Language Selection

English French German Italian Portuguese Spanish

Security

Does Your Wi-Fi Hotspot Have an Evil Twin?

Filed under
Security

Identity thieves are going wireless in their quest to steal your personal info.

You may want to think twice before logging into a public wireless hotspot. Sure, grabbing a few minutes of connectivity is convenient, but identity thieves are discovering that, through "evil twin" attacks, hotspots are a great way to steal unsuspecting users' private information. So how does an evil twin attack work?

Report finds surge in on-line attacks

Filed under
Security

Internet attacks on businesses and other organizations increased by about 28 per cent in the second half of 2004 compared with the first six months of the year, and hackers are setting their sights on the rapidly emerging mobile-computing market, warns a report on Internet security to be released Monday.

US Advisory panel recommends more federal R&D spending

Filed under
Security

The Presidential IT Advisory Committee (PITAC) has recommended the federal government sharply increase its spending on cybersecurity R&D and shift the focus to fundamental, long-term solutions to security challenges.

"The IT infrastructure is highly vulnerable to premeditated attacks with potentially catastrophic effects," PITAC warned in a letter submitting the report, titled Cyber Security: A Crisis in Prioritization, to the president. "These vulnerabilities put the nation's entire critical infrastructure at risk."

The strange decline of computer worms

Filed under
Security

Although windows-centric, theregister has published an article on the lessening numbers of "Slammer-style worms". They attribute this decline to "the widespread use of XP SP2 and greater use of personal firewall" rendering "worms far less potent in the same way that boot sector viruses died out with Windows 95 and the introduction of Office 2000 made macro viruses far less common."

Linux Kernel Multiple Vulnerabilities

Filed under
Security

secunia.com has published "some vulnerabilities have been reported in the Linux kernel. One has an unknown impact, and the others can be exploited to cause a DoS (Denial of Service) and potentially compromise a vulnerable system."

Have hackers recruited your PC?

Filed under
Security

BBC news has posted an article relating a study "by security researchers who have spent months tracking more than 100 networks of remotely-controlled machines. They discovered 'bot nets [were]used to launch 226 distributed denial-of-service attacks on 99 separate targets.'"

KDE DCop DoS Vulnerability prior to 3.4

Filed under
KDE
Security

Sebastian Krahmer has reported a vulnerability in KDE, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the authentication process in the DCOP (Desktop Communication Protocol) daemon dcopserver. This can be exploited to lock the dcopserver for arbitrary local users. Successful exploitation may result in decreased desktop functionality for the affected user.

The vulnerability has been reported in versions prior to 3.4.

Solution: Upgrade to KDE 3.4 or apply patch.

Click for more information and links to patches.

Original information on dot.kde.org.

US cyber-security 'nearly failing'

Filed under
Security

Cyber-security in the US is "nearly failing" and has been given a "must try harder" D+ rating by the Federal government.

The US Office of Management and Budget set forth cyber-security standards in the Federal Security Management Act 2002, encouraging federal agencies to tighten their IT systems.

Windows Media Player Digital Rights Management Spy

Filed under
Microsoft
Security

This is something really nasty in the XP filing system... it's in Windows Media Player, and it not only has all the information about Digital Rights Management, it also has all the information about your local police force..... QED... Not only is microsoft spying on you, they are also telling the cops what you have got on your system....

US DHS buys more name analysis tools

Filed under
Security

The Homeland Security Department's Customs and Border Protection agency, an arm of the Border and Transportation Security Directorate, has signed a sole-source contract with Language Analysis Systems Inc. of Herndon, Va., for additional software to help analyze names of people.

The software is particularly useful in winnowing the names of terrorists out of lists of passengers or other data sources.

Syndicate content

More in Tux Machines

OSS Leftovers

  • 20 Most Promising Open Source Solution Providers - 2017
    Open source has become an imperative part of every developer’s arsenal. The potential to gather assistance from the community and the capacity to link into a range of systems and solutions make open source incredibly powerful. As open source software becomes ubiquitous, and used by the vast majority of enterprises throughout the world, 2017 is all set for vendors of application delivery controller (ADC) to start providing improved and tighter integration packages for various open source projects, especially surrounding ADC-generated telemetry. Companies have been extensively using their analytics and machine learning capabilities for quite some time to identify actionable patterns from the collected data. With the rising demand for business intelligence, this year is foreseen to be the year of information superiority with businesses, leveraging data as a key differentiator. In the past couple of years, containers have been emerging as an imminent trend. As the business focus starkly shifts on rightsizing of resources, containers are expected to become a common phenomenon, giving businesses the ability to leverage highly portable assets and make the move into micro services much simpler. Adjacently, automation has become essential now. Mostly intensified by DevOps adoption, the automation of software delivery and infrastructure changes have freed developers to spend more time creating and less time worrying about infrastructure.
  • DevOps pros and open source: Culturally connected
    Like chocolate and peanut butter, DevOps and open source are two great tastes that taste great together. For many DevOps pros, it's the perfect cultural and technical match.
  • Interoperability: A Case For Open Source - GC@PCI Commentary
    He continues: “An open source model allows companies to see the assumptions behind the calculation and lowers the cost of entry into the cat modeling business. More importantly, the standardized and interoperable hazard, vulnerability and financial modules included in a true open source model facilitate the collaboration of data from insurers, reinsurers, entrepreneurs, scientists, computer programmers and individuals, all of which may result in a new generation of cat models.”
  • DevOps Skills Are Key to Collaboration within Organizations
    DevOps is one of the most highly sought skills employers are seeking to fill among 57 percent of respondents in the 2017 Open Source Jobs Report, from Dice and The Linux Foundation. Specifically, firms are looking for developers (73 percent) and DevOps engineers (60 percent).
  • Projects You Can Help With For Advancing Open-Source NVIDIA "Nouveau" Graphics
    Longtime Nouveau contributor Karol Herbst has been working on an updated list of project ideas for new contributors or those that may be wanting to participate in an Endless Vacation of Code / Google Summer of Code.
  • Join The Linux Foundation at Open Source Summit EU for Booth Swag, Project Updates, and More
    Going to Open Source Summit EU in Prague? While you’re there, be sure stop by The Linux Foundation training booth for fun giveaways and a chance to win one of three Raspberry Pi kits.
  • Oracle Promises To Open Source Oracle JDK And Improve Java EE
    Oracle had already announced it would be moving Java EE to the Eclipse Foundation, and the announcements at JavaOne move the language further to a more vendor-neutral future. It's worth noting that the keynote was preceded by a Safe Harbor disclaimer in which Oracle said it could not be held to plans made during the speech, so nothing is actually certain.
  • Linux Kernel Community Enforcement Statement
  • Linux Kernel Gets An "Enforcement Statement" To Deal With Copyright Trolls
    Greg Kroah-Hartman on the behalf of the Linux Foundation Technical Advisory Board has today announced the Linux Kernel Community Enforcement Statement. This statement is designed to better fend off copyright trolls. Among the copyright troll concerns is how a Netfilter developer has been trying to enforce his personal copyright claims against companies for "in secret and for large sums of money by threatening or engaging in litigation."
  • An enforcement clarification from the kernel community
    The Linux Foundation's Technical Advisory board, in response to concerns about exploitative license enforcement around the kernel, has put together this patch adding a document to the kernel describing its view of license enforcement. This document has been signed or acknowledged by a long list of kernel developers. In particular, it seeks to reduce the effect of the "GPLv2 death penalty" by stating that a violator's license to the software will be reinstated upon a timely return to compliance.

