Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

Torvalds unhappy with sloppy Unix Millennium Bug patches for Linux kernel

Filed under
Linux
Security

Along similar lines to the Y2K bug, there is a new challenge faced by Unix-like operating systems known as the year 2038 problem or 'Unix Millennium Bug'. Under these operating systems, date values are stored in a signed 32-bit integer indicating the number of seconds since January 1, 1970. A problem arises with the 32-bit integer overflowing at approximately 0314 hours on January 19, 2038 causing systems to interpret the date value as December 13, 1901.

Read more

Security Leftovers

Filed under
Security

Major CoreOS Linux Alpha Vulnerability Patched

Filed under
OS
Linux
Security

A major vulnerability in CoreOS Linux Alpha has been patched, with the issue limited to versions 104x.0.0 of the distribution.

In the blog post Major Remote SSH Security Issue in CoreOS Linux Alpha, Subset of Users Affected the CoreOS Security Team described the issue saying:

Read more

Security Leftovers

Filed under
Security
  • Security advisories for Monday
  • What's the point of (InfoSec) Certifications?

    When I did the GSE, I absolutely loved the hands-on lab more than anything-else I'd done in the world of SANS or GIAC, outside of Mike Poor's 503 Packet Work book (if you like packets, this is heaven, literally Smile ) and the "Capture the Flag" exercises created by Ed Skoudis in 504 and 560. I've also had some amazing instructors like Arrigo Triulzi (Arrigo teaching SEC504 actually convinced me that my future was in InfoSec) and Stephen Sims, however, I am questioning more than ever the value of certifications and to a lesser degree the training courses (which are priced to be exclusive to a tiny minority who are already fairly well off or lucky - I often recommend Coursera or the Offensive Security stuff to candidates when cost is a real issue).

  • Linux Kernel Website Kernel.org Banned By Norton

    Symantec’s automated threat analysis system, Norton Safe Web, claims that Linux kernel’s website kernel.org contains 4 threats and shows a red flag to the users. Looking at Norton’s past record, this threat detection could be just another false warning.

  • Oplcarus: An Anonymous Hacker Reveals The Motivation Behind Latest Attacks

    Here is an account of the operation against banks and financial institutes, named “OpIcarus”, by Anonymous. It reveals the purpose of the cyber attacks, their targets, and the future of OpIcarus operation as told by one of the Anonymous hacktivists with an online name of “The Voice” .

  • Systemd Reverts Its Stance On Letting Users Access Frame-Buffer Devices

    Last week's release of systemd 230 ended up shipping with a change that made it more easy for processes running as a user to snoop on frame-buffer devices. That change has already been reverted for the next systemd update.

Security Leftovers

Filed under
Security
  • TOTP SSH port fluxing

    Beware: I would not really recommend running this software - it was only written as a joke.

  • TeslaCrypt no more: Ransomware master decryption key released

    The developer has handed over the keys to the kingdom in a surprising twist in TeslaCrypt's tale.

  • Thoughts on our security bubble

    Last week I spent time with a lot of normal people. Well, they were all computer folks, but not the sort one would find in a typical security circle. It really got me thinking about the bubble we live in as the security people.

    There are a lot of things we take for granted. I can reference Dunning Kruger and "turtles all the way down" and not have to explain myself. If I talk about a buffer overflow, or most any security term I never have to explain what's going on. Even some of the more obscure technologies like container scanners and SCAP don't need but a few words to explain what happens. It's easy to talk to security people, at least it's easy for security people to talk to other security people.

  • Ransomware Adds DDoS Capabilities to Annoy Other People, Not Just You

    Ransomware developers seem to have found another way to monetize their operations by adding a DDoS component to their malicious payloads.

    Security researchers from Invincea reported this past Wednesday on a malware sample that appeared to be a modified version of an older threat, the Cerber ransomware.

    The malware analysis team that inspected the file discovered that, besides the file encryption and screen locking capabilities seen in most ransomware families, this threat also comes with an additional payload, which, when put under observation, seemed to be launching network packets towards a network subnet.

Antivirus Live CD 18.0-0.99.2 Uses ClamAV 0.99.2 to Clean Your PCs of Viruses

Filed under
OSS
Security

4MLinux developer Zbigniew Konojacki informs Softpedia today, May 21, 2016, about the launch of an updated version of his open-source, standalone Antivirus Live CD project.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Friday
  • Security brief: CoreOS Linux Alpha remote SSH issue

    On May 15, CoreOS was informed of a vulnerability in the alpha version of CoreOS Linux. Within 8 hours of this notification, over 99% of affected systems had been automatically patched. Though this issue was limited to an alpha version, we hold all of our releases to the same security standards, and we immediately responded, reported, and corrected the issue. This post describes the nature of the vulnerability, our response, and our plans to avoid similar issues in the future.

  • Purism Laptops to Protect You from Surveillance Capitalism

    There's a new hardware company on the scene called Purism, and the name is a significant clue as to what the company is all about: pure software. At its heart, Purism is dedicated to providing computer hardware driven entirely by open source software so that users can "trust, but verify." Purism is putting itself in direct opposition to what it considers "surveillance capitalism."

    I spoke with CEO Todd Weaver at Pepcom, and it was one of the most significant conversations I've had with a tech exec in a long time. I was already on board with Mr. Weaver's general message when he laid that phrase on me, "surveillance capitalism." That's when he really had me hooked.

Security Leftovers

Filed under
Security
  • “Robin Hood” Hacker Steals $11,000 In Bitcoin, Donates It To Help Fight ISIS

    The hacker who claimed to hack the Hacking Team and Gamma Group is back again. This time, he has sent about $11,000 of allegedly stolen Bitcoin to help fight ISIS.

