Security

ID theft, vulnerabilities, privacy issues, etc

For Real Security, Use CentOS — Never RHEL — and Run Neither on Amazon’s Servers

Filed under
Linux
Security

Never run Red Hat’s “Enterprise Linux”, which cannot be trusted because of NSA involvement; Amazon, which pays Microsoft for RHEL and works with the CIA, should never be used for hosting

Read more

Renowned cryptographer believes his 'Blackphone' can stop the NSA

Filed under
Security

Revelations about how insecure our communications are have been a daily fixture of the news cycle recently, and it's in this climate that a pair of companies are combining to launch a new smartphone focused on privacy. The Blackphone will run a "security-oriented" version of Android named PrivatOS, which the companies say will allow users to securely place and receive phone calls, text messages, video chat, transfer and store files, and "anonymize your activity" through a VPN.

Read more

No hypervisor vulnerability exploited in OpenSSL site breach

Filed under
Security

The OpenSSL Project confirmed that weak passwords used on the hosting infrastructure led to the compromise of its website, dispelling concerns...

Read more

All Linux Distributions Store Wi-Fi Passwords in Plain Text If You Don’t Use Encryption

Filed under
Linux
Security

My colleague, Silviu Stahie, wrote an interesting article earlier today, regarding the “ability” of the Ubuntu Linux operating system to store Wi-Fi passwords in plain text, “thanks” to the default design of the NetworkManager application, initially developed by Red Hat.

Read more

Reminder to Corporate Press: PHP is Not Linux

Filed under
Linux
Security

Somehow a PHP issue gets described as a "Linux worm" (usually in headlines, too) for many other writers to repeat without researching any further. If there is any issue associated with embedded devices (which cannot be patched easily, if at all), then don't blame Linux; embedded systems just happen to be an area reined by Linux and GNU. Windows would not have coped any better.

Read more

NSA Shows Why We Should Abandon All Proprietary Software and Verify Trust

Filed under
Security

If Europe is serious about cyber security, then it should dump all proprietary software (back doors-friendly software) as soon as possible. Given everything we now know about the NSA, ignorance and uncertainty are no longer an excuse. A Dutch source has just revealed that the NSA cracked 50,000 computer networks. The evidence is overwhelming

Read more

Is open source encryption the answer to NSA snooping?

Filed under
Security

The NSA had cracked Internet encryption.

The NSA was listening in to everything.

European customers were especially concerned, he says.

Fortunately, many of the headlines had been unnecessarily alarmist.

“The earlier types of encryption, with 64 bits or less, the NSA has figured out how to brute force decrypt at least some of that traffic,” he says. “But the more modern, strong encryption, with 128 or 256 encryption units, they can't decrypt that. And it bothers them no end.”

Read more

Symantec Reveals that Cybercriminals Employ New Linux Trojan to Embezzle Data

Filed under
Linux
Security

Security researchers of well-known security firm 'Symantec' have identified a cyber-criminal operation which relies on a new-fangled Linux backdoor, nicknamed Linux.Fokirtor, to embezzle data without being discovered.

Read more

Hacked by the NSA

Filed under
Security

There is little doubt that the NSA’s activities will have a negative effect on the U.S. tech sector. Some countries are already considering mandating that business servers be located in-country in an attempt to thwart intrusions by the agency. The Swiss are taking a further step and have hopes of profiting from their strong privacy laws with “Swiss Cloud,” a cloud service being developed with security in mind by Swisscom, in which the Swiss government has a majority stake.

Read more

Linux in Government and Why There is Still NSA Agenda to Keep Wary Eye on

Filed under
Security

Even as Linux advocates we should recognise that there is a diversity of interests and the agenda of the NSA is to spy on everything and everyone, not to protect our privacy and security.

Read more

Mozilla's web security guru talks open source

Filed under
Security

Mozilla is about more than just web browsers

Read more

Trusting Trust and Trusting Red Hat et al.

Filed under
Security

With all sorts of National Security Letters, gag orders, oppressive laws like PARTIOT Act etc. we just know that those based in the US can be forced to facilitate surveillance (without ever speaking about it publicly).

Read more

Report: NSA has little success cracking Tor

Filed under
Security

computerworld.com: The agency has attacked other software, including Firefox, in order to compromise the anonymity tool, according to documents

Linux is more secure but not invulnerable

Filed under
Linux
Security

techrepublic.com: Jack Wallen believes Linux is more secure than other platforms, but it's only as secure as the packages installed.

Linux “HoT” bank Trojan: Failed malware

Filed under
Security
  • Linux “HoT” bank Trojan: Failed malware
  • Shuttleworth: Prism Will Drive Cloud to ‘Other Jurisdictions’
  • NSA 'altered random-number generator'
  • Federal Courts Still Scaremongering About Spooky "Open Source" Software
  • ‘Hand-of-Thief’ Undergoing Construction to Become Commercially Viable
  • Is OpenSSL's Cryptography Broken?
  • How to create an encrypted zip file on Linux
  • Really basic intro to encrypted filesystems in openSUSE
  • What You Need to Know About Encryption on The Internet
  • Open Source Security
  • Semplice Linux 5 Will Protect You from NSA

Torvalds shoots down call to yank 'backdoored' Intel RdRand in Linux crypto

Filed under
Linux
Security

theregister.co.uk: 'We actually know what we are doing. You don't' says kernel boss. "Where do I start a petition to raise the IQ and kernel knowledge of people?"

Also: Torvalds suggests poison and sabotage for ARM SoC designers

Worms and Linux

Filed under
Linux
Security

linuxjournal.com: If you look back at the history of computer worms, you'll see that the computer worms that caused the most damage were directed toward the Microsoft Windows OS. Is this because of the number of Windows vulnerabilities, or is it merely due to the number of Windows users? The question remains unanswered. Meanwhile, apart from the Morris worm, very few worms have been directed toward Linux.

Who's Afraid of Linux Malware?

Filed under
Linux
Security

linuxinsider.com (blog safari): As desktop Linux's popularity grows, so, too, do concerns about viruses and malware. "Malware will come to target consumers on Linux," said blogger Chris Travers. "When it does, we will need to address the challenges it poses.

Syndicate content