Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

Tor 0.3.0.6 is released: a new series is stable!

Filed under
Security

Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series.

With the 0.3.0 series, clients and relays now use Ed25519 keys to authenticate their link connections to relays, rather than the old RSA1024 keys that they used before. (Circuit crypto has been Curve25519-authenticated since 0.2.4.8-alpha.) We have also replaced the guard selection and replacement algorithm to behave more robustly in the presence of unreliable networks, and to resist guard- capture attacks.

Read more

Easy ways to make your Android device more secure

Filed under
Android
Security

How secure is your data on that Android smartphone? On a scale of "Alcatraz" to "open field of flowers," where does yours rank? If you're truly concerned about the security of your mobile device (which you should be), you know there are always steps to take to further clamp it down. Because some of these steps a bit more complicated, they are often overlooked by the average user. That's why I want to offer up a few easy ways anyone can bring a bit more security to their Android device.

Read more

Security Leftovers

Filed under
Security

Microsoft Begs, Bugs, and Bug Doors

Filed under
Microsoft
Security
  • Don't install our buggy Windows 10 Creators Update, begs Microsoft

    Microsoft has urged non-tech-savvy people – or anyone who just wants a stable computer – to not download and install this year's biggest revision to Windows by hand. And that's because it may well bork your machine.

    It's been two weeks since Microsoft made its Creators Update available, and we were previously warned it will be a trickle-out rather than a massive rollout. Now, Redmond has urged users to stop manually fetching and installing the code, and instead wait for it to be automatically offered to your computer when it's ready.

  • Microsoft Word flaw took so long to fix that hackers used it to send fraud software to millions of computers

    A flaw in Microsoft Word took the tech giant so long to fix that hackers were able to use it to send fraud software to millions of computers, it has been revealed.

    The security flaw, officially known as CVE-2017-0199, could allow a hacker to seize control of a personal computer with little trace, and was fixed on April 11 in Microsoft's regular monthly security update - nine months after it was discovered.

Security Leftovers

Filed under
Security

Security updates and no more patches from grsecurity (without a fee)

Filed under
Security
  • Security updates for Wednesday
  • GrSecurity Kernel Patches Will No Longer Be Free To The Public

    The GrSecurity initiative that hosts various out-of-tree patches to the mainline Linux kernel in order to enhance the security will no longer be available to non-paying users.

    GrSecurity has been around for the better part of two decades and going back to the 2.4 kernel days. In 2015 the stable GrSecurity patches became available to only commercial customers while the testing patches had still been public. That's now changing with all GrSecurity users needing to be customers.

  • Passing the Baton: FAQ

    This change is effective today, April 26th 2017. Public test patches have been removed from the download area. 4.9 was specifically chosen as the last public release as being the latest upstream LTS kernel will help ease the community transition.

  • grsecurity - Passing the Baton

    Anyone here use grsecurity and have any thoughts about this?

More Coverage of Kali Linux 2017.1 Release

Filed under
GNU
Linux
Security
  • Kali Linux 2017.1 Security OS Brings Wireless Injection Attacks to 802.11 AC

    Offensive Security, the developers of the BackTrack-derived Kali Linux open-source, security-oriented operating system announced the availability of the Kali Linux 2017.1 rolling release.

    Since Kali Linux become a rolling distro, the importance of such updated images was never the same, but Kali Linux 2017.1 appears to be a major release of the ethical hacking distro, adding a bunch of exciting new features and improvements to the Debian-based operating system.

  • Kali Linux 2017.1 Released With New Features | Download ISO Files And Torrents Here

    Offensive Security has updated the Kali Linux images with new features and changes. Termed Kali Linux 2017.1, this release comes with support for wireless injection attacks to 802.11ac and Nvidia CUDA GPU. You can simply update your existing installation by running few commands if you don’t wish to download the updated images from Kali repos.

Security Leftovers

Filed under
Security
  • NSA backdoor detected on >55,000 Windows boxes can now be remotely removed

    After Microsoft officials dismissed evidence that more than 10,000 Windows machines on the Internet were infected by a highly advanced National Security Agency backdoor, private researchers are stepping in to fill the void. The latest example of this open source self-help came on Tuesday with the release of a tool that can remotely uninstall the DoublePulsar implant.

  • Turns out, pacemaker security is terrifying

    Ultimately, St. Jude Medical's stock plunged as much as 10 percent in the aftermath. The company launched a lawsuit against MedSec and Muddy Waters, and the three firms skirmished in the press again when MedSec's findings were allegedly reproduced by security firm Bishop Fox. What's more, the second set of researchers claimed they could take over the pacemakers at a distance of around 10 feet.

  • Chrome, Firefox, and Opera users beware: This isn’t the apple.com you want
  • [Older] Phishing with Unicode Domains

    From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as "xn--pple-43d.com", which is equivalent to "аpple.com". It may not be obvious at first glance, but "аpple.com" uses the Cyrillic "а" (U+0430) rather than the ASCII "a" (U+0061). This is known as a homograph attack.

  • New Strain of Linux Malware Could Get Serious [Ed: ECT thinks that people having default username+password is a "Linux" issue? Seriously?

    A new strain of malware targeting Linux systems, dubbed "Linux/Shishiga," could morph into a dangerous security threat.

