Language Selection

English French German Italian Portuguese Spanish

Security

Five New Linux Kernel Vulnerabilities Patched in Ubuntu 16.10 for Raspberry Pi 2

Filed under
Linux
Security
Ubuntu

Canonical announced a few hours ago the availability of a new security update for the Raspberry Pi 2 kernel packages of the Ubuntu 16.10 (Yakkety Yak) operating system, which patches a total of five newly discovered vulnerabilities.

Read more

Security Leftovers

Filed under
Security

KDE Applications 16.12.2 Rolls Out for Plasma Users to Fix over 20 Recorded Bugs

Filed under
KDE
Security

Today, February 9, 2017, KDE has had the great pleasure of announcing the general availability of the second point release of its KDE Applications 16.12 software suite for KDE Plasma desktops.

Read more

Security Leftovers

Filed under
Security
  • Thousands of WordPress websites defaced through patch failures

    Thousands of WordPress domains have been subject to attack through a severe content injection security flaw that many website operators have failed to protect themselves against.

    The security flaw, a zero-day vulnerability that affects the WordPress REST API, allows attackers to modify the content of posts or pages within a website backed by the WordPress content management system (CMS).

    As noted by cybersecurity firm Sucuri, one of the REST endpoints allows access via the API to view, edit, delete, and create posts.

  • Introducing Capsule8: Industry's First Container-Aware, Real-time Threat Protection for Linux

    "The cloud has catapulted Linux to the most popular platform on the planet, and now the use of container technology is exploding. Yet there has been no world-class commercial security offering focused on securing the Linux infrastructure until now," said Bob Goodman, partner at Bessemer. "Capsule8 is solving the difficult problem of providing zero-day threat protection for Linux, whether legacy, container or something in-between. Simply put, John, Dino and Brandon are pioneering the most comprehensive and effective security protection ever offered for Linux."

  • Container-Aware Security Startup Capsule8 Emerges from Stealth

    Capsule8, a Brooklyn, NY-based security startup, emerged from stealth today to debut its container-aware threat protection platform for Linux.

Security Leftovers

Filed under
Security

FOSS CMS News

Filed under
OSS
Security
  • Migrated blog from WordPress to Hugo

    My WordPress blog got hacked two days ago and now twice today. This morning I purged MySQL and restored a good backup from three days ago, changed all DB and WordPress passwords (both the old and new ones were long and autogenerated ones), but not even an hour after the redeploy the hack was back. (It can still be seen on Planet Debian and Planet Ubuntu. Neither the Apache logs nor the Journal had anything obvious, nor were there any new files in global or user www directories, so I’m a bit stumped how this happened. Certainly not due to bruteforcing a password, that would both have shown in the logs and also have triggered ban2fail, so this looks like an actual vulnerability.

  • WordPress 4.7.2

    When WordPress originally announced their latest security update, there were three security fixes. While all security updates can be serious, they didn’t seem too bad. Shortly after, they updated their announcement with a fourth and more serious security problem.

    I have looked after the Debian WordPress package for a while. This is the first time I have heard people actually having their sites hacked almost as soon as this vulnerability was announced.

  • 4 open source tools for doing online surveys

    Ah, the venerable survey. It can be a fast, simple, cheap, and effective way gather the opinions of friends, family, classmates, co-workers, customers, readers, and others.

    Millions turn to proprietary tools like SurveyGizmo, Polldaddy, SurveyMonkey, or even Google Forms to set up their surveys. But if you want more control, not just over the application but also the data you collect, then you'll want to go open source.

    Let's take a look at four open source survey tools that can suit your needs, no matter how simple or complex those needs are.

Security Leftovers

Filed under
Security

Security News

Filed under
Security
  • Lynis – Security Auditing and Hardening Tool for Linux/Unix Systems

    First i want to tell you about system security before going deeper about Lynis. Every system administrator should know/understand about system security, Hardening, etc,. So that we can make our system up and running smoothly without any issues otherwise we have to face so many issues.

  • Security Hygiene for Software Professionals

    As software makers, we face a unique threat model. The computers or accounts we use to develop and deliver software are of more value to an attacker than what ordinary computer users have—cloud service keys can be stolen and used for profit, and the software we ship can be loaded with malware without our knowledge. And that’s before we consider that the code we write has a tremendous value of its own and should be protected.

  • AI isn't just for the good guys anymore

    Last summer at the Black Hat cybersecurity conference, the DARPA Cyber Grand Challenge pitted automated systems against one another, trying to find weaknesses in the others' code and exploit them.

    "This is a great example of how easily machines can find and exploit new vulnerabilities, something we'll likely see increase and become more sophisticated over time," said David Gibson, vice president of strategy and market development at Varonis Systems.

    His company hasn't seen any examples of hackers leveraging artificial intelligence technology or machine learning, but nobody adopts new technologies faster than the sin and hacking industries, he said.

    "So it's safe to assume that hackers are already using AI for their evil purposes," he said.