  • Aqua Launches Container Security Platform

    Looking beyond just application vulnerability scanning, Aqua also provides a degree of runtime protections. Aqua uses a layered security approach to keep containers safe, according to Jerbi. The layered approach starts with running the container application images in learning mode, usually during functional testing. In the learning mode, Aqua examines a container's behavior in the application context and uses that to set granular runtime parameters, based on which files, executables and network connections a container is using.

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

Mint 18 Released, No GUI Please, Atomic Host 7.2.5

Today in Linux news, the Red Hat announcements kept on coming including the release of Red Hat Atomic Host 7.2.5. Elsewhere, Mint 18 in Cinnamon and MATE flavors was announced by Clement Lefebvre as promised. Bryan Lunduke just finished up 10 days using only a Linux terminal saying it "was too painful" and Eric Grevstad said using Linux and LibreOffice will change your life. Read more

July 2016 issue of The PCLinuxOS Magazine released

The PCLinuxOS Magazine staff is pleased to announce the release of the July 2016 issue. With the exception of a brief period in 2009, The PCLinuxOS Magazine has been published on a monthly basis since September, 2006. The PCLinuxOS Magazine is a product of the PCLinuxOS community, published by volunteers from the community. The magazine is lead by Paul Arnote, Chief Editor, and Assistant Editor Meemaw. The PCLinuxOS Magazine is released under the Creative Commons Attribution- NonCommercial-Share-Alike 3.0 Unported license, and some rights are reserved. In the July 2016 issue: * Seven Years Later: A Look Back * Installing A Seeburg 1000 On PCLinuxOS * ms_meme's Nook: Anytime * PCLinuxOS Family Member Spotlight: tuxlink * GIMP Tutorial: Engraved Text * Game Zone: Funklift * PCLinuxOS Recipe Corner * Tip Top Tips: A Simple HTTP Server * PCLinuxOS Puzzled Partitions * And much more inside! This month’s magazine cover image was designed by Meemaw. Download the PDF (8.3 MB) http://pclosmag.com/download.php?f=2016-07.pdf Download the EPUB Version (6.6 MB) http://pclosmag.com/download.php?f=201607epub.epub Download the MOBI Version (7.6 MB) http://pclosmag.com/download.php?f=201607mobi.mobi Visit the HTML Version http://pclosmag.com/html/enter.html

4MLinux 18.0 Distro Released with Support for LibreOffice 5.2, Thunderbird 45.1

4MLinux developer Zbigniew Konojacki has just informed Softpedia today, July 1, 2016, about the immediate availability for download of the final release of the 4MLinux 18.0 operating system. Read more

GNU/Linux Leftovers

  • Not Love
    I had seen GNU/Linux once before in my life. At a previous school, the husband of one of the teachers installed it on a PC in my presence. He couldn’t get it working…. Still, I read that GNU/Linux did not crash. I needed that. I was willing to make the effort to download and install GNU/Linux if I could have only that. Our Internet connection was a few KB/s on dial-up… I spent two weekends and five evenings downloading an .iso CD-image with FileZilla or something on a Mac in the lab. I had never burned a CD before but tried once copying the file to the CD. That wouldn’t boot. I discovered CD imaging… So, on the second try, I had a CD that would boot on the machines. I first did one machine and it wouldn’t start X. Having never seen X before, this was a problem but it turned out all I needed was the scanning frequencies for the CRT in a configuration file. Google helped me find those for each of my five different kinds of monitors. Suddenly, the PCs were useful with GNU/Linux.
  • Linux Under the Hood: Silence of the RAM
    Now that I see the events of the last week chronicled clearly in front of my very eyes, maybe the disparaging old junk man was right after all. I’m shameless enough to admit my own idiocy as long as it leads to learning from my mistakes. Maybe Linux isn’t rocket science, but installing RAM was sure beginning to feel like it.
  • Check out our new issue plus win an ebook bundle!
  • 30 days in a terminal: Day 10 — The experiment is over
    When I set out to spend 30 days living entirely in a Linux terminal, I knew there was a distinct possibility I would fail utterly. I mean, 30 days? No GUI software? No Xorg? Just describing it sounds like torture. And torture it was. Mostly. Some moments, though, were pretty damned amazing. Not amazing enough to help me reach my 30-day goal, mind you. I fell short—only making it to day 10.
  • Bad Voltage Episode 70 Has Been Released: Delicious Amorphous Tech Bubble
  • Tokyo: Automotive Linux Summit
    Engineers will gather in Tokyo July 13-14 for the annual Automotive Linux Summit, a conference where auto-industry stakeholders discuss the adoption of an open-source Linux-based platform for in-vehicle infotainment. The two-day summit brings together automotive systems engineers, Linux experts, developers and other players.
  • Oxenfree, an adventure game with supernatural elements, available on Linux
    This well-received indie title has been ported over to Linux. Combining plenty of elements of 80s teen movies and packaging them in a polished adventure, Oxenfree may be worth checking out if you’re a fan of adventure games.
  • Space station management game, The Spatials: Galactology, is confirmed to be coming for Linux
    This is an expanded and reimagined version of the management sim, The Spatials. It’s yet to be released but the developers have confirmed that a Linux version is in the works.
  • Red Hat Storage VP sees different uses for Ceph, Gluster
    Red Hat Storage showed off updates to its Ceph and Gluster software and laid out its strategy for working with containers at this week’s Red Hat Summit in San Francisco.