Language Selection

English French German Italian Portuguese Spanish

Security

Kali Tools Website Launched, 1.0.9 Released

Filed under
GNU
Linux
Security

Now that we have caught our breath after the Black Hat and DEF CON conferences, we have put aside some time to fix an annoying bug in our 1.0.8 ISO releases related to outdated firmware as well as regenerate fresh new ARM and VMware images (courtesy of Offensive Security) for our new 1.0.9 release.

Read more

Is Open Source an Open Invitation to Hack Webmail Encryption?

Filed under
OSS
Security

While the open source approach to software development has proven its value over and over again, the idea of opening up the code for security features to anyone with eyeballs still creates anxiety in some circles. Such worries are ill-founded, though.

One concern about opening up security code to anyone is that anyone will include the NSA, which has a habit of discovering vulnerabilities and sitting on them so it can exploit them at a later time. Such discoveries shouldn't be a cause of concern, argued Phil Zimmermann, creator of PGP, the encryption scheme Yahoo and Google will be using for their webmail.

Read more

Open source software: The question of security

Filed under
OSS
Security

The logic is understandable - how can a software with source code that can easily be viewed, accessed and changed have even a modicum of security?

opensource-security-question
Open source software is safer than many believe.
But with organizations around the globe deploying open source solutions in even some of the most mission-critical and security-sensitive environments, there is clearly something unaccounted for by that logic. According to a November 28 2013 Financial News article, some of the world's largest banks and exchanges, including Deutsche Bank and the New York Stock Exchange, have been active in open source projects and are operating their infrastructure on Linux, Apache and similar systems.

Read more

GNU hackers discover HACIENDA government surveillance and give us a way to fight back

Filed under
GNU
Security

GNU community members and collaborators have discovered threatening details about a five-country government surveillance program codenamed HACIENDA. The good news? Those same hackers have already worked out a free software countermeasure to thwart the program.

According to Heise newspaper, the intelligence agencies of the United States, Canada, United Kingdom, Australia, and New Zealand, have used HACIENDA to map every server in twenty-seven countries, employing a technique known as port scanning. The agencies have shared this map and use it to plan intrusions into the servers. Disturbingly, the HACIENDA system actually hijacks civilian computers to do some of its dirty work, allowing it to leach computing resources and cover its tracks.

Read more

Black Hat 2014: Open Source Could Solve Medical Device Security

Filed under
OSS
Security

On the topic of source code liability, Greer suggests that eventually software developers, including medical device development companies, will be responsible for the trouble their software causes (or fails to prevent). I think it’s fair to say that it is impossible to guarantee a totally secure system. You cannot prove a negative statement after all. Given enough time, most systems can be breached. So where does this potential liability end? What if my company has sloppy coding standards, no code reviews, or I use a third-party software library that has a vulnerability? Should hacking be considered foreseeable misuse?

Read more

Linux kernel devs made to finger their dongles before contributing code

Filed under
Development
Linux
Security

Beginning on Monday, the security of the Linux kernel source code has become a little bit tighter with the addition of two-factor authentication for the kernel's Git code repositories.

Contributing code changes to the Linux kernel sources at Kernel.org already required more than just a password, even before the change. Developers must use their own unique SSH public keys to login to the Git repositories. But not even this added security layer was truly failsafe – as the software's maintainers found out in 2011 when their servers were rooted.

Read more

We still believe in Linus’ law after Heartbleed bug, says Elie Auvray of Jahia

Filed under
Interviews
OSS
Security

Jahia was incepted in 2002 in Switzerland – the name comes from the contraction of Java (our core language) and Bahia (which means “bay” in Brazil). To support the international growth of the project, Jahia Solutions Group was later formed (in 2005) with offices throughout Europe and Jahia Inc. (the US subsidiary) was created in 2008. Jahia has now offices in Geneva, Paris, Toronto, Chicago, Washington, DC, Dusseldorf and Klagenfurt – and outsourced support centers in Australia and Nicaragua.

Read more

PiPhone interview with Dave Hunt

Filed under
Development
Linux
Interviews
Security

Turning your Raspberry Pi into a mobile phone is a lot simpler than you’d think, albeit a little chunky. Linux User talks to Dave Hunt about one of his many pet projects.

Read more

German researchers develop defense software: Potential protection against the "Hacienda" intelligence program

Filed under
GNU
Linux
Security

Grothoff and his students at TUM have developed the "TCP Stealth" defense software, which can inhibit the identification of systems through both Hacienda and similar cyberattack software and, as a result, the undirected and massive takeover of computers worldwide, as Grothoff explains. "TCP Stealth" is free software that has as its prerequisites particular system requirements and computer expertise, for example, use of the GNU/Linux operating system. In order to make broader usage possible in the future, the software will need further development.

Read more

Best Alternatives to Tor: 12 Programs to Use Since NSA, Hackers Compromised Tor Project

Filed under
GNU
Linux
Security
Debian

Tor May Have Been Compromised, Linux Based OS's Like Tails Offer The Best Supplement

Read more

Syndicate content

More in Tux Machines

Black Lab SDK 1.8 released

QT Creator - for QT 5 Gambas 3 - Visual Basic for Linux Ubuntu Quickly - Quick and dirty development tool for python emacs and Xemacs - Advanced Text Editor Anjuta and Glade - C++ RAD development tool for GTK Netbeans - Java development environment GNAT-GPS - IDE for the following programming languages. Ada, C, JavaScript, Pascal and Python Idle - IDE for Python Scite - Text Editor Read more

Did Red Hat’s CTO Walk – Or Was He Pushed?

He went on to say that some within Red Hat speculate that tensions between Stevens and Paul Cormier, Red Hat’s president of products and technologies, might be responsible, although there doesn’t appear to have been any current argument between the two. Cormier will take over Stevens’ duties until a replacement is found. Vaughan-Nichols also said that others at Red Hat had opined that Stevens might’ve left because he’d risen as high as he could within the company and with no new advancement opportunities open to him, he’d decided to move on. If this was the case, why did he leave so abruptly? Stevens had been at Red Hat for nearly ten years. If he was leaving merely because “I’ve done all I can here and it’s time to seek my fortune elsewhere,” we’d expect him to work out some kind of notice and stay on the job long enough for Red Hat to find a suitable replacement. Turning in a resignation that’s effective immediately is not the ideal way to walk out the door for the last time. It smells of burning bridges. Read more

Firefox OS Smartphones Change The Mobile Landscape Across India

The launch of two Firefox OS phones in India in the same week marks an exciting moment in Mozilla’s mission to promote openness and innovation on the Web, and an opportunity to empower millions of Indians wanting to buy their first smartphones. Firefox OS will enable users to obtain lower-cost devices that offer telephony, messaging and camera and rich capabilities like built-in social integration with Facebook and Twitter, the Firefox browser, FM radio and popular apps. Read more

Mozilla Marches Ahead with Ads for Firefox

This November, Mozilla is up for renegotiation with Google for placement of Google search as the default search in Firefox and for the related subsidies that Google pays Mozilla, which reached almost $300 million last year. That comprised the majority of Mozilla's income. With Chrome establishing itself as a leader in the browser wars, its unclear what relationship Google will continue to pursue with Mozilla. Read more