Language Selection

English French German Italian Portuguese Spanish

Security

Kali Linux Literature

Filed under
GNU
Linux
Security
  • Migrating from Kali Linux 2 to Kali Linux 2016.1

    The first edition of Kali Linux Rolling, Kali 2016.1, was released more than a week ago. It marks the end of Kali Linux 2 and the beginning of a new release regime.

    It’s still based on Debian Testing, so existing users don’t have to do anything special but run a few commands to upgrade from Kali Linux 2 to Kali Linux 2016.1. Aside from installation images for the GNOME 3 desktop, there are also installation images for the Light edition, which uses the Xfce desktop environment. And there are also ARM installation images.

  • Kali Linux Cookbook eBook - $24 value, now free!

Lexumo Lands $4.89 Million Seed Round To Help Ensure Open Source Code Security

Filed under
OSS
Security

What has Lexumo created to warrant that kind of financial attention? It indexed all of the open source code in the world and created a cloud security service aimed at helping companies using open source code inside embedded systems or enterprise software. These groups can submit their code to the Lexumo service and it checks for any known security vulnerabilities. What’s more, it will then continuously monitor the code for updates and inform developers when one is available.

Read more

Security Leftovers

Filed under
Security
  • Forcing out bugs with stress-ng

    I've also tried to make stress-ng portable, so it can build fine on GNU/Hurd and Debian kFreeBSD (with Linux specific tests not built-in of course). It also contains some architecture specific features, such as handling the data and instruction cache as well as the x86 rdrand instruction and cache line locking. If there are any ARM specific features than can be stressed I'd like to know and perhaps implement stressors for them.

  • OpenSSH and the dangers of unused code

    Unused code is untested code, which probably means that it harbors bugs—sometimes significant security bugs. That lesson has been reinforced by the recent OpenSSH "roaming" vulnerability. Leaving a half-finished feature only in the client side of the equation might seem harmless on a cursory glance but, of course, is not. Those who mean harm can run servers that "implement" the feature to tickle the unused code. Given that the OpenSSH project has a strong security focus (and track record), it is truly surprising that a blunder like this could slip through—and keep slipping through for roughly six years.

  • Why Is Usable Security Hard, and What Should We Do about it?
  • Linux-Based Botnets Accounted for More than Half of DDoS Attacks in Q4 2015

IPFire 2.17 Open Source Linux Firewall OS Gets OpenSSL 1.0.2f and OpenSSH 7.1p2

Filed under
OSS
Security

The IPFire development team announced last evening the immediate availability for download or update of the IPFire 2.17 Core Update 97 Linux kernel-based firewall distribution.

Read more

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Critical OpenSSL Patch Available. Patch Now!

    All versions of OpenSSL are vulnerable to CVE-2014-0195, but this vulnerability only affects DTLS clients or servers (look for SSL VPNs... not so much HTTPS).

  • Linux Trojan That Takes Screenshots and Records Audio Has a Windows Brother

    The Linux trojan that spied on users by taking screenshots of their desktop has now a Windows variant, as Kaspersky's security team has found out.

    The trojan, first discovered by Dr.Web and named Linux.Ekocms, and later also identified by Sophos as Linux/Mokes-A, and then by Kaspersky as Backdoor.Linux.Mokes.a, has caused some stir in the Linux community because it was one of the first spyware threats detected in the wild on the platform.

10 Best Operating Systems For Ethical Hacking And Penetration Testing

Filed under
GNU
Linux
Security

Wondering which is the best operating system for ethical hacking and pen testing purposes? Trying to solve this problem, fossBytes has prepared a list of the most efficient Linux distros for hacking purposes that you need to check out in 2016.

Read more

Tor Browser 6.0 Now in Development, Devs Switch the Guest VMs to Debian Wheezy

Filed under
Development
Security

We reported a couple of days ago that the Tor Project announced the release of the Firefox-based Tor Browser 5.5 anonymous web browser for all supported platforms, but they've also published details about the first Alpha build of the next major release.

