Language Selection

English French German Italian Portuguese Spanish

Security

TheSSS 19.0 Linux Server Out with Kernel 4.4.14, Apache 2.4.23 & MariaDB 10.1.16

Filed under
GNU
Linux
Security

TheSSS (The Smallest Server Suite) is one of the lightest Linux kernel-based operating systems designed to be used as an all-around server for home users, as well as small- and medium-sized businesses looking for a quick and painless way of distributing files across networks or to simply test some web-based software.

Read more

Leftovers: Security

Filed under
Security

Security Leftovers

Filed under
Security
  • FBI detects breaches against two state voter systems

    The Federal Bureau of Investigation has found breaches in Illinois and Arizona's voter registration databases and is urging states to increase computer security ahead of the Nov. 8 presidential election, according to a U.S. official familiar with the probe.

    The official, speaking on condition of anonymity, said on Monday that investigators were also seeking evidence of whether other states may have been targeted.

    The FBI warning in an Aug. 18 flash alert from the agency's Cyber Division did not identify the intruders or the two states targeted.

    Reuters obtained a copy of the document after Yahoo News first reported the story Monday.

  • Russians Hacked Two U.S. Voter Databases, Say Officials [Ed: blaming without evidence again]

    Two other officials said that U.S. intelligence agencies have not yet concluded that the Russian government is trying to do that, but they are worried about it.

  • FBI Says Foreign Hackers Got Into Election Computers

    We've written probably hundreds of stories on just what a dumb idea electronic voting systems are, highlighting how poorly implemented they are, and how easily hacked. And, yet, despite lots of security experts sounding the alarm over and over again, you still get election officials ridiculously declaring that their own systems are somehow hack proof.

    And now, along comes the FBI to alert people that it's discovered at least two state election computer systems have been hacked already, and both by foreign entities.

  • Researchers Reveal SDN Security Vulnerability, Propose Solution

    Three Italian researchers have published a paper highlighting a security vulnerability in software-defined networking (SDN) that isn't intrinsic to legacy networks. It's not a showstopper, though, and they propose a solution to protect against it.

    "It" is a new attack they call Know Your Enemy (KYE), through which the bad guys could potentially collect information about a network, such as security tool configuration data that could, for example, reveal attack detection thresholds for network security scanning tools. Or the collected information could be more general in nature, such as quality-of-service or network virtualization policies.

  • NV Gains Momentum for a Secure DMZ

    When it comes to making the shift to network virtualization (NV) and software-defined networking (SDN), one of the approaches gaining momentum is using virtualization technology to build a secure demilitarized zone (DMZ) in the data center.

    Historically, there have been two major drawbacks to deploying firewalls as a secure mechanism inside a data center. The first is the impact a physical hardware appliance has on application performance once another network hop gets introduced. The second is the complexity associated with managing the firewall rules.

    NV technologies make it possible to employ virtual firewalls that can be attached to specific applications and segregate them based on risk. This is the concept of building a secure DMZ in the data center. The end result is that the virtual firewall is not only capable of examining every packet associated with a specific application, but keeping track of what specific firewall rules are associated with a particular application becomes much simpler.

Parsix GNU/Linux 8.10 "Erik" Users Receive the Latest Debian Security Updates

Filed under
GNU
Linux
Security

Today, August 29, 2016, the maintainers of the Parsix GNU/Linux distribution announced the availability of multiple security updates, along with a new kernel version for the Parsix GNU/Linux 8.10 "Erik" release.

Read more

Ubuntu 14.04 LTS and 12.04 LTS Users Get New Kernel Updates with Security Fixes

Filed under
Security
Ubuntu

Immediately after informing us about the availability of a new kernel update for the Ubuntu 16.04 LTS (Xenial Xerus) operating system, Canonical published more security advisories about updated kernel versions for Ubuntu 14.04 LTS and Ubuntu 12.04 LTS.

