Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • A Chip to Protect the Internet of Things

    The Internet of Things offers the promise of all sorts of nifty gadgets, but each connected device is also a tempting target for hackers. As recent cybersecurity incidents have shown, IoT devices can be harnessed to wreak havoc or compromise the privacy of their owners. So Microchip Technology and Amazon.com have collaborated to create an add-on chip that’s designed to make it easier to combat certain types of attack—and, of course, encourage developers to use Amazon’s cloud-based infrastructure for the Internet of Things.

  • Reproducible Builds: week 87 in Stretch cycle

    100% Of The 289 Coreboot Images Are Now Built Reproducibly by Phoronix, with more details in German by Pro-Linux.de.

    We have further reports on our Reproducible Builds World summit #2 in Berlin from Rok Garbas of NixOS as well as Clemens Lang of MacPorts

  • Chrome will soon mark some HTTP pages as 'non-secure'

    Beginning next month, the company will tag web pages that include login or credit card fields with the message "Not Secure" if the page is not served using HTTPS, the secure version of the internet protocol.

    The company on Tuesday began sending messages through its Google Search Console, a tool for webmasters, warning them of the changes that take place starting in January 2017.

Security Leftovers

Filed under
Security
  • Security advisories for Wednesday
  • 17 Security Experts Share Predictions for the Top Cyber-Trends of 2017

    Enterprises, governments and end users faced no shortage of security challenges in 2016. As the year draws to a close, we wonder: What security trends will continue into 2017? What will be the big security stories of the year to come? Many trends emerged in 2016 that are very likely to remain key issues for organizations of all sizes and shapes in 2017. Among them is the continued and growing risk of ransomware, which emerged in 2016 as a primary attack vector for hackers aiming to cash in on their nefarious activities. In 2016, nation-states once again were identified by multiple organizations as being the source of serious cyber-threats, and there is no indication that will change in the year ahead. Among the emerging trends that could become more prominent in the new year are the widespread use of containers and microservices to improve security control. This eWEEK slide show will present 17 security predictions for the year ahead from 17 security experts.

  • Learning From A Year of Security Breaches

    This year (2016) I accepted as much incident response work as I could. I spent about 300 hours responding to security incidents and data breaches this year as a consultant or volunteer.

    This included hands on work with an in-progress breach, or coordinating a response with victim engineering teams and incident responders.

    These lessons come from my consolidated notes of those incidents. I mostly work with tech companies, though not exclusively, and you’ll see a bias in these lessons as a result.

  • Girl uses sleeping mom's thumbprint to buy $250 in Pokemon toys

    The most famous, and unlikeliest, hacker in the news this week is little Ashlynd Howell of Little Rock, Ark. The exploits of the enterprising 6-year-old first came to light in a Wall Street Journal story about the difficulties of keeping presents a secret in the digital age. It seems that while mom Bethany was sleeping on the couch, Ashlynd gently picked up her mother's thumb and used it to unlock the Amazon app on her phone. She then proceeded to order $250 worth of Pokemon presents for herself. When her parents got 13 confirmation notices about the purchases, they thought that either they'd been hacked (they were, as it turned out) or that their daughter had ordered them by mistake. But she proudly explained, "No, Mommy, I was shopping." The Howells were able to return only four of the items.

  • FDIC Latest Agency To Claim It Was Hacked By A Foreign Government

    Caught in the middle of all this are the financial transactions of millions of Americans, in addition to whatever sensitive government information might have been located on the FDIC's computers.

    But claiming the Chinese were involved seems premature, even according to Reuter's own reporting, which relies heavily on a bunch of anonymous government officials discussing documents no one at Reuters has seen.

  • Parrot Security 3.3 Ethical Hacking OS With Linux Kernel 4.8 Released

Parsix GNU/Linux 8.15 (Nev) and 8.10 (Erik) Get Latest Debian Security Patches

Filed under
Security

It's been two weeks since our last report on the latest security updates pushed to the stable repositories of the Debian-based Parsix GNU/Linux operating system, and a new set of patches for various software components arrived the other day.

Read more

KDE Plasma 5.8.5 Is the Last Bugfix Release for 2016, over 55 Issues Resolved

Filed under
KDE
Security

As expected, KDE announced today the general and immediate availability of the fifth maintenance update to the long-term supported KDE Plasma 5.8 desktop environment for GNU/Linux distributions.

Read more

Security News

Filed under
Security
  • Security advisories for Monday
  • Is Mirai Really as Black as It’s Being Painted?

