Language Selection

English French German Italian Portuguese Spanish

Security

Security News

Filed under
Security

Security Leftovers

Filed under
Security
  • Wednesday's security advisories
  • Smartphones with fingerprint scanners under screen to hit market this year

    The majority of fingerprint scanners can be found either on the back of a smartphone or on the front, embedded in the home button. But it looks like that status quo is soon about to change. According to a report from The Investor, CrucialTec, a manufacturer of fingerprint modules based in South Korea, will launch its on-screen fingerprint scanning solution that allows you to unlock your device by placing a finger on the screen sometime this year.

    This means that we can expect to see the first smartphones featuring the new fingerprint technology hit the market in 2017. Unfortunately, CrucialTec did not reveal an exact time frame or the smartphone manufacturers it is currently working with.

  • Kaspersky launches 'secure operating system' -- with no trace of Linux in it [Ed: You must be pretty desperate for headlines and attention when your marketing pitch is, "we're not Linux!"]
  • Windows Botnet Spreading Mirai Variant

    A Chinese-speaking attacker is spreading a Mirai variant from a repurposed Windows-based botnet.

    Researchers at Kaspersky Lab published a report today, and said the code was written by an experienced developer who also built in the capability to spread the IoT malware to Linux machines under certain conditions.

  • Five New Linux Kernel Vulnerabilities Were Fixed in Ubuntu 16.10, 14.04 & 12.04

    We reported earlier that Canonical published multiple security advisories to inform Ubuntu users about the availability of new kernel updates that patch several flaws discovered recently by various developers.

    We've already told you about the issues that are affecting Ubuntu 16.04 LTS and Ubuntu 16.04.1 LTS (Xenial Xerus) users, so check that article to see how you can update your systems is you're still using the Linux 4.4 LTS kernel. But if you managed to upgrade to Ubuntu 16.04.2 LTS, which uses Ubuntu 16.10 (Yakkety Yak)'s Linux 4.8 kernel, then you need to read the following.

  • Another Linux Kernel Vulnerability Leading To Local Root From Unprivileged Processes

Canonical Releases New Kernel Update for Ubuntu 16.04 to Fix 7 Vulnerabilities

Filed under
Security
Ubuntu

Canonical published today, February 22, 2017, multiple security advisories to inform Ubuntu users about the availability of new kernel updates for their Linux-based operating systems.

Read more

Security Leftovers

Filed under
Security
  • Java and Python FTP attacks can punch holes through firewalls

    The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.

    On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.

  • Microsoft: no plans to patch known bugs before March [Ed: Microsoft is keeping open 'back doors' that are publicly known about, not just secret ones]

    Microsoft has no plans to issue updates for two vulnerabilities, one a zero-day and the other being one publicised by Google, before the scheduled date for its next round of updates rolls around in March.

    The company did not issue any updates in February, even though it had been scheduled to switch to a new system from this month onwards.

    It gave no reason for this, apart from saying: "This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.

    "After considering all options, we made the decision to delay this month’s updates. We apologise for any inconvenience caused by this change to the existing plan."

    The Google-disclosed bug was made public last week, and is said to be a flaw in the Windows graphic device interface library that can be exploited both locally and remotely to read the contents of a user's memory.

  • Microsoft issues critical security patches, but leaves zero-day flaws at risk

    Microsoft has patched "critical" security vulnerabilities in its browsers, but has left at least two zero-day flaws with public exploit code.

    The software giant released numerous patches late on Tuesday to fix flaws in Adobe Flash for customers using Internet Explorer on Windows 8.1 and later, as well as Edge for Windows 10.

What’s the best Linux firewall distro of 2017?

Filed under
GNU
Linux
Security

You don’t have to manage a large corporate network to use a dedicated firewall. While your Linux distro will have an impressive firewall – and an equally impressive arsenal of tools to manage it – the advantages don’t extend to the other devices on your network. A typical network has more devices connected to the internet than the total number of computers and laptops in your SOHO. With the onslaught of IoT, it won’t be long before your router doles out IP addresses to your washing machine and microwave as well.

