Language Selection

English French German Italian Portuguese Spanish

Security

Security News

Filed under
Security
  • OpenSSL 1.1.0 released
  • Security advisories for Friday
  • Openwall 3.1-20160824 is out

    New Openwall GNU/*/Linux ISO images and OpenVZ container templates are out.

  • Scorpene Leak Could Be Part Of 'Economic War,' Says French Maker: 10 Facts

    The leak, was first reported in The Australian newspaper. Ship maker DCNS has a nearly 38 billion dollar contract with Australia, but the leak has no mention of the 12 vessels being designed for Australia.

  • Homeland Security has 'open investigation' into Leslie Jones hacking

    The Department of Homeland Security is investigating the cyberattack against Ghostbusters actor Leslie Jones one day after her personal information and explicit images were leaked online.

    In a short statement on Thursday, a spokesperson for the US Immigration and Customs Enforcement agency said that the Homeland Security investigations unit in New York “has an open investigation into this matter”.

    “As a matter of agency policy and in order to protect the integrity of an ongoing investigation, we will not disclose any details,” the statement said.

    “As a matter of agency policy, we are unable to disclose any information related to an active investigation,” a spokeswoman said.

Security News

Filed under
Security
  • Thursday's security updates
  • Priorities in security
  • How Core Infrastructure Initiative Aims to Secure the Internet

    In the aftermath of the Heartbleed vulnerability's emergence in 2014, the Linux Foundation created the Core Infrastructure Initiative (CII)to help prevent that type of issue from recurring. Two years later, the Linux Foundation has tasked its newly minted CTO, Nicko van Someren, to help lead the effort and push it forward.

    CII has multiple efforts under way already to help improve open-source security. Those efforts include directly funding developers to work on security, a badging program that promotes security practices and an audit of code to help identify vulnerable code bases that might need help. In a video interview with eWEEKat the LinuxCon conference here, Van Someren detailed why he joined the Linux Foundation and what he hopes to achieve.

  • Certificate Authority Gave Out Certs For GitHub To Someone Who Just Had A GitHub Account

    For many years now, we've talked about the many different problems today's web security system has based on the model of security certificates issued by Certificate Authorities. All you need is a bad Certificate Authority be trusted and a lot of bad stuff can happen. And it appears we've got yet another example.

    A message on Mozilla's security policy mailing list notes that a free certificate authority named WoSign appeared to be doing some pretty bad stuff, including handing out certificates for a base domain if someone merely had control over a subdomain. This was discovered by accident, but then tested on GitHub... and it worked.

Red Hat Enterprise Linux 7.3 Beta Adds NVDIMM Support, Improves Security

Filed under
Red Hat
Security

Today, August 25, 2016, Red Hat announced that version 7.3 of its powerful Red Hat Enterprise Linux operating system is now in development, and a Beta build is available for download and testing.

Red Hat Enterprise Linux 7.3 Beta brings lots of improvements and innovations, support for new hardware devices, and improves the overall security of the Linux kernel-based operating system used by some of the biggest enterprises and organizations around the globe. Among some of the major new features implemented in the Red Hat Enterprise Linux 7.3 release, we can mention important networking improvements, and support for Non-Volatile Dual In-line Memory Modules (NVDIMMs).

Read more

Also: CentOS 6 Linux OS Receives Important Kernel Security Update from Red Hat

Release of Red Hat Virtualization 4 Offers New Functionality for Workloads

Security News

Filed under
Security
  • Jay Beale: Linux Security and Remembering Bastille Linux

    Security expert and co-creator of the Linux-hardening (and now Unix-hardening) project Bastille Linux. That’s Jay Beale. He’s been working with Linux, and specifically on security, since the late 1980s. The greatest threat to Linux these days? According to Beale, the thing you really need to watch out for is your Android phone, which your handset manufacturer and wireless carrier may or may not be good about updating with the latest security patches. Even worse? Applications you get outside of the controlled Google Play and Amazon environments, where who-knows-what malware may lurk.

    On your regular desktop or laptop Linux installation, Beale says the best security precaution you can take is encrypting your hard drive — which isn’t at all hard to do. He and I also talked a bit, toward the end, about how “the Linux community” was so tiny, once upon a time, that it wasn’t hard to know most of its major players. He also has some words of encouragement for those of you who are new to Linux and possibly a bit confused now and then. We were all new and confused once upon a time, and got less confused as we learned. Guess what? You can learn, too, and you never know where that knowledge can take you.

  • Automotive security: How safe is a next-generation car?

    The vehicles we drive are becoming increasingly connected through a variety of technologies. Features such as keyless entry and self-diagnostics are becoming commonplace. Unfortunately, they can also introduce IT security issues.

