Language Selection

English French German Italian Portuguese Spanish

Security

Parrot Security OS 3.0 "Lithium" Is a Linux Distro for Cryptography & Anonymity

Filed under
GNU
Linux
Security

A few days ago, Parrot Security OS developer Frozenbox Network teased users on Twitter with the upcoming release of the long anticipated Parrot Security OS 3.0 "Lithium" distribution.

Based on the latest Debian GNU/Linux technologies and borrowing many of the packages from the Debian 8 "Jessie" stable repositories, Parrot Security OS 3.0 just received new Release Candidate (RC) ISO builds that users can now download and install on their personal computer if they want to get an early taste of what's coming.

Read more

Security Leftovers

Filed under
Security

Black Duck's Free Tool Digs Out Open Source Bugs

Filed under
OSS
Security

The main advantage of such tools is ease of use. The main limitation is that a tool is only as effective as its creators' list of vulnerabilities. Using a given tool implies that you trust the vendor to stay alert and on the job, noted King.

Developers have "a ton of other similar offerings out there," he said. By offering a free scanner, Black Duck can draw attention to its other products.

"If the new tool delivers what the company promises, it will help put the company in good stead with customer developers. Satisfied customers tend to be repeat customers," King said.

Read more

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Judge Says The FBI Can Keep Its Hacking Tool Secret, But Not The Evidence Obtained With It

    Michaud hasn't had the case against him dismissed, but the government will now have to rely on evidence it didn't gain access to by using its illegal search. And there can't be much of that, considering the FBI had no idea who Michaud was or where he resided until after the malware-that-isn't-malware had stripped away Tor's protections and revealed his IP address.

    The FBI really can't blame anyone but itself for this outcome. Judge Bryan may have agreed that the FBI had good reason to keep its technique secret, but there was nothing preventing the FBI from voluntarily turning over details on its hacking tool to Michaud. But it chose not to, despite his lawyer's assurance it would maintain as much of the FBI's secrecy as possible while still defending his client.

    Judge Bryan found the FBI's ex parte arguments persuasive and declared the agency could keep the info out of Michaud's hands. But doing so meant the judicial playing field was no longer level, as he acknowledged in his written ruling. Fortunately, the court has decided it's not going to allow the government to have its secrecy cake and eat it, too. If it wants to deploy exploits with minimal judicial oversight, then it has to realize it can't successfully counter suppression requests with vows of silence.

  • Researcher Pockets $30,000 in Chrome Bounties

    Having cashed in earlier in May to the tune of $15,500, Mlynski pocketed another $30,000 courtesy of Google’s bug bounty program after four high-severity vulnerabilities were patched in the Chrome browser, each worth $7,500 to the white-hat hacker.

Kali Linux Alternative: BackBox Linux 4.6 Released With Updated Hacking Tools

Filed under
GNU
Linux
Security

BackBox Linux, a Kali Linux alternative, is here with its latest version i.e. BackBox Linux 4.6. Based on Ubuntu Linux, this hacking operating system is now available for download with updated hacking tools and Ruby 2.2.

Read more

Secure Desktops with Qubes: Introduction

Filed under
OS
Security

This is the first in a multipart series on Qubes OS, a security-focused operating system that is fundamentally different from any other Linux desktop I've ever used and one I personally switched to during the past couple months. In this first article, I provide an overview of what Qubes is, some of the approaches it takes that are completely different from what you might be used to on a Linux desktop and some of its particularly interesting security features. In future articles, I'll give more how-to guides on installing and configuring it and how to use some of its more-advanced features.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Thursday
  • Paul Vixie on IPv6 NAT, IPv6 security and Internet of Things

    Internet pioneer Paul Vixie spoke with SearchSecurity about IPv6 NAT, IPv6 and the Internet of Things, and the long, thankless path to deploying IPv6.

  • PHP 7.0.7 Released Fixing 28 Bugs

    As is the case with a .xy update, this is mostly a bug fix update, with at least 28 different issues being fixed in an effort to make PHP 7.x more stable. Though the PHP project hasn't identified any specific security vulnerabilities that are fixed in the update, I see at least one with bug #72162.

  • Skimmers Found at Walmart: A Closer Look

    Recent local news stories about credit card skimmers found in self-checkout lanes at some Walmart locations reminds me of a criminal sales pitch I saw recently for overlay skimmers made specifically for the very same card terminals.

Anonymous Live CD Tails to Use Tor Browser 6.0, Firewall and Kernel Hardening

Filed under
Security
Debian

The next major version of the Tails amnesic incognito live system, also known as the Anonymous Live CD used by ex-CIA employee Edward Snowden to stay hidden online using the latest Tor technologies, is now in the works.

Tails 2.4 development is open, and it looks like the first Release Candidate (RC) build has already landed for public beta testing, incorporating some major new features and changes, among which we can mention the upgrade to the latest Tor Browser 6.0 web browser based on Mozilla Firefox 45.2.

Read more

Also: Ubuntu 16.04 LTS (Xenial Xerus) Release Party in Japan to Take Place June 26

Security Leftovers

Filed under
Security

Torvalds unhappy with sloppy Unix Millennium Bug patches for Linux kernel

Filed under
Linux
Security

Along similar lines to the Y2K bug, there is a new challenge faced by Unix-like operating systems known as the year 2038 problem or 'Unix Millennium Bug'. Under these operating systems, date values are stored in a signed 32-bit integer indicating the number of seconds since January 1, 1970. A problem arises with the 32-bit integer overflowing at approximately 0314 hours on January 19, 2038 causing systems to interpret the date value as December 13, 1901.

Read more

Syndicate content

More in Tux Machines

Mozilla involves the community in its “open-source” rebrand

Mozilla is bending the terms of the rebrand with a “branding without walls” open-source initiative. Read more

RPi 3 add-on loads up on sensors, wireless radios

Matrix Labs’s FPGA-driven “Matrix Creator” IoT daughter board for the Raspberry Pi 3 is loaded with sensors, 802.15.4 radios, and a mic array. The disc-shaped Matrix Creator add-on for the Raspberry Pi is based on AdMobilize’s successfully Kickstartered Matrix home automation and surveillance hub. AdMobilize spun off Matrix Labs, which has now built this cheaper, board-level version of the product. Read more

Canonical Releases Snapcraft 2.12 Snaps Creator with New Parts Ecosystem, More

Today, June 29, 2016, Canonical has had the great pleasure of announcing the release of the highly anticipated Snapcraft 2.12 Snappy creator tool for the Ubuntu Linux operating system. Read more

AMDGPU-PRO Driver 16.30 Officially Released with Support for Ubuntu 16.04 LTS

Today, June 29, 2016, AMD released the final version of the AMDGPU-Pro 16.30 graphics driver for GNU/Linux operating systems, bringing support for new technologies like the Vulkan API. Read more