Read more

Two Outstanding All-in-One Linux Servers

Filed under
Linux
Security

The answer to this question depends on what you need. Zentyal is an amazing server that does a great job running your SMB network. If you need a bit more, such as groupware, your best bet is to go with ClearOS. If you don’t need groupware, either server will do an outstanding job.

I highly recommend installing both of these all-in-one servers to see which will best serve your small company needs.

Read more

Tor and Debian

Filed under
Security
Debian
  • Tor Browser 5.5 Gets an Official Release, Includes Tor 0.2.7.8

    The Tor Project has proudly announced the release and immediate availability for download of the first stable Tor Browser 5.5 web browser for all supported operating systems, including GNU/Linux, Mac OS X, and Microsoft Windows.

  • Tor Announces Official Release of Tor Browser 5.5 With New Features

    Tor Browser 5.5 is the first stable release in the 5.5 series of Tor. It is released for all the supported operating systems, including GNU/Linux, Mac OS X and Microsoft Windows. It is now available for download from the Tor Browser Project page along with many new features.

  • The ultra-secure Tails OS beloved by Edward Snowden gets a major upgrade

    Edward Snowden's favorite secure operating system just got a major upgrade. Version 2.0 of the Amnesic Incognito Live System, better known as Tails, rolled out recently. Tails 2.0 brings a new desktop environment, sandboxing for services via the always controversial systemd, and a new build of the Tor Browser.

  • Becoming a Debian contributor

    Over the past two months or so I have become a contributor to the Debian Project. This is something that I’ve wanted to do for a while. Firstly, just because I’ve got so much out of Debian over the last five or six years—both as a day-to-day operating system and a place to learn about computing—and I wanted to contribute something back. And secondly, in following the work of Joey Hess for the past three or four years I’ve come to share various technical and social values with Debian. Of course, I’ve long valued the project of making it possible for people to run their computers entirely on Free Software, but more recently I’ve come to appreciate how Debian’s mature technical and social infrastructure makes it possible for a large number of people to work together to produce and maintain high quality packages. The end result is that the work of making a powerful software package work well with other packages on a Debian system is carried out by one person or a small team, and then as many users who want to make use of that software need only apt-get it. It’s hard to get the systems and processes to make this possible right, especially without a team being paid full-time to set it all up. Debian has managed it on the backs of volunteers. That’s something I want to be a part of.

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

today's howtos

Leftovers: Software

  • SOGo v3.0.0 released
    After about 1.5 year of development, Inverse is extremely happy to announce the immediate availability of SOGo v3.0! This release is considered ready for production use.
  • Tupi 0.2 revision git06 (Kunumi)
    After a year without significant activity, this release has an special meaning not only because it represents the continuity of the project but our strong intention of making of Tupi a professional tool for educational and young artists communities around the world.
  • [RetroShare] Release notes for final 0.6.0
    v0.6.0 is now considered final. This post summarizes the main lines of work since the release of 0.6.0-RC2 (last june).
  • OpenShot 2.0.6 (Beta 3) Released!
  • OpenShot 2.0 Beta Is Now Available for Public Testing
    The update is the third full beta release of the revamped video editor but only the first to made available for public testing. Backers of the OpenShot crowdfunding campaign have been able to use beta builds of the hugely revamped non-linear video editor since January.
  • Atom 1.5.0 Has Been Released
    Atom is an open-source, multi-platform text editor developed by GitHub, having a simple and intuitive graphical user interface and a bunch of interesting features for writing: CSS, HTML, JavaScript and other web programming languages. Among others, it has support for macros, auto-completion a split screen feature and it integrates with the file manager.
  • HPLIP 3.16.2 Brings Support For Debian 8.3, Linux Mint 17.3 And New Printers
    As you may know, HP Linux Imaging and Printing (HPLIP) is a tool for printing, scanning and faxing for the HP printers.
  • Ixion 0.11.0
    Version 0.11.0 of the Ixion library has been just released. You can download it from the project’s home page.
  • Now You Can Use uTorrent Without Ads, Thanks To New Subscription Model
    In the past, the parent company Bittorrent Inc. has relied on an ad-based revenue model to keep uTorrent up and running, but now they have realized the need for a premium experience for the users by charging a nominal amount. Until now, bundled software that hides inside the uTorrent installation package has only consumed space on your computer. The development team is well aware of this issue and that’s why they have come up with the ad-free uTorrent.

