Language Selection

English French German Italian Portuguese Spanish

Security

Linux Foundation to Launch New Security-Focused Badge Program for Open-Source Software

Filed under
Linux
Security

During the LinuxCon and CloudOpen events that took place last week in Seattle, North America, Linux Foundation's Core Infrastructure Initiative announced that they are developing a new free Badge Program and that they want to know the open source community's opinion on the matter.

Read more

Linux Machines Produce Easy to Guess Random Numbers

Filed under
Linux
Security

A study carried out by two security researchers revealed that the internal system used by Linux systems to produce random numbers, which are later utilized to encrypt data, is much weaker than previously thought.

Read more

Android Smart lock: Should you be using it?

Filed under
Android
Security

Here's my suggestion... at least on a user level. If you want to use Smart lock to be able to gain quick and easy access to certain aspects of your device (such as the phone), but keep a modicum of security on other aspects (such as email, messages, etc), employ an app locker app (such as AppLock) to lock down the applications that require security.

Read more

Security Leftovers

Filed under
Security
  • LinuxCon: CII Program Will Give Badges to Open Source Projects With Strong Security

    Amid this week’s LinuxCon in Seattle, SecurityWeek reported that the Core Infrastructure Initiative (CII), which funds open source projects, will give the badge to those that meet a set of standard criteria. This includes an established bug reporting process, an automated test suite, vulnerability response processes and patching processes. A self-assessment will determine whether the project owners merit the badge.

  • Why every website should switch to HTTPS

    HTTPS protects both website owners and users from interference by network operators. It provides three protections: data authentication, integrity, and confidentiality. HTTPS makes sure that the website you loaded was sent by the real owner of that website, that nothing was injected or censored on the website, and that no one else is able to read the contents of the data being transmitted. We are seeing more and more evidence of manipulation of websites to inject things that the website owners and users didn't intend. Additionally, browsers are starting to deprecate HTTP as non-secure, so in the coming years non-HTTPS websites will start throwing warnings by both Chrome and Firefox.

  • Embargoed firmware updates in LVFS

    The new embargo target allows vendors to test the automatic update functionality using a secret vendor-specific URL set in /etc/fwupd.conf without releasing it to the general public until the hardware has been announced.

  • Security updates for Friday

Security Leftovers

Filed under
Security

Linus Torvalds Talks Linux Security at LinuxCon

Filed under
Linux
Security

"The only real solution to security is to admit that bugs happen," Torvalds said, "and then mitigate them by having multiple layers, so if you have a hole in one component, the next layer will catch the issue."
Torvalds added, "Anyone that thinks that we'll be entirely secure is just not realistic; we'll always have issues."

Read more

Meet Kali Linux 2.0, a distro built to hammer your security

Filed under
Linux
Security

Kali is the successor to BackTrack, and is a Debian-based Linux distribution that includes hundreds of penetration-testing tools pre-installed and ready to go. Just boot it from a USB drive or live DVD and you’ll have a penetration-testing—or “hacking”—environment with all the tools you might want just waiting for you to fire them up.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • Security advisories for Tuesday
  • DDoS attacks on the rise as Akamai warns that 'mega attacks' are coming

    THIS IS THE DAWN of the mega denial-of-service (DoS) attack, according to security firm Akamai and its second quarter threat report.

    We wait every three months for the Akamai State of the Internet report, and we are never disappointed. Its content is pretty good too, and allows for a summary of the past quarter and a reminder about things like Shellshock and web perennials like Flash, WordPress themes and application attacks.

  • Ransomware goes open source

    Turkish security bod Utku Sen has published what seems to be the first open source ransomware that anyone can download and spread. The 'Hidden Tear' ransomware, available at GitHub, is a working version of the malware the world has come to hate. It uses AES encryption to lock down files and could display a scare warning or ransom message to get users to pay.

Ransomware goes OPEN SOURCE in the name of education

Filed under
OSS
Security

Turkish security bod Utku Sen has published what appears to be the first open source ransomware that anyone can download and spread.

The "Hidden Tear" ransomware, available to GitHub, is a functional version of the malware the world has come to hate; it uses AES encryption to lock down files and can display a scare warning or ransom message to get users to pay up.

Read more

Five free Android encryption tools for the paranoid user

Filed under
Android
Security

Do your hats tend to fall into the tinfoil range? Are you afraid there is always somebody watching you? If so, rest assured that the Android ecosystem offers plenty of apps to soothe your paranoia. But which apps are the must-haves? Here are five apps you should immediately install and put to work. They'll bring you peace in the knowledge that your mobile data is far more secure than those around you.

Read more

Syndicate content

More in Tux Machines

Alpine 3.4.0 released

We are pleased to announce Alpine Linux 3.4.0, the first release in v3.4 stable series. Read more

Meet Manjaro Linux Gaming 16.06 — An Arch Linux-based Linux Distro For Gamers

It’s time to meet Manjaro Linux Gaming, an Arch Linux-based operating system that’s designed for gaming. This Linux distro comes with many open source software and emulators to assist you in gaming. The overall settings of the OS have been adjusted to suit the needs of gamers. Read more

Leftovers: Gaming

Leftovers: Software

  • Phoronix Test Suite 6.4 M4 Brings Suite Editing To The Phoromatic Server
  • TOR Browser 6.0 Released With Better HTML5 Support And Improved Security
    TOR Browser 6.0 has been released with multiple changes and improvements.
  • Top 5 Screen cast Softwares for Linux
    A Screen cast software(screen recorder) is the recording of computer screen, also known as a screen capture with audio. we can also hear a regular word screenshot, the difference between screenshot and screen cast is the screenshot generates a single picture of a computer screen but, where as screen cast records all the user activities on screen with audio narration like movie it would be saved as in video format. the video is in sevaral formats like flv,mp4,avi etc..
  • Calamares 2.2.3 Universal Installer Adds Locale Choice Support on Debian Linux
    Today, May 30, 2016, the development team behind Calamares, the next-generation, distribution-independent graphical installer framework announced the release of Calamares 2.2.3.
  • Back to Backups
    The most encouraging part about getting followup e-mail messages from readers about their backup solutions is to hear that lots of folks actually have backup solutions! Regardless of the complexity of your backup process or the level of automation you deem appropriate for your data, apart from creating the memories in the first place, few things are as important as backing them up!