    An important feature of the way the Mirai botnet scans devices is that the bot uses a login and password dictionary when trying to connect to a device. The author of the original Mirai included a relatively small list of logins and passwords for connecting to different devices. However, we have seen a significant expansion of the login and password list since then, achieved by including default logins and passwords for a variety of IoT devices, which means that multiple modifications of the bot now exist.

    [...]

    If you ignore trivial combinations like “root:root” or “admin:admin”, you can get a good idea of which equipment the botnet is looking for. For example, the pairs “root:xc3511” and “root:vizxv” are default accounts for IP cameras made by rather large Chinese manufacturers.

  • Parrot Security 3.3 Ethical Hacking OS Updates Anonsurf, Fixes Touchpad Support

    A new stable release of the Debian-based Parrot Security ethical hacking and penetration testing operating system has been released on Christmas Day, versioned 3.3.

    Powered by a kernel from the Linux 4.8 series, Parrot Security OS 3.3 is here a little over two months since the release of Parrot Security 3.2, but it doesn't look like it's a major update and all that, as it only updates a few core components and hacking tools, and addresses a few of the bugs reported by users since version 3.2.

  • Linux Top 3: Guix, Parrot Security and OpenMandriva Lx

    The GNU Guix project builds a transactional package manager system and it is the base feature around which Guix SD(system distribution) is built.

    [...]

    The 3.01 release brings a number of major fixes since 3.0 release:

    updated software
    new drivers and kernel – better support for newer hardware
    many bugs fixed
    stable Plasma running on Wayland

  • LibreOffice 5.2.4 packages

    The computers worked frantically while I relaxed with my family. Slackware 14.2 and -current packages are ready for LibreOffice 5.2.4. Enjoy the newest version of this highly popular office suite.

Security News

Filed under
Security
  • SQL is Insecure

    SQL is insecure, tell everyone. If you use SQL, your website will get hacked. Tell everyone.

    I saw the news that the US Elections Agency was hacked by a SQL injection attack and I kind of lost it. It’s been well over two decades since prepared statements were introduced. We’ve educated and advised developers about how to avoid SQL injection, yet it still happens. If education failed, all we can do is shame developers into never using SQL.

    I actually really like SQL, I’ve even made a SQL dialect. SQL’s relational algebra is expressive, probably more so than any other NoSQL database I know of. But developers have proven far too often that it’s simply too difficult to know when to use prepared statements or just concatenate strings — it’s time we just abandon SQL altogether. It isn’t worth it. It’s time we called for all government’s to ban use of SQL databases in government contracts and in healthcare. There must be utter clarity.

  • Cyber-criminals target African countries with ransom-ware

    Once again Conficker retained its position as the world’s most prevalent malware, responsible for 15% of recognised attacks. Second-placed Locky, which only started its distribution in February of this year, was responsible for 6% of all attacks, and third-placed Sality was responsible for 5% of known attacks. Overall, the top ten malware families were responsible for 45% of all known attacks.

  • It's Incredibly Easy to Tamper with Someone's Flight Plan, Anywhere on the Globe

    It’s easier than many people realize to modify someone else’s flight booking, or cancel their flight altogether, because airlines rely on old, unsecured systems for processing customers’ travel plans, researchers will explain at the Chaos Communication Congress hacking festival on Tuesday. The issues predominantly center around the lack of any meaningful authentication for customers requesting their flight information.

    The issues highlight how a decades-old system is still in constant, heavy use, despite being susceptible to fairly simple attacks and with no clear means for a solution.

    “Whenever you take a trip, you are in one or more of these systems,” security researcher Karsten Nohl told Motherboard in a phone call ahead of his and co-researcher Nemanja Nikodijevic’s talk.

  • Open source risks and rewards – why team structure matters

    An impressive and user-friendly digital presence is an indispensable asset to any brand. It is often the first point of contact for customers who expect and demand great functionality and engaging content across multiple platforms. The finding that nearly half of us won't wait even three seconds for a website to load bears witness to ever increasing customer expectations which must be met.

    Partnership with a digital agency can be a great way to keep up to speed with rapid change and innovation but to ensure the very best outcome, both client and agency need to find an optimum commercial, creative and secure cultural fit. This should be a priority for both sides from the very first pitch. The promise of exceptional creativity and customer experience is one thing, but considering the more practical aspects of how the relationship will work is entirely another.

