Language Selection

English French German Italian Portuguese Spanish

Security

Multiple X.Org Vulnerabilities Found, One Is from 1987

Filed under
Graphics/Benchmarks
Security

One of the most important features of the open source development community is its ability to self-correct, even if it takes a very long time. A number of issues in X servers have been corrected recently, and some of them were actually very old. The record holder is a bug introduced back in 1987.

Read more

Linux Turla Malware Infection? Not Going to Happen.

Filed under
GNU
Linux
Security

This code simply isn't in any Linux repository.

That means one must intentionally deviate and go outside of the keyring-protected repo of applications 'into the wild' to obtain this rogue software.

By definition, a trojan, requires one to install the application and then explicitly run it to have its 'payload' execute.

Read more

Video: Security Features in systemd

Filed under
Linux
Red Hat
Security

Lennart Poettering gave a presentation for NLUUG on Nov. 20th, 2014 entitled, "Security Features in systemd".

Read more

JasPer Vulnerability Closed in All Supported Ubuntu OSes

Filed under
Security
Ubuntu

Canonical published details about a JasPer vulnerability in its Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems. The problem is not series, but it's not a bad idea to upgrade.

Read more

LibreSSL 2.1.2 released

Filed under
Security
BSD

We have released LibreSSL 2.1.2, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon.

Read more

Breaking: Stealth "Turla" Malware Infects Unknown Number of Linux Systems

Filed under
Linux
Security

The Linux Turla is a new piece of malware designed to infect only Linux computers, which has managed to remain relatively hidden until now and has the potential of doing a lot of harm. Unfortunately, very little is known about it or how to fix it.

Read more

Cisco Goes Open-Source for Big Data Security Analytics

Filed under
OSS
Security

Cisco is no stranger to the open-source world and is now expanding its efforts with the OpenSOC (Security Operation Center), which is a project that is freely available on Github.

Read more

10 Open Source Security Tools from Google, Facebook, Netflix and Cisco

Filed under
OSS
Security

Choice has long been a defining feature of the world of free and open source software, and the constellation of options only gets bigger every year. Often it's brand-new projects causing the increase, but sometimes the growth happens in another way, when tools that were developed for a company's internal use get opened up for all the world to see, use and improve.

That, in fact, is just what has been happening lately on a grand scale in the security arena, where numerous major companies have been opting to open the doors to their own, in-house tools. Google, Facebook and Netflix are all among the companies taking this approach lately, and it's changing the security landscape significantly.

Read more

2014: Year of open source miracles

Filed under
OSS
Security

We open with the recent unpleasantness at the Drupal project. The SQL injection vulnerability, while serious, isn’t unusual. It’s actually the most common vulnerability in the world. What made the exploit newsworthy was the very short amount of time between disclosure and widespread exploitation: "if timely patches weren’t applied, then the Drupal security team outlined a lengthy process required to restore a website to health." Basically, you had seven hours to fix it before evil robots descended on your servers.

This isn’t an open source problem, it’s a software management problem.

Read more

Lollipop's Encryption Takes a Hefty Toll

Filed under
Android
Security

The new full-disk encryption feature that's enabled by default in Android 5.0 Lollipop comes at a hefty price in terms of performance, according to a recent benchmark report.

In fact, when full-disk encryption is enabled, random read performance drops by 62.9 percent, while random write performance falls by 50.5 percent, AnandTech reported late last week. Sequential read performance, meanwhile, drops by a whopping 80.7 percent.

Read more

Syndicate content

More in Tux Machines

Linux, the overweight king of cloud: Will this change anytime soon?

Nick Hardiman argues that the problem with Linux is that multi-purpose distros, which are great for cloud computing jobs, are making the server OS fat. Read more

Canonical’s “Snappy Ubuntu” Lands On AWS

Canonical’s stripped down “Snappy” edition of Ubuntu Core is now available on Amazon’s AWS cloud computing platform. If you’ve followed along over the last few weeks, that’s not a major surprise. Snappy first launched on Microsoft Azure at the beginning of this month and then arrived on Google’s Compute Engine platform earlier this week. It was pretty obvious that AWS’s EC2 would be next. Read more

Public Interest, Software Freedom and Open Standards

...importance of working with upstream projects and initiatives for a government like the UK Government. [...] Public interest and software freedom are not always aligned, in the sense that software freedom grant rights to users of Free Software but does not imply users will get what they want; in this case however, these two notions could become very much aligned. The same holds true for Open Standards: if major chunks of the UK’s public sector’s pool of documents is migrated to ODF, there is something close to a liability – and an opportunity- for this Government to ensure the format continues to thrive and be improved. Read more

Defending the Free Linux World

Co-opetition is a part of open source. The Open Invention Network model allows companies to decide where they will compete and where they will collaborate, explained OIN CEO Keith Bergelt. As open source evolved, "we had to create channels for collaboration. Otherwise, we would have hundreds of entities spending billions of dollars on the same technology." Read more