Language Selection

English French German Italian Portuguese Spanish

Security

Tor executive director hints at Firefox integration

Filed under
Moz/FF
Security

Tor, which is capable of of all that and more, crucially blocks websites from learning any identifying information about you and circumvents censorship. It also stymies eavesdroppers from discovering what you’re doing on the Web. For those reasons, it would be a powerful addition to the arsenal of privacy tools Firefox already possesses.

The Tor Browser is already a modified version of Firefox, developed over the last decade with close communication between the Tor developers and Mozilla on issues such as security and usability.

Read more

LibreSSL: More Than 30 Days Later

Filed under
Security
BSD

Instead, libressl is here because of a tragic comedy of other errors. Let's start with the obvious. Why were heartbeats, a feature only useful for the DTLS protocol over UDP, built into the TLS protocol that runs over TCP? And why was this entirely useless feature enabled by default? Then there's some nonsense with the buffer allocator and freelists and exploit mitigation countermeasures, and we keep on digging and we keep on not liking what we're seeing. Bob's talk has all the gory details.
But why fork? Why not start from scratch? Why not start with some other contender? We did look around a bit, but sadly the state of affairs is that the other contenders aren't so great themselves. Not long before Heartbleed, you may recall Apple dealing with goto fail, aka the worst bug ever, but actually about par for the course.

Read more

Secure Linux Systems Require Savvy Users

Filed under
Linux
Security

Patches are available to fix the bash vulnerability known as Shellshock, along with three additional security issues recently found in the bash shell. The patches are available for all major Linux distros as well as for Solaris, with the patches being distributed through the various distros.

Read more

Free Software Foundation statement on the GNU Bash "shellshock" vulnerability

Filed under
GNU
Security

Proprietary, (aka nonfree) software relies on an unjust development model that denies users the basic freedom to control their computers. When software's code is kept hidden, it is vulnerable not only to bugs that go undetected, but to the easier deliberate addition and maintenance of malicious features. Companies can use the obscurity of their code to hide serious problems, and it has been documented that Microsoft provides intelligence agencies with information about security vulnerabilities before fixing them.

Read more

Firejail – A Security Sandbox for Mozilla Firefox

Filed under
Moz/FF
Security

Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications. The core technology behind Firejail is Linux Namespaces, a virtualization technology available in Linux kernel. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table, IPC space.

Read more

Blackphone bug bounty programme aims to find flaws in 'surveillance-proof' smartphone

Filed under
Android
Security

SILENT CIRCLE has announced a bug bounty programme for its Blackphone venture designed to find security flaws in the "surveillance-proof" smartphone.

Blackphone is a joint venture of Silent Circle and Geeksphone, known as SGP Technologies. Running a secure PrivatOS operating system, it is what the companies call "a truly surveillance-proof smartphone" in the wake of the past year's NSA revelations.

Read more

Huawei Is New Official Smartphone Provider For Officials In China

Filed under
Android
Linux
Security

Huawei and their smartphone business have not exactly garnered good press in the past – especially when there were allegations of Huawei churning out spyphones for the China government, which the company vehemently denied. Subsequently, it is said that Huawei themselves decided to pull out from the U.S. market, where we then learned that the tables were turned afterwards with the NSA being accused of spying on Huawei instead. Having said that, it seems as though officials over in China will have a spanking new smartphone soon – and it will not hail from the likes of Samsung, LG, HTC or other big name players, but from Huawei themselves.

Read more

Bash specially-crafted environment variables code injection attack

Filed under
Security

Bash or the Bourne again shell, is a UNIX like shell, which is perhaps one of the most installed utilities on any Linux system. From its creation in 1980, bash has evolved from a simple terminal based command interpreter to many other fancy uses.

