Security

ID theft, vulnerabilities, privacy issues, etc

Review: Open source proxy servers are capable, but a bit rough around the edges

Filed under
Server
OSS
Security

Providing a common gateway for web services, caching web requests or providing anonymity are some of the ways organizations use proxy servers. Commercial proxy products, especially cloud offerings, are plentiful, but we wondered if open source or free products could provide enterprise-grade proxy services.

Read more

World’s most secure Android phone finally starts shipping next month

Filed under
Android
Linux
Security
  • World’s most secure Android phone finally starts shipping next month

    Secure communications specialist Silent Circle recently set out to build the most secure Android phone in the world, and some have gone as far as to call the company’s Blackphone an “NSA-proof” smartphone. That statement can’t be confirmed, of course, since the NSA surely still has a few tricks up its sleeve that we don’t know about. What we can say, however, is that people concerned with keeping their mobile communications private will soon have a new option that is more secure than any publicly available Android phone currently on the market.

  • Silent Circle's Blackphone will ship out in three weeks

    Silent Circle in partnership with Geeksphone announced the Blackphone in January this year. The makers of the Blackphone claims that the handset is the world's first smartphone that gives its user total control of privacy.

    The upcoming smartphone is powered by a modified version of Android, PrivatOS, which is believed to be more security-oriented. The Blackphone will be carrier and vendor independent, which will ensure that individuals and businesses are able to make and receive secure phone calls, send texts, store files, browse the internet and more without compromising the privacy of the user.

  • Blackphone is about to sidle stealthily into the mainstream
  • NSA-Proof? Super-Secure Blackphone Shipping by July
  • Super-Secure Blackphone Shipping by July
  • Anti-forensic mobile OS gets your phone to lie for you

    In Android Anti-forensics: Modifying CyanogenMod Karl-Johan Karlsson and William Bradley Glisson present a version of the Cyanogenmod alternate operating system for Android devices, modified so that it generates plausible false data to foil forensic analysis by law enforcement. The idea is to create a mobile phone that "lies" for you so that adversaries who coerce you into letting them take a copy of its data can't find out where you've been, who you've been talking to, or what you've been talking about.

Tails interview

Filed under
Interviews
Security
Debian

Tails was built with two specific things in mind: sustainability and usability.
Sustainability refers to how this is a project that can be relied on by its users. The team goes on to explain the importance of usability: “We believe that the best security tool is of no use if people who really need it on the field cannot use it. Moreover, security tools must be hard to misuse, they should prevent you from doing critical mistakes, or ask you to make security decisions that you are not able to make.”

Tails has been around for a while as previously stated, however its notoriety was elevated after the Snowden revelations: “What really changed is the public awareness regarding those issues,” the team told us. “It is now hard to deny that internet security has to do with politics and not only with technology. The Snowden revelations also made it clear that online privacy is an issue for everyone, and not only for paranoid people. That point was still hard to make, even in the Linux world.”

Read more

New Private Cloud Devices Aim to Block Cyber Spies

Filed under
Linux
Security

Suddenly, consumer-oriented private cloud storage devices are everywhere, with many -- if not most -- running Linux. The market segment has blossomed thanks to growing concerns over government cyber-spying, notably in the case of the U.S. National Security Agency and the Chinese military. There is also growing unease about sharing of user data by mobile carriers, financial firms, and high-tech companies, as well as fears about cyber-criminals.

Read more

Join the FSF and allies: strengthen the Tor anti-surveillance network

Filed under
OSS
Security

Today we're joining our allies at the Electronic Frontier Foundation (EFF) in kicking off the Tor Challenge, an effort to strengthen the global Tor network that protects Internet traffic from surveillance.

Tor is a publicly accessible, free software-based system for anonymizing Internet traffic. Tor relies on thousands of computers around the world called relays, which route traffic in tricky ways to dodge spying. The more relays, the stronger and faster the network.

Read more

Kali Linux Improves Penetration Testing

Filed under
Reviews
Security

There are a lot of tools and applications available to security researchers to conduct penetration testing. Many of those tools run on the open-source Linux operating system, though not every distribution is properly configured to be a proper platform for security research. That's where the Kali Linux distribution comes into play as an optimized Linux distribution built for security researchers. The Kali Linux 1.0.7 distribution was officially released on May 27, providing users with a number of new features. Kali Linux was originally known as Backtrack Linux, before being renamed and rebuilt in March 2013. One of the primary new features in Version 1.0.7 is the introduction of encrypted USB persistence for Live images. With that feature, Kali Linux can be installed onto a USB storage key, with user storage that can be updated and fully encrypted. One of the key benefits of Kali Linux is that it assembles in one place many tools that security researchers need. Tools for information gathering, vulnerability analysis, Web applications, password attacks, stress testing and even hardware hacking are all included. In this slide show, eWEEK takes a look at some of the features of the Kali Linux 1.0.7 release.

Read more

OpenSSL Security Advisory [05 Jun 2014]

Filed under
OSS
Security

OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g.

Read more

More: How I discovered CCS Injection Vulnerability (CVE-2014-0224)

OSSEC 2.8 has been released

Filed under
Security

OSSEC is a cross-platform host intrusion detection system. Hence it’s also known as OSSEC HIDS. It is Free software released under the GNU General Public License, and features log analysis, file integrity monitoring, rootkit detection and real-time active responses. If you intend to run a server anywhere, this is one of the first applications you want to install on it.

