Language Selection

English French German Italian Portuguese Spanish

Security

Tor 0.2.8.6

Filed under
Software
OSS
Security
Debian
  • Tor 0.2.8.6 is released

    Hi, all! After months of work, a new Tor release series is finally stable.

  • Tor browser a bit too unique?

    Ok, this is scary: tor browser on https://browserprint.info/test -- "Your browser fingerprint appears to be unique among the 8,440 tested so far. Currently, we estimate that your browser has a fingerprint that conveys 13.04 bits of identifying information."

  • Debian Project Enhances the Anonymity and Security of Debian Linux Users via Tor

    The Debian Project, through Peter Palfrader, announced recently that its services and repositories for the Debian GNU/Linux operating system would be accessible through the Tor network.

    To further enhance the anonymity and security of users when either accessing any of the Debian online services, such as the Debian website or Wiki, as well as when using the Debian GNU/Linux operating system, the Debian Project partnership with the Tor Project to enable Tor onion services for many of their services.

Gentoo-Based Pentoo 2015.0 Linux Distro for Ethical Hackers Gets New RC Release

Filed under
Gentoo
Security

The Pentoo Linux development team proudly announces today, August 2, 2016, the availability for download of the fifth Release Candidate (RC) build towards the Pentoo 2015.0 GNU/Linux operating system.

We don't write so often about the Pentoo GNU/Linux operating system because new releases are being made available to the public online when a new DEF CON event (the world's largest annual hacker convention) is taking place. So yes, it's now a tradition to see a new Pentoo release around a DEF CON conference.

Read more

Security Leftovers

Filed under
Security

Kaspersky Selling His Snake Oil

Filed under
GNU
Linux
Security

Security News

Filed under
Security
  • Securing Embedded Linux

    Until fairly recently, Linux developers have been spared many of the security threats that have bedeviled the Windows world. Yet, when moving from desktops and servers to the embedded Internet of Things, a much higher threat level awaits.

    “The basic rules for Linux security are the same whether it’s desktop, server, or embedded, but because IoT devices are typically on all the time, they pose some unique challenges,” said Mike Anderson, CTO and Chief Scientist for The PTR Group, Inc. during an Embedded Linux Conference talk called “Securing Embedded Linux.”

  • Security updates for Monday
  • Packt security bundle winner announced!
  • Everyone has been hacked

    Unless you live in a cave (if you do, I'm pretty jealous) you've heard about all the political hacking going on. I don't like to take sides, so let's put aside who is right or wrong and use it as a lesson in thinking about how we have to operate in what is the new world.

    In the past, there were ways to communicate that one could be relatively certain was secure and/or private. Long ago you didn't write everything down. There was a lot of verbal communication. When things were written down there was generally only one copy. Making copies of things was hard. Recording communications was hard. Even viewing or hearing many of these conversations if you weren't supposed to was hard. None of this is true anymore, it hasn't been true for a long time, yet we still act like what we do is just fine.

  • Android Security Bulletin—July 2016
  • The July 2016 Android security bulletin
  • How To Use Google For Hacking?
  • Securing Embedded Linux by Michael E. Anderson
  • Botnet DDoS attacks in Q2: Linux Botnets on the rise, length of attacks increase

    Kaspersky Lab has released its report on botnet-assisted DDoS attacks for the second quarter of 2016 based on data provided by Kaspersky DDoS Intelligence*. The number of attacks on resources located on Chinese servers grew considerably, while Brazil, Italy and Israel all appeared among the leading countries hosting C&C servers.

  • Cisco Cybersecurity Report Warns of Serious Ransomware Dangers

SubgraphOS: Security Becomes Accessible

Filed under
Software
Security

Increased security often comes at a price in Linux distributions. Tails, for example, allows anonymous browsing at the cost of running from a flash drive. Similarly, Qubes OS provides comprehensive security but with an enormous increase in memory requirements. By contrast, Subgraph OS (SGOS) increase security by installing existing security features that other distributions leave out, adding graphical access to them at a cost no higher than some extra configuration after installation.

The maker of SGOS is Subgraph, an open source security company based in Montreal, Canada. Subgraph is also the developer of Vega, a web application security testing tool, and Orchid, a Java Tor client. SGOS itself is a Debian-derivative running a GNOME desktop environment, and currently in a usable if somewhat rough alpha release.

SGOS uses the standard Debian installer, with options for a Live Disk, and a standard or advanced installation. The standard install differs from Debian’s chiefly in the fact that disk encryption is mandatory and that partitions are over-written with random data before set up before installation — a process that can be skipped, but at the cost of some unspecified loss os security. Somewhat surprisingly, it enforces strong passwords or passphrases only by the number of characters, although whether that is due a conviction that passwords are weak security, or of less concern with disk encryption is uncertain. Or possibly SGOS will enforce passwords that include characters and a variety of cases in later releases.

