Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Security updates for Thursday
  • Paul Vixie on IPv6 NAT, IPv6 security and Internet of Things

    Internet pioneer Paul Vixie spoke with SearchSecurity about IPv6 NAT, IPv6 and the Internet of Things, and the long, thankless path to deploying IPv6.

  • PHP 7.0.7 Released Fixing 28 Bugs

    As is the case with a .xy update, this is mostly a bug fix update, with at least 28 different issues being fixed in an effort to make PHP 7.x more stable. Though the PHP project hasn't identified any specific security vulnerabilities that are fixed in the update, I see at least one with bug #72162.

  • Skimmers Found at Walmart: A Closer Look

    Recent local news stories about credit card skimmers found in self-checkout lanes at some Walmart locations reminds me of a criminal sales pitch I saw recently for overlay skimmers made specifically for the very same card terminals.

Anonymous Live CD Tails to Use Tor Browser 6.0, Firewall and Kernel Hardening

Filed under
Security
Debian

The next major version of the Tails amnesic incognito live system, also known as the Anonymous Live CD used by ex-CIA employee Edward Snowden to stay hidden online using the latest Tor technologies, is now in the works.

Tails 2.4 development is open, and it looks like the first Release Candidate (RC) build has already landed for public beta testing, incorporating some major new features and changes, among which we can mention the upgrade to the latest Tor Browser 6.0 web browser based on Mozilla Firefox 45.2.

Read more

Also: Ubuntu 16.04 LTS (Xenial Xerus) Release Party in Japan to Take Place June 26

Security Leftovers

Filed under
Security

Torvalds unhappy with sloppy Unix Millennium Bug patches for Linux kernel

Filed under
Linux
Security

Along similar lines to the Y2K bug, there is a new challenge faced by Unix-like operating systems known as the year 2038 problem or 'Unix Millennium Bug'. Under these operating systems, date values are stored in a signed 32-bit integer indicating the number of seconds since January 1, 1970. A problem arises with the 32-bit integer overflowing at approximately 0314 hours on January 19, 2038 causing systems to interpret the date value as December 13, 1901.

Read more

Security Leftovers

Filed under
Security

Major CoreOS Linux Alpha Vulnerability Patched

Filed under
OS
Linux
Security

A major vulnerability in CoreOS Linux Alpha has been patched, with the issue limited to versions 104x.0.0 of the distribution.

In the blog post Major Remote SSH Security Issue in CoreOS Linux Alpha, Subset of Users Affected the CoreOS Security Team described the issue saying:

Read more

Security Leftovers

Filed under
Security
  • Security advisories for Monday
  • What's the point of (InfoSec) Certifications?

    When I did the GSE, I absolutely loved the hands-on lab more than anything-else I'd done in the world of SANS or GIAC, outside of Mike Poor's 503 Packet Work book (if you like packets, this is heaven, literally Smile ) and the "Capture the Flag" exercises created by Ed Skoudis in 504 and 560. I've also had some amazing instructors like Arrigo Triulzi (Arrigo teaching SEC504 actually convinced me that my future was in InfoSec) and Stephen Sims, however, I am questioning more than ever the value of certifications and to a lesser degree the training courses (which are priced to be exclusive to a tiny minority who are already fairly well off or lucky - I often recommend Coursera or the Offensive Security stuff to candidates when cost is a real issue).

  • Linux Kernel Website Kernel.org Banned By Norton

    Symantec’s automated threat analysis system, Norton Safe Web, claims that Linux kernel’s website kernel.org contains 4 threats and shows a red flag to the users. Looking at Norton’s past record, this threat detection could be just another false warning.

  • Oplcarus: An Anonymous Hacker Reveals The Motivation Behind Latest Attacks

    Here is an account of the operation against banks and financial institutes, named “OpIcarus”, by Anonymous. It reveals the purpose of the cyber attacks, their targets, and the future of OpIcarus operation as told by one of the Anonymous hacktivists with an online name of “The Voice” .

  • Systemd Reverts Its Stance On Letting Users Access Frame-Buffer Devices

    Last week's release of systemd 230 ended up shipping with a change that made it more easy for processes running as a user to snoop on frame-buffer devices. That change has already been reverted for the next systemd update.

Security Leftovers

Filed under
Security
  • TOTP SSH port fluxing

    Beware: I would not really recommend running this software - it was only written as a joke.

  • TeslaCrypt no more: Ransomware master decryption key released

    The developer has handed over the keys to the kingdom in a surprising twist in TeslaCrypt's tale.

