Language Selection

English French German Italian Portuguese Spanish

Security

Linux Mint Passwords Change

Filed under
Security
  • Linux Mint Devs Finally Decide to Change the Website's Password Policies
  • Linux Mint updates password policy after getting hacked and failing its users

    Linux Mint is a good operating system. The problem, however, is that it really doesn't need to exist. Mint is based on Ubuntu, which is a wonderful OS on its own. Ultimately, the biggest reason for Mint's existence is the Cinnamon desktop environment, and that is certainly no reason for an entirely new OS. One of the things keeping Linux behind on the desktop is the sheer number of unnecessary distributions, such as Mint, but I digress.

    When Linux Mint forums and ISOs were compromised, many of its users felt betrayed. After all, Linux is supposed to be safe and secure -- this hack was a major blemish to the community overall. Of course, this is unfair -- the kernel was not hacked, only Mint's servers. Today, as a reactionary response to the hack, Mint is changing password policies.

Security Leftovers

Filed under
Security

Making the Internet Safer, One Secure Site at a Time: Let’s Encrypt Hits 1 Million Certificates

Filed under
Linux
Security

Let’s Encrypt today issued its one millionth free certificate (at 9:04am GMT to be exact), just about 100 days after it released its beta version of the service. This is a major accomplishment for the group, but also big news for the web and the security of everyone online.

In the past three months, our online activities and web traffic have become much safer and better protected through the efforts of Let’s Encrypt, an open source project that is hosted by The Linux Foundation and supported by organizations like Mozilla, Cisco, Electronic Frontier Foundation, Facebook, and Google Chrome.

Read more

Security Leftovers

Filed under
Security

10 do's and don'ts for securing your Android device

Filed under
Android
Security

Afraid being mobile means being insecure? These Android security measures will give you some peace of mind.

Read more

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Top 10 Critical CVEs That Can Lead To A Data Breach And How To Fix Them
  • CacheBleed: A Timing Attack on OpenSSL Constant Time RSA
  • How Mature is Your Vulnerability Coordination?

    Among the many best practices for security professionals is to have some process for handling inbound vulnerability reporting. So if someone finds a bug or exploit in a product or service, the company with the vulnerability is able to respond to a researcher and knows what to do with a report.

    It's a topic that security industry luminary Katie Moussouris, chief policy officer at HackerOne, is well versed in, as she is the author of the Vulnerability Coordination Maturity Model.

  • The Risk of Open WiFi on Display at RSA

    Security experts from around the globe descended on the Moscone Center here this week for the annual RSA Conference, which provided free WiFi throughout the sessions and exhibit halls. While the WiFi has been generally available, there has been one key problem with it--it's unencrypted.

  • A Day in the Life of Google's Security Chief

    Gerhard Eschelbeck, vice president of security engineering at Google, has one of the toughest jobs in IT security: He has to keep Google secure. In a session at the RSA Conference here March 1 titled "My Life as Chief Security Officer at Google," Eschelbeck gave attendees insight into how he spends his days working and his nights worrying about IT security.

  • DROWN Flaw Illustrates Dangers of Intentionally Weak Crypto

    Calls for encryption backdoors that date back to the 1990s are coming back to haunt the industry 20 years later with DROWN, security experts say. The flaw that researchers found with DROWN center around the fact that during the so called Crypto Wars of the 1990s President Bill Clinton’s administration insisted that US government have a way to break the encryption that was exported outside of the United States.

  • Truly Random Number Generator Promises Stronger Encryption Across All Devices, Cloud

    Before, Entropy Engine only worked on the local device. With NetRandom, they can feed randomness through the network and strengthen the encryption used by virtual machines, cloud instances, clients, servers, and embedded systems in Internet of Things devices. "One of them could support tens of thousands of virtual machines," says Newell.

  • RSA 2016: 4 Data Issues Faced by States, Localities in the Digital Age

    Industry experts discussed the risks, benefits and next steps around data in the government space during the 2016 RSA Conference in San Francisco.

  • How To Disable (Blacklist) Your Laptop Webcam & Microphone in Linux

    Since Linux isn't spyware and do not contain any backdoor like other popular operating system, that's another reason we all love to use this operating system. It is bit difficult for surveillance people to install an application on your Linux without special permissions or spyware doesn't work obviously on Linux like does on other OS's but if you install something from untrusted source or you physically gave access to somebody to your system then there might be chances that you can be victim of surveillance and the whole could be nightmare for you. There are couple of things you can do to prevent it like do a OS re-install or blacklist ports and non-removable devices like webcam and microphone, by the way you should physically cover your laptop and phone camera with sticker. So without further we go, lets start doing it.

  • Trouble at Linux Mint — and beyond [Ed: no more paywall]

    When the Linux Mint project announced that, for a while on February 20, its web site had been changed to point to a backdoored version of its distribution, the open-source community took notice. Everything we have done is based on the ability to obtain and install software from the net; this incident was a reminder that this act is not necessarily as safe as we would like to think. We would be well advised to think for a bit on the implications of this attack and how we might prevent similar attacks in the future.

