Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Shodan2Sheets

    After spending last night working on a Reverse DNS Function for Google Sheets I couldnt leave well enough alone and wrote Shodan2Sheets tonight using the shodan.io api.

  • Security is a process, not a reaction

    If this sounds familiar, you are probably running a web application of some kind. Maybe your whole business depends on it. Maybe you didn't hear about the latest world-on-fire vulnerability. Panic.

    How do you keep up with security issues when everything is happening so fast? Which parts of your technical stack are the most at risk? Is the customer data safe? Do you really need to care?

  • Three-year-old IBM patch for critical Java flaw is broken

    Attackers can easily bypass the patch to exploit a vulnerability that allows them to escape from the Java security sandbox

  • FBI Says a Mysterious Hacking Group Has Had Access to US Govt Files for Years

    The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard.

    The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years. This comes months after the US government revealed that a group of hackers, widely believed to be working for the Chinese government, had for more than a year infiltrated the computer systems of the Office of Personnel Management, or OPM. In the process, they stole highly sensitive data about several millions of government workers and even spies.

  • Sources: Trump Hotels Breached Again

    Banking industry sources tell KrebsOnSecurity that the Trump Hotel Collection — a string of luxury properties tied to business magnate and Republican presidential candidate Donald Trump — appears to be dealing with another breach of its credit card systems. If confirmed, this would be the second such breach at the Trump properties in less than a year.

Security Leftovers

Filed under
Security

Matriux Linux Operating System For Hackers — An Alternative To Kali Linux

Filed under
GNU
Linux
Security

Matriux is an open source Linux-based operating system that’s designed in accordance with the needs of security researchers and professionals. The OS comes with more than 300 hacking tools that include the likes of Wireshark, Aircrack-ng, Nmap, Vidalia, TrueCrypt and more. Matriux hacking OS features a traditional desktop environment that’s powered by GNOME Classic

Read more

Security Leftovers

Filed under
Security
  • Linux Ransomware and why everyone could be affected [Ed: Bitdefender ad as ‘article’]
  • Kaiten targets Linux routers, gateways, access points and now IoT

    Change default passwords on network equipment even if it is not reachable from the Internet.

  • Security is really about Risk vs Reward

    Every now and then the conversation erupts about what is security really? There's the old saying that the only secure computer is one that's off (or fill in your favorite quote here, there are hundreds). But the thing is, security isn't the binary concept: you can be secure, or insecure. That's not how anything works. Everything is a sliding scale, you are never secure, you are never insecure. You're somewhere in the middle. Rather than bumble around about your risk though, you need to understand what's going on and plan for the risk.

Safety/Privacy in Firefox

Filed under
Moz/FF
Security
  • Firefox and cookie micromanagement

    For most of its existence, Firefox has provided users with the ability to manage how cookies are stored with a rather high degree of granularity: users can block specific cookies, create site-wide exceptions to the accept/block policy, and configure behavior for third-party cookies. Up until Firefox 44, there was an additional option as well, one that allowed users to choose the expiration point (that is, expiring them at the end of the session or letting them persist) for every cookie they encounter. That option was removed in the Firefox 44 release, which has made some users rather unhappy.

    The option in question was found in the Privacy preferences screen, labeled "Ask me every time" on the "Keep until:" selector. When enabled, the option raised a dialog box asking the user to accept or reject each cookie encountered, with a "accept for this session only" choice provided. Removing the option was proposed in 2010, although the patch to perform the removal did not land until 2015. It was released in Firefox 44 in January 2016.

  • How Safe Browsing works in Firefox

    If you want to learn more about how Safe Browsing works in Firefox, you can find all of the technical details on the Safe Browsing and Application Reputation pages of the Mozilla wiki or you can ask questions on our mailing list.

  • Decentraleyes Addon Fixes Browser Privacy, Circumvents CDNs

    Widespread CDN acceptance has been a security flaw that sacrifices privacy simply because it breaks web pages on anything put a text-based browser, which is a sacrifice few are willing to make for the sake of their information remaining local.

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Reviewing Important Healthcare Cybersecurity Frameworks [Ed: Microsoft Windows]

    Just recently, a ransomware attack affected Hollywood Presbyterian in California, causing the hospital to pay $17,000 to regain access to its databases.

  • U.S., Canada issue joint alert on 'ransomware' after hospital attacks [iophk: The governments need to track down those spreading Windows in the hospitals.]

    The United States and Canada on Thursday issued a rare joint cyber alert, warning against a recent surge in extortion attacks that infect computers with viruses known as "ransomware," which encrypt data and demand payments for it to be unlocked.

    The warning follows reports from several private security firms that they expect the crisis to worsen, because hackers are getting more sophisticated and few businesses have adopted proper security measures to thwart such attacks.

  • NIST Publishes New Security Standard For Encrypting Credit Card, Medical Info

    The National Institute of Standards and Technology (NIST) has developed new encryption methods for securing financial data and other sensitive information.

    The NIST publication SP 800-38G authored by Morris Dworkin specifies cryptography standards for both binary and non-binary data, preserving the look and feel of the unencrypted digits. Earlier encryption methods designed by NIST worked for binary data. But for strings of decimal numbers, there was no feasible technique to produce coded data that preserves the original format.

