Language Selection

English French German Italian Portuguese Spanish

Security

Serious Red Hat Linux Bug Affects Haswell-based Servers

Filed under
Red Hat
Security

A recent post by Gil Tene raises the importance of an important, little known patch to Linux kernels that should be reviewed by all users and administrators of Linux systems, especially those who utilize Haswell processors. Tene reports that in particular users of Red Hat-based distributions (including CentOS 6.6 and Scientific Linux 6.6) should apply the patch as soon as possible. Even if your instance of Linux is running in a VM, that VM is most likely hosted on a Haswell machine if is on the popular cloud providers (Azure / Amazon /etc) and would benefit from the patch.

Read more

Tor Browser 4.5.1 Released with Support for Ubuntu 14.04 LXC Hosts

Filed under
Security
Ubuntu

The Tor Project announced the release of the Tor Browser 4.5.1 for all those who want to stay anonymous online. The new maintenance release is based on Mozilla Firefox 31.7.0 ESR, and it is available for GNU/Linux, Mac OS X, and Microsoft Windows platforms.

Read more

ICU Vulnerability Closed in Ubuntu 15.04

Filed under
Security
Ubuntu

Canonical has published details in a security notice about an ICU vulnerability that has been found and fixed in Ubuntu 15.04, Ubuntu 14.10, and Ubuntu 14.04 LTS.

Read more

For Venom security flaw, the fix is in: Patch your VM today

Filed under
OSS
Security

Venom, as described by its discoverer, Crowdstrike, an end-point security company, works by attacking QEMU's virtual Floppy Disk Controller (FDC). The first thing many of you think when learning this is: "Who cares, I've never used a floppy drive on my virtual machine (VM)!"

Ah, but, you don't have to activate the virtual floppy drive for a potential hacker snake to bite you. By default, the legacy floppy drive code is still in there, even though it's never been used. The corruption is still hiding in the code. So, even though you'd never dream of using a VM floppy drive, you're still open to attack.

Read more

Tails 1.4 is out

Filed under
OSS
Security

Tails, The Amnesic Incognito Live System, version 1.4, is out.

This release fixes numerous security issues and all users must upgrade as soon as possible.

Read more

Urgent Kernel Patch for Ubuntu

Filed under
Security
Ubuntu

Linux is engineered with security in mind. In fact, the most fundamental security mechanisms are built right in to the kernel itself, which makes it extremely hard for malicious code to bypass. Unfortunately, attackers always are looking for ways to break down security walls, and engineers constantly are patching security weaknesses.
Security holes often are caused by small bugs within the kernel. These can be exploited and used to execute code without the normal protection. When a serious hole is discovered, it's important to get a fix out as soon as possible. Unfortunately, rushed fixes sometimes cause problems of their own, such as the fix released by Canonical earlier this week.

Read more

10 of the best Linux distros for privacy fiends and security buffs

Filed under
GNU
Linux
Security

Linux distributions can be separated into various categories based on use case and the intended target group. Server, education, games and multimedia are some of the most popular categories of Linux distros.

For security conscious users, however, there's a growing niche of distros aimed at protecting your privacy. These distros help ensure you don't leave a digital footprint as you go about navigating the web.

Read more

8 Linux Security Improvements In 8 Years

Filed under
GNU
Linux
Security

At a time when faith in open source code has been rocked by an outbreak of attacks based on the Shellshock and Heartbleed vulnerabilities, it's time to revisit what we know about Linux security. Linux is so widely used in enterprise IT, and deep inside Internet apps and operations, that any surprises related to Linux security would have painful ramifications.

In 2007, Andrew Morton, a no-nonsense colleague of Linus Torvalds known as the "colonel of the kernel," called for developers to spend time removing defects and vulnerabilities. "I would like to see people spend more time fixing bugs and less time on new features. That's my personal opinion," he said in an interview at the time.

Read more

Explaining Security Lingo

Filed under
Red Hat
Security

This post is aimed to clarify certain terms often used in the security community. Let’s start with the easiest one: vulnerability. A vulnerability is a flaw in a selected system that allows an attacker to compromise the security of that particular system. The consequence of such a compromise can impact the confidentiality, integrity, or availability of the attacked system (these three aspects are also the base metrics of the CVSS v2 scoring system that are used to rate vulnerabilities). ISO/IEC 27000, IETF RFC 2828, NIST, and others have very specific definitions of the term vulnerability, each differing slightly. A vulnerability’s attack vector is the actual method of using the discovered flaw to cause harm to the affected software; it can be thought of as the entry point to the system or application. A vulnerability without an attack vector is normally not assigned a CVE number.

