almost trivial to add popular DBMSs to your system, such as MySQL and MariaDB, by bundling them in for free in their online app stores. But how do you tell which combination - which Linux distro and which DBMS - will give you the best performance? This week we've revved up the Labs servers to ask the question: what level of performance do you get from OS repository-sourced DBMSs? Read more

The Curious Case of Raspberry Pi Consumerism

I find the attitude of many within the Raspberry Pi community to be strange and offensive. I first discovered this odd phenomenon (odd because it contradicts the ethos of the project's academic foundations) back when it first started, as many within the Raspberry Pi community took an extremely hostile attitude toward academic freedom, apparently in defence of various parties' highly dubious intellectual monopolies (Broadcom and MPEG-LA, for example). I pointed out the irony and hypocrisy of their attitude at the time, explaining that they were more than happy to leech Free (as in freedom) Software for their own benefit, but then balked at the prospect of freely sharing the results, and in particular this contradicted their stated academic goal of facilitating better computer education in UK schools, an environment that rightly demands open access to knowledge. Read more

Google Chrome 38 Beta Brings New Guest Mode and Easier Incognito Mode Switching

The developers have explained that the user switching feature has been redesigned and it will make changing profiles and into the incognito mode a lot simple. They have also added a new experimental Guest mode, a new experimental UI for Chrome supervised users has been implemented, and numerous under-the-hood changes have been made for stability and performance. "This release adds support for the new element thanks to the hard work of community contributor Yoav Weiss, who was able to dedicate his time to implementing this feature in multiple rendering engines because of a successful crowd-funding campaign that raised more than 50% of its funding goal." Read more

PfSense 2.1.5 Is a Free and Powerful FreeBSD-Based Firewall Operating System

PfSense is a free network firewall distribution based on the FreeBSD, it comes with a custom kernel, and a few quite powerful applications that should make its users’ life a lot easier. Most of the firewall distros are Linux-based, but PfSense is a little bit different and is using FreeBSD. Regular users won't feel anything out of the ordinary, but it's an interesting choice for the base. The developers of PfSense are also saying that their distro has been successful in replacing a number of commercial firewalls such as Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astar, and others. Read more