In Linux, environment variables provide a way to influence the behavior of software on the system. They typically consists of a name which has a value assigned to it. The same is true of the bash shell. It is common for a lot of programs to run bash shell in the background. It is often used to provide a shell to a remote user (via ssh, telnet, for example), provide a parser for CGI scripts (Apache, etc) or even provide limited command execution support (git, etc)

Read more

Mozilla: Phasing Out Certificates with SHA-1 based Signature Algorithms

Filed under
Moz/FF
Security

We plan to add a security warning to the Web Console to remind developers that they should not be using a SHA-1 based certificate. We will display an additional, more prominent warning if the certificate will be valid after January 1, 2017, since we will reject that certificate after that date. We plan to implement these warnings in the next few weeks, so they should be appearing in released versions of Firefox in early 2015. We may implement additional UI indicators later. For instance, after January 1, 2016, we plan to show the “Untrusted Connection” error whenever a newly issued SHA-1 certificate is encountered in Firefox. After January 1, 2017, we plan to show the “Untrusted Connection” error whenever a SHA-1 certificate is encountered in Firefox.

Read more

My free software will respect users or it will be bullshit

Filed under
Security

The four freedoms are only meaningful if they result in real-world benefits to the entire population, not a privileged minority. If your approach to releasing free software is merely to ensure that it has an approved license and throw it over the wall, you're doing it wrong. We need to design software from the ground up in such a way that those freedoms provide immediate and real benefits to our users. Anything else is a failure.

Read more

Syndicate content

More in Tux Machines

babyliss curl secret in the whitney museum area

Cybercriminals are quite interested in YouTube, but they don't want to share good content. On the ground, he learned the Chinook in front of him "had almost been blown out of the sky"; he showed a photo of it with a gash from a rocket propelled grenade.. In many respects, the 911 Turbo developed into the car the 928S would probably have become; a savagely powerful, hugely capable but ultimately rather refined sports/GT weapon.Launched in 2000 in 420bhp coupe form, the Turbo was an instant hit and made many more expensive rivals suddenly look rather silly. Fatshionista: SALES POST: bubble dress and tops, Torrid, Alfani SALES POST: bubble dress and tops, Torrid, Alfani, INC, Baby Phat, sizes 14 18 and 0X 1X. I live in a field. According to arrest reports, on several occasions McCray would have friends come into the store and select items for purchase. Tirana, Albania Get in quick before everyone else does "You'll see wedding dress shops everywhere. The patterns through olden dealing mulberry bags outletbring more retro styles to the classic design, which make the pieces more vogue and elegant. Several viewers from the Bay Area tell us they been getting calls about having won the lottery. In fact, hobo designer leather handbags happen to be top fashion today. Should magenta is normally utilized using the stormy glimpse, it again makes an ideal phenomena connected with fashion. The stripe story was cute longline tops, cardigans and one intriguing hooded singlet dress with babyliss pro perfect curl cutout panels as were the denim overalls.. Most of the time when a man wears a jockstrap he will be wearing a cup with it. Fresh produce accounts for about 30 percent of Wal Mart's sales in its wholesale outlets in India.Wal Mart must buy in small batches from small plot holders in a country where more than 80 percent of farms are under 2 hectares. Up to 4 players can participate in an online race and can race in 4 game modes including circuit, sprint, lap knockout and speed trap. Booties with gold chain tassel trim. If you consider you're brilliant adequate to carry on into it then you could be the first getting babyliss perfect curl it on the shops. And you know but at the very least even have Time Warner Cable to wanna turn the tables what this can try and show you who's. Simple night sky exploration: the moon looks pretty coolcloseupWith all that said, the Optic 1050 is hollister hoodies a pretty well built viewing device. Another significant group consists of those that travel abroad extensively, and need to babyliss miracurl be capable of switch to carriers based within the countries they go to. Dr chen who had been to the Dr Oz exhibit stated that the good fresh fruit not merely suppresses desire to have ingredients and function as a fat blocker but she likewise stated that the Garcinia Cambogia improves muscles and decreases fat.

Calligra 2.9 Brings Biggest Krita Release and New Kexi Partnership

We are happy to announce the release of final version 2.9 of the Calligra Suite, Calligra Active and the Calligra Office Engine. This version is the result of thousands of changes which provide new features, polishing of the user experience and bug fixes. More

Meizu MX4 Ubuntu Edition Is Official, Will Be at MWC In March

No longer a rumour but fact: Meizu has confirmed the news on its social media accounts this morning, just as the latest flash sale for the Bq Ubuntu Phone was getting underway. Read more

Telegram Desktop for Linux Review

Telegram is an instant messaging service that is best known for its mobile implementation, but a desktop app is also available and it's even better than what users might expect. Read more