    Eset on Tuesday disclosed the threat, which represents a new Lua family unrelated to previously seen LuaBot malware.

Kali Linux 2017.1 Release

Filed under
GNU
Linux
Security

Finally, it’s here! We’re happy to announce the availability of the Kali Linux 2017.1 rolling release, which brings with it a bunch of exciting updates and features. As with all new releases, you have the common denominator of updated packages, an updated kernel that provides more and better hardware support, as well as a slew of updated tools – but this release has a few more surprises up its sleeve.

Read more

Also: Kali Linux repository HTTPS support

Syndicate content

More in Tux Machines

OSS Leftovers

  • Nextcloud 12 Officially Released, Adds New Architecture for Massive Scalability
    Nextcloud informs Softpedia today about the official availability of the final release of Nextcloud 12, a major milestone of the self-hosting cloud server technology that introduces numerous new features and improvements. The biggest new feature of the Nextcloud 12 release appears to be the introduction of a new architecture for massive scalability, called Global Scale, which is a next-generation open-source technology for syncing and sharing files. Global Scale increases scalability from tens of thousands of users to hundreds of millions on a single instance, while helping universities and other institutions significantly reduce the costs of their existing large installations.
  • ReactOS 0.4.5 Open-Source Windows-Compatible OS Launches with Many Improvements
    ReactOS 0.4.5 is a maintenance update that adds numerous changes and improvements over the previous point release. The kernel has been updated in this version to improve the FreeLoader and UEFI booting, as well as the Plug and Play modules, adding support for more computers to boot ReactOS without issues.
  • Sprint Debuts Open Source NFV/SDN Platform Developed with Intel Labs
    AT&T has been the headliner in the carrier race to software defined networking (SDN) and network function virtualization (NFV). But Sprint is putting its own stamp on the space this week with its debut of a new open source SDN/NFV mobile core solution.
  • Google’s New Home for All Things Open Source Runs Deep
    Google is not only one of the biggest contributors to the open source community but also has a strong track record of delivering open source tools and platforms that give birth to robust technology ecosystems. Just witness the momentum that Android and Kubernetes now have. Recently, Google launched a new home for its open source projects, processes, and initiatives. The site runs deep and has several avenues worth investigating. Here is a tour and some highlights worth noting.
  • Making your first open source contribution
  • Simplify expense reports with Smart Receipts
    The app is called Smart Receipts, it's licensed AGPL 3.0, and the source code is available on GitHub for Android and iOS.
  • How the TensorFlow team handles open source support
    Open-sourcing is more than throwing code over the wall and hoping somebody uses it. I knew this in theory, but being part of the TensorFlow team at Google has opened my eyes to how many different elements you need to build a community around a piece of software.
  • IRC for the 21st Century: Introducing Riot
    Internet relay chat (IRC) is one of the oldest chat protocols around and still popular in many open source communities. IRC's best strengths are as a decentralized and open communication method, making it easy for anyone to participate by running a network of their own. There are also a variety of clients and bots available for IRC.

Tizen News: Phones and TVs

  • Tizen 3.0-powered Samsung Z4 now available with offline retailers in india
    The Samsung Z4, the fourth smartphone in Samsung’s Z series and a successor to the Z2 (and not the Z3, as many would assume), has been formally announced and made an appearance at the Tizen Developer Conference (TDC 2017) this past week. The Z4 was rumoured to make its way to India on May 19th (Friday) and it did – arriving with offline retailers after launching in the country last Monday (one week ago).
  • Samsung 2017 QLED TVs World First to support autocalibration for HDR
  • Samsung approves You.i TV video platform for Tizen TV app development
    While Samsung has developed Tizen TV apps using JavaScript, You.i TV’s Engine Video app runs on Native Client (NACL), a web technology that does not only allows C++ applications to run in a standard browser but is said to be 24 times faster than JavaScript. Now that Samsung has approved You.i TV’s video engine platform, developers can craft more video content for Tizen Smart TV owners.
  • Samsung Smart TV gets a new Glympse app that enables location sharing on the TV
    Samsung Smart TV, powered by the intuitive, self-developed Tizen operating system, has gotten a cool new app which enables consumers to view the location of their friends, loved ones or even a pizza delivery or cable technician in real-time directly from their home’s largest screen. The new app is developed by Glympse, the leading real-time location services platform.

How To Encrypt DNS Traffic In Linux Using DNSCrypt

​Dnscrypt is a protocol that is used to improve DNS security by authenticating communications between a DNS client and a DNS resolver. DNSCrypt prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with. DNSCrypt is available for multi-platforms including Windows, MacOS, Unix, Android, iOS, Linux and even routers. Read
more

Debian-Based Untangle 13.0 Linux Firewall Tackles Bufferbloat, Adds New Features

Untangle NG Firewall, the open-source and powerful Debian-based network security platform featuring pluggable modules for network apps, has been updated to version 13.0, a major release adding new features and numerous improvements. The biggest improvement brought by the Untangle NG Firewall 13.0 release is to the poor latency generated by excess buffering in networking equipment, called bufferbloat, by supporting a queueing algorithm designed to optimize QoS and bandwidth to enforce a controlled delay. Read more