Security

ID theft, vulnerabilities, privacy issues, etc

The security flaws in Tails Linux are not its only problem

Filed under
Security
Debian

If you want to use Tor, then Tails is your best friend. Tails is a version of Linux that sends data through the Tor network.

All Internet traffic to/from Tails goes through Tor, making it resistant to end user mistakes. Tails is not normally installed on a computer, instead it's run from a bootable DVD, USB flash drive or flash memory card. Compared to the Tor Browser Bundle, Tails is unquestionably the way to go. Ed Snowden uses it.

Read more

Also related:

Homeland Security gets into software security

Filed under
OSS
Security

Personally, while I still think the DHS is an unlikely sponsor for this project — the National Security Agency (NSA) or NIST seem like its more natural home — I think the SWAMP sounds like a very useful one-stop for anyone wanting to double-check their pre-production code for errors before release.

Read more

The world's most secure OS may have a serious problem

Filed under
GNU
Linux
Security
Debian

The Tails operating system is one of the most trusted platforms in cryptography, favored by Edward Snowden and booted up more than 11,000 times per day in May. But according to the security firm Exodus Intelligence, the program may not be as secure as many thought. The company says they've discovered an undisclosed vulnerability that will let attackers deanonymize Tails computers and even execute code remotely, potentially exposing users to malware attacks. Exodus is currently working with Tails to patch the bug, and expects to hand over a full report on the exploit next week.

Read more

Docker security with SELinux

Filed under
GNU
Linux
Server
Security

This article is based on a talk I gave at DockerCon this year. It will discuss Docker container security, where we are currently, and where we are headed.

Read more

Tor, trust and the NSA

Filed under
OSS
Security

Tor is an anonymizing network that’s designed to protect you by “bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.”

That’s cool, but does Tor really guarantee you what you think or assume it does? I can’t say for sure, but when facing a state-sponsored entity with time and resources on its side, you cannot be too careful. At least if pays to know what other people think about Tor, especially when what they have to say runs counter to what you know, or what you think you know.

Read more

Avoid the Android vampire apps

Filed under
Android
Security

Some Android applications will drain your smartphone or tablet of battery life, storage or bandwidth like a blood-sucking fiend. Here's what's what with the worst of the worst.

Read more

Snowden on Dropbox: It’s hostile to privacy

Filed under
Software
Security

Dropbox is a very popular Cloud storage services, but is it good for the privacy-conscious?

According to Edward Snowden, it’s not.

In an interviewed published on GuardianNews, Snowden described Dropbox as “hostile to privacy.”

So what are the better alternatives. Snowden recommended Cloud storage services with zero-knowledge as a key feature.

Read more

How to use public PCs safely with Linux

Filed under
GNU
Linux
Security
HowTos

Public PCs aren't safe, so what's a PC user to do? Carry a Linux distribution on a USB stick in their backpocket of course!

Read more

Announcing Project Zero

Filed under
Google
OSS
Security

Security is a top priority for Google. We've invested a lot in making our products secure, including strong SSL encryption by default for Search, Gmail and Drive, as well as encrypting data moving between our data centers. Beyond securing our own products, interested Googlers also spend some of their time on research that makes the Internet safer, leading to the discovery of bugs like Heartbleed.

The success of that part-time research has led us to create a new, well-staffed team called Project Zero.

Read more

LibreSSL Portable Encounters Its First Release

Filed under
OSS
Security

OpenBSD developers have announced their first release of LibreSSL portable.

LibreSSL 2.0.0 is the release and is tested to build on Linux, Solaris, Mac OS X, and FreeBSD systems. Bob Beck of OpenBSD explains, "This is intended as an initial release to allow the community to start using and providing feedback. We will be adding support for other platforms as time and resources permit."

Read more

Samsung Nixes Knox: The Android Security Saga Continues

Filed under
Android
Security

Granted, Google has been updating handset issues at a quicker pace – particularly when it comes to security patches, via Play Services –and so far, the telcos have not played spoilers. But remember: Google has not initiated a move to push an entirely new OS directly to users except to those who own Google’s telco independent Nexus brand devices. Keep in mind that there’s a big difference between updating a feature or security patch and producing an entirely new OS. OS updates typically up the Kernel and the radios. It will be interesting (and historical) if the telcos continue to stay out of the way.

