Language Selection

English French German Italian Portuguese Spanish

Security

Security News

Filed under
Security

Security Leftovers

Filed under
Security

Security News

Filed under
Security

Security Leftovers

Filed under
Security
  • How to secure MongoDB on Linux or Unix production server

    MongoDB is a free and open-source NoSQL document database server. It is used by web application for storing data on a public facing server. Securing MongoDB is critical. Crackers and hackers are accessing insecure MongoDB for stealing data and deleting data from unpatched or badly-configured databases. In this tutorial you will learn about how to secure a MongoDB instance or server running cloud server.

  • MongoDB Ransomware Attacks Grow in Number

    Last week when the news started hitting the net about ransomware attacks focusing on unprotected instances of MongoDB, it seemed to me to be a story that would have a short life. After all, the attacks weren’t leveraging some unpatched vulnerabilities in the database, but databases that were misconfigured in a way that left them reachable via the Internet, and with no controls — like a password other than the default — over who had privileges. All that was necessary to get this attack vector under control was for admins to be aware of the situation and to be ready and able to reconfigure and password protect.

  • FTC will pay you to build an IoT security checker

    The Federal Trade Commission (FTC) wants the public to take a crack at developing tools to improve security around Internet of Things (IoT) devices.

    Specifically, the FTC is hosting a competition challenging the public to create a technical solution that would, at a minimum, help protect consumers from security vulnerabilities caused by out-of-date software. Contestants have the option of adding features, such as those that would address hard-coded, factory default or easy-to-guess passwords.

  • Security advisories for Monday
  • Security Advice: Bad, Terrible, or Awful

    As an industry, we suck at giving advice. I don’t mean this in some negative hateful way, it’s just the way it is. It’s human nature really. As a species most of us aren’t very good at giving or receiving advice. There’s always that vision of the wise old person dropping wisdom on the youth like it’s candy. But in reality they don’t like the young people much more than the young people like them. Ever notice the contempt the young and old have for each other? It’s just sort of how things work. If you find someone older and wiser than you who is willing to hand out good advice, stick close to that person. You won’t find many more like that.

Open source server simplifies HTTPS, security certificates

Filed under
OSS
Security

For administrators seeking an easier method to turn on HTTPS for their websites, there is Caddy, an open source web server that automatically sets up security certificates and serves sites over HTTPS by default.

Built on Go 1.7.4, Caddy is a lightweight web server that supports HTTP/2 out of the box and automatically integrates with any ACME-enabled certificate authority such as Let’s Encrypt. HTTP/2 is enabled by default when the site is served over HTTPS, and administrators using Caddy will never have to deal with expired TLS certificates for their websites, as Caddy handles the process of obtaining and deploying certificates.

Read more

MongoDB Misconfiguration and Ransom, NSA Windows Cracking

Filed under
Security

Security News

Filed under
Security
  • 6 ways to secure air-gapped computers from data breaches

    How do you avoid this? Depending upon the nature of the data contained within the air-gapped system, you should only allow certain staff members access to the machine. This might require the machine to be locked away in your data center or in a secured room on the premises. If you don't have a data center or a dedicated room that can be locked, house the computer in the office of a high-ranking employee.

  • Possibly Smart, Possibly Stupid, Idea Regarding Tor & Linux Distributions

    I will admit that I have not fully thought this through yet, so I am
    writing this in the hope that other folk will follow up, share their
    experiences and thoughts.

    So: I have installed a bunch of Tor systems in the past few months -
    CentOS, Ubuntu, Raspbian, Debian, OSX-via-Homebrew - and my abiding
    impression of the process is one of "friction".

