Language Selection

English French German Italian Portuguese Spanish

Security

Security: Windows/WannaCry, Lack of Security Skills, Incredible Claims About Jinan

Filed under
Security

Security: FOSS Updates, More on Marcus Hutchins

Filed under
Security

Security: Marcus Hutchins Upate, Deep Flaw in Cars, Raspberry Pi OS Update

Filed under
Security

Security: Wi-Fi, U.S. State Department Outage, Kronos, and Myths

Filed under
Security
  • One mistake people make using public Wi-Fi

     

    But if you’re sharing files on public Wi-Fi, your folders may be accessible to anyone connected to the same public network. In other words, file sharing automatically exposes your computer and everything you intend to share. Your vacation photos may end up in the wrong hands, and so could your contracts, spreadsheets, and tax information.

  • Officials: State Department suffers worldwide email outage

     

    The U.S. State Department's email system underwent a worldwide outage Friday, affecting all its unclassified communications within and outside of the department.  

  • Marcus Hutchins' code written long after Kronos: researcher

     

    The security researcher, who claimed recently to have found code written by Briton Marcus Hutchins that was used in the Kronos banking trojan by a third party, now says this code predates both Hutchins and the unknown third party that used it in Kronos.  

  • Linux security myths

Security: Hardware Back Doors, Microsoft Windows, Kronos

Filed under
Security
  • Hiding malware in boobytrapped replacement screens would undetectably compromise your mobile device

     

    On the one hand, if you let an untrusted stranger install hardware in your electronic device, you're opening yourself up to all kinds of potential mischief; on the other hand, an estimated one in five smartphones has a cracked screen and the easiest, most efficient and cheapest way to get that fixed is to go to your corner repair-shop.  

  • How hackers {sic} are targeting the shipping industry [iophk: "Microsoft TCO"]

     

    Whenever one of the firm's fuel suppliers would send an email asking for payment, the virus simply changed the text of the message before it was read, adding a different bank account number.  

  • Locky ransomware is back from the dead with two new strains [iophk: "Windows TCO"]

     

    What hasn't changed, though, is the method of distribution.Rather than rifling through the trove of spilt US National Security Agency exploits, as the groups behind WannaCry and NotPetya did, Locky is distributed via phishing emails containing malicious Microsoft Office files or zipped attachments containing a malicious script.

  • Connected cars could have an airbag problem

     

    "It's not the car manufacturers' fault, and it's not a problem introduced by them. The security issue that we leveraged in our research lies in the standard that specifies how the car device network (i.e., CAN) works," added Trend.

    [...] To eliminate the risk entirely, an updated CAN standard should be proposed, adopted, and implemented. This whole process would likely require another generation of vehicles."

  • Code chunk in Kronos malware used long before MalwareTech published it

    A chunk of code found in the Kronos bank-fraud malware originated more than six years before security researcher Marcus Hutchins is accused of developing the underlying code, a fellow security researcher said Friday.

    The conclusion, reached in an analysis of Kronos published by security firm Malwarebytes, by no means proves or disproves federal prosecutors' allegations that Hutchins wrote Kronos code and played a role in the sale of the malware. It does, however, clarify speculation over a Tweet from January 2015, in which MalwareTech—the online handle Hutchins used—complained that a complex piece of code he had published a month earlier had been added to an unnamed malware sample without his permission.

  • Secret chips in replacement parts can completely hijack your phone’s security

    People with cracked touch screens or similar smartphone maladies have a new headache to consider: the possibility the replacement parts installed by repair shops contain secret hardware that completely hijacks the security of the device.

    The concern arises from research that shows how replacement screens—one put into a Huawei Nexus 6P and the other into an LG G Pad 7.0—can be used to surreptitiously log keyboard input and patterns, install malicious apps, and take pictures and e-mail them to the attacker. The booby-trapped screens also exploited operating system vulnerabilities that bypassed key security protections built into the phones. The malicious parts cost less than $10 and could easily be mass-produced. Most chilling of all, to most people, the booby-trapped parts could be indistinguishable from legitimate ones, a trait that could leave many service technicians unaware of the maliciousness. There would be no sign of tampering unless someone with a background in hardware disassembled the repaired phone and inspected it.

Tor “can’t build free and open source tools” and stop racists from using them

Filed under
OSS
Security

The Tor Project has reiterated its absolutist commitment to free speech, saying that even though Daily Stormer recently moved to a Tor onion service, the organization won’t do anything to stop the "hate-spewing website."

Read more

Security: Updates, Reproducible Builds, Red Hat, and the Latest FUD From Black Duck

Filed under
Security

Security: Trezor, Kaspersky and Secure [sic] Enclave Processor

Filed under
Security

Security: FOSS and Ubuntu Updates, Google Leak, Automotive Industry, Secure Enclave Processor (SEP) Bypassed

Filed under
Security

Security: 'Smart' Cars, Marcus Hutchins, Coat of Windows and More

Filed under
Security
Syndicate content

More in Tux Machines

Devices: Aaeon, Corvalent, and Renesas Electronics

Red Hat and Servers: India, China, Docker and Kubernetes

GNOME: LVFS and Epiphany

  • Richard Hughes: Shaking the tin for LVFS: Asking for donations!
    Nearly 100 million files are downloaded from the LVFS every month, the majority being metadata to know what updates are available. Although each metadata file is very small it still adds up to over 1TB in transfered bytes per month. Amazon has kindly given the LVFS a 2000 USD per year open source grant which more than covers the hosting costs and any test EC2 instances. I really appreciate the donation from Amazon as it allows us to continue to grow, both with the number of Linux clients connecting every hour, and with the number of firmware files hosted. Before the grant sometimes Red Hat would pay the bandwidth bill, and other times it was just paid out my own pocket, so the grant does mean a lot to me. Amazon seemed very friendly towards this kind of open source shared infrastructure, so kudos to them for that. At the moment the secure part of the LVFS is hosted in a dedicated Scaleway instance, so any additional donations would be spent on paying this small bill and perhaps more importantly buying some (2nd hand?) hardware to include as part of our release-time QA checks.
  • Epiphany 3.28 Development Kicks Off With Safe Browsing, Better Flatpak Handling
    Epiphany 3.27.1 was released a short time ago as the first development release of this web-browser for the GNOME 3.28 cycle. For being early in the development cycle there is already a fair number of improvements with Epiphany 3.27.1. Some of the highlights include Google Safe Browsing support, a new address bar dropdown powered by libdazzle, and improvements to the Flatpak support.
  • Safe Browsing in Epiphany
    I am pleased to announce that Epiphany users will now benefit from a safe browsing support which is capable to detect and alert users whenever they are visiting a potential malicious website. This feature will be shipped in GNOME 3.28, but those who don’t wish to wait that long can go ahead and build Epiphany from master to benefit from it. The safe browsing support is enabled by default in Epiphany, but you can always disable it from the preferences dialog by toggling the checkbox under General -> Web Content -> Try to block dangerous websites.

today's howtos