Language Selection

English French German Italian Portuguese Spanish

Security

Serious Red Hat Linux Bug Affects Haswell-based Servers

Filed under
Red Hat
Security

A recent post by Gil Tene raises the importance of an important, little known patch to Linux kernels that should be reviewed by all users and administrators of Linux systems, especially those who utilize Haswell processors. Tene reports that in particular users of Red Hat-based distributions (including CentOS 6.6 and Scientific Linux 6.6) should apply the patch as soon as possible. Even if your instance of Linux is running in a VM, that VM is most likely hosted on a Haswell machine if is on the popular cloud providers (Azure / Amazon /etc) and would benefit from the patch.

Read more

Tor Browser 4.5.1 Released with Support for Ubuntu 14.04 LXC Hosts

Filed under
Security
Ubuntu

The Tor Project announced the release of the Tor Browser 4.5.1 for all those who want to stay anonymous online. The new maintenance release is based on Mozilla Firefox 31.7.0 ESR, and it is available for GNU/Linux, Mac OS X, and Microsoft Windows platforms.

Read more

ICU Vulnerability Closed in Ubuntu 15.04

Filed under
Security
Ubuntu

Canonical has published details in a security notice about an ICU vulnerability that has been found and fixed in Ubuntu 15.04, Ubuntu 14.10, and Ubuntu 14.04 LTS.

Read more

For Venom security flaw, the fix is in: Patch your VM today

Filed under
OSS
Security

Venom, as described by its discoverer, Crowdstrike, an end-point security company, works by attacking QEMU's virtual Floppy Disk Controller (FDC). The first thing many of you think when learning this is: "Who cares, I've never used a floppy drive on my virtual machine (VM)!"

Ah, but, you don't have to activate the virtual floppy drive for a potential hacker snake to bite you. By default, the legacy floppy drive code is still in there, even though it's never been used. The corruption is still hiding in the code. So, even though you'd never dream of using a VM floppy drive, you're still open to attack.

Read more

Tails 1.4 is out

Filed under
OSS
Security

Tails, The Amnesic Incognito Live System, version 1.4, is out.

This release fixes numerous security issues and all users must upgrade as soon as possible.

Read more

Urgent Kernel Patch for Ubuntu

Filed under
Security
Ubuntu

Linux is engineered with security in mind. In fact, the most fundamental security mechanisms are built right in to the kernel itself, which makes it extremely hard for malicious code to bypass. Unfortunately, attackers always are looking for ways to break down security walls, and engineers constantly are patching security weaknesses.
Security holes often are caused by small bugs within the kernel. These can be exploited and used to execute code without the normal protection. When a serious hole is discovered, it's important to get a fix out as soon as possible. Unfortunately, rushed fixes sometimes cause problems of their own, such as the fix released by Canonical earlier this week.

Read more

10 of the best Linux distros for privacy fiends and security buffs

Filed under
GNU
Linux
Security

Linux distributions can be separated into various categories based on use case and the intended target group. Server, education, games and multimedia are some of the most popular categories of Linux distros.

For security conscious users, however, there's a growing niche of distros aimed at protecting your privacy. These distros help ensure you don't leave a digital footprint as you go about navigating the web.

Read more

8 Linux Security Improvements In 8 Years

Filed under
GNU
Linux
Security

At a time when faith in open source code has been rocked by an outbreak of attacks based on the Shellshock and Heartbleed vulnerabilities, it's time to revisit what we know about Linux security. Linux is so widely used in enterprise IT, and deep inside Internet apps and operations, that any surprises related to Linux security would have painful ramifications.

In 2007, Andrew Morton, a no-nonsense colleague of Linus Torvalds known as the "colonel of the kernel," called for developers to spend time removing defects and vulnerabilities. "I would like to see people spend more time fixing bugs and less time on new features. That's my personal opinion," he said in an interview at the time.