  • Let's Encrypt: Every Server on the Internet Should Have a Certificate

    The web is not secure. As of August 2016, only 45.5 percent of Firefox page loads are HTTPS, according to Josh Aas, co-founder and executive director of Internet Security Research Group. This number should be 100 percent, he said in his talk called “Let’s Encrypt: A Free, Automated, and Open Certificate Authority” at LinuxCon North America.

    Why is HTTPS so important? Because without security, users are not in control of their data and unencrypted traffic can be modified. The web is wonderfully complex and, Aas said, it’s a fool’s errand to try to protect this certain thing or that. Instead, we need to protect everything. That’s why, in the summer of 2012, Aas and his friend and co-worker Eric Rescorla decided to address the problem and began working on what would become the Let’s Encrypt project.

  • OpenSSL 1.1 Released With Many Changes

    OpenSSL 1.1.0 was released today as a major update to this free software cryptography and SSL/TLS toolkit.

    In addition to OpenSSL 1.1 rolling out a new build system and new security levels and support for pipelining and a new threading API, security additions to OpenSSL 1.1 include adding the AFALG engine, support for ChaChao20 in libcrypto/libssl, scrypto algorithm support, and support for X25519, among many other additions.

  • Is Windows ​10’s ‘Hidden Administrator Account’ a security risk? [Ed: Damage control from Microsoft Jack (Jack Schofield) because Microsoft Windows is vulnerable by design]

Security News

Filed under
Security
  • Wednesday's security updates
  • This Android botnet relies on Twitter for its commands
  • Android Security Flaw Exposes 1.4B Devices [Ed: Alternative headline is, "Android is very popular, it has billions of users. And yes, security ain’t perfect." When did the press ever publish a headline like, "Windows flaw leaves 2 billion PCs susceptible for remote takeover?" (happens a lot)]
  • Wildfire ransomware code cracked: Victims can now unlock encrypted files for free

    Victims of the Wildfire ransomware can get their encrypted files back without paying hackers for the privilege, after the No More Ransom initiative released a free decryption tool.

    No More Ransom runs a web portal that provides keys for unlocking files encrypted by various strains of ransomware, including Shade, Coinvault, Rannoh, Rakhn and, most recently, Wildfire.

    Aimed at helping ransomware victims retrieve their data, No More Ransom is a collaborative project between Europol, the Dutch National Police, Intel Security, and Kaspersky Lab.

    Wildfire victims are served with a ransom note demanding payment of 1.5 Bitcoins -- the cryptocurrency favored by cybercriminals -- in exchange for unlocking the encrypted files. However, cybersecurity researchers from McAfee Labs, part of Intel Security, point out that the hackers behind Wildfire are open to negotiation, often accepting 0.5 Bitcoins as a payment.

    Most victims of the ransomware are located in the Netherlands and Belgium, with the malicious software spread through phishing emails aimed at Dutch speakers. The email claims to be from a transport company and suggests that the target has missed a parcel delivery -- encouraging them to fill in a form to rearrange delivery for another date. It's this form which drops Wildfire ransomware onto the victim's system and locks it down.

Security Leftovers

Filed under
Security

Security News

Filed under
Security

Canonical Releases Massive Mir 0.24.0 Display Server Update for Ubuntu Linux OS

Filed under
Security
Ubuntu

Canonical has pushed a new massive update (version 0.24.0) of the Mir display server used to power the Unity 8 user interface of the next-generation Ubuntu Linux operating system.

Read more

Security Leftovers

Filed under
Security

Security News

Filed under
Security
Syndicate content

More in Tux Machines

Raspberry Pi PIXEL and More Improvements

Trainline creates open source platform to help developers deploy apps and environments in AWS