Read more

[Fedora] Simple Patch Policy

Filed under
Red Hat
Security

Following the approval of the Simple Patch policy, all the necessary pieces are now in place.

Read more

How Card.com Is Securing Itself and Its Users With Open Source

Filed under
OSS
Drupal
Security

"We're heavily involved in Drupal. I'm a member of the Drupal security team and the former lead of the team for over two years," Knaddison said. "So it's an area where we have a fair amount of expertise and depth, and we feel that our situation is best served by fixing vulnerabilities directly in the software itself."

Read more

A Bundle of Tor

Filed under
OSS
Security
HowTos

NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance

Filed under
Linux
Security

A new story published on the German site Tagesschau and followed up by BoingBoing and DasErste.de has uncovered some shocking details about who the NSA targets for surveillance including visitors to Linux Journal itself.

While it has been revealed before that the NSA captures just about all Internet traffic for a short time, the Tagesschau story provides new details about how the NSA's XKEYSCORE program decides which traffic to keep indefinitely. XKEYSCORE uses specific selectors to flag traffic, and the article reveals that Web searches for Tor and Tails--software I've covered here in Linux Journal that helps to protect a user's anonymity and privacy on the Internet--are among the selectors that will flag you as "extremist" and targeted for further surveillance. If you just consider how many Linux Journal readers have read our Tor and Tails coverage in the magazine, that alone would flag quite a few innocent people as extremist.

Read more

Why You Shouldn’t Have To Buy The $630 Super-Secure Blackphone In Order To Protect Your Privacy

Filed under
Android
Security

Privacy focused Blackphone starts shipping

Filed under
Android
Security

Blackphone, an Android-based smartphone developed by Silent Circle, SGP Technologies and Geeksphone, is now shipping. The phone became a sensation during Mobile World Congress as it offered extreme privacy of communication. After the NSA revelations made by Edward Snowden, there is a huge demand for services or devices which offer privacy from NSA and other surveillance agencies. However even the Blackphone doesn’t offer any protection from NSA. Phil Zimmermann, one of the creators of the phone, said that Blackphone doesn’t make you NSA proof.

Read more

Quality Software Costs Money - Heartbleed Was Free

Filed under
OSS
Security

About the only thing GNU Project founder Richard Stallman and I can agree on when it comes to software freedom is that it's "Free as in free speech, not free beer."

I really hope the Heartbleed vulnerability helps bring home the message to other communities that FOSS does not materialize out of empty space; it is written by people. We love what we do, which is why I'm sitting here, way past midnight on a Saturday evening, writing about it; but we are also real people with kids, cars, mortgages, leaky roofs, sick pets, infirm parents, and all kinds of other perfectly normal worries.

The only way to improve the quality of FOSS is to make it possible for these perfectly normal people to spend time on it. They need time to review patch submissions carefully, to write and run test cases, to respond to and fix bug reports, to code, and most of all, time just to think about the code and what should happen to it.

Read more

5 Secure Alternatives to WhatsApp

Filed under
Software
Security

Ever since WhatsApp, a massively popular messaging app was acquired by Facebook, many of its users have started looking for alternatives to the service. Facebook, which itself, doesn't have a good track record when it comes to privacy, is the only reason users are on the lookout for good replacements to the service.

The landmark acquisition deal that happened several months ago shocked many people, especially those who used WhatsApp as a regular chatting tool. As part of the deal, Facebook offered WhatsApp a whopping $4 billion in cash and $12 billion worth of shares. Starting 2014 with a big bang, the deal is one of the biggest deals that have ever happened in the tech industry. Biggies like Google and Microsoft were keen on buying WhatsApp but finally Facebook managed to woo the emergent startup and make history. WhatsApp has over 450 million monthly users, 72% of whom use the app everyday.

Read more

Exclusive: A review of the Blackphone, the Android for the paranoid

Filed under
Android
Reviews
Security

Based on some recent experience, I'm of the opinion that smartphones are about as private as a gas station bathroom. They're full of leaks, prone to surveillance, and what security they do have comes from using really awkward keys. While there are tools available to help improve the security and privacy of smartphones, they're generally intended for enterprise customers. No one has had a real one-stop solution: a smartphone pre-configured for privacy that anyone can use without being a cypherpunk.

Read more

Syndicate content