  • MongoDB And Open Source: Super-Sized Vulnerability? [Ed: TopSpin Security is spinning and lying. MongoDB didn’t have a vulnerability, it was the fault of bad setup.]

OpenSUSE Web Site Cracked, Tumbleweed Update

Filed under
Security
Web
SUSE

Security Leftovers

Filed under
Security
  • Security advisories for Monday
  • There are no militant moderates in security
  • Exploit for Windows DoS zero-day published, patch out on Tuesday?
  • Ransomware Attack Left DC Police Surveillance Blind Shortly Before The Innauguration

    Once exclusively the domain of hospitals with comically-bad IT support, crippling ransomware attacks are increasingly beginning to impact essential infrastructure. Just ask the San Francisco MTA, whose systems were shut down entirely for a spell last fall after a hacker (with a long history of similar attacks) managed to infiltrate their network, forcing the MTA to dole out free rides until the threat was resolved. Or you could ask the St. Louis public library network, which saw 16 city branches crippled last month by a bitcoin-demanding intruder.

    We've also seen a spike in ransomware attacks on our ever-expanding surveillance and security apparatus, DC Police acknowledging this week that 70% of the city's surveillance camera DVRs were infected with malware. The infection was so thorough, DC Police were forced to acknowledge that city police cameras were unable to record much of anything during a three day stretch last month...

  • Hackers hit D.C. police closed-circuit camera network, city officials disclose

    Hackers infected 70 percent of storage devices that record data from D.C. police surveillance cameras eight days before President Trump’s inauguration, forcing major citywide reinstallation efforts, according to the police and the city’s technology office.

  • Network protection laws 'may have opposite effect'

    Laws that have been proposed by the Australian Government to guard communications networks and businesses from cyber attack and sabotage may have the opposite effect from that intended, a coalition of industry groups has warned.

    The warning came jointly from the Australian Industry Group, the Australian Information Industry Association, the Australian Mobile Telecommunications Association and Communications Alliance in a submission to the Parliamentary Joint Committee on Intelligence and Security.

  • Russians Engineer a Brilliant Slot Machine Cheat—And Casinos Have No Fix

    In early June 2014, accountants at the Lumiere Place Casino in St. Louis noticed that several of their slot machines had—just for a couple of days—gone haywire. The government-approved software that powers such machines gives the house a fixed mathematical edge, so that casinos can be certain of how much they’ll earn over the long haul—say, 7.129 cents for every dollar played. But on June 2 and 3, a number of Lumiere’s machines had spit out far more money than they’d consumed, despite not awarding any major jackpots, an aberration known in industry parlance as a negative hold. Since code isn’t prone to sudden fits of madness, the only plausible explanation was that someone was cheating.

    Casino security pulled up the surveillance tapes and eventually spotted the culprit, a black-haired man in his thirties who wore a Polo zip-up and carried a square brown purse. Unlike most slots cheats, he didn’t appear to tinker with any of the machines he targeted, all of which were older models manufactured by Aristocrat Leisure of Australia. Instead he’d simply play, pushing the buttons on a game like Star Drifter or Pelican Pete while furtively holding his iPhone close to the screen.

  • SSL or IPsec: Which is best for IoT network security?

    Internet of Things (IoT) devices are soon expected to outnumber end-user devices by as much as four to one. These applications can be found everywhere—from manufacturing floors and building management to video surveillance and lighting systems.

  • The barriers to using IoT in healthcare: What's stopping the Internet of Things from transforming the industry?

    Big things are expected of the Internet of Things (IoT) in a plethora of industries, and healthcare is no exception. The market is poised to reach $117 billion by 2020 according to business intelligence company MarketResearch.com.

    IoT covers a broad spectrum of interconnected devices communicating across the net that together can have benefits for the treatment of patients, the workloads of practitioners, and the wealth of the nation.

Syndicate content

More in Tux Machines

Digital audio and video editing in GNU/Linux

  • Linux Digital Audio Workstation Roundup
    In the world of home studio recording, the digital audio workstation is one of the most important tools of the trade. Digital audio workstations are used to record audio and MIDI data into patterns or tracks. This information is then typically mixed down into songs or albums. In the Linux ecosystem, there is no shortage of Digital audio workstations to chose from. Whether you wish to create minimalist techno or full orchestral pieces, chances are there is an application that has you covered. In this article, we will take a brief look into several of these applications and discuss their strengths and weaknesses. I will try to provide a fair evaluation of the DAWs presented here but at the end of the day, I urge you to try a few of these applications and to form an opinion of your own.
  • Shotcut Video Editor Available As A Snap Package [Quick Update]
    Shotcut is a free, open source Qt5 video editor developed on the MLT Multimedia Framework (it's developed by the same author as MLT), available for Linux, Windows and Mac. Under the hood, Shotcut uses FFmpeg, so it supports many audio, video and image formats, along with screen, webcam and audio capture. The application doesn't require importing files, thanks to its native timeline editing. Other features worth mentioning are multitrack timeline with thumbnails and waveforms, 4k resolution support, video effects, as well as a flexible UI with dockable panels.
  • Simple Screen Recorder Is Now Available as a Snap App
    Simple Screen Recorder, a popular screen recording app for Linux desktops, is now available to install as a Snap app from the Ubuntu Store.