  • Thoughts on our security bubble

    Last week I spent time with a lot of normal people. Well, they were all computer folks, but not the sort one would find in a typical security circle. It really got me thinking about the bubble we live in as the security people.

    There are a lot of things we take for granted. I can reference Dunning Kruger and "turtles all the way down" and not have to explain myself. If I talk about a buffer overflow, or most any security term I never have to explain what's going on. Even some of the more obscure technologies like container scanners and SCAP don't need but a few words to explain what happens. It's easy to talk to security people, at least it's easy for security people to talk to other security people.

  • Ransomware Adds DDoS Capabilities to Annoy Other People, Not Just You

    Ransomware developers seem to have found another way to monetize their operations by adding a DDoS component to their malicious payloads.

    Security researchers from Invincea reported this past Wednesday on a malware sample that appeared to be a modified version of an older threat, the Cerber ransomware.

    The malware analysis team that inspected the file discovered that, besides the file encryption and screen locking capabilities seen in most ransomware families, this threat also comes with an additional payload, which, when put under observation, seemed to be launching network packets towards a network subnet.

Antivirus Live CD 18.0-0.99.2 Uses ClamAV 0.99.2 to Clean Your PCs of Viruses

Filed under
OSS
Security

4MLinux developer Zbigniew Konojacki informs Softpedia today, May 21, 2016, about the launch of an updated version of his open-source, standalone Antivirus Live CD project.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Friday
  • Security brief: CoreOS Linux Alpha remote SSH issue

    On May 15, CoreOS was informed of a vulnerability in the alpha version of CoreOS Linux. Within 8 hours of this notification, over 99% of affected systems had been automatically patched. Though this issue was limited to an alpha version, we hold all of our releases to the same security standards, and we immediately responded, reported, and corrected the issue. This post describes the nature of the vulnerability, our response, and our plans to avoid similar issues in the future.

  • Purism Laptops to Protect You from Surveillance Capitalism

    There's a new hardware company on the scene called Purism, and the name is a significant clue as to what the company is all about: pure software. At its heart, Purism is dedicated to providing computer hardware driven entirely by open source software so that users can "trust, but verify." Purism is putting itself in direct opposition to what it considers "surveillance capitalism."

    I spoke with CEO Todd Weaver at Pepcom, and it was one of the most significant conversations I've had with a tech exec in a long time. I was already on board with Mr. Weaver's general message when he laid that phrase on me, "surveillance capitalism." That's when he really had me hooked.

Syndicate content

More in Tux Machines

today's leftovers

today's leftovers

  • Why leading DevOps may get you a promotion
    Gene Kim, author of The Phoenix Project and leading DevOps proponent, seems to think so. In a recent interview with TechBeacon's Mike Perrow, Kim notes that of "the nearly 100 speakers at DevOps Enterprise Summits over the last two years, about one in three have been promoted."
  • Cloud Vendors, The Great Disruptors, Face Disruption From Blockchain
  • SWORDY, a local party brawler could come to Linux if Microsoft allow it
    SWORDY is a rather fun looking local party brawler that has just released on Steam in Early Access. It could see a Linux release too, if Microsoft allow it.
  • System Shock remake has blasted past the Linux stretch goal, officially coming to Linux
    The Linux stretch goal was $1.1 million and it's pleasing to see it hit the goal, so we won't miss out now. I am hoping they don't let anyone down, as they have shown they can do it already by providing the demo. There should be no reason to see a delay with Linux now.
  • GammaRay 2.5 release
    GammaRay 2.5 has been released, the biggest feature release yet of our Qt introspection tool. Besides support for Qt 5.7 and in particular the newly added Qt 3D module a slew of new features awaits you, such as access to QML context property chains and type information, object instance statistics, support for inspecting networking and SSL classes, and runtime switchable logging categories.
  • GammaRay 2.5 Released For Qt Introspection
    KDAB has announced the release of GammaRay 2.5, what they say is their "biggest feature release yet", the popular introspection tool for Qt developers.
  • The new Keyboard panel
    After implementing the new redesigned Shell of GNOME Control Center, it’s now time to move the panels to a bright new future. And the Keyboard panel just walked this step.
  • Debian on Seagate Personal Cloud and Seagate NAS
    The majority of NAS devices supported in Debian are based on Debian's Kirkwood platform. This platform is quite dated now and can only run Debian's armel port. Debian now supports the Seagate Personal Cloud and Seagate NAS devices. They are based on Marvell's Armada 370, a platform which can run Debian's armhf port. Unfortunately, even the Armada 370 is a bit dated now, so I would not recommend these devices for new purchases. If you have one already, however, you now have the option to run native Debian.

OSS Leftovers