Subgraph OS: Secure, Free, Open Source Linux Operating System For Non-technical Users

Filed under
GNU
Linux
Security

To answer your security related concerns, Subgraph OS is here as a free, secure, open source Linux operating system for the non-technical users. This security-focused distro comes with complete TOR integration, full-disk encryption, OpenPGP mail integration, system hardening and other features. Know more about the OS and make your system secure.

Read more

JasPer Vulnerabilities Fixed in Ubuntu

Filed under
Security
Ubuntu

A couple of JasPer issues have been found and repaired in the Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems.

Read more

Security Leftovers

Filed under
Security
  • Security advisories for Thursday
  • State Department Backs Off Criminalizing Security Research Tools

    Some good news for security researchers: the US government's adoption of the Wassenaar Arrangement will no longer treat the tools of security research like crates of machine guns. While exploits and penetration tools can be used by bad people for bad things, they're also invaluable to security researchers who use these to make the computing world a safer place.

    Vague wording in the US government's proposed adoption of the 2013 version of the Wassenaar Arrangement threatened to criminalize the development of security research tools and make any researcher traveling out of the country with a laptop full of exploits an exporter of forbidden weapons.

  • IRS Tool Designed To Protect Identity Theft Victims -- Exposes Users To Identity Theft

    Last year, the personal records of 100,000 taxpayers wound up in the hands of criminals, thanks to a flimsy authentication process in the agency's "Get Transcript" application. In short, the IRS used all-too-common static identifiers to verify taxpayer identity (information that could be found anywhere), allowing criminals to use the system to then obtain notably more sensitive taxpayer information and ultimately steal finances. At the time, the IRS breathlessly insisted it would be shoring up its security standards, though it failed to really detail how it would accomplish this.

  • 1Password sends your password across the loopback interface in clear text

    1Password sends your password in clear text across the loopback interface if you use the browser extensions.

  • Bruce Schneier: We're sleepwalking towards digital disaster and are too dumb to stop

    Security guru Bruce Schneier has issued a stark warning to the RSA 2016 conference – get smart or face a whole world of trouble.

    The level of interconnectedness of the world's technology is increasing daily, he said, and is becoming a world-sized web – which he acknowledged was a horrible term – made up of sensors, distributed computers, cloud systems, mobile, and autonomous data processing units. And no one is quite sure where it is all heading.

  • Latest attack against TLS shows the pitfalls of intentionally weakening encryption

Perl Vulnerabilities Closed in All Supported Ubuntu OSes

Filed under
Security
Ubuntu

Canonical has detailed three Perl vulnerabilities that have been identified and fixed in Ubuntu 15.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems.

Read more

Syndicate content

More in Tux Machines

European Unified Patent Court goes Open Source

Using Private Cloud and Drupal as a starting point together with small expert partners and agile management the new platform for the European UPC has been shaped to the exact requirements and quickly adapted while more needs surfaced. The only ready to use Open Source tool used has been Zarafa Collaboration Platform which integrated with the Case Management System will provide secure email, instant messaging, file sharing and video conferencing to the platform's users. The result is that, thanks to Open Source based platform and by working with SMEs, the UK IPO team has been able to deliver to the Unified Patent Court team the project earlier than planned and under budget. Read more

Linux Foundation: Open Source Programming and DevOps Jobs Plentiful

Open source can help you make money, especially if you have skills in programming or DevOps, which is emerging as one of the hottest areas of interest for hiring managers seeking open source admins and developers. That's according to the latest Open Source Jobs Report from the Linux Foundation, which is out this week. Read more Also: The 2016 Open Source Jobs Report: Companies Hungry for Professional Open Source Talent

Basho Open Sources Some Bits

Leftovers: Ubuntu

  • The Simply Ubuntu Desktop
    Over on Flickr, fosco_ submitted this simple Ubuntu desktop, with just a few things tweaked for a cleaner experience. Like we’ve said, sometimes less is more, and this desktop makes good use of a few widgets to make a great UI even better.
  • HP Linux Imaging and Printing 3.16.5 Supports Ubuntu 16.04 LTS and Debian 8.4
    The team of developers behind the HPLIP (short for HP Linux Imaging and Printing) project, announced a few moments ago the availability of the fifth maintenance build in the 3.16 stable series of the software. For those of you who are not in the loop, HP Linux Imaging and Printing is an open-source initiative to bring the latest HP (Hewlett-Packard) printer drivers to GNU/Linux operating systems. The software has a pretty active development team working behind it, releasing maintenance builds at least once a month.
  • Convergence delayed: Unity 8 won’t be the default desktop in Ubuntu 16.10
    Canonical’s vision of convergence—a single, highly adaptive environment that spans mobile and desktop uses—has been delayed yet again. The Unity 8 desktop and Mir display server, which are key to that vision, won’t be used by default in Ubuntu 16.10, according to discussion in the Ubuntu Online Summit.
  • Questions and answers: Ubuntu bq tablet
    After Jack Wallen's recent review of the bq Aquaris M10 tablet, he was hit with a number of questions about the tablet. Jack addresses some of those questions to help you decide if the Ubuntu tablet is a worthy investment.