Kernel News: Linux 4.10 in SparkyLinux, Wayland 1.13.0, and Weston 2.0 RC2

  • Linux Kernel 4.10 Lands in SparkyLinux's Unstable Repo, Here's How to Install It
    The trend of offering users the most recent Linux kernel release continues today with SparkyLinux, an open-source, Debian-based distribution that always ships with the latest GNU/Linux technologies and software versions. SparkyLinux appears to be the third distro to offer its users the ability to install the recently released Linux 4.10 kernel, after Linux Lite and Ubuntu, as the developers announced earlier that the Linux kernel 4.10 packages are now available from the unstable repository.
  • Wayland 1.13.0 Display Server Officially Released, Wayland 1.14 Lands in June
    Bryce Harrington, a Senior Open Source Developer at Samsung, announced today the release and general availability of the Wayland 1.13.0 for GNU/Linux distributions that already adopted the next-generation display server.next-generation display server. Wayland 1.13.0 has entered development in the first days of the year, but the first Alpha build arrived at the end of January, along with the Alpha version of the Weston 2.0 compositor, including most of the new features that are present in this final release that you'll be able to install on your Linux-based operating systems in the coming days.
  • Weston 2.0 RC2 Wayland Compositor Arrives With Last Minute Fixes
    While Wayland 1.13 was released today, Bryce Harrington today opted against releasing the Weston 2.0 reference compositor and instead issue a second release candidate. Weston 2.0 is the next version of this "playground" for Wayland compositor technologies since the new output configuration API had broke the ABI, necessitating a break from the same versioning as Wayland.
  • [ANNOUNCE] weston 1.99.94

KDE Leftovers

  • Fedora 25 KDE: disappointing experience
    Fedora is not a frequent guest on the review deck of Linux notes from DarkDuck blog. The most recent review was of Fedora 22 back in July 2015. That was a review of the GNOME version, the most native for Fedora. You are probably aware of the tight link between the GNOME project and RedHat, the Fedora Project main sponsor.
  • [Video] Ubuntu 17.04 Unity 8 - KDE apps native on Mir
  • Plasma in a Snap?
    Shortly before FOSDEM, Aleix Pol asked if I had ever put Plasma in a Snap. While I was a bit perplexed by the notion itself, I also found this a rather interesting idea. So, the past couple of weeks I spent a bit of time here and there on trying to see if it is possible.
  • QStringView Diaries: Advances in QStringLiteral
    This is the first in a series of blog posts on QStringView, the std::u16string_view equivalent for Qt. You can read about QStringView in my original post to the Qt development mailing-list, follow its status by tracking the “qstringview” topic on Gerrit and learn about string views in general in Marshall Clow’s CppCon 2015 talk, aptly named “string_view”.
  • Making Movies with QML
    One of the interesting things about working with Qt is seeing all the unexpected ways our users use the APIs we create. Last year I got a bug report requesting an API to set a custom frame rate for QML animations when using QQuickRenderControl. The reason was that the user was using QQuickRenderControl as an engine to render video output from Qt Quick, and if your target was say 24 frames per second, the animations were not smooth because of how the default animation driver behaves. So inspired by this use case I decided to take a stab at creating such an example myself.
  • How to Create a Look and Feel Theme
  • United Desktop Theme for KDE Plasma 5.9
  • KDE Talks at FOSDEM
    The continuation of the original talk from Dirk Hohndel and Linus Torvalds about the port of Subsurface from Gtk to Qt, now with mobile in mind.

SteamVR for Linux, Benchmarks of HITMAN on NVIDIA

  • SteamVR for Linux is now officially in Beta
    Valve have put up SteamVR for Linux officially in Beta form and they are keen to stress that this is a development release. You will need to run the latest Steam Beta Client for it to work at all, so be sure to opt-in if you want to play around with it.
  • Valve Publishes A SteamVR Developer Build For Linux
    Valve has begun rolling out their SteamVR Linux support by announcing today a beta/developer build of their VR support for Linux. Valve's SteamVR for Linux page was updated today to reflect the build becoming public via the Steam beta channel, "This is a development release. It is intended to allow developers to start creating SteamVR content for Linux platforms. Limited hardware support is provided, and pre-release drivers are required. Linux support is currently only available in the "beta" branch, make sure you are using SteamVR[beta] before reporting issues."
  • HITMAN Linux Benchmarks On 12 NVIDIA GPUs
    Last week Feral Interactive released the much anticipated port of HITMAN for Linux. While at first it didn't look like this Linux game port would work out for our benchmarking requirements, thanks to Feral it does indeed work for another interesting Linux gaming test perspective. For our initial HITMAN Linux benchmarks are tests from 12 NVIDIA GeForce GPUs while our Radeon tests will come tomorrow.