OSSEC is a much better security application than Fail2ban, another popular host intrusion prevention application. OSSEC offers a centralized management server with support for agent and agentless monitoring. A complete description of its features are available here.

Read more

Why open source development is getting more secure

Filed under
OSS
Security

With fewer defects being found in major open source projects than in large proprietary software packages, what are the security strengths and weaknesses of open source development?

Read more

Google's Nexus devices get stealth Android update

Filed under
Android
Security

Google has quietly begun rolling out a new version of Android to its flagship Nexus devices, but so far it has remained shtum on just what has changed.

Support pages from US wireless player T-Mobile reveal that the Nexus 4 and Nexus 5 handsets and the 2013 version of the Nexus 7 tablet all began receiving over-the-air updates to Android 4.4.3 on Monday.

Read more

Announcing Rapid Progress on Core Infrastructure Initiative

Filed under
OSS
Security

A month ago we announced the Core Infrastructure Initiative, a project to help fund critical open source projects that we all rely upon but that are in need of support. We moved quickly to organize the initiative and the industry reaction was swift and enthusiastic. I am proud to report on significant progress that I believe matches the quality of the reaction to the formation of the project.

First order of business was electing the Advisory Board, which will help the Steering Group (made up of funders and The Linux Foundation) determine which projects to fund. We are fortunate to have assembled many of the brightest minds in open source, web technology and computer security. I am thrilled to work with these individuals.

Read more

Tails 1.1 Beta 1 Secure Distro Now Has Windows 8 Comouflage Mode

Filed under
GNU
Linux
Security
Debian

Tails is a distribution based on Debian and Tor technologies that aims to keep its users as anonymous as possible. It gained a lot more visibility after Edward Snowden said that he used exactly this Linux distribution to hide his tracks. The developers are now implementing more changes and fixes that should ensure it becomes even more secure.

Read more

TrueCrypt Not Dead, Forked and Relocated to Switzerland

Filed under
Security

The development of TrueCrypt, an open source piece of software used for on-the-fly encryption, has been terminated and users have been advised not to use it because it is not secure enough. Now, it seems that another team of developers have forked the software and rebased it in Switzerland.

Read more

Kali Linux 1.0.7 review

Filed under
Reviews
Security

The latest update to Kali Linux was released a few days ago. Kali Linux 1.0.7 review is a summary review of the main features of this latest upgrade to the security distribution from Offensive Security, a security and penetration training outfit based somewhere on this third rock from the Sun.

The main feature introduced in Kali Linux 1.0.7 is the ability to transfer the system to a USB stick with encrypted persistence.

Read more

The Linux Foundation’s Core Infrastructure Initiative Announces New Backers, First Projects to Receive Support and Advisory Board Members

Filed under
Linux
Security

The Core Infrastructure Initiative (CII), a project hosted by The Linux Foundation that enables technology companies, industry stakeholders and esteemed developers to collaboratively identify and fund open source projects that are in need of assistance, today announced five new backers, the first projects to receive funding from the Initiative and the Advisory Board members who will help identify critical infrastructure projects most in need of support.

Read more

Hands-on with Kali Linux 1.0.7

Filed under
Linux
Security

One last thing about booting Kali Linux. The details of this are beyond the scope of this kind of general Linux blog, but one of the major advances in this release is support for Encrypted USB Persistence. This is specifically for people who will be booting Kali from a USB stick, it gives them the possibility to securely save changes to an encrypted partition on the USB drive. I haven't had time to look at this in detail yet, much less actually try it out, but at first glance I think it probably removes one of the major reasons for carrying a dedicated laptop around for security analysis, rather than just a Live USB stick.

So there you have it, short and very sweet. If you are interested in network security, forensic analysis or penetration testing, this is a Linux distribution you need to know about. If you're already using it, just make sure that you pick up the latest updates so that you get the new kernel and tools.

Read more

BackTrack Successor Kali Linux 1.0.7 Arrives with Linux Kernel 3.14

Filed under
Linux
Security

As usually, Kali Linux 1.0.7 features various new tools, updated applications, as well as numerous fixes in order to make Kali Linux a more stable and reliable Linux operating system. This includes a new version of the Linux kernel, among other things.

There are numerous Linux distributions in the open source ecosystem, but there are very few built specifically for penetration testing and digital forensics. The former iteration of this distro, BackTrack, is one of the most downloaded OSes and it's the go-to operating system when you need a professional solution.

Read more

Meet the Man Hired to Make Sure the Snowden Docs Aren't Hacked

Filed under
Linux
Security

When he got to Rio, Lee spent one entire day strengthening Greenwald’s computer, which at that point used Windows 8. Lee was worried spy agencies could break in, so he replaced the operating system with Linux, installed a firewall, disk encryption and miscellaneous software to make it more secure.

Read more

Notable Penetration Test Linux distributions of 2014

Filed under
GNU
Linux
Security

A penetration test, or the short form pentest, is an attack on a computer system with the intention of finding security weaknesses, potentially gaining access to it, its functionality and data. A Penetration Testing Linux is a special built Linux distro that can be used for analyzing and evaluating security measures of a target system.

Read more

Silent Circle secures $30 million in funding to expand Blackphone production

Filed under
Android
Security

Private communications firm Silent Circle has secured $30 million in funding to cope with demand for the privacy-based Blackphone, as well as expand operations globally.

Read more

Syndicate content