Read more

5 Best Linux Distros for Security

Filed under
Linux
Security

Security is nothing new to Linux distributions. Linux distros have always emphasized security and related matters like firewalls, penetration testing, anonymity, and privacy. So it is hardly surprising that security conscious distributions are common place. For instance, Distrowatch lists sixteen distros that specialize in firewalls, and four for privacy.

Most of these specialty security distributions, however, share the same drawback: they are tools for experts, not average users. Only recently have security distributions tried to make security features generally accessible for desktop users.

Read more

Security News

Filed under
Security
  • New FairWare Ransomware targeting Linux Computers [Ed: probably just a side effect of keeping servers unpatched]

    A new attack called FaireWare Ransomware is targeting Linux users where the attackers hack a Linux server, delete the web folder, and then demand a ransom payment of two bitcoins to get their files back. In this attack, the attackers most likely do not encrypt the files, and if they do retain the files, probably just upload it to a server under their control.

  • How do we explain email to an "expert"?

    This has been a pretty wild week, more wild than usual I think we can all agree. The topic I found the most interesting wasn't about one of the countless 0day flaws, it was a story from Slate titled: In Praise of the Private Email Server

    The TL;DR says running your own email server is a great idea. Almost everyone came out proclaiming it a terrible idea. I agree it's a terrible idea, but this also got me thinking. How do you explain this to someone who doesn't really understand what's going on?

    There are three primary groups of people.

    1) People who know they know nothing
    2) People who think they're experts
    3) People who are actually experts

  • Why the term “zero day” needs to be in your brand’s cybersecurity vocabulary

    Linux is “open source” which means anyone can look at the code and point out flaws. In that sense, I’d say Linus Torvalds doesn’t have to be as omniscient as Tim Cook. Linux source code isn’t hidden behind closed doors. My understanding is, all the Linux code is out there for anyone to see, naked for anyone to scrutinize, which is why certain countries feel safer using it–there’s no hidden agenda or secret “back door” lurking in the shadows. Does that mean Android phones are safer? That’s up for debate.

Security News

Filed under
Security

  • Hacking the American College Application Process

    In recent years, foreign students have streamed into American universities, their numbers nearly doubling in the last decade. About half of all international students are coming from Asian countries, many of which have been subject to heavy recruitment from American colleges.

    Taking advantage of the popularity of an American education, a new industry has sprung up in East Asia, focused on guiding students through the U.S. college application process with SAT preparation courses, English tutors and college essay advisors.

    But not all college prep companies are playing by the rules. In their investigative series for Reuters, a team of reporters found that foreign companies are increasingly helping students game the U.S. college application process. Some companies have leaked questions from college entrance exams to their students before they take the test. Others have gone so far as to ghostwrite entire college applications and complete coursework for students when they arrive on campus. We spoke with Steve Stecklow, one of the reporters on the team, about what they uncovered.

  • illusive networks' Deceptions Everywhere

    illusive networks' bread and butter is its deception cybersecurity technology called Deceptions Everywhere whose approach is to neutralize targeted attacks and Advanced Persistent Threats by creating a deceptive layer across the entire network. By providing an endless source of false information, illusive networks disrupts and detects attacks with real-time forensics and without disruption to business.

  • Mozila Offers Free Security Scanning Service: Observatory

    With an eye toward helpiing administrators protect their websites and user communities, Mozilla has developed an online scanner that can check if web servers have optimal security settings in place.

    It's called Observatory and was initially built for in-house use, but it may very well be a difference maker for you.

    "Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely," the company reports.

Opera Data Breach, Security of Personal Data

Filed under
Security
  • Opera User? Your Stored Passwords May Have Been Stolen

    Barely a week passes without another well-known web company suffering a data breach or hack of some kind. This week it is Opera’s turn. Opera Software, the company behind the web-browser and recently sold to a Chinese consortium for $600 million, reported a ‘server breach incident’ on its blog this weekend.

