Language Selection

English French German Italian Portuguese Spanish

Security

Magenta (CMS) Bug Still Treated Like 'Linux' Issue in the Media

Filed under
Security

Security Leftovers

Filed under
Security
  • First Linux ransomware program cracked, for now

    Administrators of Web servers that were infected with a recently released ransomware program for Linux are in luck: There's now a free tool that can decrypt their files.

    The tool was created by malware researchers from antivirus firm Bitdefender, who found a major flaw in how the Linux.Encoder.1 ransomware uses encryption.

  • Gone in a Flash: Top 10 Vulnerabilities Used by Exploit Kits

    Recorded Future threat intelligence analysis of over 100 exploit kits (EKs) and known vulnerabilities identified Adobe Flash Player as the most frequently exploited product. While the role of Adobe Flash vulnerabilities as a regular in-road for criminals and malware should come as no surprise to information security professionals, the scale is significant.

  • Security updates for Monday

Fedora 23 Improves Security, Desktop and Cloud

Filed under
Red Hat
Security

The Fedora Linux 23 was officially released on Nov. 3, providing the second major update for Red Hat's community Linux distribution in 2015. The release of two Fedora distributions in the same year puts the project back on track, after only a single release in 2014, when the Fedora Project reorganized under the Fedora Next banner, with specific products for Workstation, Server and Cloud use cases. One of the big new features in Fedora 23 is a capability that can enable an organization to bring a cloud image back down into a server image, with the cloudtoserver tool. The basic premise behind the tool is that cloud images are often ephemeral and not long-lived, while servers are more cared for and applications run for long periods of time. The common analogy used is that of pets versus cattle, where servers are treated as well cared for pets, while cloud images are slaughtered and killed as needed. On the workstation side, Fedora 23 includes the new GNOME 3.18 open-source desktop. GNOME 3.18 offers enhanced features such as an improved calendar, software updating and file management capabilities. In this slide show, eWEEK takes a look at the highlights of the Fedora 23 Linux release.

Read more

Let me tell you about Wireshark 2.0

Filed under
Software
Security

We’re getting ready to release Wireshark 2.0, which includes a major user interface update. As a comparison, here’s a picture of Wireshark 1.12.8, which is the current stable release:

Read more

Linux security: circling the wagons

Filed under
Linux
Security

People who belong to the free and open source software community have one trait in common: they are extremely sensitive to criticism of any kind of the software that belongs to this genre.

Nothing else can account for the reaction that has been forthcoming after the Washington Post published an article on Linux a few days back, a fairly long and detailed account that in the main cast doubts on the security afforded by the kernel.

The article is the fifth in a series looking at the security of the internet broadly, and the first article was published back in May. The five pieces are being sold as an e-book for US$2.99. Yet many FOSS people did not even bother to note this and assumed the worst.

Leading the way was Jonathan Corbet, editor of a website called Linux Weekly News, that advertises itself as "a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities"

Read more

Security Leftovers

Filed under
GNU
Linux
Security
  • Friday's security updates
  • ProtonMail Pays Crooks $6,000 In Bitcoin To Cease DDoS Bombardment

    ProtonMail is getting its first taste of life as an entity known to criminals looking for a quick, easy payday.

    Throughout most of yesterday and through to this morning, the encrypted email service, set up by CERN scientists in Geneva last year to fight snooping by the likes of the NSA, was offline. The company had to use a WordPress blog to disclose what was happening to customers.

    Its datacenter was effectively shut down by waves of traffic thanks to two separate Distributed Denial of Service (DDoS) attacks. One of the groups responsible for flooding the servers demanded ProtonMail cough up 15 Bitcoin (currently worth around $6,000), or the attack would continue.

  • Ransomware Found Targeting Linux Servers and Coding Repositories

    A newly discovered ransomware is attacking Linux Web servers, taking aim at Web development environments used to host websites or code repositories.

  • Linux Ransomware Is Now Attacking Webmasters

    A new bit of ransomware is now attacking Linux-based machines, specifically the folders associated with serving web pages. Called Linux.Encoder.1 the ransomware will encrypt your MySQL, Apache, and home/root folders. The system then asks for a single bitcoin to decrypt the files.

  • Auto-Hacking Class Action Likely to Die

    A federal judge Tuesday indicated he will dismiss with leave to amend a class action claiming Ford, Toyota and General Motors made their cars vulnerable to hackers.