    Before getting down to details, I hate to have to cite this but I have been
    a coder and paid Unix sysadmin on/off since 1988, and I have worked on
    machines with "five nines" SLAs, and occasionally on boxes with uptimes of
    more than three years; have also built datacentres for Telcos, ISPs and
    built/setup dynamic provisioning solutions for huge cluster computing. The
    reason I mention this is not to brag, but to forestall

  • [Older] Introducing rkt’s ability to automatically detect privilege escalation attacks on containers

    Intel's Clear Containers technology allows admins to benefit from the ease of container-based deployment without giving up the security of virtualization. For more than a year, rkt's KVM stage1 has supported VM-based container isolation, but we can build more advanced security features atop it. Using introspection technology, we can automatically detect a wide range of privilege escalation attacks on containers and provide appropriate remediation, making it significantly more difficult for attackers to make a single compromised container the beachhead for an infrastructure-wide assault.

  • Diving back into coreboot development

    Let me first introduce myself: I’m Youness Alaoui, mostly known as KaKaRoTo, and I’m a Free/Libre Software enthusiast and developer. I’ve been hired by Purism to work on porting coreboot to the Librem laptops, as well as to try and tackle the Intel ME issue afterwards.

    I know many of you are very excited about the prospect of having coreboot running on your Librem and finally dropping the proprietary AMI BIOS that came with it. That’s why I’ll be posting reports here about progress I’m making—what I’ve done so far, and what is left to be done.

  • Web databases hit in ransom attacks

    Gigabytes of medical, payroll and other data held in MongoDB databases have been taken by attackers, say security researchers.

  • Why HTTPS for Everything?

    HTTPS enables privacy and integrity by default. It is going to be next big thing. The internet’s standards bodies, web browsers, major tech companies, and the internet community of practice have all come to understand that HTTPS should be the baseline for all web traffic. Ultimately, the goal of the internet community is to establish encryption as the norm, and to phase out unencrypted connections. Investing in HTTPS makes it faster, cheaper, and easier for everyone.

Security Leftovers

Filed under
Security
  • Security updates for Friday
  • Linux KillDisk Ransomware Can't Decrypt

    Disk-wiping malware known as KillDisk, which has previously been used in hack attacks tied to espionage operations, has been given an update. Now, the malware works on Linux as well as Windows systems and also includes the ability to encrypt files, demand a bitcoin ransom and leave Linux systems unbootable.

  • GNU Officially Boots Libreboot

    FSF and GNU decide to grant Libreboot lead developer Leah Rowe’s wishes. The project is no longer a part of GNU says RMS.

Security News

Filed under
Security

Security News

Filed under
Security
  • 8 Docker security rules to live by

    Odds are, software (or virtual) containers are in use right now somewhere within your organization, probably by isolated developers or development teams to rapidly create new applications. They might even be running in production. Unfortunately, many security teams don’t yet understand the security implications of containers or know if they are running in their companies.

    In a nutshell, Linux container technologies such as Docker and CoreOS Rkt virtualize applications instead of entire servers. Containers are superlightweight compared with virtual machines, with no need for replicating the guest operating system. They are flexible, scalable, and easy to use, and they can pack a lot more applications into a given physical infrastructure than is possible with VMs. And because they share the host operating system, rather than relying on a guest OS, containers can be spun up instantly (in seconds versus the minutes VMs require).

  • Zigbee Writes a Universal Language for IoT

    The nonprofit Zigbee Alliance today unveiled dotdot, a universal language for the Internet of Things (IoT).

    The group says dotdot takes the IoT language at Zigbee’s application layer and enables it to work across different networking technologies.

  • $25,000 Prize Offered in FTC IoT Security Challenge

    It appears as if the Federal Trade Commission is getting serious about Internet of Things security issues -- and it wants the public to help find a solution. The FTC has announced a contest it's calling the "IoT Home Inspector Challenge." What's more, there's a big payoff for the winners, with the Top Prize Winner receiving up to $25,000 and each of a possible three "honorable Mentions" getting $3,000. Better yet, winners don't have to fork over their intellectual property rights, and will retain right to their submissions.

