Language Selection

English French German Italian Portuguese Spanish

Security

Tor developing anonymous instant messenger

Filed under
OSS
Security

The instant messenger is still in the early planning stages, but Tor's developers seem to be preparing to turn it around quickly. The messenger will be built on Instantbird, an existing open-source messenger, and development will largely involve adding in Off-the-Record Messaging encryption, making it send its messages over Tor, and stripping it of some automated logging and reporting features. Tor hopes to have its first step of work on the messaging app completed by the end of March, but it doesn't draw a timeline for the project out from there.

Read more ►

Google Android chief: Android may be open, but it is not less secure

Filed under
Android
Google
Security

Does 'open' mean 'lack of security'?

According to Google, no. Instead, an open platform is the best path to take in order to make a platform as impermeable to threats as possible.

On Thursday, FrAndroid reported that Google's head of the Android division, Sundar Pichai, responded in a very candid way when asked about the operating system's security at Mobile World Congress in Barcelona, Spain.

Read more ►

Deep Black: More details on Boeing’s new secure Android smartphone

Filed under
Android
Linux
Security

Black is based on a proprietary security architecture that Boeing calls "PureSecure." Like Samsung’s Knox platform, it has a “trusted boot” mode that can detect and thwart any attempt to root the device—or disable it if it can’t. In addition to onboard media encryption for internal storage, the phone can be configured to inhibit certain functions based on location or the network it is connected to in order to prevent data loss. It might also be used to disable the device’s camera in secure facilities.

Read more ►

PGP Web of Trust: Core Concepts Behind Trusted Communication

Filed under
Security

If you've ever used Linux, you've most likely used OpenPGP without even realizing it. The open-source implementation of OpenPGP is called GnuPG (stands for "GNU Privacy Guard"), and nearly all distributions rely on GnuPG for package integrity verification. Next time you run "yum install" or "yum update", each package will be verified against its cryptographic signature before it is allowed to be installed on your system. This assures that the software has not been altered between the time it was cryptographically signed by distribution developers on the master server, and the time it was downloaded to your system.

However, far fewer people have actually used GnuPG for what it was originally designed for -- secure exchange of information in an untrusted medium (such as the internet), and even fewer have a good understanding of how the trust relationships are supposed to work.

In this mini series of articles, we'll take a look at what the web of trust is and how to use it to set up a secure and trusted communication.

Read more

Java-based malware driving DDoS botnet infects Windows, Mac, Linux devices

Filed under
Software
Security

The cross-platform HEUR:Backdoor.Java.Agent.a, as reported in a blog post published Tuesday by Kaspersky Lab, takes hold of computers by exploiting CVE-2013-2465, a critical Java vulnerability that Oracle patched in June. The security bug is present on Java 7 u21 and earlier. Once the bot has infected a computer, it copies itself to the autostart directory of its respective platform to ensure it runs whenever the machine is turned on. Compromised computers then report to an Internet relay chat channel that acts as a command and control server.

Read more

FileZilla, Other Open-Source Software From 'Right' Sources Is Safe

Filed under
OSS
Security

A basic tenant of open-source software security has long been the idea that since the code is open, anyone can look inside to see if there is something that shouldn't be there.

Read more

IBM Shows That Collaborations With the NSA Are a Company’s Death Knell

Filed under
Security

At this stage, despite deceiving marketing, IBM needs GNU/Linux and Free software more than GNU/Linux and FOSS need IBM. Recently, the President of the Open Source Initiative (OSI) called IBM a patent troll. IBM can carry on openwashing its business with OpenStack [11,12], Hadoop [13] and so on (even OpenOffice.org), but until it stops serving the NSA, the software patents agenda and various other conflicting interests (causes that harm software freedom and GNU/Linux) we are better off nurturing “true” (as in completely) Free software companies.

Read more

If Microsoft thinks old Tor clients are risky, why not Windows XP?

Filed under
Microsoft
OSS
Security

Earlier this week, Microsoft revealed that it had been going into users computers and removing outdated Tor clients. At first glance, this might seem like a crazed, misplaced attack on the Tor network, not unlike a campaign by a certain Irish politician, but the issue runs deeper than first thought.

Read more

For Real Security, Use CentOS — Never RHEL — and Run Neither on Amazon’s Servers

Filed under
Linux
Security

Never run Red Hat’s “Enterprise Linux”, which cannot be trusted because of NSA involvement; Amazon, which pays Microsoft for RHEL and works with the CIA, should never be used for hosting

Read more

Syndicate content

More in Tux Machines

India yet to catch up with FOSS, says Rushabh Mehta of ERPNext

We got a chance to interact with Rushabh Mehta, the founder of Web Notes Technologies, a company based in Mumbai, India. ERPNext is the major product of the company. It is a free and Open Source web based ERP (Enterprise Resource Planning) solution for small and medium sized businesses with its presence in more than 60 countries. In addition to the regular discussions on their Open Source product, strategy, customers etc. we also got a chance to understand how hard it is to thrive in an environment where the “Open Source” philosophy is not a familiar term yet. A software developer by passion and an Industrial Engineer by training, Rushabh also informed us about their imminent product conference in Mumbai he is quite excited about. Read more

Today in Techrights

Mesa 10.3 released

Mesa 10.3 has been released! Mesa 10.3 is a feature release that includes many updates and enhancements. The full list is available in the release notes file in docs/relnotes/10.3.html. The tag in the GIT repository for Mesa 10.3 is 'mesa-10.3'. I have verified that the tag is in the correct place in the tree. Mesa 10.3 is available for download at ftp://freedesktop.org/pub/mesa/10.3/ Read more

Tizen Development Units now available!

The Linux Foundation have today announced the next round of the Tizen development unit program is now available, with the Intel NUC and Samsung RD-PQ hardware devices being available. The Idea behind this program is to put the required hardware in developers hands so they can develop and test their applications on real hardware. It has to be noted that the Samsung RD-PQ device does not have GSM connectivity, and therefore can not be used as a real world device, which is a pity as developers do need real devices so late in the game. Read more