Read more

Explaining Security Lingo

Filed under
Red Hat
Security

This post is aimed to clarify certain terms often used in the security community. Let’s start with the easiest one: vulnerability. A vulnerability is a flaw in a selected system that allows an attacker to compromise the security of that particular system. The consequence of such a compromise can impact the confidentiality, integrity, or availability of the attacked system (these three aspects are also the base metrics of the CVSS v2 scoring system that are used to rate vulnerabilities). ISO/IEC 27000, IETF RFC 2828, NIST, and others have very specific definitions of the term vulnerability, each differing slightly. A vulnerability’s attack vector is the actual method of using the discovered flaw to cause harm to the affected software; it can be thought of as the entry point to the system or application. A vulnerability without an attack vector is normally not assigned a CVE number.

Read more

Proprietary OOXML document format makes you more vulnerable to attacks

Filed under
LibO
Security
OOo

Using the proprietary OOXML document format, i.e. docx, pptx and xlsx, makes you more vulnerable to phishing and other attacks. Earlier this month, the Japanese anti-virus company Trend Micro published a blog post describing how the attack group "Operation Pawn Storm" uses spear-phishing mail messages with malicious Office documents to target the military, governments, defense industries and the media.

Four years ago, Thomas Caspers and Oliver Zendel from the German Federal Office for Information Security (BSI) already presented research results stating that most spear-phishing attacks targeting specific persons or a small group of victims are using "launch actions" in Office and PDF documents to have their malicious code executed.

Read more

Syndicate content

More in Tux Machines

Android Leftovers

OSS Leftovers

  • Make your very own emojis with Open-Source emojidex
  • Emojis go open-source with emojidex
  • Measuring the performance of a community manager
    In an open organization, measuring performance for particular roles like community managers may not be straightforward, especially when comparing those roles to others with more defined success metrics, goals, and outcomes. In my experience over the past six years, I've worked closely with my manager to make sure that we are in sync with my objectives and what I need to do in order to maximize my impact in my role as a community manager.
  • Security, creating a federated cloud, and more OpenStack news
    Interested in keeping track of what's happening in the open source cloud? Opensource.com is your source for news in OpenStack, the open source cloud infrastructure project.
  • DNSSEC, DANE and the failure of X.509
    As a few people have noticed, I’m a bit of an internet control freak: In an age of central “cloud based” services, I run pretty much my own everything (blog, mail server, DNS, OpenID, web page etc.). That doesn’t make me anti-cloud; I just believe in federation instead of centralisation. In particular, I believe in owning my own content and obeying my own rules rather than those of $BIGCLOUDPROVIDER.
  • 5 reasons wikis rock for documentation
    You may not have noticed, but people often become attached to their favorite technology. This could be a mobile phone, a programming language, or a text editor. When you work on someone else's project, you generally have to go with whatever the prevailing tools and languages are, but when it's your own project, you get to choose the toys. Documentation requires technology, too, but most people have less of a pre-set opinion about documentation tooling than they do about web frameworks and version control systems. So how is a project to choose?
  • Bulgarian government publishes first open datasets
    Bulgaria has just published the first datasets on its open data portal. Currently, about 36 datasets from 26 public agencies have been made available online. The organisations involved were summoned to do so by the Council of Ministers. The Council even has a dedicated team to overcome resistance at the agencies and help them to extract and cleanse the data from the databases. The ambition is to publish another 100 datasets before the end of this year.
  • UK overhauls its Digital Service Standard
    The United Kingdom has revised its Digital Service Standard, which describes the components for building eGovernment services. The update came into effect on 1 June, and is to be used for new and redesigned external-facing services.
  • Security advisories for Monday

GSoC

Meizu MX4 Ubuntu Edition to Launch in Europe Soon, but Not for Everyone

Meizu MX4 Ubuntu Edition is coming to Europe soon, but it would be available for everyone straight away. The latest Ubuntu insider event provided some more information about the impending launch. Read more