Language Selection

English French German Italian Portuguese Spanish

Security

Tails 1.2.3 is out

Filed under
GNU
Linux
Security
Debian

On January 3rd, the SSL certificate of our website hosting provider, boum.org, expired. This means that if you still are running Tails 1.2.1 or older, you will not get any update notification. Please help spreading the word!

Read more

Under the hood of I2P, the Tor alternative that reloaded Silk Road

Filed under
OSS
Security

Tor is apparently no longer a safe place to run a marketplace for illegal goods and services. With the alleged operator of the original Silk Road marketplace, Ross Ulbricht, now going to trial, the arrest of his alleged successor and a number of others in a joint US-European law enforcement operation, and the seizure of dozens of servers that hosted "hidden services" on the anonymizing network, the operators of the latest iteration of Silk Road have packed their tents and moved to a new territory: the previously low-profile I2P anonymizing network.

Read more

Update on Red Hat Enterprise Linux 6 and FIPS 140 validations

Filed under
Red Hat
Security

Red Hat achieved its latest successful FIPS 140 validation back in April 2013. Since then, a lot has happened. There have been well publicized attacks on cryptographic protocols, weaknesses in implementations, and changing government requirements. With all of these issues in play, we want to explain what we are doing about it.

Read more

Also: Mysteries of NUMA Memory Management Revealed

Here is How I Built my First RPM

Exiv2 Vulnerability Closed in Ubuntu 14.10

Filed under
Security
Ubuntu

Canonical has published details in a security notice about a Exiv2 vulnerability in Ubuntu 14.10 (Utopic Unicorn) that has been found and corrected. This not a major issue, but users should upgrade nonetheless.

Read more

Fedora 22 Might Disable Root Remote Logins By Default

Filed under
Red Hat
Security

Right now Fedora allows for SSH log-ins as root, which is the default behavior as currently shipped by sshd. However, for Fedora 22 there is a proposal that the packaged sshd will default the option of PermitRootLogin to no so that root log-ins wouldn't be permitted into Fedora SSH servers. This change is being proposed to try to avoid brute-force attacks against root passwords of Fedora servers.

Read more

Will Open Source Security Be on the Federal Agenda in 2015?

Filed under
OSS
Security

Open source code security has been in the spotlight since the Heartbleed bug infected the Canada Revenue Agency website last year. Found embedded in OpenSSL, one of the Web’s most common security systems, Heartbleed sent public-sector IT personnel scrambling to test their agencies’ websites to make sure they were clean and protected.

Read more

Heads up, dear leader: Security hole found in North Korea’s home-grown OS

Filed under
Linux
Security

North Korea is a technological island in many ways. Almost all of the country's "Internet" is run as a private network, with all connections to the greater global Internet through a collection of proxies. And the majority of the people of the Democratic People's Republic of Korea who have access to that network rely on the country's official operating system: a Linux variant called Red Star OS.

Red Star OS, first introduced in 2003, was originally derived from Red Hat Linux. In theory, it gave North Korea an improved level of security against outside attack—a Security Enhanced Linux operating system based on Red Hat that could enforce strict government access controls on the few who got to use it.

Read more

3 REASONS WHY OPEN SOURCE MEANS BETTER SECURITY

Filed under
OSS
Security

By leveraging open source software and establishing best practices to protect this data at an ongoing rate, these agencies can take a cue from the private sector and enjoy a sense of trust in the way they store and collaborate on private data.

Read more

4MRescueKit

Filed under
GNU
Linux
Security

4MRescueKit provides its users with software for antivirus protection, data backup, disk partitioning, and data recovery. It is distributed in the form of a multiboot CD, which includes four (extremely small) operating systems. Each of the systems tries to follow the UNIX philosophy (Small is beautiful. Make each program do one thing well).

Read more

Is SSH Insecure?

Filed under
OSS
Security

Fact is, we don’t yet know enough details about all possible attack surfaces against SSH available to the agencies and we badly need more information to know what infrastructure components remain save and reliable for our day to day work. However we do have an idea about the weak spots that should be avoided.

Read more

Syndicate content

More in Tux Machines

Five more operating systems for the Raspberry Pi 2

The Raspberry Pi 2 Model B launched earlier this year, offering a more powerful machine capable of running a wider variety of software. The new $35 Linux board has double the memory of first generation Pis, a quad-core 900MHz processor and the ARMv7 architecture used by many mid-range smartphones. In the months since the Pi 2 launched developers have ported an increasing number of operating systems to the board. Read more

Leftovers: KDE and GNOME

  • Announcing Board of Directors Elections 2015
  • Gnome shell Hello world
    Gnome Shell, besides providing the main user interface for GNOME 3, is a Javascript shell with bindings to many native interfaces that allow e.g. Window manipulation, graphics rendering and animations, compositing, etc. It also allows developers to write extensions changing Gnome Shell’s behavior.
  • Kate from KDE Applications 15.04 – KF 5.9
    That is the first time that I use a distro-shipped Kate that is based on KF5 (and no other Kate 4.x is installed any more as escape route).
  • Work begins on KDE Plasma 5.4
    It has only been a few days since Plasma 5.3 was released, now work has begun on the 5.4 release. Plasma 5.4 is scheduled for launch in August, in time for the next Kubuntu release.
  • Performance and Animation (and more): Join Krita’s 2015 Kickstarter Project
    Last year’s kickstarter was a big success and all the support resulted in the biggest, best Krita release ever, Krita 2.9, with a huge number of exciting features. In fact, this week we’ll be releasing Krita 2.9.4, the first version of Krita with the Photoshop-type layer styles feature included! (As well as speed-ups and dozens of bug fixes…)
  • A summer of animation
    This summer Krita is going all in for animation. Not only do we have a Google Summer of Code project focusing on it, but it will also be a major point in this year's Kickstarter campaign, alongside with major performance improvements.
  • collaborative editing for the win
    On the first day of the Kolab Summit we announced that Kolab is getting full extended MAPI support. That was in itself a pretty fantastic announcement, but it was accompanied by announcements of instant messaging, WebRTC and collaborative editing.

Announcing the Birth of Hurd

After a 25 year gestation, Hurd has finally been born. It was a difficult birth and it’s now being kept in an incubator under the care of Debian. For many years GNU’s always almost ready to be born operating system microkernel, Hurd, has been the butt of many jokes and Facebook memes, so it came as something of a surprise to read in Larry Cafiero’s Friday column that it’s now ready enough for Debian, which is offering a somewhat experimental and unstable release of Debian/GNU Hurd. An earlier attempt at a Hurd based distro, by Arch, seems to have died on the vine back in 2011, although a 2013 posting promises that development is still underway, with no news since. Read more