OSS Leftovers

  • 20 Most Promising Open Source Solution Providers - 2017
    Open source has become an imperative part of every developer’s arsenal. The potential to gather assistance from the community and the capacity to link into a range of systems and solutions make open source incredibly powerful. As open source software becomes ubiquitous, and used by the vast majority of enterprises throughout the world, 2017 is all set for vendors of application delivery controller (ADC) to start providing improved and tighter integration packages for various open source projects, especially surrounding ADC-generated telemetry. Companies have been extensively using their analytics and machine learning capabilities for quite some time to identify actionable patterns from the collected data. With the rising demand for business intelligence, this year is foreseen to be the year of information superiority with businesses, leveraging data as a key differentiator. In the past couple of years, containers have been emerging as an imminent trend. As the business focus starkly shifts on rightsizing of resources, containers are expected to become a common phenomenon, giving businesses the ability to leverage highly portable assets and make the move into micro services much simpler. Adjacently, automation has become essential now. Mostly intensified by DevOps adoption, the automation of software delivery and infrastructure changes have freed developers to spend more time creating and less time worrying about infrastructure.
  • DevOps pros and open source: Culturally connected
    Like chocolate and peanut butter, DevOps and open source are two great tastes that taste great together. For many DevOps pros, it's the perfect cultural and technical match.
  • Interoperability: A Case For Open Source - GC@PCI Commentary
    He continues: “An open source model allows companies to see the assumptions behind the calculation and lowers the cost of entry into the cat modeling business. More importantly, the standardized and interoperable hazard, vulnerability and financial modules included in a true open source model facilitate the collaboration of data from insurers, reinsurers, entrepreneurs, scientists, computer programmers and individuals, all of which may result in a new generation of cat models.”
  • DevOps Skills Are Key to Collaboration within Organizations
    DevOps is one of the most highly sought skills employers are seeking to fill among 57 percent of respondents in the 2017 Open Source Jobs Report, from Dice and The Linux Foundation. Specifically, firms are looking for developers (73 percent) and DevOps engineers (60 percent).
  • Projects You Can Help With For Advancing Open-Source NVIDIA "Nouveau" Graphics
    Longtime Nouveau contributor Karol Herbst has been working on an updated list of project ideas for new contributors or those that may be wanting to participate in an Endless Vacation of Code / Google Summer of Code.
  • Join The Linux Foundation at Open Source Summit EU for Booth Swag, Project Updates, and More
    Going to Open Source Summit EU in Prague? While you’re there, be sure stop by The Linux Foundation training booth for fun giveaways and a chance to win one of three Raspberry Pi kits.
  • Oracle Promises To Open Source Oracle JDK And Improve Java EE
    Oracle had already announced it would be moving Java EE to the Eclipse Foundation, and the announcements at JavaOne move the language further to a more vendor-neutral future. It's worth noting that the keynote was preceded by a Safe Harbor disclaimer in which Oracle said it could not be held to plans made during the speech, so nothing is actually certain.
  • Linux Kernel Community Enforcement Statement
  • Linux Kernel Gets An "Enforcement Statement" To Deal With Copyright Trolls
    Greg Kroah-Hartman on the behalf of the Linux Foundation Technical Advisory Board has today announced the Linux Kernel Community Enforcement Statement. This statement is designed to better fend off copyright trolls. Among the copyright troll concerns is how a Netfilter developer has been trying to enforce his personal copyright claims against companies for "in secret and for large sums of money by threatening or engaging in litigation."
  • An enforcement clarification from the kernel community
    The Linux Foundation's Technical Advisory board, in response to concerns about exploitative license enforcement around the kernel, has put together this patch adding a document to the kernel describing its view of license enforcement. This document has been signed or acknowledged by a long list of kernel developers. In particular, it seeks to reduce the effect of the "GPLv2 death penalty" by stating that a violator's license to the software will be reinstated upon a timely return to compliance.

Tizen and Android Leftovers

Tizen and Android Leftovers