    Of course, the FTC is a federal agency, and with a change of administrations coming up in a couple of weeks, it hedges its bet a bit with a caveat: "The Sponsor retains the right to make a Prize substitution (including a non-monetary award) in the event that funding for the Prize or any portion thereof becomes unavailable." In other words, Obama has evidently given the go-ahead, but they're not sure how Trump will follow through.

  • LG threatens to put Wi-Fi in every appliance it releases in 2017

    In the past few years, products at CES have increasingly focused on putting the Internet in everything, no matter how "dumb" the device in question is by nature. It's how we've ended up with stuff like this smart hairbrush, this smart air freshener, these smart ceiling fans, or this $100 pet food bowl that can order things from Amazon.

  • Ex-MI6 Boss: When It Comes To Voting, Pencil And Paper Are 'Much More Secure' Than Electronic Systems

    Techdirt has been worried by problems of e-voting systems for a long time now. Before, that was just one of our quaint interests, but over the last few months, the issue of e-voting, and how secure it is from hacking, specifically hacking by foreign powers, has become a rather hot topic. It's great that the world has finally caught up with Techdirt, and realized that e-voting is not just some neat technology, and now sees that democracy itself is at play. The downside is that because the stakes are so high, the level of noise is too, and it's really hard to work out how worried we should be about recent allegations, and what's the best thing to do on the e-voting front.

  • Five things that got broken at the oldest hacking event in the world

    Chaos Communications Congress is the world’s oldest hacker conference, and Europe’s largest. Every year, thousands of hackers gather in Hamburg to share stories, trade tips and discuss the political, social and cultural ramifications of technology.

    As computer security is a big part of the hacker world, they also like to break things. Here are five of the most important, interesting, and impressive things broken this time.

Syndicate content

More in Tux Machines

KDE Leftovers

  • Integrate Your Android Device With Ubuntu Using KDE Connect Indicator Fork
    KDE Connect is a tool which allows your Android device to integrate with your Linux desktop. With KDE Connect Indicator, you can use KDE Connect on desktop that support AppIndicators, like Unity, Xfce (Xubuntu), and so on.
  • FirstAid – PDF Help Viewer
    in the recent months, I didn’t find much time to spend on Kate/KTextEditor development. But at least I was now able to spend a bit more time on OpenSource & Qt things even during work time in our company. Normally I am stuck there with low level binary or source analysis work. [...] Therefore, as our GUIs are developed with Qt anyways, we did take a look at libpoppler (and its Qt 5 bindings), which is the base of Okular, too.
  • KBibTeX 0.6.1-rc2 released
    After quite some delay, I finally assembled a second release candidate for KBibTeX 0.6.1. Version 0.6.1 will be the last release in the 0.6.x series.
  • Meet KDE at FOSDEM Next Month
    Next month is FOSDEM, the largest gathering of free software developers anywhere in Europe. FOSDEM 2017 is being held at the ULB Campus Solbosch on Saturday 4th and Sunday 5th of February. Thousands of coders, designers, maintainers and managers from projects as popular as Linux and as obscure as Tcl/Tk will descend on the European capital Brussels to talk, present, show off and drink beer.

