Language Selection

English French German Italian Portuguese Spanish

Security

Google Patches Android for Stagefright in March Update

Filed under
Android
Google
Security

Among the related libraries is the core Android mediaserver, which Google is patching this month for six different vulnerabilities. Two of the issues (CVE-2016-0815 and CVE-2016-0816) are identified as critical vulnerabilities in mediaserver that could lead to a potential remote-code execution.

Another two issues (CVE-2016-0826 and CVE-2016-0827) are privilege escalation vulnerabilities in Android that Google rates as high-severity issues. Google has identified two more high-severity issues (CVE-2016-0828 and CVE-2016-0829) in mediaserver as information-disclosure vulnerabilities.

Read more

Tails 2.2 Anonymous Live CD Out Now, Adds Onion Circuits and Tor Browser 5.5.3

Filed under
OSS
Security

The open-source Tails amnesic incognito live system reached a new milestone on March 8, 2016, stable version 2.2, which adds several new features and improvements, along with security patches and software updates.

Read more

Security Leftovers

Filed under
Security
  • Google offers app to help companies assess their vendors' security

    Google has published an interactive questionnaire that companies can use to assess the security practices of their suppliers or to review and improve their own security programs.

    The Vendor Security Assessment Questionnaire (VSAQ) is a Web-based application and was released under an open-source license on GitHub. It contains a collection of questionnaires that Google itself uses to review multiple aspects of a vendor's security.

  • Google Opens Up Collection of Vendor Security Assessment Questionnaires

    Google is continuing its rapid pace of open source contributions this year. As we've covered, the company recently opened up some powerful and interesting machine learning tools. It is open sourcing a program called TensorFlow that is based on the same internal toolset that Google has spent years developing to support its AI software and other predictive and analytics programs. You can find out more about TensorFlow at its site, and you might be surprised to learn that it is the engine behind several Google tools you may already use, including Google Photos and the speech recognition found in the Google app.

  • Let's Encrypt has issued its first million certificates
  • WordPress: Got Plugins? (4 Plugins you need to check)

    Thanks to a wordfence blog post, we have a fuller understanding of a previously disclosed backdoored official plugin ( CCTM ) and 3 more plugins which within the last week or so have been publicly disclosed and patched.

  • New Mac ransomware was ported from Linux

Linux Mint Passwords Change

Filed under
Security
  • Linux Mint Devs Finally Decide to Change the Website's Password Policies
  • Linux Mint updates password policy after getting hacked and failing its users

    Linux Mint is a good operating system. The problem, however, is that it really doesn't need to exist. Mint is based on Ubuntu, which is a wonderful OS on its own. Ultimately, the biggest reason for Mint's existence is the Cinnamon desktop environment, and that is certainly no reason for an entirely new OS. One of the things keeping Linux behind on the desktop is the sheer number of unnecessary distributions, such as Mint, but I digress.

    When Linux Mint forums and ISOs were compromised, many of its users felt betrayed. After all, Linux is supposed to be safe and secure -- this hack was a major blemish to the community overall. Of course, this is unfair -- the kernel was not hacked, only Mint's servers. Today, as a reactionary response to the hack, Mint is changing password policies.

Security Leftovers

Filed under
Security

Making the Internet Safer, One Secure Site at a Time: Let’s Encrypt Hits 1 Million Certificates

Filed under
Linux
Security

Let’s Encrypt today issued its one millionth free certificate (at 9:04am GMT to be exact), just about 100 days after it released its beta version of the service. This is a major accomplishment for the group, but also big news for the web and the security of everyone online.

In the past three months, our online activities and web traffic have become much safer and better protected through the efforts of Let’s Encrypt, an open source project that is hosted by The Linux Foundation and supported by organizations like Mozilla, Cisco, Electronic Frontier Foundation, Facebook, and Google Chrome.

Read more

Security Leftovers

Filed under
Security

10 do's and don'ts for securing your Android device

Filed under
Android
Security

Afraid being mobile means being insecure? These Android security measures will give you some peace of mind.

Read more

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Top 10 Critical CVEs That Can Lead To A Data Breach And How To Fix Them
  • CacheBleed: A Timing Attack on OpenSSL Constant Time RSA
  • How Mature is Your Vulnerability Coordination?

    Among the many best practices for security professionals is to have some process for handling inbound vulnerability reporting. So if someone finds a bug or exploit in a product or service, the company with the vulnerability is able to respond to a researcher and knows what to do with a report.

    It's a topic that security industry luminary Katie Moussouris, chief policy officer at HackerOne, is well versed in, as she is the author of the Vulnerability Coordination Maturity Model.

  • The Risk of Open WiFi on Display at RSA

    Security experts from around the globe descended on the Moscone Center here this week for the annual RSA Conference, which provided free WiFi throughout the sessions and exhibit halls. While the WiFi has been generally available, there has been one key problem with it--it's unencrypted.

  • A Day in the Life of Google's Security Chief

    Gerhard Eschelbeck, vice president of security engineering at Google, has one of the toughest jobs in IT security: He has to keep Google secure. In a session at the RSA Conference here March 1 titled "My Life as Chief Security Officer at Google," Eschelbeck gave attendees insight into how he spends his days working and his nights worrying about IT security.

  • DROWN Flaw Illustrates Dangers of Intentionally Weak Crypto

    Calls for encryption backdoors that date back to the 1990s are coming back to haunt the industry 20 years later with DROWN, security experts say. The flaw that researchers found with DROWN center around the fact that during the so called Crypto Wars of the 1990s President Bill Clinton’s administration insisted that US government have a way to break the encryption that was exported outside of the United States.