Read more

Security News

Filed under
Security
  • Endian Firewall Community 3.2.1 Adds Extended 3G Modem Support, Linux Kernel 4.1

    Today, July 31, 2016, the Endian Team proudly announced that the Endian Firewall Community 3.2 GNU/Linux distribution is out of Beta and ready to be deployed in stable, production environments.

    Endian Firewall Community 3.2.1 is now the latest stable and most advanced version of the CentOS-based GNU/Linux operating system that has been designed to be used in routers and network firewall devices. And it looks like it's also a pretty major update that introduces lots of enhancements, many new features, as well as the usual under-the-hood improvements.

  • HTTPS Bypassed On Windows, Mac, And Linux

    HTTPS encryption assured users that the addresses of the websites they visit could not be monitored or viewed by data snoopers and other such malicious users. However, a new hack has broken this encryption. This hack can be carried out on any network, most notably in Wi-Fi hotspots, where this encryption is most required.

  • Intel's Crosswalk open source dev library has serious SSL bug

    Developers using Intel's Crosswalk SSL library: it's time to patch and push out an upgrade.

    Crosswalk is a cross-platform library that supports deployment to Android, iOS and Windows Phone, but the bug is Android-specific.

    The library has a bug in how it handles SSL errors, and as a result, end users on Android could be tricked into accepting MITM certificates.

    As consultancy Nightwatch Cyber Security explains, if a user accepts one invalid or self-signed SSL certificate, Crosswalk remembers that choice and applies it to all future certificates.

Security Leftovers

Filed under
Security
  • Xen patches critical guest privilege escalation bug

    A freshly uncovered bug in the Xen virtualisation hypervisor could potentially allow guests to escalate their privileges until they have full control of the hosts they're running on.

    The Xen hypervisor is used by cloud giants Amazon Web Services, IBM and Rackspace.

    Inadequate security checks of how virtual machines access memory means a malicous, paravirtualised guest administrator can raise their system privileges to that of the host on unpatched installations, Xen said.

  • Xen Vulnerability Allows Hackers To Escape Qubes OS VM And Own the Host
  • The Security of Our Election Systems [Too much of Microsoft]

    The FBI is investigating. WikiLeaks promises there is more data to come. The political nature of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation's computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November ­ that our election systems and our voting machines could be vulnerable to a similar attack.

  • Data program accessed in cyber-attack on Democrats, says Clinton campaign [iophk: "Windows still"]

    A data program used by the campaign of the Democratic presidential candidate, Hillary Clinton, was “accessed” as a part of hack on the Democratic National Committee (DNC) that intelligence officials believe was carried out by Russia’s intelligence services, Clinton’s campaign said on Friday.

  • A Famed Hacker Is Grading Thousands of Programs — and May Revolutionize Software in the Process

    “There are applications out there that really do demonstrate good [security] hygiene … and the vast majority are somewhere else on the continuum from moderate to atrocious,” Peiter Zatko says. “But the nice thing is that now you can actually see where the software package lives on that continuum.”

    Joshua Corman, founder of I Am the Cavalry, a group aimed at improving the security of software in critical devices like cars and medical devices, and head of the Cyber Statecraft Initiative for the Atlantic Council, says the public is in sore need of data that can help people assess the security of software products.

    “Markets do well when an informed buyer can make an informed risk decision, and right now there is incredibly scant transparency in the buyer’s realm,” he says.

Security News

Filed under
Security
Syndicate content

More in Tux Machines

Distro Development: Rescatux and Bodhi

  • Rescatux 0.40 beta 9 released
    Many code in the grub side and in the windows registry side has been rewritten so that these new features could be rewritten. As a consequence it will be easier to maintain Rescapp. Finally the chntpw based options which modify the Windows registry now perform a backup of the Windows registry files in the unlikely case you want to undo some of the changes that Rescapp performs. I guess that in the future there will be a feature to be able to restore such backups from Rescapp itself, but, let’s focus on releasing an stable release. It’s been a while since the last one. UEFI feedback is still welcome. Specially if the Debian installation disks work for you but not the Rescatux ones.
  • Bodhi 4.0.0 Updates and July Donation Totals
    Late last month I posted a first alpha look at Bodhi 4.0.0. Work since then has been coming along slowly due to a few unpredictable issues and my own work schedule outside of Bodhi being hectic over the summer. Bodhi 4.0.0 will be happening, but likely not with a stable release until September. I am traveling again this weekend, but am hoping to get out a full alpha release with 32bit and non-PAE discs next week.

Devices and Android

Leftovers: BSD/LLVM

Emma A LightWeight Database Management Tool For Linux

Today who does not interact with databases and if you're a programmer then the database management is your daily task. For database management, there is a very popular tool called, MySQL Workbench. It's a tool that ships with tonnes of functionalities. But not all of us as beginner programmers use all Workbench features. So here we also have a very lightweight database manager in Linux, Emma. Read
more