The one thing you wouldn’t want in this Jetsonian future is having to rely on your router’s limited firewall capabilities to shield your house – and everyone in it – from the malicious bits and bytes floating about on the internet.

A dedicated firewall stands between the internet and internal network, sanitising the traffic flowing into the latter. Setting one up is an involved process both in terms of assembling the hardware and configuring the software. However, there are quite a few distros that help you set up a dedicated firewall with ease, and we’re going to look at the ones that have the best protective open source software and roll them into a convenient and easy to use package.

Read more

More Security News

Filed under
Security

Security News

Filed under
Security
  • Security updates for Tuesday
  • Kaspersky: No whiff of Linux in our OS because we need new start to secure IoT [Ed: Kaspersky repeats the same anti-Linux rhetoric he used years ago to market itself, anti-Linux Liam Tung recycles]

    Eugene Kaspersky, CEO of Kaspersky Lab, says its new KasperskyOS for securing industrial IoT devices does not contain "even the slightest smell of Linux", differentiating it from many other IoT products that have the open-source OS at the core.

  • Reproducible Builds: week 95 in Stretch cycle
  • EU privacy watchdogs say Windows 10 settings still raise concerns

    European Union data protection watchdogs said on Monday they were still concerned about the privacy settings of Microsoft's Windows 10 operating system despite the U.S. company announcing changes to the installation process.

    The watchdogs, a group made up of the EU's 28 authorities responsible for enforcing data protection law, wrote to Microsoft last year expressing concerns about the default installation settings of Windows 10 and users' apparent lack of control over the company's processing of their data.

    The group - referred to as the Article 29 Working Party -asked for more explanation of Microsoft's processing of personal data for various purposes, including advertising.

KDE Plasma 5.8.6 Released for LTS Users with over 80 Improvements, Bug Fixes

Filed under
KDE
Security

Today, February 21, 2017, KDE announced the availability of the sixth maintenance update to the long-term supported KDE Plasma 5.8 desktop environment for Linux-based operating systems.

Read more

pfSense 2.3.3 RELEASE Now Available!

Filed under
Security
BSD

We are happy to announce the release of pfSense® software version 2.3.3!

This is a maintenance release in the 2.3.x series, bringing numerous stability and bug fixes, fixes for a handful of security issues in the GUI, and a handful of new features. The full list of changes is on the 2.3.3 New Features and Changes page, including a list of FreeBSD and internal security advisories addressed by this release.

This release includes fixes for 101 bugs, 14 Features, and 3 Todo items.

If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.