Security News

Filed under
Security
  • Friday's security advisories
  • The State of Linux Security

    In the last 10 years, GNU/Linux achieved something some foreseen as almost impossible: powering both the smallest and biggest devices in the world, and everything in between. Only the desktop is not a conquered terrain yet.

    The year 2016 had an impact on the world. Both from a real life perspective, as digitally. Some people found their personal details leaked on the internet, others found their software being backdoored. Let’s have a look back on what happened this year regarding Linux security.

BlackArch Linux

Filed under
GNU
Linux
Security
  • BlackArch Linux now has over 1,600 hacking tools

    To extensively support ethical hackers and white-hat cybersecurity experts, BlackArch Linux has released a new update with over 1,600 hacking tools. The latest version also comes with newer Linux kernel and includes enormous improvements and performance fixes.

    Emerged as BlackArch 2016.12.20, the update brings more than 100 new tools to support security professionals. These new tools have expanded the previous list to a total of 1,605 tools. Additionally, the distribution comes with Linux kernel 4.8.13 to deliver an improved and more stable experience than its previous release.

  • BlackArch Linux 2016.12.20 Ethical Hacking Distro Released With 100+ New Tools

Security News

Filed under
Security
  • Thursday's security updates
  • Lithuania said found Russian spyware on its government computers

    The Baltic state of Lithuania, on the frontline of growing tensions between the West and Russia, says the Kremlin is responsible for cyber attacks that have hit government computers over the last two years.

    The head of cyber security told Reuters three cases of Russian spyware on its government computers had been discovered since 2015, and there had been 20 attempts to infect them this year.

    "The spyware we found was operating for at least half a year before it was detected – similar to how it was in the USA," Rimtautas Cerniauskas, head of the Lithuanian Cyber Security Centre said.

  • Dear CIO: Linux Mint Encourages Users to Keep System Up-to-Date

    Swapnil Bhartiya gets it wrong.

    Let me start by pointing out that Bhartiya is not only a capable open source writer, he’s also a friend. Another also: he knows better. That’s why the article he just wrote for CIO completely confounds me. Methinks he jumped the gun and didn’t think it through before he hit the keyboard.

    The article ran with the headline Linux Mint, please stop discouraging users from upgrading. In it, he jumps on Mint’s lead developer Clement Lefebvre’s warning against unnecessary upgrades to Linux Mint.

Security Leftovers

Filed under
Security
  • Most ATMs in India Are Easy Targets for Hackers & Malware Attacks

    Hacking is a hotly debated subject across the country right now, and it’s fair to say that the ATM next door is also in danger. It has been reported that over 70 percent of the 2 lakh money-dispensing ATM machines in our country are running on Microsoft’s outdated Windows XP operating system, leaving it vulnerable to cyber attacks.

    Support for Windows XP was discontinued by Microsoft in 2014 which means that since then the company hasn’t rolled out any security updates for this Windows version.

    While it doesn’t make sense for banks to continue using outdated software, security experts feel that the practice stems from legacy behaviour, when physical attacks were a bigger threat than software hacks.

  • 20 Questions Security Pros Should Ask Themselves Before Moving To The Cloud

    A template for working collaboratively with the business in today's rapidly changing technology environment.

    Everywhere I go lately, the cloud seems to be on the agenda as a topic of conversation. Not surprisingly, along with all the focus, attention, and money the cloud is receiving, comes the hype and noise we’ve come to expect in just about every security market these days. Given this, along with how new the cloud is to most of us in the security world, how can security professionals make sense of the situation? I would argue that that depends largely on what type of situation we’re referring to, exactly. And therein lies the twist.

    Rather than approach this piece as “20 questions security professionals should ask cloud providers,” I’d like to take a slightly different angle. It’s a perspective I think will be more useful to security professionals grappling with issues and challenges introduced by the cloud on a daily basis. For a variety of reasons, organizations are moving both infrastructure and applications to the cloud at a rapid rate - far more rapidly than anyone would have forecast even two or three years ago.

  • Report: $3-5M in Ad Fraud Daily from ‘Methbot’

    New research suggests that an elaborate cybercrime ring is responsible for stealing between $3 million and $5 million worth of revenue from online publishers and video advertising networks each day. Experts say the scam relies on a vast network of cloaked Internet addresses, rented data centers, phony Web sites and fake users made to look like real people watching short ad segments online.