Read more

Proprietary OOXML document format makes you more vulnerable to attacks

Filed under
LibO
Security
OOo

Using the proprietary OOXML document format, i.e. docx, pptx and xlsx, makes you more vulnerable to phishing and other attacks. Earlier this month, the Japanese anti-virus company Trend Micro published a blog post describing how the attack group "Operation Pawn Storm" uses spear-phishing mail messages with malicious Office documents to target the military, governments, defense industries and the media.

Four years ago, Thomas Caspers and Oliver Zendel from the German Federal Office for Information Security (BSI) already presented research results stating that most spear-phishing attacks targeting specific persons or a small group of victims are using "launch actions" in Office and PDF documents to have their malicious code executed.

Read more

Syndicate content

More in Tux Machines

Kodi 15.0 Release Candidate 1 Arrives

The first release candidate for Kodi 15 has arrived. Kodi 15 is building up many new features from Android 4K@60Hz support to adaptive seeking support to Android H.265 support to many other updates and additions. Read more

7 stories that make you feel good about open source in 2015 (so far)

One of the great things about open source is its reach beyond just the software we use. Open source isn’t just about taking principled stands, it's about making things better for the world around us. It helps spread new ideas by letting anyone with an interest modify and replicate those ideas in their own communities. In this collection, let’s take a look back at some of the best articles we’ve shared this year about the ways that open source is making an impact on communities and improving the lives of people across the world. Read more

Exclusive interview with Hans de Raad

In my daily life (both personal and professional) I use open source for just about anything, from LibreOffice to Drupal, Kolab, Piwik, Apache, KDE, etc. Being part of the communities of these projects for me is a very special extra dimension that creates a lot of extra motivation and satisfaction. For me, open source isn’t so much of a choice it is simply the standard. Read more

