Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

How Linux Kernel Development Impacts Security

Filed under
Linux
Security

The Linux kernel is a fast moving project, and it's important for both users and developers to quickly update to new releases to remain up-to-date and secure. That was the keynote message Greg Kroah-Hartman, maintainer of the stable Linux kernel, delivered at CoreOS Fest on May 9 here.

Kroah-Hartman is a luminary in the Linux community and is employed by the Linux Foundation, publishing on average a new Linux stable kernel update every week. In recent years, he has also taken upon himself the task of helping to author the "Who Writes Linux" report that details the latest statistics on kernel development. He noted that, from April 2015 to March 2016, there were 10,800 new lines of code added, 5,300 lines removed and 1,875 lines modified in Linux every day.

Read more

Also: Neat drm/i915 Stuff for 4.7

Here's a List of All the Ethical Hacking Tools Included in BlackArch Linux

Filed under
GNU
Linux
Security

At the beginning of the month, we informed you about the general availability of an updated ISO image for the Arch Linux-based BlackArch Linux operating system, which gave users access to over 1,400 penetration testing tools.

BlackArch Linux 2016.04.28 was, as its version number suggests, baked and cooked at the end of April, and it introduced 80 new security-oriented utilities to the ever growing collection of tools that are available in the software repositories of this GNU/Linux operating system.

Read more

Compare to: IE and Graphics head Microsoft's Patch Tuesday critical list

Debian-Based Univention Corporate Server 4.1-2 Brings Important Security Updates

Filed under
Security
Debian

Maren Abatielos of Univention GmbH informs us today, May 10, 2016, about the release of the second maintenance build of Univention Corporate Server (UCS) 4.1.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Tuesday
  • This Botnet, Called Jaku, Only Targets Scientists, Engineers, And Academics

    Jaku Botnet discriminates while targeting its victims in the wild. It is easier to download from the famous sources like images or Torrents — thanks to the unforced human errors — and once installed, it grips that computer and makes that a part of the Botnet network.

  • Reproducible builds: week 54 in Stretch cycle

    There has been a surprising tweet last week: "Props to @FiloSottile for his nifty gvt golang tool. We're using it to get reproducible builds for a Zika & West Nile monitoring project." and to our surprise Kenn confirmed privately that he indeed meant "reproducible builds" as in "bit by bit identical builds". Wow. We're looking forward to learn more details about this; for now we just know that they are doing this for software quality reasons basically.

  • Security Analyst Arrested For Disclosing Security Flaw In Florida County's Election Systems

    A Florida man has been charged with felony criminal hacking charges after disclosing vulnerabilities in the voting systems used in Lee County, Florida. Security analyst David Levin was arrested 3 months after reporting un-patched SQL injection vulnerabilities in the county's election systems. Levin was charged with three counts of unauthorized access to a computer, network, or electronic device and released on $15,000 bond. Levin's first and biggest mistake was to post a video of himself on YouTube logging into the Lee County Elections Office network using the credentials of Sharon Harrington, the Lee County Supervisor of Elections.

KDE Applications 16.04 Gets Its First Point Release, Includes Over 25 Bug Fixes

Filed under
KDE
Security

Today, May 10, 2016, KDE has announced the general availability of the first point release in the latest stable and most advanced KDE Applications 16.04 series of the software suite used for the KDE Plasma 5 desktop environment.

Read more

Security Leftovers

Filed under
Security

Ubuntu LTS Kernel Vulnerabilities

Filed under
Security
Ubuntu

Security Leftovers

Filed under
Security
  • Secure from whom

    Side-channel attacks are a thing, this is true. But they also cost a lot of time and money to develop. If you want something that can be applied to more than just a single target, that cost explodes. That is why the two most common places where side-channel attacks are developed are nation states and universities specializing in that research.

    [...]

    So in summation, I’m far more interested in focusing on our ability to get security fixes out to users in a timely fashion. Herd immunity can work for software too.

  • Security isn't a feature, it's a part of everything

    Almost every industry goes through a time when new novel features are sold as some sort of add on or extra product. Remember needing a TCP stack? What about having to buy a sound card for your computer, or a CD drive? (Does anyone even know what a CD is anymore?) Did you know that web browsers used to cost money? Times were crazy.

  • Student Tried to Hack His School Network, Police Calls Him An Anonymous Member

    The State police and school district officials in Pennsylvania are investigating a case that involves a school student trying to hack into the school’s Wi-Fi network. The officials have told a local newspaper that they have found some evidence regarding his association with the hacktivist group Anonymous

Security Leftovers

Filed under
Security
  • This Single Command Can Hack Your Windows AppLocker In Seconds

    If you use Windows AppLocker to restrict others from using some applications and locking down your Windows PC, here’s something to worry about. Casey Smith, a security researcher, has found a way to bypass the AppLocker whitelist and run arbitrary scripts. IT admins are advised to run this command on their systems and see if some loopholes exist in their network.

  • Here's how I verify data breaches

    Other headlines went on to suggest that you need to change your password right now if you're using the likes of Hotmail or Gmail, among others. The strong implication across the stories I've read is that these mail providers have been hacked and now there's a mega-list of stolen accounts floating around the webs.

  • The Top 4 in a Linux Environment
  • An update on SSH protocol 1

    At this stage, we're most of the way towards fully deprecating SSH protocol 1 - this outlines our plans to complete this task.

  • High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic
  • Firejail 0.9.40-rc1 Release Announcement

    We are happy to announce the release candidate of Firejail version 0.9.40-rc1 (download). Firejail is a generic Linux namespaces security sandbox, capable of running graphic interface programs as well as server programs. This release includes a number of major features, such as X11 sandboxing support, file transfers between sandboxes and the host system, run-time configuration support, Ubuntu 14.04 AppArmor support, and firecfg, a desktop configuration utility. A number of smaller features, documentation and bugfixes are also included:

Syndicate content

More in Tux Machines

Whitehurst: Free OSS Red Hat's biggest competition in Asia

Red Hat still faces a major challenge convincing organisations to pay for its services, especially in markets such as China where there is widespread use of free, open source alternatives, says CEO Jim Whitehurst. Read more

Red Hat CEO issues call to arms for open source participation

Broadening the strength and depth of the open source community has always been a goal that has been supported by vendors and businesses alike, but a call to arms for a greater participation was the message that Red Hat wanted to get across at its annual summit. The Red Hat Summit in San Francisco was an opportunity for CEO Jim Whitehurst to talk about the ideology of open source during his keynote presentation, and a message of changing hierarchies underpinned much of what he said. Read more

Avoiding bad practices in open source project management

This whole list has been inspired by many years of open source hacking and free software contributions. Everyone's experiences and feelings might be different, or malpractice may have been seen under different forms. Let me know if there are any other points that you encountered that blocked you from contributing to open source projects! Read more

Today in Techrights