  • Truly Random Number Generator Promises Stronger Encryption Across All Devices, Cloud

    Before, Entropy Engine only worked on the local device. With NetRandom, they can feed randomness through the network and strengthen the encryption used by virtual machines, cloud instances, clients, servers, and embedded systems in Internet of Things devices. "One of them could support tens of thousands of virtual machines," says Newell.

  • RSA 2016: 4 Data Issues Faced by States, Localities in the Digital Age

    Industry experts discussed the risks, benefits and next steps around data in the government space during the 2016 RSA Conference in San Francisco.

  • How To Disable (Blacklist) Your Laptop Webcam & Microphone in Linux

    Since Linux isn't spyware and do not contain any backdoor like other popular operating system, that's another reason we all love to use this operating system. It is bit difficult for surveillance people to install an application on your Linux without special permissions or spyware doesn't work obviously on Linux like does on other OS's but if you install something from untrusted source or you physically gave access to somebody to your system then there might be chances that you can be victim of surveillance and the whole could be nightmare for you. There are couple of things you can do to prevent it like do a OS re-install or blacklist ports and non-removable devices like webcam and microphone, by the way you should physically cover your laptop and phone camera with sticker. So without further we go, lets start doing it.

  • Trouble at Linux Mint — and beyond [Ed: no more paywall]

    When the Linux Mint project announced that, for a while on February 20, its web site had been changed to point to a backdoored version of its distribution, the open-source community took notice. Everything we have done is based on the ability to obtain and install software from the net; this incident was a reminder that this act is not necessarily as safe as we would like to think. We would be well advised to think for a bit on the implications of this attack and how we might prevent similar attacks in the future.

Subgraph OS: Secure, Free, Open Source Linux Operating System For Non-technical Users

Filed under
GNU
Linux
Security

To answer your security related concerns, Subgraph OS is here as a free, secure, open source Linux operating system for the non-technical users. This security-focused distro comes with complete TOR integration, full-disk encryption, OpenPGP mail integration, system hardening and other features. Know more about the OS and make your system secure.

Read more

Syndicate content

More in Tux Machines

OpenSUSE 42.2 Alpha

Android/Chromebook

  • No more Android Wear watches says Samsung, Tizen all the way !
    Samsung has been getting pretty serious about its Smartwatches and has certainly excelled with its latest creation, the Tizen based Gear S2. The company has had a little dabble with Android wear in the past, with the Galaxy Gear Live, and since has been focusing on Tizen. According to a report from Fast Company stating that “no more Samsung Android Wear devices are in development or being planned.” This is according to a Samsung executive. The report goes further to say that Samsung executives are going with Tizen because it’s “far more battery-efficient than Android Wear” and “the standard OS on other Samsung products from TVs to refrigerators.”
  • Are games too easy to pirate on Android?
    It's long been known that game developers make much more money on iOS than they do on Google's Android platform. The most recent example of this is Monument Valley. The developers of the game posted an article on Medium with infographics that show that 73% of their revenue comes from iOS, while only 17% comes from Android.
  • Google Trust API Will Replace Your Passwords With A ‘Trust Score’
    In the wake of increasing security threats and password leaks, Google is working on Project Abacus that will introduce Trust API in Android devices. This API will calculate your Trust Score and use them to give you access to various services. This score will be calculated by using a variety of user patterns.
  • Monument Valley in Numbers: Year 2
  • And the winners of the Google Play Awards are…
  • Why are Chromebooks outselling Macs?
  • Fancy ChromiumOS, Ubuntu, And Android TV All-In-One System
    If you are looking for a mini PC that is capable of running ChromiumOS, Ubuntu LTS, and Android TV operating systems, you may be interested in a new mini desktop computer system that has been created by Dylan Callahan. The Fancy mini PC is a “handcrafted personal computer” that is now available to purchase price to $225 plus shipping and is powered by a Quad Core x86 2.0 Ghz processor supported by 4K AMD Radeon graphics that is supported by 4GB of DDR3 RAM.

Leftovers: OSS

  • Linksys Sees Value Open Source Market for WRT Wireless Routers
    The wireless router world remains safe for open source -- at least for users of certain Linksys Wi-Fi devices, which will still allow the installation of open source firmware like DD-WRT after new FCC rules take effect next week. Here's the back story: Last fall, the Federal Communications Commissions (FCC) introduced new regulations that required device manufacturers to ensure "that third parties are not able to reprogram the device to operate outside the parameters for which the device was certified." Those rules go into effect June 2.
  • Keynote: How Enterprises are Leveraging Open Source Analytics Platforms
    In this Keynote, Luciano Resende, Architect, Spark Technology Center at IBM, will showcase Open source Analytic platforms. Luciano will also discuss how they are being leveraged by different organizations to upend their competition, as well as enable new use cases.
  • Verizon’s Open Source Network Points Way For Enterprises
  • An open source toolbox for pure mathematics
    The field of pure mathematics has always depended on computers to make tables, prove theorems and explore new theories. Today, computer aided experiments and the use of databases relying on computer calculations are part of the pure mathematician's standard toolbox. In fact, these tools have become so important that some areas of mathematics are now completely dependent on them.
  • Asa Dotzler: My New Role @ Mozilla
    After a couple of years working on Mozilla’s mobile operating system project, I’m coming back to Firefox! I’ll be doing some familiar things and some new things. My official title is Product Manager, Firefox Roadmap and Community. What that means, first and foremost, is that I’ll be returning as our storyteller, making sure that we’re communicating regularly about where Firefox is heading, and that we’re fully engaged with Firefox users, fans, and contributors.

Big Data and Databases