today's leftovers

  • OpenVZ / Virtuozzo 7 Beta First Impressions
    There will eventually be two distinct versions... a free version and a commercial version. So far as I can tell they currently call it Virtuozzo 7 but in a comparison wiki page they use the column names Virtuozzo 7 OpenVZ (V7O) and Virtuozzo 7 Commercial (V7C). The original OpenVZ, which is still considered the stable OpenVZ release at this time based on the EL6-based OpenVZ kernel, appears to be called OpenVZ Legacy.
  • Libdrm 2.4.62 Is An Important Update For Open-Source GPU Drivers
    Libdrm 2.4.62 was released this week as a significant update to this DRM library for interfacing between the kernel DRM drivers and user-space.
  • X.Org Server Lands More Mode-Setting/GLAMOR Improvements, But No Sign Of 1.18
  • KDE Ships KDE Applications 15.04.3
    Today KDE released the second stability update for KDE Applications 15.04. This release contains only bugfixes and translation updates, providing a safe and pleasant update for everyone.
  • Global Shortcuts In KDE Plasma Under Wayland
  • KDE Marks Four Years In Its Process Of Porting To Wayland
  • KDE Plasma 5.3.2 Fixes Shutdown Scripts, Few Dozen Other Bugs
  • Qt 5.5 Officially Released
  • KStars Observers Management patched
    This update is a little break from my current GSoC project so i won’t talk about my progress just yet. I will talk about the current observers management dialog that is currently active in KStars. Basically, an observation session requires observer information like first name, last name and contact. Currently, an observer could be added only from the settings menu so i thought that it would be more intuitive if this functionality was placed in a more appropirate place and a proper GUI was to be implemented for a better user experience.
  • The Kubuntu Podcast Team is on a roll
    Building on their UOS Hangout, the Kubuntu Podcast Team has created their second Hangout, featuring Ovidiu-Florin Bogdan, Aaron Honeycutt, and Rick Timmis, discussing What is Kubuntu?
  • Road so far
  • July Update for KDE Applications 15.04
    Today, the KDE Community is happy to announce the release of KDE Applications 15.04.3. This release contains only bugfixes and translation updates, providing a safe and pleasant update for everyone.
  • KDE ActivityManager in Emacs
    Today I whipped up a small Emacs minor-mode to interface with KDE's ActivityManager system. It's my first minor-mode and it's janky as fuck right now, but I'm going to expand on it to eventually be able to filter, for example, to just buffers that are linked to your current activity, pushing me towards a long-standing goal of mine to create a system which flows with what I'm doing, rather than forcing me in to its workflow.
  • Convergence through Divergence
    This time around, I’m adding a mechanism that allows us to list plugins, applications (and the general “service”) specific for a given form factor. In normal-people-language, that means that I want to make it possible to specify whether an application or plugin should be shown in the user interface of a given device. Let’s look at an example: KMail. KMail has two user interfaces, the desktop version, a traditional fat client offering all the features that an email client could possibly have, and a touch-friendly version that works well on devices such as smart phones and tablets. If both are installed, which should be shown in the user interface, for example the launcher? The answer is, unfortunately: we can’t really tell as there currently is no scheme to derive this information from in a reliable way. With the current functionality that is offered by KDE Frameworks and Plasma, we’d simply list both applications, they’re both installed and there is no metadata that could possibly tell us the difference.
  • smarter status hiding
    In heavily populated IRC channels such as #debian on Freenode, a lot of idle IRC users are joining and leaving every couple of seconds. At the moment, we display a status message for every user in the room which in some cases results in a lot of visual noise.
  • Photos: future plans
    This is the third in my series of blog posts about the latest generation of GNOME application designs. In this post, I’m going to talk about Photos. Out of the applications I’ve covered, this is the one that has the most new design work.
  • West Coast Summit
    This is the last day of the GNOME West Coast Summit, and for the past three days we’ve been working and discussing topics...
  • OpenMandriva Lx 2014.2 "The Scion" Pays Tribute To Mandrake
    With Mandriva having been liquidated (allegedly due to employee lawsuits), OpenMandriva is paying tribute to it -- and its precursor, Mandrake -- with their new point release.
  • Good bye credativ [moving to Red Hat]
  • Hello Red Hat
    In my new position I will be a Solutions Architect – so basically a sales engineer, thus the one talking to the customers on a more technical level, providing details or proof of concepts where they need it.
  • Oracle Linux 6 Administration Professional Certification Now Released
  • Digital education presents new challenges and opportunities for IT
    At Red Hat, our IT organization is working with each of our business partners to help them develop digital strategies and solutions to enable them (and us) to be more effective. We’re investing in the deployment of new communication and collaboration tools in the organization. And we’re trying to better understand the needs of our end users as individuals rather than solely as a part of sales or as a part of marketing. We’re building an internal consulting capability so that we can help our end users be more efficient and effective in their jobs as a community of associates, in addition to being part of a business function.
  • RHEL for SAP HANA now on Amazon Web Services (AWS)
  • Ubuntu Touch OTA-5 Update Will Bring Interesting New Features
    As you may know, Canonical has released the Ubuntu Touch OTA-4 Update and while ago, and now is working at implementing new features for the OTA-5 Update, which should get released in mid-July, if it does not get delayed for some reasons.
  • The 1TB UbuTab Ubuntu Tablet Is A SCAM!
  • How to use PPAs to install bleeding-edge software in Ubuntu and Linux Mint
    Linux users install most of their software directly from a centralized package repository managed by their Linux distribution of choice. This is a convenient, one-stop shop place to get your software—but what if the repository doesn’t have the program you need, or you want a newer version? For Ubuntu and Linux Mint users, that’s where personal package archives come in.
  • Linux Mint 17.2 officially released
    Well, it’s here. Linux Mint 17.2 is now available for download. Currently only the Cinnamon and MATE releases are out and other editions will launch later. For users on 17.0 or 17.1 more announcements will follow next week when the update is made available for those users as an upgrade. It’s not clear yet whether 17.0 users will be able to choose to go to 17.1 or 17.2 or whether 17.2 will be the single destination those users can jump to.
  • Linux Mint 17.2 Officially Released With Cinnamon/MATE Flavors
    Just a few short weeks after the Rafaela 17.2 RCs, Linux Mint 17.2 has been officially released this morning in the form of the Cinnamon and MATE desktop spins.
  • Data Translation Offers Real Time ARM-Based Data Acquisition Module
  • Tough, IP67-sealed box PC runs Linux on Atom
    X-ES unveiled a rugged, sealed embedded PC that runs Linux on an Atom E3800, and offers 4GB of ECC RAM, IP67 protection, M12 ports, and -40 to 70°C support.
  • Firefox 39 Has Been Delayed A Few Days Due To A “Last Minute Stability Issue”
  • Engine Yard's Deis Launches Support for its PaaS
    This year, Engine Yard bought Deis, an open source Platform-as-a-Service project. It provides a PaaS that can rub on public clouds, private clouds, or bare metal. Starting now, Engine Yard will offer its well-known support options to companies that want Deis support.
  • Elastic puts its open-source Big Data search engine in the cloud
    The Netherlands’ Elastic BV is ticking another item off the fairly narrow list of ways to monetize open-source software with the launch of new hosted implementations of its hugely popular free search engine for unstructured data that offer a simpler alternative to manual deployment. The launch couldn’t have come at a more opportune time.
  • Security advisories for Wednesday
  • What We Call Security Isn’t Really Security
    Well, it’s probably no shock to you that the security industry can’t agree on a definition of security. Imagine if the horse industry couldn’t agree on what is a horse. Yes, it’s like that.
  • UH OH: Windows 10 will share your Wi-Fi key with your friends' friends
    Those contacts include their Outlook.com (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends. There is method in the Microsoft madness – it saves having to shout across the office or house “what’s the Wi-Fi password?” – but ease of use has to be teamed with security. If you wander close to a wireless network, and your friend knows the password, and you both have Wi-Fi Sense, you can now log into that network.