Language Selection

English French German Italian Portuguese Spanish

Security

Qubes OS 3.0 (also KaOS 2015.10 and Plasma on Wayland and NetBSD 7.0)

Filed under
GNU
Linux
Reviews
Security

I am sorry to say I have tried each major release of Qubes OS released to date and, so far, none has installed successfully for me. I admire the goal of the Qubes project, making it easy for users to isolate separate tasks in order to improve security. I am of the opinion the concept of a user (and a user's processes) having full access to everything in a user's account raises security concerns. I would like to see more effort put into projects like Qubes and AppArmor in order to make it easier for a user to compartmentalize their digital life.

Read more

Security Leftovers

Filed under
Security
  • Security advisories for Monday
  • Warning: Internet security turbulence ahead

    A little more than a year ago, I urged manufacturing companies testing the IoT waters to leave the work of bringing Internet connectivity to their traditionally unconnected products to those who understand what’s at stake. I’m not alone in my concerns that the IoT brigade will bring with it an avalanche of staggeringly insecure products that will find their way into our daily lives.

    What we’re seeing right now is a hopefully imperfect storm of security challenges that, with any luck, will not result in global security and privacy breaches. In one corner, we have companies like Dell and Lenovo distributing computers with wide-open root CAs, allowing anyone with a small amount of skill to crib a certificate and spoof SSL websites, run man-in-the-middle attacks, and install malicious software on those Windows systems with nary a whimper from the “protections” in place to prevent such issues.

  • Flaws in Huawei WiMax routers won't be fixed, researcher says

    Huawei isn't planning on patching several flaws in seven models of WiMax routers that are not being supported anymore by the company, according to a security researcher.

    Huawei isn't planning on patching several flaws in seven models of WiMax routers that are not being supported anymore by the company, according to a security researcher.

    Pierre Kimpublished a list of the affected models, which are still used in countries including Ivory Coast, Iran, Iraq, Libya, the Philippines, Bahrain and Ukraine.

  • The threats of November 2015, Linux ransomware leads the way according to new report [Ed: Blaming already-resolved CMS bugs on “Linux”]
  • Can't get a break: Pwned Linux ransomware pwned again, infects 3000

    WordPress and Magento sites are the main targets. The software had infected 2000 sites by 12 November and surpassed 3000 two weeks later.

Tux Machines Again Faces DDOS Attacks

Filed under
Security

The popular website Tux Machines has evidently fallen victim to a DDOS attack that made the site unavailable for part of the day on Friday. The announcement of the attack was initially made in a blog notice posted on the site late Friday morning GMT which opened with the line “Tux Machines has been mostly offline this morning.”

Read more

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Researchers poke hole in custom crypto built for Amazon Web Services

    Underscoring just how hard it is to design secure cryptographic software, academic researchers recently uncovered a potentially serious weakness in an early version of the code library protecting Amazon Web Services.

    Ironically, s2n, as Amazon's transport layer security implementation is called, was intended to be a simpler, more secure way to encrypt and authenticate Web sessions. Where the OpenSSL library requires more than 70,000 lines of code to execute the highly complex TLS standard, s2n—short for signal to noise—has just 6,000 lines. Amazon hailed the brevity as a key security feature when unveiling s2n in June. What's more, Amazon said the new code had already passed three external security evaluations and penetration tests.

  • Social engineering: hacker tricks that make recipients click

    Social engineering is one of the most powerful tools in the hacker's arsenal and it generally plays a part in most of the major security breaches we hear about today. However, there is a common misconception around the role social engineering plays in attacks.

  • Judge Gives Preliminary Approval to $8 Million Settlement Over Sony Hack

    Sony agreed to reimburse employees up to $10,000 apiece for identity-theft losses

  • Cyber Monday: it's the most wonderful time of year for cyber-attackers

    Malicious attacks on shoppers increased 40% on Cyber Monday in 2013 and 2014, according to EnigmaSoftware.com, an anti-malware and spyware company, compared to the average number of attacks on days during the month prior. Other cybersecurity software providers have identified the December holiday shopping season as the most dangerous time of year to make online purchases.

    “The attackers know that there are more people online, so there will be more attacks,” said Christopher Budd, Trend Micro’s global threat communications manager. “Cyber Monday is not a one-day thing, it’s the beginning of a sustained focus on attacks that go after people in the holiday shopping season.”

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

Mozilla Releases Thunderbird 38.4.0 to Patch High and Critical Security Issues

Filed under
Moz/FF
Security

Mozilla has announced the release of a new maintenance version of the popular, open-source, and cross-platform Mozilla Thunderbird 38 email and news client for all supported operating systems, including GNU/Linux, Mac OS X, and Windows.

Read more

LibreOffice Has About 1,200 UI-Related Reported Bugs, Come and Help Fix Them

Filed under
LibO
Security

LibreOffice might be a great office suite, but the community doesn’t like the fact that the UI still looks kind of dated. The good news is that anyone with some coding skills can try to fix that by working on the project.

Read more

Security Leftovers

Filed under
Security

Looking at the security of Plasma/Wayland

Filed under
Security

This can be used to create very interesting attacks. It’s one of the reasons why I for example think it’s a very bad idea to start the file manager as root on the same X server. I’m quite certain that if I wanted to I could exploit this relatively easily just through what X provides.

The insecurity of X11 also influenced the security design of applications running on X11. It’s pointless to think about preventing potential attacks if you could get the same by just using core X11 functionality. For example KWin’s scripting functionality allows to interact with the X11 windows. In general one could say that’s dangerous as it allows untrusted code to change aspects of the managed windows, but it’s nothing you could not get with plain X11.

Read more

Syndicate content

More in Tux Machines

Android Leftovers

Hands-On: More adventures with Manjaro-ARM for the Raspberry Pi 2

In my previous post I celebrated the announcement of Manjaro-ARM Linux for the Raspberry Pi 2. I installed it on my Pi 2 with no problems, and I was ready to continue experimenting and investigating with two major objectives - how complete/stable is it, and what are the chances of getting the i3 window manager working on it? Read more

Canonical Will Be Present at MWC 2016 to Showcase Its Ubuntu Convergence

MWC (Mobile World Congress) 2016 is almost upon us, and one of the biggest attraction there will be, of course, Canonical's latest Ubuntu convergence features, which the company behind the world's most popular free operating system will showcase on the new BQ Aquaris M10 Ubuntu Edition tablet device. Read more

Benchmarks Of The ODROID-C2 64-Bit ARM Development Board

Earlier this month Hardkernel announced the ODROID-C2 as a 64-bit ARM development board that would begin shipping in March. Fortunately, you don't need to wait until next month to find out how this $40 USD 64-bit ARM development board is performing: here are some benchmarks. Read more