Security

ID theft, vulnerabilities, privacy issues, etc

Notable Penetration Test Linux distributions of 2014

Filed under
GNU
Linux
Security

A penetration test, or the short form pentest, is an attack on a computer system with the intention of finding security weaknesses, potentially gaining access to it, its functionality and data. A Penetration Testing Linux is a special built Linux distro that can be used for analyzing and evaluating security measures of a target system.

Read more

Silent Circle secures $30 million in funding to expand Blackphone production

Filed under
Android
Security

Private communications firm Silent Circle has secured $30 million in funding to cope with demand for the privacy-based Blackphone, as well as expand operations globally.

Read more

Security's future belongs to open source

Filed under
OSS
Security

The proof that open source, properly applied, is available. Studies, such as the one recently done by Coverity, have found that open-source programs have fewer errors per thousand lines of code than its proprietary brothers. And, it's hard to ignore the Communications-Electronics Security Group (CESG), the group within the UK Government Communications Headquarters (GCHQ) that assesses operating systems and software for security issues, when they said that that while no end-user operating system is as secure as they'd like it to be, Ubuntu 12.04 is the most secure desktop.

On the other hand, the mere existence of Microsoft's monthly Patch Tuesday says everything most of us need to know about how "secure" proprietary software is. I also can't help noticing how every time Microsoft releases a new version of Internet Explorer (IE), they always claim it's the most secure ever. And, then, a new hole is found, and guess what, that same security hole is in every version of IE from IE 6 to IE 11. If IE really were being rewritten to make it secure why are the same holes showing up In Every Version??

Read more

Spyware Driver Notification in Ubuntu Shows Just How Vulnerable Windows Really Is

Filed under
Microsoft
Security
Ubuntu

The biggest problem with any Windows operating system is the security, whether it's about viruses or back doors, and this spyware “message” in a Linux system about Windows drivers shows just how much of a problem security is for Microsoft's OS.

Read more

Tails 1.0 review – total privacy

Filed under
Reviews
Security
Debian

Tails has been a curiosity to us for a while now, long before Snowden made it known to the mainstream. Cropping up every now and then on Distrowatch, we acknowledged that it existed and its list of features seemed to convey that the team knew what they were doing in constructing an ultra-secure and privacy-driven Linux distro. Now post-Snowden and Heartbleed, with the need for journalists and whistleblowers to have true internet privacy, we’ve come to see Tails as a necessity in the changing tech world.

Read more

Tails: An essential distro or an accessory to compliment a tin foil hat for the average user?

Filed under
Security
Debian

For those that don’t know, Tails offers complete privacy (or close to) by way of Tor, its a Debian based distro provided as a bootable image and the idea is you place it on a USB or DVD so that when you turn off the machine, no data is stored locally. Whilst the distro is aimed at the “mainstream average user” I cannot see any other user having issues configuring or indeed using any other distro (with the correctly installed tools) to do exactly the same thing.

You’ve got OpenOffice, GIMP, Audacity included for your other needs and they don’t need any further explanation.

Read more

Our privacy is interdependent

Filed under
Android
Security

Last week I gave a presentation at CommonsFest in the spirit of my Free Your Android post, trying to educate people on simple steps they can make to have better privacy on their mobile devices.

A couple of days before my presentation I watched this great speech from Jillian York and Jacob Appelbaum (please go and watch this). At some point Jacob mentions that "our security is interdependent".

Read more

Is Desktop Linux Secure?

Filed under
GNU
Linux
Security

Considering that security suites aren’t commonly used with Linux on the desktop, this is a legitimate question and worthy of being answered in depth. In this article, I’ll look at how malware affects the Linux community, what vulnerabilities often get ignored and what you should do about it.

Read more

Security pioneer Alan Solomon uses Linux to avoid viruses

Filed under
GNU
Linux
Security

Alan Solomon, creator of Dr Soloman's Antivirus, has admitted to using Linux to avoid viruses rather than try to combat them on Windows.

His comments come after Symantec's Brian Dye estimated that antivirus systems do not even catch half of cyber attacks.

Writing of his decision on his blog, Solomon said: "There doesn't seem to be much malware for Linux. I don't know why. Some say it's because Linux's security is better, some say it's because fewer people use it. I'm not really bothered."

Read more

Open Source Android ALYT Security And Smart Home Manager (video)

Filed under
Android
Security

ALYT is a smart home manager that runs Google’s Android operating system and is completely open source allowing you to tailor it to your exact requirements.

ALYT has been designed to allow users to control home security systems as well as energy usage, entertainment systems as well as providing home automation via an Android powered smartphone or tablet device. Check out the video after the jump to learn more about this new and innovative smart home management system.

Read more

OpenBSD Affirms That LibreSSL Will Be Portable

Filed under
Security
BSD

In the fallout from the OpenSSL heartbleed bug, OpenBSD developers forked OpenSSL into LibreSSL. Initially the only supported platform for LibreSSL was OpenBSD, but the BSD developers are pushing harder now for platform portability.

Read more

Put portable pwning power in your pocket with the Pwn Phone

Filed under
Android
Linux
Security

Mobile technology has made it possible for people to do an amazing amount with tablets and smartphones within the workplace—including hacking the living daylights out of the corporate network and other people’s devices. Pwnie Express is preparing to release a tool that will do just that. Its Pwn Phone aims to help IT departments and security professionals quickly get a handle on how vulnerable their networks are in an instant. All someone needs to do is walk around the office with a smartphone.

