Language Selection

English French German Italian Portuguese Spanish

Security

Security Exaggeration, Linux on ATMs, and Mac Ubuntu

Filed under
Linux
Security
Ubuntu

A lot of Websites are still covering the last couple of Linux security breaches and today Steven J. Vaughan-Nichols said, "It's not Linux's fault!" It rarely is. A lot of talk is heard lately about those last XP users and what they will use next, but yesterday ComputerWorld.com said ATMs will likely be migrated to Linux as well. That's a whole demographic we forgot to count. Jack Wallen says Google is "single-handedly" responsible for propelling Linux to the top. And Michael Larabel reports that Ubuntu 14.04 runs very well on MacBooks.

Read more ►

Why the media loves to exaggerate Linux security problems

Filed under
GNU
Linux
Security

There have been a lot of media reports about Linux security problems recently. ZDNet has taken a stand and pointed out that the problem isn't with Linux, the problem is with certain Linux users and administrators. I'd also argue that the problem is also with certain media outlets who jump on the "linux security stinks!" bandwagon at the earliest opportunity.

Read more ►

Cyber criminals capture 25,000 Unix servers

Filed under
Server
Security

Security boffins at ESET, in collaboration with CERT-Bund, the Swedish National Infrastructure for Computing as well as other agencies, have found a cybercriminal campaign that has taken control of over 25,000 Unix servers worldwide.

Dubbed "Operation Windigo" it has resulted in infected servers sending out millions of spam emails which are designed to hijack servers, infect the computers that visit them, and steal information.

Read more ►

Replicant developers find and close Samsung Galaxy back-door

Filed under
Android
Security

While working on Replicant, a fully free/libre version of Android, we discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a back-door that lets the modem perform remote file I/O operations on the file system.

Read more ►

Red Hat Risk Reflex (The Linux Security Flaw That Isn't)

Filed under
Red Hat
Security

News headlines screaming that yet another Microsoft Windows vulnerability has been discovered, is in the wild or has just been patched are two a penny. Such has it ever been. News headlines declaring that a 'major security problem' has been found with Linux are a different kettle of fish. So when reports of an attack that could circumvent verification of X.509 security certificates, and by so doing bypass both secure sockets layer (SSL) and Transport Layer Security (TLS) website protection, people sat up and took notice. Warnings have appeared that recount how the vulnerability can impact upon Debian, Red Hat and Ubuntu distributions. Red Hat itself issued an advisory warning that "GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification... An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid." In all, at least 200 operating systems actually use GnuTLS when it comes to implementing SSL and TLS and the knock-on effect could mean that web applications and email alike are vulnerable to attack. And it's all Linux's fault. Or is it?

Read more ►

Panic Over Transport Layer Security (TLS) Flaw Which is Already Patched

Filed under
GNU
Security

The only shocking thing is the amount of press coverage this received. PGP/GPG, OpenSSH, OpenSSL etc. were previously named here for flaws that had been found (in the context of Red Hat and the NSA [1, 2, 3]). These are not so uncommon. One just needs to keep up to date (patched) — one that which Apple’s customers cannot do. They can’t even write their own patches.

Read more ►

Yes there was a security hole in Linux, but Red Hat already fixed it

Filed under
GNU
Linux
Red Hat
Security

Originally reported by Ars Technica, the fix was available by the time the general public was made aware of it. It’s actually fairly similar to a certain security hole that lived for a year and could have allowed for exploits to be used in the wild.

Read more ►

Linux companies never miss an opportunity to miss an opportunity

Filed under
Linux
Security

It would be heartening to see James Whitehurst, the head of Red Hat Linux, the biggest commercial Linux outfit, and one that has seen billing go above the billion-dollar mark, deliver a speech at some official forum that underlined the fact that his company's product - and that of other commercial Linux companies - provides a guarantee against the insertion of backdoors.

Read more ►

Tor developing anonymous instant messenger

Filed under
OSS
Security

The instant messenger is still in the early planning stages, but Tor's developers seem to be preparing to turn it around quickly. The messenger will be built on Instantbird, an existing open-source messenger, and development will largely involve adding in Off-the-Record Messaging encryption, making it send its messages over Tor, and stripping it of some automated logging and reporting features. Tor hopes to have its first step of work on the messaging app completed by the end of March, but it doesn't draw a timeline for the project out from there.

Read more ►

Google Android chief: Android may be open, but it is not less secure

Filed under
Android
Google
Security

Does 'open' mean 'lack of security'?

According to Google, no. Instead, an open platform is the best path to take in order to make a platform as impermeable to threats as possible.

On Thursday, FrAndroid reported that Google's head of the Android division, Sundar Pichai, responded in a very candid way when asked about the operating system's security at Mobile World Congress in Barcelona, Spain.

Read more ►

Syndicate content

More in Tux Machines

Ubuntu 14.10 Released, openSUSE GNOME Peek, and Debian Multimedia

ubuntuThe release of Ubuntu 14.10, codenamed Utopic Unicorn, was the big news today. But in other news, Kostas Koudaras has a sneak peek of GNOME in upcoming openSUSE 13.2 and Alessio Treglia shared some bits on Debian 8.0 multimedia. Miguel de Icaza announces Mono for the Unreal Engine and, finally, Erich Schubert says avoiding systemd isn't hard at all. Read more

eBay joins open-source community with ultra-fast OLAP engine for Hadoop

Like arch-rival Amazon.com, the soon-to-split eBay Inc. is something of an oddity in that it hasn’t historically been a big contributor to the open-source community. But the e-commerce pioneer hopes to change that with the release of the source-code for a homegrown online analytics processing (OLAP) engine that promises to speed up Hadoop while also making it more accessible to everyday enterprise users. Read more

DHS report makes recommendations for greater open source software use in government

A report commissioned by the Homeland Security Department's Science and Technology Directorate say barriers to using and developing open source software must be addressed as IT budgets across government continue to tighten. Read more

Calculate Linux Provides Consistency by Design

Calculate Linux has a rather interesting strategy for desktop environments. It is characterized by two flavors with the same look and feel. That does not mean that the inherent functionality of the KDE and Xfce desktops are compromised. Rather, the Calculate Linux developers did what you seldom see within a Linux distribution with more than one desktop option: They unified the design. Read more