Language Selection

English French German Italian Portuguese Spanish

Security

Good and Samsung Partner to Harden Android Security

Filed under
Android
Security
Gadgets

The two biggest issues regarding Android's security are the size of the Android market and fragmentation of the Android ecosystem. Those issues impact all mobile platforms, not just Android, according to Charles King, principal analyst at Pund-IT. "The former point is an issue since, as Microsoft learned to its sorrow with Windows," King remarked.

Read more

Life-cycle of a Security Vulnerability

Filed under
Red Hat
Security

Security vulnerabilities, like most things, go through a life cycle from discovery to installation of a fix on an affected system. Red Hat devotes many hours a day to combing through code, researching vulnerabilities, working with the community, and testing fixes–often before customers even know a problem exists.

Read more

BackBox Linux 4.1Keeps Security Researchers Anonymous

Filed under
GNU
Linux
Security

There are many options available today for users looking at Linux distributions tailored for security research, and among them is BackBox Linux, which was updated to version 4.1 on Jan. 29. Backbox Linux 4.1 is based on the Ubuntu 14.04 LTS (Long Term Support) distribution and uses the Xfce desktop environment. BackBox Linux is not intended to primarily be a user-focused privacy distribution, as is the case with Tails, but rather is more aligned with Pentoo, CAINE and Kali Linux, all of which focus on providing tools for security analysis. Though BackBox is not primarily a privacy distribution, it does have tools that enable security researchers to stay anonymous while conducting research. For example, a RAM wiping tool will erase the memory on the system that Backbox is running when the operating system shuts down. Plus, BackBox includes a command line interface wizard that provides users with options for enabling anonymous network traffic over Tor (The Onion Router), as well as masking a user's hostname. In this slide show, eWEEK takes a look at some of the features in the BackBox Linux 4.1 release.

Read more

Also: Plop Linux 4.3.0 released

Google Fixed GHOST Exploit in Chrome OS in 2014 and Didn't Tell Anyone

Filed under
Google
Security

Details about a GLIBC vulnerability were published a couple of days ago by a company called Qualys, and the distributions using it have already received patches. Now, it seems that Google knew about this problem, patched it in ChromeOS a year ago, and forgot to say anything to anyone.

Read more

Deploying tor relays

Filed under
Moz/FF
Security

On November 11, 2014 Mozilla announced the Polaris Privacy Initiative. One key part of the initiative is us supporting the tor network by deploying tor middle relay nodes. On January 15, 2015 our first proof of concept (POC) went live.

Read more

Also: Get Smart On International Data Privacy Day

GHOST, a critical Linux security hole, is revealed

Filed under
Linux
Security

Researchers at cloud security company Qualys have discovered a major security hole, GHOST (CVE-2015-0235), in the Linux GNU C Library (glbibc). This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords.

Qualys alerted the major Linux distributors about the security hole quickly and most have now released patches for it. Josh Bressers, manager of the Red Hat product security team said in an interview that, "Red Hat got word of this about a week ago. Updates to fix GHOST on Red Hat Enterprise Linux (RHEL) 5, 6, and 7 are now available via the Red Hat Network."

This hole exists in any Linux system that was built with glibc-2.2, which was released on November 10, 2000. Qualys found that the bug had actually been patched with a minor bug fix released on May 21, 2013 between the releases of glibc-2.17 and glibc-2.18.

Read more

Why screen lockers on X11 cannot be secure

Filed under
KDE
Security

Today we released Plasma 5.2 and this new release comes with two fixes for security vulnerabilities in our screen locker implementation. As I found, exploited, reported and fixed these vulnerabilities I decided to put them a little bit into context.

The first vulnerability concerns our QtQuick user interface for the lock screen. Through the Look and Feel package it was possible to send the login information to a remote location. That’s pretty bad but luckily also only a theoretical problem: we have not yet implemented a way to install new Look and Feel packages from the Internet. So we found the issue before any harm was done.

Read more

Also: Plasma 5.2 for openSUSE? You bet!

IPFire Is a Powerful Firewall Distro and It Was Just Updated

Filed under
GNU
Linux
Security

IPFire 2.15 Core 86, a new version of the popular Linux-based firewall distribution, has been announced by Michael Tremer and users have been advised to upgrade their systems as soon as possible.

Read more

OpenSSL 1.0.2 Branch Release notes

Filed under
OSS
Security

The major changes and known issues for the 1.0.2 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository.

Read more

A Look at Pentoo Linux and Its Security Analysis Tools

Filed under
Linux
Security

There is no shortage of security-focused Linux distributions on the market, and among them is Pentoo Linux. While some security-focused Linux distributions concentrate on privacy, like Tails, others like Kali Linux and Pentoo focus on security research, providing tools that enable research and penetration testing. Pentoo Linux differentiates itself from other security Linux distributions in a number of ways. The primary difference is the fact that Pentoo is based on Gentoo Linux, which is a source-based Linux distribution that uses the Portage package-management system. Gentoo has capabilities known as "Hardened Gentoo," which Pentoo also inherits, providing users with additional security configuration and control for the Linux distribution itself. Pentoo 2015 RC 3.7 was released Jan. 5, providing updated tools and features. Among the new features is the integrated ability to verify that the distribution files have not been corrupted. Pentoo provides many applications for security analysis, including wireless, database, exploit, cracking and forensic tools. In this slide show, eWEEK looks at key features and tools in the Pentoo 2015 RC3.7 release.

Read more

Syndicate content

More in Tux Machines

Firefox 39 Arrives After a Three-Day Delay

Mozilla has finally released the stable version of Firefox 39 after it delayed the launch for a couple of days. It's not a major release, but it does have a few interesting features and quite a few bug fixes. Read more

Greek town of Livadeia switched to LibreOffice

The Greek city of Livadeia has moved to the LibreOffice suite of office productivity tools, replacing a proprietary alternative, the city administration announced in May. The switch is part of the city’s government modernisation, the town in central Greece said. Read more

From the Editors: When did open-source software get so scary?

When did the use of open-source software become such a worrisome thought? Big names such as VMware, Oracle, Microsoft and Cisco, to name but a few, have been caught infringing on open-source software licenses. Read more

Android-powered BlackBerry Venice with a slide-out keyboard reportedly headed to AT&T

Reports from earlier this month that BlackBerry would soon launch a full fledged Android-powered smartphone are looking up. Ex-tipster who still occasionally tips/confirms new devices @Evleaks tweeted earlier today that a device called the BlackBerry Venice is headed to AT&T later this year. He specifically mentioned that this device would be powered by Android and that — here’s the best part — it will feature a slide-out physical keyboard for QWERTY fans. Read more