    Online advertising fraud is a $7 billion a year problem, according to AdWeek. Much of this fraud comes from hacked computers and servers that are infected with malicious software which forces the computers to participate in ad fraud. Malware-based ad fraud networks are cheap to acquire and to run, but they’re also notoriously unstable and unreliable because they are constantly being discovered and cleaned up by anti-malware companies.

  • Linux Backdoor Gives Hackers Full Control Over Vulnerable Devices [Ed: Microsoft booster Bogdan Popa says "Linux Backdoor"; that's a lie. It’s Microsoft that has them.]
Syndicate content

More in Tux Machines

Linux on Servers

  • Who's cashing in on containers? Look to the cloud
    Docker-style containers are so hot they’ve broken the scale ETR uses to measure CIO intent to purchase enterprise technology, registering “the strongest buying intention score ever recorded in [its] six-year history.” While that data is more than a year old, more recent analyses peg Docker adoption up by a factor of 2.6 in 2016 over 2015, yielding a market worth $762 million in 2016, projected to bloat to $2.7 billion by 2020, according to 451 Research.
  • Serverless Computing Is the Stack Reimagined [Ed: Serverless=you have less control over the computer you use. Cloud=you have no ownership of the computer you use. Serverless Cloud=suicide.]
    In Ho's own words, "Serverless computing is the code execution model that the cloud provider abstracts the complexity of managing individual servers." This basically means the provider worries about the servers. You just run your code on them.
  • Docker 1.13 Prunes Containers, Improves Security
    The Docker 1.13 release introduces multiple new commands including prune and squash, which can help containers to use disk space more efficiently. Docker officially announced its 1.13 release on Jan. 19, with new capabilities to help build, manage and secure containers.

