Language Selection

English French German Italian Portuguese Spanish

Security

New OpenBSD version includes fork of OpenSSL

Filed under
Security
BSD

The OpenBSD project has released version 5.6 of its operating system. It includes LibreSSL, the fork of the OpenSSL cryptographic library in which a serious vulnerability was discovered earlier this year.

Read more

LastPass releases Open Source command line client

Filed under
OSS
Security

LastPass has published an open source command line application to provide terminal-loving devs with alternative access to their passwords and login data.

The outfit says the app improves user security, with a growing list of commands that lets users edit their LastPass data. It also supports functions such as regular automated password changes and the ability to generate and store passwords for servers.

LastPass community manager Amber Gott said it welcomed community pull requests.

Read more

Security-Minded Qubes OS Will Satisfy Your Yen for Xen

Filed under
GNU
Linux
Security

It has advanced far beyond the primitive proof of concept demonstrated more than four years ago. Release 2 (beta), which arrived in late September, is a powerful desktop OS.

Qubes succeeds in seamless integrating security by isolation into the user experience. However, comparing Qubes to a typical Linux distro is akin to comparing the Linux OS to Unix.

Read more

Sony Xperia devices are sendng your data to China

Filed under
Android
Security

If you are using a Sony Xperia device running either Android 4.4.2 or 4.4.4 it’s advised (by me) that you install a custom ROM on your device. Several reports have appeared online that the stock firmware on these devices contains Baidu spyware that is discreetly sending data back to servers in China, you do not need to have installed any software on your phone as it’s bundled into the firmware.

Read more

Parallels CTO: Linux container security is not the problem

Filed under
GNU
Linux
Security

Containerization technology has been a game-changer, powering Docker and other transformative software solutions. It's also garnered its share of criticisms about performance, security, and resiliency.

But one of the creators of Parallels, a key containerization technology on Linux, is pushing back against what he feels are pervasive myths about containers -- many of which, he argues, are rooted in misunderstandings of how to use them and what they're for.

Read more

Drupal Core - Highly Critical - Public Service announcement - PSA-2014-003

Filed under
Drupal
Security

This Public Service Announcement is a follow up to SA-CORE-2014-005 - Drupal core - SQL injection. This is not an announcement of a new vulnerability in Drupal.

Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.

Read more

Announcing Qubes OS Release 2!

Filed under
GNU
Linux
Security

Today we're releasing Qubes OS R2! I'm not gonna write about all the cool features in this release because you can find all this in our wiki and previous announcements (R2-beta1, R2-beta2, R2-beta3, R2-rc1, and R2-rc2). Suffice to say that we've come a long way over those 4+ years from a primitive proof of concept to a powerful desktop OS which, I believe, it is today.

One of the biggest difficulties we have been facing with Qubes since the very beginning, has been the amount of this extra, not-so-exciting, not directly security-related work, but so much needed to ensure things actually work. Yet, the line between what is, and what is not-security related, is sometimes very thin and one can easily cross it if not being careful.

Read more

MSI X99S SLI PLUS On Linux

Filed under
Linux
Security

For Intel Core i7 5960X Haswell-E Linux testing I originally bought an MSI X99S SLI PLUS motherboard as it was one of the most interesting, lowest-priced boards available at the time of the Intel X99 chipset debut. While I initially ran into some problems, those issues have now been confirmed to be isolated, and with a replacement X99S SLI PLUS motherboard I have been stressing it constantly for the past few weeks on Fedora and Ubuntu. The X99S SLI PLUS has now proven itself to be a reliable motherboard that's still among the least expensive X99 ATX motherboards on the market.

Read more

Another Tor router crowdfunding project nixed by Kickstarter

Filed under
Android
Linux
Security

Kickstarter is apparently not the place to go if you’re trying to crowdfund privacy hardware. Just days after the Anonabox project, a highly criticized effort to package the Tor privacy protection service into a portable miniature Wi-Fi router, was suspended by the crowdfunding site, another similar project has met its demise—and its founder’s account has been deleted.

TorFi, which Ars mentioned in a report on October 21, was a project by Jesse Enjaian and David Xu of Berkeley, California aimed at creating home routers with turnkey Tor protection and support for OpenVPN connections—allowing users to route all their Internet traffic either through Tor's "onion router" network or a virtual private network provider of their choice. The project’s initial pitch was dependent on repurposing routers from TP-Link purchased through retail and re-flashing them with a customized version of the OpenWRT embedded operating system.

Read more

On the Security of Containers

Filed under
Linux
Security

I agree that the security of a container isn’t any better than a well-secured application using sys_setcap(), a custom suite of SeLinux labels, and a roll-your-own use of Linux namespaces. However, that’s precisely what Linux containers are. Containers are not contradictory to other, existing best-practices. They’re not contradictory to VMs, but work well with them. It’s not contradictory to SeLinux or AppArmor, but works with them. In fact, when you come down to it, once you start tweaking and configuring all of the security tunables in Linux to secure your application as much as possible, you’ll realize that you’ve simply rolled your own container solution.

Read more

Syndicate content

More in Tux Machines

Xubuntu 15.04: quick screenshot tour

The 23rd of April 2015 was the date when Canonical released the set of their new operating systems: Ubuntu 15.04 family. It includes Ubuntu itself, Ubuntu MATE and GNOME editions, Kubuntu, Xubuntu, Lubuntu and so on. Read more

Another Surprise: Mageia 5 RC is available!

I don't know why DistroWatch seemed to have missed it, but Mageia 5 RC is available for download. Read more

Another Surprise: Mageia 5 RC is available!

I don't know why DistroWatch seemed to have missed it, but Mageia 5 RC is available for download. Read more

Another Surprise: Mageia 5 RC is available!

I don't know why DistroWatch seemed to have missed it, but Mageia 5 RC is available for download. Read more