Language Selection

English French German Italian Portuguese Spanish

Security

Firejail – A Security Sandbox for Mozilla Firefox

Filed under
Moz/FF
Security

Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications. The core technology behind Firejail is Linux Namespaces, a virtualization technology available in Linux kernel. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table, IPC space.

Read more

Blackphone bug bounty programme aims to find flaws in 'surveillance-proof' smartphone

Filed under
Android
Security

SILENT CIRCLE has announced a bug bounty programme for its Blackphone venture designed to find security flaws in the "surveillance-proof" smartphone.

Blackphone is a joint venture of Silent Circle and Geeksphone, known as SGP Technologies. Running a secure PrivatOS operating system, it is what the companies call "a truly surveillance-proof smartphone" in the wake of the past year's NSA revelations.

Read more

Huawei Is New Official Smartphone Provider For Officials In China

Filed under
Android
Linux
Security

Huawei and their smartphone business have not exactly garnered good press in the past – especially when there were allegations of Huawei churning out spyphones for the China government, which the company vehemently denied. Subsequently, it is said that Huawei themselves decided to pull out from the U.S. market, where we then learned that the tables were turned afterwards with the NSA being accused of spying on Huawei instead. Having said that, it seems as though officials over in China will have a spanking new smartphone soon – and it will not hail from the likes of Samsung, LG, HTC or other big name players, but from Huawei themselves.

Read more

Bash specially-crafted environment variables code injection attack

Filed under
Security

Bash or the Bourne again shell, is a UNIX like shell, which is perhaps one of the most installed utilities on any Linux system. From its creation in 1980, bash has evolved from a simple terminal based command interpreter to many other fancy uses.

In Linux, environment variables provide a way to influence the behavior of software on the system. They typically consists of a name which has a value assigned to it. The same is true of the bash shell. It is common for a lot of programs to run bash shell in the background. It is often used to provide a shell to a remote user (via ssh, telnet, for example), provide a parser for CGI scripts (Apache, etc) or even provide limited command execution support (git, etc)

Read more

Mozilla: Phasing Out Certificates with SHA-1 based Signature Algorithms

Filed under
Moz/FF
Security

We plan to add a security warning to the Web Console to remind developers that they should not be using a SHA-1 based certificate. We will display an additional, more prominent warning if the certificate will be valid after January 1, 2017, since we will reject that certificate after that date. We plan to implement these warnings in the next few weeks, so they should be appearing in released versions of Firefox in early 2015. We may implement additional UI indicators later. For instance, after January 1, 2016, we plan to show the “Untrusted Connection” error whenever a newly issued SHA-1 certificate is encountered in Firefox. After January 1, 2017, we plan to show the “Untrusted Connection” error whenever a SHA-1 certificate is encountered in Firefox.

Read more

My free software will respect users or it will be bullshit

Filed under
Security

The four freedoms are only meaningful if they result in real-world benefits to the entire population, not a privileged minority. If your approach to releasing free software is merely to ensure that it has an approved license and throw it over the wall, you're doing it wrong. We need to design software from the ground up in such a way that those freedoms provide immediate and real benefits to our users. Anything else is a failure.

Read more

Tor Challenge hits it out of the park

Filed under
OSS
Security

If you need to be anonymous online, or evade digital censorship and surveillance, the Tor network has your back. And it's more than a little bit stronger now than it was this spring, thanks to the Tor Challenge.

Tor is a publicly accessible, free software-based system for anonymizing Internet traffic. It relies on thousands of computers around the world called relays, which route traffic in tricky ways to dodge spying. The more relays, the stronger and faster the network.

We'd like to warmly thank our allies at the Electronic Frontier Foundation for organizing the Tor Challenge and inviting us to join them in promoting it. And most of all, thanks to the 1,635 of you who started a relay! (The FSF would have started one too, but we've already been running ours for a while.)

Read more

Performance and security in Red Hat Enterprise Linux 7

Filed under
Red Hat
Server
Security

Modern datacenters and next-generation IT requirements depend on capable platforms, with open source solutions offering a strong foundation for open hybrid cloud and enterprise workloads. A powerful, unified platform enables enterprises to use a solid foundation to balance demand while utilizing new trends and technologies such as virtual machines and the open hybrid cloud.

Read more

Snowden: New Zealand Is Spying, Too

Filed under
Security

Former National Security Agency contractor Edward Snowden warned New Zealanders in a media blitz on Monday that all of their private emails, phone calls and text messages are being spied on despite government denials.

"If you live in New Zealand, you are being watched," Snowden said in a commentary published by the Intercept, an online news site co-founded by Guardian columnist Glenn Greenwald, Snowden's main conduit for disclosing classified information he absconded with when he fled his NSA job last year.

Read more

CipherShed: A replacement for TrueCrypt

Filed under
OSS
Security

While the Open Crypt Audit Project, headed by cryptographer Matthew Green and Kenneth White, Principal Scientist at Social & Scientific Systems, has been considering whether to take over the development of TrueCrypt and is working on the second phase of the audit process (a thorough analysis of the code responsable for the actual encryption process), one of TrueCrypt's developers has expressed his disapproval of a project that would fork the software.

Read more

Syndicate content

More in Tux Machines

Getting OpenStack Ready for the Enterprise

OpenStack is gaining popularity as the cloud platform of choice for IT organizations. This was reflected in a 2013 IDG survey that found as much as 64 percent of IT managers including OpenStack in their technology roadmap. In the current fast-paced IT market, the massive scalability and flexible, modular architecture of OpenStack can help give organizations the agility they need. Read more

Open source projects that warrant data center managers' attention

When you're making the case to a data center manager about tech that is worthy of her consideration, make sure these three open source options are on your list. Read more

Open source and Made in Italy: Arduino are circuit boards with a sense of style

One of the more surprising applications has been the natural marriage between the Arduino board and Lego. Once seen only as a child's building block toy, Lego is finding startling utility as an instant mechanical prototype maker for Arduino ideas. Read more

11 Useful Utilities To Supercharge Your Ubuntu Experience

Whether you’re a relative novice or a seasoned pro, we all want to get the most from our operating system. Ubuntu, like most modern OSes, has more to offer than what is presented at first blush. From tweaking and refining the look, behaviour and performance of the Unity desktop to performing system maintenance, there are a huge array of useful utilities and apps that can help tune Ubuntu to meet your needs in no time. Read more