Pwnie Express’ Kevin Reilly gave Ars a personal walk-through of the latest Pwn Phone, the second generation of the company’s mobile penetration testing platform. While the 2012 first-generation Pwn Phone was based on the Nokia N900 and its Maemo 5 Linux-based operating system, the new phone is based on LG Nexus 5 phone hardware. However, it doesn’t exactly use Google’s vanilla Android.

Read more

The oRouter Is A Tor-Powered Linux Box That Secures Your Internet Connection

Filed under
Linux
Security

Longtime TechCrunch Disrupt NY hackathon participants, Kay Anar and Gilad Shai showed off their hardware hack today called the “oRouter” – a Linux-powered, Raspberry Pi-like computer offering secure Wi-Fi access via the Tor network. The idea is to offer an affordable alternative to downloading the Tor software to your computer, as well as a way to more easily connect to Tor over mobile devices like an iPhone.

Read more

Android home automation hub focuses on security

Filed under
Android
Security

The Android-based “ALYT” home automation system supports numerous wireless protocols, and offers self-learning algorithms and advanced security functions.

Read more

Designing a Prize for Usable Cryptography

Filed under
OSS
Security

To that end, EFF is evaluating the feasibility of offering a prize for the first usable, secure, and private end-to-end encrypted communication tool. We believe a prize based on objective usability metrics (such as the percentage of users who were able to install and start using the tool within a few minutes, and the percentage who survived simulated impersonation or man-in-the-middle attacks) might be an effective way to determine which project or projects are best delivering communication security to vulnerable user communities; to promote and energize those tools; and to encourage interaction between developers, interaction designers and academics interested in this space.

Read more

Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware and The Linux Foundation Form New Initiative to Support Critical Open Source Projects

Filed under
OSS
Security

“We are expanding the work we already do for the Linux kernel to other projects that may need support,” said Jim Zemlin, executive director of The Linux Foundation. “Our global economy is built on top of many open source projects. Just as The Linux Foundation has funded Linus Torvalds to be able to focus 100% on Linux development, we will now be able to support additional developers and maintainers to work full-time supporting other essential open source projects. We are thankful for these industry leaders’ commitment to ensuring the continued growth and reliability of critical open source projects such as OpenSSL.”

Read more

OpenBSD forks, prunes, fixes OpenSSL

Filed under
Security
BSD

OpenSSL is the dominant SSL/TLS library on the Internet, but has suffered significant reputation damage in recent days for the Heartbleed bug. The incident has revived criticism of OpenSSL as a poorly-run project with source code that is impenetrable and documented, where it is at all documented, badly and inaccurately.

Read more

Easter egg: DSL router patch merely hides backdoor instead of closing it

Filed under
Hardware
Security
Legal

First, DSL router owners got an unwelcome Christmas present. Now, the same gift is back as an Easter egg. The same security researcher who originally discovered a backdoor in 24 models of wireless DSL routers has found that a patch intended to fix that problem doesn’t actually get rid of the backdoor—it just conceals it. And the nature of the “fix” suggests that the backdoor, which is part of the firmware for wireless DSL routers based on technology from the Taiwanese manufacturer Sercomm, was an intentional feature to begin with.

Back in December, Eloi Vanderbecken of Synacktiv Digital Security was visiting his family for the Christmas holiday, and for various reasons he had the need to gain administrative access to their Linksys WAG200G DSL gateway over Wi-Fi. He discovered that the device was listening on an undocumented Internet Protocol port number, and after analyzing the code in the firmware, he found that the port could be used to send administrative commands to the router without a password.

After Vanderbecken published his results, others confirmed that the same backdoor existed on other systems based on the same Sercomm modem, including home routers from Netgear, Cisco (both under the Cisco and Linksys brands), and Diamond. In January, Netgear and other vendors published a new version of the firmware that was supposed to close the back door.

Read more

Oracle updates users on Heartbleed progress

Filed under
Red Hat
Server
Security

The Heartbleed fallout continues, but enterprise customers can draw some comfort from the fact that the companies that keep them in software are clearly as concerned as they are. For example, Oracle Corp. has announced mostly good, some bad and a bit of ugly news when it comes to security holes in its products.

Read more

Safety you can bank on: Chromebook, Linux, phone

Filed under
GNU
Linux
Security

If you're not deterred by learning strange software, you can save hundreds of dollars by downloading a copy of the open-source Linux operating system and burning it to a CD or copying it to a flash drive. As security journalist Brian Krebs explained in the summer of 2012, you can pop that into your Windows PC, boot the machine off it, and go online insulated from whatever might lurk in your copy of Windows.

(In that post, Krebs endorsed a version of Linux with the charming name Puppy Linux; I usually recommend a different variety called Ubuntu, but the differences don't amount to much in this context.)

Using Linux just for online banking also insulates you from most of its potential complexity: You're only running a browser.

But if installing new apps in Windows already fills you with dread, or the thought of picking one version of Linux out of dozens makes your head hurt, spend money instead of time. A Chromebook just might work — and might be all the computer you needed in the first place.

Read more

Syndicate content