Language Selection

English French German Italian Portuguese Spanish

Security

Shuttleworth Explains Why Open Source is More Secure than Closed Source [VIDEO]

Filed under
Security
Ubuntu

In 2014, open source technology came under a heavy barrage of criticism as a result of high-profile security vulnerabilities. Mark Shuttleworth, the founder of Ubuntu Linux and its lead commercial sponsor Ubuntu, has a very different view and remains a stalwart defender of the open source model for software development and security.

In a video interview with Datamation, Shuttleworth details his view on open-source security as Ubuntu Linux celebrates its 10th anniversary.

In 2014, the Heartbleed vulnerability in the open source OpenSSL cryptographic library had wide ranging impact. OpenSSL is widely deployed on servers, VPNs and even mobile devices and it took some time for vendors and users to get systems and devices patched.

"We have a big responsibility to proactively make sure that the system is as robust in the face of inevitable flaws as it can be," Shuttleworth said.

Read more

Open Source Privacy Tools NSA Can't Crack: OTR, PGP, RedPhone, Tor And Tails

Filed under
OSS
Security

In a recent talk at the Chaos Communication Congress, Jacob Appelbaum, who is a core member of the Tor Project and is now working with Der Spiegel and Laura Poitras to analyze the Snowden documents, unveiled some documents showing which tools NSA couldn't crack.

Read more

Believe It or Not, Boeing's Super-Secure Android Smartphone Comes With the Best of BlackBerry

Filed under
Android
Security

As it turns out, Boeing might actually be BlackBerry's best friend right now. You see, the ultra-secure Boeing Black handset will come with support for BlackBerry's BES 12 device management service. It's not much of a stretch to assume the Boeing Black might also feature BlackBerry's hallmark secure messaging system.

Read more

Old FOSS Friend & Foe Represents Sony in Hack

Filed under
Microsoft
Security
Legal

Boies, along with three attorneys representing the States, brought Microsoft to it’s knees — or so it seemed at the time.

On November 5, 1999, Judge Thomas Penfield Jackson found that Windows dominance on the PC made the company a monopoly and that the company had taken illegal actions against Apple, Java, Netscape, Lotus Notes, RealNetworks, Linux, and others in order to maintain that monopoly. He ordered Microsoft broken in two, with one company producing Windows and another handling all other Microsoft software.

As we all know, Judge Jackson’s solution was never implemented.

Although an appeals court upheld the verdict against Redmond, the breakup of the company was overturned and sent back to the lower court for a review by a new judge. Two years later, in September, 2001, under the Bush Administration, the DOJ announced that it was no longer seeking the breakup of Microsoft, and in November reached a settlement which California, Connecticut, Iowa, Florida, Kansas, Minnesota, Utah, Virginia and Massachusetts opposed.

The settlement basically required Microsoft to share its APIs and appoint a three person panel that would have complete access to Microsoft’s systems, records, and source code for five years. The settlement didn’t require Microsoft to change any code or stop the company from tying additional software with Windows. Additionally, the DOJ did not require Microsoft to change any of its code.

Read more

You should be running a pfSense firewall

Filed under
Security
BSD

Those of us who work in the depths of high technology are not immune to the age-old adage of the shoemaker’s children having no shoes. We probably have the most technologically advanced homes of anyone we know, but we also tend to leave various items alone if they’re not causing problems. After all, that’s what we deal with at work. Who needs to saddle themselves with network upgrade projects at home when nothing’s broken?

Read more

Ubuntu 14.10 (Utopic Unicorn) Gets Linux Kernel Regression Fix

Filed under
Security
Ubuntu

A Linux kernel regression for Ubuntu 14.10 (Utopic Unicorn) has been identified by Canonical and the developers have issued a patch that should be available through regular channels.

Read more

The Grinch That Tried to Exploit Linux

Filed under
Linux
Security

The Grinch flaw was reported by Stephen Cody, chief security evangelist at Alert Logic. Cody alleges that the Grinch flaw enables users on a local machine to escalate privileges. Leading Linux vendor Red Hat, however, disagrees that the Grinch issue is even a bug and instead notes in a Red Hat knowledge base article that the Grinch report "incorrectly classifies expected behavior as a security issue."

Read more

Git 2.2.1 Released To Fix Critical Security Issue

Filed under
Development
OSS
Security

Today's Git vulnerability affects those using the Git client on case-insensitive file-systems. On case-insensitive platforms like Windows and OS X, committing to .Git/config could overwrite the user's .git/config and could lead to arbitrary code execution. Fortunately with most Phoronix readers out there running Linux, this isn't an issue thanks to case-sensitive file-systems.

Read more

How Linux containers can solve a problem for defense virtualization

Filed under
GNU
Linux
Security

As the virtualization of U.S. defense agencies commences, the technology’s many attributes—and drawbacks—are becoming apparent.