Read more

Also: NetBSD Accomplishes Reproducible Builds

Syndicate content

More in Tux Machines

Leftovers: Software

  • [Video] Linux Audio Programs Compared 2017
    I made this video for those that are new to, or just interested in making music on the Linux OS. I go over the features, goods and bads of Rosegarden, LMMS, Ardour, Mixbus, and EnergyXT, as well as touch on Qtractor. I don't don't go much into details of the particular versions I am using, but the video was made in the early part of 2017 and I'm running Ubuntu 16.04LTS.
  • Green Recorder: A Simple Desktop/Screen Recorder for Linux
    Green Recorder is a simple, open source desktop recorder developed for Linux systems built using Python, GTK and FFmpeg. It supports most of the Linux desktop environments such as Unity, Gnome, Cinnamon, Mate, Xfce and so on. Recently it has been updated to work with Wayland too in Gnome session.
  • Komorebi: A New Way To Enhance Your Desktop Using Animated/Parallax Wallpapers
    In past there were applications that allowed us to run videos/Gif as wallpaper on the desktop and make desktop look much cooler but than all of sudden the development of such Apps stopped and I can't name any App that exist for this purpose. Komorebi is fairly new application designed to make your desktop experience much better and make desktop cool as well, we can say it is kind of 'live wallpaper' situation here or 3D wallpaper. It is developed by Abe Masri and available under GPL license for free.
  • Stacer Sytem Optimizer: A Must Have Application For Ubuntu/Linux Mint
    There are multiple ways to optimize your Linux, the most geeky way is using Terminal, there are also applications available that performs such actions like Bleachbit, Ubuntu cleaner and so on. Stacer is simple, open-source, quick and new application designed to offer you all-in-one optimizer for your Ubuntu/Linux Mint (It's alternative to CCleaner but only for Linux).
  • Qtox: Open Source and Fully Secure Skype Replacement for Linux
    Long years ago, we've talked about a Skype alternative called Tox which was still in its early developmental stages. Tox was supposed to become the anti-thesis of Skype by being a fully open-source video and voice chat client that placed user privacy and security at its center. Well, guess what, there are now fully active and well-maintained chat clients that are built on top of Tox protocol. qTox is one of them.
  • Rclone 1.36 Released With SFTP And Local Symlinks Support, More
    Rclone 1.36 was released recently, bringing support for SFTP, local symbolic links support, mount improvements, along with many other new features and bug fixes. For those not familiar with Rclone, this is a cross-platform command line tool for synchronizing files and folders to multiple cloud storages, which supports Dropbox, Google Drive, Amazon S3, Amazon Drive, Microsoft One Drive, Yandex Disk, and more. It can be used to sync files either from your machine or from one cloud storage to another.
  • Streamlink Twitch GUI 1.2.0 Adds Support For Communities And Team Pages, Basic Hotkeys
    Streamlink Twitch GUI (previously Livestreamer Twitch GUI) is a multi-platform Twitch.tv browser. The application is powered by Node.js, Chromium and Streamlink, though it can still use Livestreamer (which is no longer maintained) too.
  • Code Editor `Brackets` 1.9 Released, Available In PPA
    Brackets is a free, open source code editor focused on front-end web development (HTML, CSS and JavaScript).
  • Terminix Terminal Emulator Renamed To Tilix, Sees New Bugfix Release
    [Quick update] Terminix, a GTK3 tiling terminal emulator, has been renamed to Tilix due to some trademark issues.

today's howtos

Games and CodeWeavers/Wine

  • A Snapshot of Linux Gamers, Just One Year Ago
    It’s about time we share the analysis of that Q1 2016 survey (fielding occured in March last year), especially as we are about to launch the Q1 2017 one pretty, pretty soon. That way we will be able to compare how things have changed over the course of 12 months. As usual, the whole disclaimer about online surveys is valid here (data is only as good as your n size, the appropriateness of your sampling, and the quality of the responses, etc…), but assuming it’s not all that bad and all that unreliable, let’s dig in the results. As a reminder, most of the respondents for this survey were recruited through the r/linux and r/linux_gaming subreddits, as well as the readership of BoilingSteam. This is not our first survey, and you can see our previous ones done in the second quarter of 2015, and the following one in the last quarter of 2015.
  • Slime-san Coming To PC, Mac and Linux
    Headup Games and Fabraz proudly announce their upcoming action-platformer Slime-san for PC, Mac and Linux via Steam & Humble Bundle. Console releases will follow soon after. Jump and slime your way through 100 levels in a unique 5-colored, pixelated world and escape from a giant worm’s innards. Get your shopping done in Slumptown, a town full of survivors within the worm. Unlock different play styles, outfits, shaders and even multiplayer mini-games! Slime-san is developed by Fabraz, an independent development studio that also released the critically-acclaimed games Cannon Crasha and Planet Diver. Slime-san was minding his own business, sliming around in a peaceful forest when suddenly…A giant worm appeared and gobbled him up! Now deep within the worm’s belly, Slime-san has to face a decision: Be digested by the incoming wall of stomach acid... Or jump, slide and slime his way through the worm's intestines and back out its mouth!
  • CodeWeavers Announces CrossOver 16.2.0
  • The Wine Revolution is ON!
    As you know Codeweavers (and other WINE contributors) have been working on DX11 support for a while – they were supposed to have DX11 support by the end of 2016, but as with all complex projects, timelines tend to slip and only very DX11 titles could run a few months ago. Since then, there was no major announcement, but it seems that the progress has been very significant in the recent WINE versions (2.3 is already out).

Leftovers: KDE