  • When it comes to protecting personal data, security gurus make their own rules

    Marcin Kleczynski, CEO of a company devoted to protecting people from hackers, has safeguarded his Twitter account with a 14-character password and by turning on two-factor authentication, an extra precaution in case that password is cracked.

    But Cooper Quintin, a security researcher and chief technologist at the Electronic Frontier Foundation, doesn’t bother running an anti-virus program on his computer.

    And Bruce Schneier? The prominent cryptography expert and chief technology officer of IBM-owned security company Resilient Systems, won’t even risk talking about what he does to secure his devices and data.

Security News

Filed under
Security
  • OpenSSL 1.1.0 Series Release Notes
  • Linux.PNScan Malware Brute-Forces Linux-Based Routers
  • St. Jude stock shorted on heart device hacking fears; shares drop

    The stock of pacemaker manufacturer St. Jude Medical Inc (STJ.N) fell sharply on Thursday after short-selling firm Muddy Waters said it had placed a bet that the shares would fall, claiming its implanted heart devices were vulnerable to cyber attacks.

    St. Jude, which agreed in April to sell itself for $25 billion to Abbott Laboratories (ABT.N), said the allegations were false. St Jude shares closed down 4.96 percent, the biggest one-day fall in 7 months and at a 7.4 percent discount to Abbott's takeover offer.

    Muddy Waters head Carson Block said the firm's position was motivated by research from a cyber security firm, MedSec Holdings Inc, which has a financial arrangement with Muddy Waters. MedSec asserted that St. Jude's heart devices were vulnerable to cyber attack and were a risk to patients.

  • BlackArch Linux ISO now comes with over 1,500 hacking tools

    On a move to counter distros like Kali Linux and BackBox, BlackArch has got a new ISO image that includes more than 1,500 hacking tools. The update also brings several security and software tweaks to deliver an enhanced platform for various penetration testing and security assessment activities.

    The new BlackArch Linux ISO includes an all new Linux installer and more than 100 new penetration testing and hacking tools. There is also Linux 4.7.1 to fix the bugs and compatibility issues of the previous kernel. Additionally, the BlackArch team has updated all its in-house tools and system packages as well as updated menu entries for the Openbox, Fluxbox and Awesome windows managers.

Syndicate content

More in Tux Machines

Linux/FOSS Events

  • The Linux Foundation Announces Session Lineup for ApacheCon(TM) Europe
  • OpenShift Commons Gathering event preview
    We're just two months out from the OpenShift Commons Gathering coming up on November 7, 2016 in Seattle, Washington, co-located with KubeCon and CloudNativeCon. OpenShift Origin is a distribution of Kubernetes optimized for continuous application development and multi-tenant deployment. Origin adds developer and operations-centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and large teams. And we're excited to say, the 1.3 GA release of OpenShift Origin, which includes Kubernetes 1.3, is out the door! Hear more about the release from Lead Architect for OpenShift Origin, Clayton Coleman.

Security News

  • Report: Linux security must be upgraded to protect future tech
    The summit was used to expose a number of flaws in Linux's design that make it increasingly unsuitable to power modern devices. Linux is the operating system that runs most of the modern world. It is behind everything from web servers and supercomputers to mobile phones. Increasingly, it's also being used to run connected Internet of Things (IoT) devices, including products like cars and intelligent robots.
  • security things in Linux v4.6
    Hector Marco-Gisbert removed a long-standing limitation to mmap ASLR on 32-bit x86, where setting an unlimited stack (e.g. “ulimit -s unlimited“) would turn off mmap ASLR (which provided a way to bypass ASLR when executing setuid processes). Given that ASLR entropy can now be controlled directly (see the v4.5 post), and that the cases where this created an actual problem are very rare, means that if a system sees collisions between unlimited stack and mmap ASLR, they can just adjust the 32-bit ASLR entropy instead.

Raspberry Pi PIXEL and More Improvements

Trainline creates open source platform to help developers deploy apps and environments in AWS