  • Volkswagen and the Real Insider Threat

    Over the last several weeks, reporting has revealed a coordinated insider effort at Volkswagen to insert a malicious piece of software—a defeat device—into the car’s electronic control module. The device was able to sense when emission tests were being conducted by monitoring things like “speed, engine operation, air pressure and even the position of the steering wheel,” and triggered changes to the car’s operations to reduce emissions during the testing process so that those cars would pass the tests. When the malicious software remained dormant, the emission controls were disabled and the cars spewed up to 40 times the EPA-mandated emissions limits. Through the defeat device, Volkswagen was able to sell more than half a million diesel-fueled cars in the U.S. in violation of U.S. environmental laws.

  • Encrypted resistance: from digital security to dual power

    Digital technology is often seen as a curiosity in revolutionary politics, perhaps as a specialized skill set that is peripheral to the hard work of organizing. But the growing trend of “cyber-resistance” might hold more potential than we have given it credit for. Specifically, the popularized use of encryption gives us the ability to form a type of liberated space within the shifting maze of cables and servers that make up the Internet. The “web” is bound by the laws of math and physics before the laws of states, and in that cyberspace we may be able to birth a new revolutionary consciousness.

pfSense 2.2.5-RELEASE Now Available!

Filed under
Security
BSD

pfSense® software version 2.2.5 is now available. This release includes a number of bug fixes and some security updates.

Today is also the 11 year birthday of the project. While work started in late summer 2004, the domains were registered and the project made public on November 5, 2004. Thanks to everyone that has helped make the project a great success for 11 years. Things just keep getting better, and the best is yet to come.

Read more

Also: OpenBGPd and route filters

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

Linux 4.6.5

I'm announcing the release of the 4.6.5 kernel. All users of the 4.6 kernel series must upgrade. The updated 4.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.6.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-st... thanks, greg k-h Read more Also: Linux 4.4.16 Linux 3.14.74

today's leftovers

Leftovers: Software

  • The Linux Deepin File Manager Is a Thing of Beauty
    China-based Linux distro Deepin has shown off its all-new desktop file manager. And to say it's pretty is an understatement.
  • GRadio Lets You Find, Listen to Radio Stations from the Ubuntu Desktop
    Love to listen to the radio? My ol’ pal Lolly did. But let’s say you want to listen to the radio on Ubuntu. How do you do it? Well, the Ubuntu Software centre should always be the first dial you try, but you’ll need to sift through a load of static to find a decent app.
  • Reprotest 0.2 released, with virtualization support
    reprotest 0.2 is available in PyPi and should hit Debian soon. I have tested null (no container, build on the host system), schroot, and qemu, but it's likely that chroot, Linux containers (lxc/lxd), and quite possibly ssh are also working. I haven't tested the autopkgtest code on a non-Debian system, but again, it probably works. At this point, reprotest is not quite a replacement for the prebuilder script because I haven't implemented all the variations yet, but it offers better virtualization because it supports qemu, and it can build non-Debian software because it doesn't rely on pbuilder.
  • Calibre 2.63.0 eBook Converter and Viewer Adds Unicode 9.0 Support, Bugfixes
    Kovid Goyal has released yet another maintenance update for his popular, open-source, free, and cross-platform Calibre ebook library management software, version 2.63.0. Calibre 2.63.0 arrives two weeks after the release of the previous maintenance update, Calibre 2.62.0, which introduced support for the new Kindle Oasis ebook reader from Amazon, as well as reading and writing of EPUB 3 metadata. Unfortunately, there aren't many interesting features added in the Calibre 2.63.0 release, except for the implementation of Unicode 9.0 support in the regex engine of the Edit Book feature that lets users edit books that contain characters encoded with the recently released Unicode 9.0 standard.
  • Mozilla Delivers Improved User Experience in Firefox for iOS
    When we rolled out Firefox for iOS late last year, we got a tremendous response and millions of downloads. Lots of Firefox users were ecstatic they could use the browser they love on the iPhone or iPad they had chosen. Today, we’re thrilled to release some big improvements to Firefox for iOS. These improvements will give users more speed, flexibility and choice, three things we care deeply about.
  • LibreOffice 5.2 Is Being Released Next Wednesday
    One week from today will mark the release of LibreOffice 5.2 as the open-source office suite's latest major update. LibreOffice 5.2 features a new (optional) single toolbar mode, bookmark improvements. new Calc spreadsheet functions (including forecasting functions), support for signature descriptions, support for OOXML signature import/export, and a wealth of other updates. There are also GTK3 user-interface improvements, OpenGL rendering improvements, multi-threaded 3D rendering, faster rendering, and more.
  • Blackmagic Design Finally Introduces Fusion 8 For Linux
  • Why Microsoft’s revival of Skype for Linux is a big deal [Ed: This article is nonsense right from the headline. Web client is not Linux support. And it's spyware (centralised too).]

today's howtos