Language Selection

English French German Italian Portuguese Spanish

Security

Tails 1.2.3 is out

Filed under
GNU
Linux
Security
Debian

On January 3rd, the SSL certificate of our website hosting provider, boum.org, expired. This means that if you still are running Tails 1.2.1 or older, you will not get any update notification. Please help spreading the word!

Read more

Under the hood of I2P, the Tor alternative that reloaded Silk Road

Filed under
OSS
Security

Tor is apparently no longer a safe place to run a marketplace for illegal goods and services. With the alleged operator of the original Silk Road marketplace, Ross Ulbricht, now going to trial, the arrest of his alleged successor and a number of others in a joint US-European law enforcement operation, and the seizure of dozens of servers that hosted "hidden services" on the anonymizing network, the operators of the latest iteration of Silk Road have packed their tents and moved to a new territory: the previously low-profile I2P anonymizing network.

Read more

Update on Red Hat Enterprise Linux 6 and FIPS 140 validations

Filed under
Red Hat
Security

Red Hat achieved its latest successful FIPS 140 validation back in April 2013. Since then, a lot has happened. There have been well publicized attacks on cryptographic protocols, weaknesses in implementations, and changing government requirements. With all of these issues in play, we want to explain what we are doing about it.

Read more

Also: Mysteries of NUMA Memory Management Revealed

Here is How I Built my First RPM

Exiv2 Vulnerability Closed in Ubuntu 14.10

Filed under
Security
Ubuntu

Canonical has published details in a security notice about a Exiv2 vulnerability in Ubuntu 14.10 (Utopic Unicorn) that has been found and corrected. This not a major issue, but users should upgrade nonetheless.

Read more

Fedora 22 Might Disable Root Remote Logins By Default

Filed under
Red Hat
Security

Right now Fedora allows for SSH log-ins as root, which is the default behavior as currently shipped by sshd. However, for Fedora 22 there is a proposal that the packaged sshd will default the option of PermitRootLogin to no so that root log-ins wouldn't be permitted into Fedora SSH servers. This change is being proposed to try to avoid brute-force attacks against root passwords of Fedora servers.

Read more

Will Open Source Security Be on the Federal Agenda in 2015?

Filed under
OSS
Security

Open source code security has been in the spotlight since the Heartbleed bug infected the Canada Revenue Agency website last year. Found embedded in OpenSSL, one of the Web’s most common security systems, Heartbleed sent public-sector IT personnel scrambling to test their agencies’ websites to make sure they were clean and protected.

Read more

Heads up, dear leader: Security hole found in North Korea’s home-grown OS

Filed under
Linux
Security

North Korea is a technological island in many ways. Almost all of the country's "Internet" is run as a private network, with all connections to the greater global Internet through a collection of proxies. And the majority of the people of the Democratic People's Republic of Korea who have access to that network rely on the country's official operating system: a Linux variant called Red Star OS.

Red Star OS, first introduced in 2003, was originally derived from Red Hat Linux. In theory, it gave North Korea an improved level of security against outside attack—a Security Enhanced Linux operating system based on Red Hat that could enforce strict government access controls on the few who got to use it.

Read more

3 REASONS WHY OPEN SOURCE MEANS BETTER SECURITY

Filed under
OSS
Security

By leveraging open source software and establishing best practices to protect this data at an ongoing rate, these agencies can take a cue from the private sector and enjoy a sense of trust in the way they store and collaborate on private data.

Read more

4MRescueKit

Filed under
GNU
Linux
Security

4MRescueKit provides its users with software for antivirus protection, data backup, disk partitioning, and data recovery. It is distributed in the form of a multiboot CD, which includes four (extremely small) operating systems. Each of the systems tries to follow the UNIX philosophy (Small is beautiful. Make each program do one thing well).

Read more

Is SSH Insecure?

Filed under
OSS
Security

Fact is, we don’t yet know enough details about all possible attack surfaces against SSH available to the agencies and we badly need more information to know what infrastructure components remain save and reliable for our day to day work. However we do have an idea about the weak spots that should be avoided.

Read more

Syndicate content

More in Tux Machines

today's howtos

Leftovers: Gaming

Pro tip: Find tons of open-source Android software with F-Droid

If you're looking for truly open-source software for the Android platform, you don't have to do a ton of searching or check through licenses from within the Google Play Store. All you have to do is download a simple tool called F-Droid. With this tool, you can download and install apps (from quite a large listing) as easily as you can from the Google Play Store. You won't, however, find F-Droid in the Google Play Store. Instead, you have to download the .apk file and install it manually. Once it's installed, the rest is just a matter of searching for an app and tapping to install. Read more

Librem 15 Linux Laptop Set To Close At Around $400k USD

The manufacturing goal was $250k USD and thanks to the extension they're now set to close the campaign at the end of today at around $400k. With the extra funds, they're planning to add hardware kill switches for the microphone/camera and for all RF/WiFI/Bluetooth adapters. Those behind the project are also looking at replacing the HDMI port with two mini Thunderbolt ports. Read more