today's leftovers

  • Linux Unable To Boot Lenovo Yoga 900 & 900; Is Microsoft At Fault?
    The popular device developer Lenovo has verified the claims that Lenovo Yoga 900 and 900s unable to boot Linux OS but only Microsoft Windows 10. The new Lenovo convertible laptop, Lenovo Yoga 900 and 900s, would reject and decline any attempt to install Linux operating system, making users turn their heads to Microsoft as the suspect for this issue. [...] This issue about the OS started when an identity of BaronHK posted on Reddit about installing Linux on the latest Lenovo Yoga book in which BaronHK encountered being blocked by a locked solid state drive (SSD) which Linux cannot define itself, and come up to link the issue to Microsoft.
  • How Ubuntu 16.10 Beta 2 Performance Compares To Some Other Linux Distros
    The final Ubuntu 16.10 Beta for "Yakkety Yak" was released this week and we found its performance doesn't differ much from Ubuntu 16.04 LTS (with the exception of the newer graphics stack) while here are some results comparing it to other modern Linux distributions. Tested for this quick, one-page-article comparison were Ubuntu 16.04.1 LTS, Ubuntu 16.10 Beta 2, Clear Linux 10660, Fedora 24, openSUSE Tumbleweed 20160927, and the Arch-based Antergos 16.9-Rolling release.
  • Qt 3D WIP branches
  • New Qt 3D Functionality Is Being Worked On
    Sean Harmer of KDAB is organizing work around some upcoming "major Qt 3D features" for the open-source toolkit. It's not known if the next round of Qt 3D features will be ready for the Qt 5.9 tool-kit release, but KDAB is looking to have these new branches for feature work with continuous integration coverage.
  • Cross-compiling WebKit2GTK+ for ARM
    Of course, I know for a fact that many people use local recipes to cross-compile WebKit2GTK+ for ARM (or simply build in the target machine, which usually takes a looong time), but those are usually ad-hoc things and hard to reproduce environments locally (or at least hard for me) and, even worse, often bound to downstream projects, so I thought it would be nice to try to have something tested with upstream WebKit2GTK+ and publish it on trac.webkit.org,
  • Should we drop Vala?
    Is it Vala development a waste of time? Is Vala suitable for long term support libraries?
  • SUSECON 2016: Where Technology Reigns Supreme [Ed: “Article Sponsor: SUSE”]
  • openSUSE Tumbleweed – Review of the Weeks 2016/39
  • Free software activities in September 2016

Kernel Space/Linux

  • Linux Kernel 4.7.6 Is Out with MIPS and OCFS2 Improvements, Updated Drivers
    Today, September 30, 2016, renowned Linux kernel developer Greg Kroah-Hartman announced the release of the sixth maintenance update to the latest stable Linux 4.7 kernel series. Linux kernel 4.7.6 comes only five days after the release of the previous maintenance version, Linux kernel 4.7.5, and, according to the appended shortlog and the diff from the last update, it changes a total of 76 files, with 539 insertions and 455 deletions. In summary, it updates multiple drivers, adds improvements to various filesystems and hardware architectures, and improves the networking stack.
  • Linux Kernel 4.4.23 LTS Has ARM and MIPS Improvements, Updated Filesystems, More
    Immediately after announcing the release of Linux kernel 4.7.6, Greg Kroah-Hartman proudly informed the community about the general availability of the Linux 4.4.23 LTS kernel. The Linux 4.4 kernel is a long-term supported branch, the latest and most advanced one, used in many stable and reliable GNU/Linux operating systems, including Ubuntu 16.04 LTS (Xenial Xerus) and Alpine Linux 3.4. Therefore, it is imperative for it to receive regular updates that bring fixes to the most important issues, as well as other general improvements.
  • From NFS to LizardFS
    If you’ve been following me for a while, you’ll know that we started our data servers out using NFS on ext4 mirrored over DRBD, hit some load problems, switched to btrfs, hit load problems again, tried a hacky workaround, ran into problems, dropped DRBD for glusterfs, had a major disaster, switched back to NFS on ext4 mirrored over DRBD, hit more load problems, and finally dropped DRBD for ZFS.
  • IBM's Ginni Rometty Tells Bankers Not To Rest On Their Digital Laurels
  • BUS1, The Successor To KDBUS, Formally Unveiled -- Aiming For Mainline Linux Kernel
    BUS1 has been in development as an in-kernel IPC mechanism building off the failed KDBUS project. An "RFC" will soon be sent out to Linux kernel developers about BUS1 and the subject will be discussed at next month's Kernel Summit. David Herrmann, one of the BUS1 developers, presented at this week's systemd.conf conference about the new capability-based IPC for Linux. He talked about how BUS1 is superior to KDBUS, how BUS1 is similar to Android's Binder, Chrome's Mojo, Solaris' Doors, and other common IPC implementations.
  • A New Wireless Daemon Is In Development To Potentially Replace wpa_supplicant
    In addition to the BUS1 presentation, also exciting from the systemd.conf 2016 conference is a thorough walkthrough of a new wireless daemon for Linux being developed by Intel's Open-Source Technology Center. Intel has been developing a new wireless daemon for Linux to potentially replace wpa_supplicant. This new daemon isn't yet public but the code repositories for it will be opened up in the next few weeks. This new daemon has improvements around persistency, WiFi management, reduced abstractions for different operating systems and legacy interfaces, and changes to operation. This daemon is designed to be very lightweight and work well for embedded Linux use-cases especially, including IoT applications.