Kernel Space: Linux, Graphics

  • Linux kernel bug delivers corrupt TCP/IP data to Mesos, Kubernetes, Docker containers
    The Linux Kernel has a bug that causes containers that use veth devices for network routing (such as Docker on IPv6, Kubernetes, Google Container Engine, and Mesos) to not check TCP checksums. This results in applications incorrectly receiving corrupt data in a number of situations, such as with bad networking hardware. The bug dates back at least three years and is present in kernels as far back as we’ve tested. Our patch has been reviewed and accepted into the kernel, and is currently being backported to -stable releases back to 3.14 in different distributions (such as Suse, and Canonical). If you use containers in your setup, I recommend you apply this patch or deploy a kernel with this patch when it becomes available. Note: Docker’s default NAT networking is not affected and, in practice, Google Container Engine is likely protected from hardware errors by its virtualized network.
  • Performance problems
    Just over a year ago I implemented an optimization to the SPI core code in Linux that avoids some needless context switches to a worker thread in the main data path that most clients use. This was really nice, it was simple to do but saved a bunch of work for most drivers using SPI and made things noticeably faster. The code got merged in v4.0 and that was that, I kept on kicking a few more ideas for optimizations in this area around but that was that until the past month.
  • Compute Shader Code Begins Landing For Gallium3D
    Samuel Pitoiset began pushing his Gallium3D Mesa state tracker changes this morning for supporting compute shaders via the GL_ARB_compute_shader extension. Before getting too excited, the hardware drivers haven't yet implemented the support. It was back in December that core Mesa received its treatment for compute shader support and came with Intel's i965 driver implementing CS.
  • Libav Finally Lands VDPAU Support For Accelerated HEVC Decoding
    While FFmpeg has offered hardware-accelerated HEVC decoding using NVIDIA's VDPAU API since last summer, this support for the FFmpeg-forked libav landed just today. In June was when FFmpeg added support to its libavcodec for handling HEVC/H.265 video decoding via NVIDIA's Video Decode and Presentation API for Unix interface. Around that same time, developer Philip Langdale who had done the FFmpeg patch, also submitted the patch for Libav for decoding HEVC content through VDPAU where supported.

Unixstickers, Linux goes to Washington, Why Linux?

  • Unixstickers sent me a package!
    There's an old, popular saying, beware geeks bearing gifts. But in this case, I was pleased to see an email in my inbox, from unixstickers.com, asking me if I was interested in reviewing their products. I said ye, and a quick few days later, there was a surprise courier-delivered envelope waiting for me in the post. Coincidentally - or not - the whole thing happened close enough to the 2015 end-of-the-year holidays to classify as poetic justice. On a slightly more serious note, Unixstickers is a company shipping T-shirts, hoodies, mugs, posters, pins, and stickers to UNIX and Linux aficionados worldwide. Having been identified one and acquired on the company's PR radar, I am now doing a first-of-a-kind Dedoimedo non-technical technical review of merchandise related to our favorite software. So not sure how it's gonna work out, but let's see.
  • Linux goes to Washington: How the White House/Linux Foundation collaboration will work
    No doubt by now you've heard about the Obama Administration's newly announced Cybersecurity National Action Plan (CNAP). You can read more about it on CIO.com here and here. But what you may not know is that the White House is actively working with the Linux and open source community for CNAP. In a blog post Jim Zemlin, the executive director of the Linux Foundation said, “In the proposal, the White House announced collaboration with The Linux Foundation’s Core Infrastructure Initiative (CII) to better secure Internet 'utilities' such as open-source software, protocols and standards.”
  • Why Linux?
    Linux may inspire you to think of coders hunched over their desks (that are littered with Mountain Dew cans) while looking at lines of codes, faintly lit by the yellow glow of old CRT monitors. Maybe Linux sounds like some kind of a wild cat and you have never heard the term before. Maybe you have use it every day. It is an operating system loved by a few and misrepresented to many.