Leftovers: OSS

  • D-Wave Unveils Open-Source Software for Quantum Computing
    Canada-based D-Wave Systems has released an open-source software tool designed to help developers program quantum computers, Wired reported Wednesday.
  • D-Wave builds open quantum computing software development ecosystem
    D-Wave Systems has released an open source quantum computing chunk of software. Quantum computing, as we know, moves us on from the world of mere 1’s and 0’s in binary to the new level of ‘superposition’ qubits that can represent many more values and therefore more computing power — read this accessible piece for a simple explanation of quantum computing.
  • FOSS Compositing With Natron
    Anyone who likes to work with graphics will at one time or another find compositing software useful. Luckily, FOSS has several of the best in Blender and Natron.
  • Hadoop Creator Doug Cutting: 5 Ways to Be Successful with Open Source in 2017
    Because of my long-standing association with the Apache Software Foundation, I’m often asked the question, “What’s next for open source technology?” My typical response is variations of “I don’t know” to “the possibilities are endless.” Over the past year, we’ve seen open source technology make strong inroads into the mainstream of enterprise technology. Who would have thought that my work on Hadoop ten years ago would impact so many industries – from manufacturing to telecom to finance. They have all taken hold of the powers of the open source ecosystem not only to improve the customer experience, become more innovative and grow the bottom line, but also to support work toward the greater good of society through genomic research, precision medicine and programs to stop human trafficking, as just a few examples. Below I’ve listed five tips for folks who are curious about how to begin working with open source and what to expect from the ever-changing ecosystem.
  • Radio Free HPC Looks at New Open Source Software for Quantum Computing
    In this podcast, the Radio Free HPC team looks at D-Wave’s new open source software for quantum computing. The software is available on github along with a whitepaper written by Cray Research alums Mike Booth and Steve Reinhardt.
  • Why events matter and how to do them right
    Marina Paych was a newcomer to open source software when she left a non-governmental organization for a new start in the IT sector—on her birthday, no less. But the real surprise turned out to be open source. Fast forward two years and this head of organizational development runs an entire department, complete with a promotional staff that strategically markets her employer's open source web development services on a worldwide scale.
  • Exploring OpenStack's Trove DBaaS Cloud Servic
    You can install databases such as MySQL, PostgreSQL, or even MongoDB very quickly thanks to package management, but the installation is not even half the battle. A functioning database also needs user accounts and several configuration steps for better performance and security. This need for additional configuration poses challenges in cloud environments. You can always manually install a virtual machine in traditional settings, but cloud users want to generate an entire virtual environment from a template. Manual intervention is difficult or sometimes even impossible.
  • Mobile Edge Computing Creates ‘Tiny Data Centers’ at the Edge
    “Usually access networks include all kinds of encryption and tunneling protocols,” says Fite. “It’s not a standard, native-IP environment.” Saguna’s platform creates a bridge between the access network to a small OpenStack cloud, which works in a standard IP environment. It provides APIs about such things as location, registration for services, traffic direction, radio network services, and available bandwidth.

Leftovers: Ubuntu and Debian

  • Debian Creeps Closer To The Next Release
    I’ve been alarmed by the slow progress of Debian towards the next release. They’ve had several weird gyrations in numbers of “release-critical” bugs and still many packages fail to build from source. Last time this stage, they had only a few hundred bugs to go. Now they are over 600. I guess some of that comes from increasing the number of included packages. There are bound to be more bad interactions, like changing the C compiler. I hate that language which seems to be a moving target… Systemd seems to be smoother but it still gives me problems.
  • Mir: 2016 end of year review
    2016 was a good year for Mir – it is being used in more places, it has more and better upstream support and it is easier to use by downstream projects. 2017 will be even better and will see version 1.0 released.
  • Ubuntu Still Planning For Mir 1.0 In 2017
    Alan Griffiths of Canonical today posted a year-in-review for Mir during 2016 and a look ahead to this year.
  • Linux Mint 18.1 “Serena” KDE – BETA Release

GNU Gimp Development

  • Community-supported development of GEGL now live
    Almost every new major feature people have been asking us for, be it high bit depth support, or full CMYK support, or layer effects, would be impossible without having a robust, capable image processing core. Øyvind Kolås picked up GEGL in mid-2000s and has been working on it in his spare time ever since. He is the author of 42% of commits in GEGL and 50% of commits in babl (pixel data conversion library).
  • 2016 in review
    When we released GIMP 2.9.2 in late 2015 and stepped over into 2016, we already knew that we’d be doing mostly polishing. This turned out to be true to a larger extent, and most of the work we did was under-the-hood changes. But quite a few new features slipped in. So, what are the big user-visible changes for GIMP in 2016?