Language Selection

English French German Italian Portuguese Spanish

Security

Life-cycle of a Security Vulnerability

Filed under
Red Hat
Security

Security vulnerabilities, like most things, go through a life cycle from discovery to installation of a fix on an affected system. Red Hat devotes many hours a day to combing through code, researching vulnerabilities, working with the community, and testing fixes–often before customers even know a problem exists.

Read more

BackBox Linux 4.1Keeps Security Researchers Anonymous

Filed under
GNU
Linux
Security

There are many options available today for users looking at Linux distributions tailored for security research, and among them is BackBox Linux, which was updated to version 4.1 on Jan. 29. Backbox Linux 4.1 is based on the Ubuntu 14.04 LTS (Long Term Support) distribution and uses the Xfce desktop environment. BackBox Linux is not intended to primarily be a user-focused privacy distribution, as is the case with Tails, but rather is more aligned with Pentoo, CAINE and Kali Linux, all of which focus on providing tools for security analysis. Though BackBox is not primarily a privacy distribution, it does have tools that enable security researchers to stay anonymous while conducting research. For example, a RAM wiping tool will erase the memory on the system that Backbox is running when the operating system shuts down. Plus, BackBox includes a command line interface wizard that provides users with options for enabling anonymous network traffic over Tor (The Onion Router), as well as masking a user's hostname. In this slide show, eWEEK takes a look at some of the features in the BackBox Linux 4.1 release.

Read more

Also: Plop Linux 4.3.0 released

Google Fixed GHOST Exploit in Chrome OS in 2014 and Didn't Tell Anyone

Filed under
Google
Security

Details about a GLIBC vulnerability were published a couple of days ago by a company called Qualys, and the distributions using it have already received patches. Now, it seems that Google knew about this problem, patched it in ChromeOS a year ago, and forgot to say anything to anyone.

Read more

Deploying tor relays

Filed under
Moz/FF
Security

On November 11, 2014 Mozilla announced the Polaris Privacy Initiative. One key part of the initiative is us supporting the tor network by deploying tor middle relay nodes. On January 15, 2015 our first proof of concept (POC) went live.

Read more

Also: Get Smart On International Data Privacy Day

GHOST, a critical Linux security hole, is revealed

Filed under
Linux
Security

Researchers at cloud security company Qualys have discovered a major security hole, GHOST (CVE-2015-0235), in the Linux GNU C Library (glbibc). This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords.

Qualys alerted the major Linux distributors about the security hole quickly and most have now released patches for it. Josh Bressers, manager of the Red Hat product security team said in an interview that, "Red Hat got word of this about a week ago. Updates to fix GHOST on Red Hat Enterprise Linux (RHEL) 5, 6, and 7 are now available via the Red Hat Network."

This hole exists in any Linux system that was built with glibc-2.2, which was released on November 10, 2000. Qualys found that the bug had actually been patched with a minor bug fix released on May 21, 2013 between the releases of glibc-2.17 and glibc-2.18.

Read more

Why screen lockers on X11 cannot be secure

Filed under
KDE
Security

Today we released Plasma 5.2 and this new release comes with two fixes for security vulnerabilities in our screen locker implementation. As I found, exploited, reported and fixed these vulnerabilities I decided to put them a little bit into context.

The first vulnerability concerns our QtQuick user interface for the lock screen. Through the Look and Feel package it was possible to send the login information to a remote location. That’s pretty bad but luckily also only a theoretical problem: we have not yet implemented a way to install new Look and Feel packages from the Internet. So we found the issue before any harm was done.

Read more

Also: Plasma 5.2 for openSUSE? You bet!

IPFire Is a Powerful Firewall Distro and It Was Just Updated

Filed under
GNU
Linux
Security

IPFire 2.15 Core 86, a new version of the popular Linux-based firewall distribution, has been announced by Michael Tremer and users have been advised to upgrade their systems as soon as possible.

Read more

OpenSSL 1.0.2 Branch Release notes

Filed under
OSS
Security

The major changes and known issues for the 1.0.2 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository.

Read more

A Look at Pentoo Linux and Its Security Analysis Tools

Filed under
Linux
Security

There is no shortage of security-focused Linux distributions on the market, and among them is Pentoo Linux. While some security-focused Linux distributions concentrate on privacy, like Tails, others like Kali Linux and Pentoo focus on security research, providing tools that enable research and penetration testing. Pentoo Linux differentiates itself from other security Linux distributions in a number of ways. The primary difference is the fact that Pentoo is based on Gentoo Linux, which is a source-based Linux distribution that uses the Portage package-management system. Gentoo has capabilities known as "Hardened Gentoo," which Pentoo also inherits, providing users with additional security configuration and control for the Linux distribution itself. Pentoo 2015 RC 3.7 was released Jan. 5, providing updated tools and features. Among the new features is the integrated ability to verify that the distribution files have not been corrupted. Pentoo provides many applications for security analysis, including wireless, database, exploit, cracking and forensic tools. In this slide show, eWEEK looks at key features and tools in the Pentoo 2015 RC3.7 release.

Read more

Red Hat: Security Makes Paying for Open Source Software Worth It

Filed under
Red Hat
Security

Open source software vendors do something akin to selling air: They get people to pay for something that easily, and perfectly legally, can be had for free. But added security is becoming an increasingly important part of the value proposition, as Red Hat (RHT), maker of one of the leading Linux enterprise distributions, emphasized this week in a statement on its software subscriptions.

Read more

Syndicate content

More in Tux Machines

Why Android's Winning The Battle Right Now

Without a doubt, the key technological revolution of our time has been the rise of mobile computing. With iOS and Android leading the charge, the way people communicate has been transformed. Of course the most significant competition in the space is the one between the two dominant mobile platforms: Google and Apple. Together, they make up the lion’s share of the mobile market. The fierce competition between the two has been the driving force behind the incredible pace of development and innovation the market has seen. Read more

Linux Kernel Source Code of BQ Aquaris E4.5 Ubuntu Edition Published on GitHub

Some of you might be aware of the fact that about a week ago, on March 18, Carsten Munk, Chief Research Engineer at Jolla, published an interesting article on his blog, where he claimed that BQ is not offering a GPL license for the Linux kernel that powers the BQ Aquaris E4.5 Ubuntu Edition device. Read more

Google makes deploying software on its cloud a trivial task

Google is offering a new incentive for using its Google Compute Engine. With Google Cloud Launcher, you can launch more than 120 popular open-source packages. Read more

Linux Kernel 3.19.3 Arrives with ARM, ARM64, and IPv6 Fixes, Many Updated Drivers

Greg Kroah-Hartman has announced today, March 26, the immediate availability for download of the third maintenance releases for Linux 3.19 kernel, along with Linux kernels 3.14.37 LTS and 3.10.37 LTS. Additionally, Linux kernel 3.18.10 LTS has also been announced a couple days ago. Read more