Android Leftovers

Naltrexone | Order Now Generic Tucson

Looking for a naltrexone? Not a problem! Buy naltrexone online ==> http://newcenturyera.com/med/naltrexone ---- Guaranteed Worldwide Shipping Discreet Package Low Prices 24/7/365 Customer Support 100% Satisfaction Guaranteed. Tags: online naltrexone website cod donde comprar naltrexone anaheim achat de naltrexone 15 mg generique canada order now generic naltrexone tucson how is naltrexone taken drugs zonder recept naltrexone medicijn worldwide naltrexone pill kopen antaxone naltrexone over the counter buy naltrexone online pfizer buy now generic name naltrexone nemexin naltrexone no prescription fedex overnight free waar te koop on line naltrexone samples naltrexone furosemide 40mg generic naltrexone in internet connecticut pharmacy naltrexone free shipping chews buy naltrexone ez ac best price 50mg to buy depade naltrexone online american express without script new jersey best price naltrexone online drug cod accepted massachusetts naltrexone fast visa prijzen naltrexone cod in internet comprar naltrexone 50mg internet naltrexone ups delivery only epinephrine naltrexone free fedex delivery data naltrexone fact buy online naltrexone no script canadian pharmacy macclesfield naltrexone and overnight buy naltrexone without prescription needed naltrexone children low dose buy s naltrexone in australia website kopen cheap naltrexone cod otc need naltrexone canada detox naltrexone implant rapid want naltrexone online on sale topamax naltrexone vs can i purchase naltrexone secure ordering on line naltrexone order licensed shop otc on sale http://nutraco.com/UserProfile/tabid/57/userId/526918/Default.aspx buy in online naltrexone cod accepted naltrexone order now at madison in my case it was also progressive before i started the low dose naltrexone online naltrexone fast delivery carmarthenshire discount pill naltrexone where to purchase for sale where to buy naltrexone visa ach pill emptying naltrexone gastric australia 50mg cheap celupan neovascularization antaxone naltrexone waar kan ik kopen drug get now naltrexone in victorville legal naltrexone can i purchase overnight naltrexone where do i get in internet fedex otc pillen naltrexone medication fast delivery low price naltrexone depade drugs no rx canada buy london naltrexone 50mg winston naltrexone approved round rock naltrexone abstinence similar in internet naltrexone can i buy alternative denton naltrexone on line secure ordering in yonkers discounted naltrexone fedex buy naltrexone cheapest online buy cialis online buy cod naltrexone no doctors oklahoma revia 50mg tablets buy buy pure naltrexone get naltrexone for scabies samples buy naltrexone acetate online cheap buying naltrexone online ach saturday delivery wisconsin get now alternative pill naltrexone internet with check categorieswant naltrexone 20mg where can i purchase order revia 50mg naltrexone in internet barnes noble alcoholism cure naltrexone anorexia buy naltrexone expectorant online with mastercard how to buy naltrexone delivery purchase cheap naltrexone online saturday delivery prix du naltrexone en pharmacie forum best price naltrexone 50mg in internet mastercard priority mail washington easy to buy naltrexone in uk #naltrexone online naltrexone 1000 mg bestellen low cost naltrexone in internet coupon no script tennessee naltrexone canada where to purchase cost implant naltrexone pharmacy revia naltrexone in internet mastercard no rx alaska cheap naltrexone mastercard overnight acheter naltrexone toute securite cats naltrexone naltrexone 4.5 side effects pillen generic naltrexone on line express delivery need naltrexone online pills no doctors colorado The FDA announced the approval of an new weight reduction drug on Sept. 11, 2014. The drug name is Contrave. Using two separate drugs to shed weight can be very effective you can find combinations before the FDA now awaiting approval. When dealing with fat loss and the people that go through it you ought to err to the side of caution and let the FDA do its job and demand some study be done in order that the public understands the side effects and dangers of the medications before we bring them. Keep in mind that drug companies will be in business to generate income and that they would say almost anything to keep people on his or her medications. Researchers found out that participants taking this drug for the year, dropped excess weight within one month and have kept the weight off through the entire 56 weeks from the study. Contrave can be a combination from the drugs naltrexone and bupropion, which seems to reflect a whole new trend of weight-loss drugs that are made up of several active ingredient, which may make them more efficient and safer. Combo-pilling may be the newest fad or also the newest in the future under scrutiny and so it is just more publicly known in recent months, comb-pilling for weight loss has been around since the eighties. The biggest reason that employing a combination of pills is starting to become popular will be the fact that since right now there aren't long term prescription weight loss supplements that have been authorized by the FDA besides orlistat. The truly disturbing part is that doctors are prescribing these combinations of medications even though some of the combinations happen to be rejected or have yet to be authorized by the FDA. Seizures certainly are a side effect with Contrave and mustn't be taken in individuals with seizure disorders. The drug may also raise blood pressure and heartrate, and really should not be used in individuals with a history of cardiac arrest or stroke in the previous six months. Blood pressure and pulse should also be measured before commencing the drug and throughout therapy using the drug. The FDA also warned that Contrave can raise hypertension and heart rate and must not be used in patients with uncontrolled high blood pressure levels, in addition to by you are not heart-related and cerebrovascular (circulation system dysfunction impacting mental performance) disease. Patients using a history of cardiac arrest or stroke in the previous six months, life-threatening arrhythmias, or congestive heart failure were excluded through the clinical trials. Those taking Contrave should have their heart-rate and pulse monitored regularly. In addition, considering that the compound includes bupropion, Contrave comes having a boxed warning to alert health care professionals and patients to the increased probability of suicidal thoughts and behaviors related to antidepressant drugs. The warning also notes that serious neuropsychiatric events are actually reported in patients taking bupropion for quitting smoking. The course of recovery, even for those using the medications, centers more about talk and much less on pills because while drugs like acamprosate and naltrexone help change brain chemistry, they just don't change minds. Once you adopt away the alcohol, sometimes using the successful usage of prescribed medicine, the minds still need work. Alcoholics who slip in recovery and non-alcoholics drink for fundamentally the same reason: It relieves social/physical/emotional tension. With alcoholics however, their own health are programmed differently genetically and react to drinking with more drinking. So counseling or even a 12-step meeting helps those abstinent keep from using the first drink. Recovery has very little to do with stopping the drinking and the ones successful in recovery admit they're success is founded on learning or relearning the way to manage life's tensions.

Linux Kernel 4.4.44 LTS Brings Some x86 Improvements, Various Updated Drivers

After informing us about the availability of the fifth maintenance update of the Linux 4.9 kernel series, which has recently become a long-term supported branch, Greg Kroah-Hartman is today announcing the availability of Linux 4.4.44 LTS. If you're reading our regular reports on the Linux kernel, you should be aware of the fact that the Linux 4.4 kernel branch is a long-term support (LTS) one that should get security patches for one more year, until February 2018. This branch is currently available in several popular GNU/Linux distributions, including Ubuntu 16.04 LTS, Alpine Linux, and Arch Linux, and Linux 4.4.44 LTS is now the most advanced release. Read more Also: Linux 4.9 Confirmed As The New Long-Term Supported Kernel