Virtualization has enabled users to pack more computing power in a smaller space than ever before. It has also created an abstraction layer between the operating system and hardware, which gives users choice, flexibility, vendor competition and best value for their requirements. But there is a price to be paid in the form of expensive and cumbersome equipment, software licensing and acquisition fees, and long install times and patch cycles.

Read more

Linux Malware vs Phishing Schemes

Filed under
GNU
Linux
Security

For years now, we’ve been told about the dangers of how various types of malware like worms and other threats were going to catch the growing Linux user base off guard. As of the year 2014, nothing remotely close to this has happened. Malware exists, but for desktop Linux users, it’s a non-issue.

Despite this fact, there continues to be rumors that malware "could" affect desktop Linux users. It seems the mere "threat" holds greater proof of concept than the reality that no one is actually seeing malware threats on their Linux desktop.

In this article, I’ll examine current threats to the Linux desktop and explain why I believe phishing is far more dangerous to most Linux users than malware.

Read more

Syndicate content

More in Tux Machines

Android Leftovers

  • 1B Android phones shipped in 2014, but they don’t all help Google
    When Android first arrived in 2007, it was (and still is) a key part of the OHA, or Open-Handset Alliance. OHA partners — which include Samsung, LG, Dell, HTC, Huawei and ZTE, to name a few — all loosely work together to help improve Android, while competing against one another by using Android on their respective hardware products. Android is the commonality between all of the OHA partners. And then there’s Google.
  • Android beats iOS for app downloads, but revenues are still a different story
    There are plenty of caveats to this line of reasoning, though. First, Google Play is not the only Android app store – Amazon and Samsung run their own stores, while in countries like China there are dozens of stores offering Android apps.
  • HTC One M8 Android 5.0 Lollipop Update: What U.S. Owners Can Expect
    When Google announced Android 5.0 Lollipop back in October many smartphone owners like those with the HTC One or HTC One M8 instantly started waiting for details regarding the Android 5.0 Lollipop update. It has arrived for a few devices already, including the HTC One and HTC One M8 Google Play Edition handsets, but below we’ll go over what regular HTC One owners need to know about the Android 5.0 update.
  • Samsung Galaxy S4 Updated To The Android Lollipop 5.0 OS
    The Android Lollipop 5.0 update is finally available for the Samsung S4. The operating system is also available for the Samsung Galaxy S5, Note 4, Note 3, and Note Edge. Samsung Galaxy and Note users will be happy to hear that the long waited update is coming in the near future. But should Galaxy S4 users take advantage of the Android Lollipop update?
  • Don’t wait for Android 5.0, this app makes your phone look like Lollipop for free
    Android 5.0 Lollipop is a huge upgrade for Google’s mobile operating system. The only problem with it, of course, is that it’s only available for a handful of devices. Most Android smartphone users still have plenty more waiting to do before Lollipop is finally available for their handset, but now there’s a terrific app that will make your older version of Android look just like Lollipop — and it’s free!
  • Is this Apple’s secret weapon that could force Android users to buy an iPhone?
    There are many reasons why Android users switch to iPhone, and vice-versa, but Apple may have a secret (or not-so-secret) weapon that could pressure some Android fans to considering a move to the other side. No, it’s not Apple Pay, an exclusive iPhone 6 feature that’s heavily marketed by various banks in the U.S., further helping Apple market its 2014 iPhones. It’s actually a stock iOS app that has been hiding in plain sight for years.
  • Android 5.0.2 Lollipop Problems Frustrating Nexus Users
    Google rolled out its Android 5.0.2 Lollipop update to fix Nexus Lollipop problems. And while it did fix some of the bigger issues, Android 5.0.2 Lollipop problems continue to frustrate Nexus users.

Libreboot X200 laptop now FSF-certified to respect your freedom

This is the second Libreboot laptop from Gluglug (a project of Minifree, Ltd.) to achieve RYF certification, the first being the Libreboot X60 in December 2013. The Libreboot X200 offers many improvements over the Libreboot X60, including a faster CPU, faster graphics, 64-bit GNU/Linux support (on all models), support for more RAM, higher screen resolution, and more. The Libreboot X200 can be purchased from Gluglug at http://shop.gluglug.org.uk/product/libreboot-x200/. Read more

Ubuntu 15.04 Now Based on Linux Kernel 3.18.4, Devs Are Tracking the 3.19 Branch

A new Linux kernel has been made available for Ubuntu 15.04 (Vivid Vervet) and the developers are also tracking the current 3.19 branch of the kernel, which will eventually be adopted after it reaches a stable state. Read more

Ubuntu Users See Private, Hybrid Cloud Expansion

Canonical, the company behind the open source cross-platform operating system Ubuntu, released its annual cloud and server survey this week that seeks to cast more light on the makeup of cloud infrastructure, how it is managed, and what is driving cloud adoption. Canonical said it surveyed 3,100 customers, most of whom are Ubuntu server and cloud users, about the makeup of their cloud infrastructure and how it is being used. Read more