LibreOffice 5.2 Launches in August, First Bug Hunting Session Starts April 22

Filed under
LibO
Security

On March 31, 2016, The Document Foundation Co-Founder Italo Vignoli announced the release plan for the upcoming major release of the world's popular free office suite, LibreOffice 5.2.

Read more

Security Leftovers

Filed under
Security
  • Thursday's security updates
  • Your router could succumb to a new Telnet worm

    Building botnets made up of routers, modems, wireless access points and other networking devices doesn't require sophisticated exploits. Remaiten, a new worm that infects embedded systems, spreads by taking advantage of weak Telnet passwords.

    Remaiten is the latest incarnation of distributed denial-of-service Linux bots designed for embedded architectures. Its authors actually call it KTN-Remastered, where KTN most likely stands for a known Linux bot called Kaiten.

  • Remaiten Is a New DDoS Bot Targeting Linux-Based Home Routers

    Malware coders have created a new DDoS bot called Remaiten that targets home routers running on common Linux architectures, which also shares a lot of similarities with other DDoS bots like Tsunami and Gafgyt.

  • Oh, Look: Yet Another Security Flaw In Government Websites

    Or worse. The open direct could lead to spyware and malware, rather than just advertising masquerading as content or bottom-feeder clickbait. Fortunately, you can keep an eye on what URLs are being reached using these open redirects via this link. Unfortunately, it may be only citizens keeping an eye on that page, and they're in no position to prevent further abuse.

  • CNBC Asks Readers To Submit Their Password To Check Its Strength Into Exploitable Widget

    People's passwords and their relative strength and weakness is a subject I know quite well. As part of my business, we regularly battle users who think very simple passwords, often times relating to their birthdays and whatnot, are sufficient. Sometimes they simply make "password" or a similiar variant their go-to option. So, when CNBC put together a widget for readers to input the passwords they use to get feedback on their strength or weakness, I completely understand what they were attempting to accomplish. Password security is a real issue, after all -- which is what makes it all the more face-palming that the widget CNBC used was found to be exploitable.

Syndicate content

More in Tux Machines

OpenSUSE Conference and Users

Today's OSS From OpenSource.com

  • 7 myths about open sourcing your company's software
    Many companies benefit from open source, and countless companies have opted to open source components of their infrastructure (or even their bread and butter) in an effort to give back. However, there are a lot of misconceptions about what happens when you open up your business' code and workflows to the public, and as companies delve into how to apply open principles within their organization, it's easy to get lost in the weeds. Here are some common misconceptions about what happens when you open source your code.
  • Open source software has to sell user experience
    Open source software that is to succeed in this new world is going to have to be better than anything else. You can't sell just openness anymore; it is added value, not a unique selling point. Open source software now has to sell user experience. In a way it is a simpler metric, and probably one that is going to change open source forever—for the better.
  • Top 7 open source business intelligence and reporting tools
    In this article, I review some of the top open source business intelligence (BI) and reporting tools. In economies where the role of big data and open data are ever-increasing, where do we turn in order to have our data analysed and presented in a precise and readable format? This list covers tools which help to solve this problem. Two years ago I wrote about the top three. In this article, I will expand that list with a few more tools that were suggested by our readers. Note that this list is not exhaustive, and it is a mix of both business intelligence and reporting tools.

Linux Devices

  • MediaTek Announces An Interesting Deca-Core ARM Dev Board
    The folks at MediaTek in Hsinchu announced the Helio X20 Development Board today as the first development board using a tri-cluster, deca-core design. As implied by the name, this developer board is using the Helio X20 SoC, which features a tri-cluster CPU architecture and ten processing cores: two Cortex-A72 at 2.3GHz, four Cortex-A53 cores @ 2.0GHz, and four Cortex-A53 cores at 1.4GHz. Depending upon system load, the relevant/needed cores will power up. The X20 uses ARM's Mali graphics, supports 2 x LPDDR3 POP memory, and has integrated 802.11ac WiFi.
  • Voice control your embedded systems with 20 lines of software code
    Speech recognition software technology provider Sensory is offering TrulyHandsfree SDK to embed voice enabled functions in your embedded systems software. TrulyHandsfree SDK supports fixed triggers, user enrolled triggers and commands phrase spotting technology.
  • No SSD Storage On Raspberry Pi 3? Try MinnowMax Turbot Board
    The fact that you can not use an SSD storage device with the Raspberry Pi is a huge drawback. Devices that use the Raspberry pie consume a lot of storage. Devices like drones etc could use the onboard SSD storage. Too bad that the Raspberry pi 3 does not support it. But no worries have you head of the MinnowMax Turbot board?

Server Administration

  • Why Container Skills Aren't a Priority in Hiring Open Source Pros (Yet)
    It should come as no surprise that open source training and hiring is typically predicated on what skills are trending in tech. As an example, Big Data, cloud and security are three of the most in-demand skillsets today, which explains why more and more open source professionals look to develop these particular skillsets and why these professionals are amongst the most sought after. One skillset that employers have not found as useful as professionals is container management.
  • All Hail the New Docker Swarm
    Unfortunately, I’m not able to attend DockerCon US this year, but I will be keeping up with the announcements. As part of the Docker Captains program, I was given a preview of Docker 1.12 including the new Swarm integration which is Docker’s native clustering/orchestration solution (also known as SwarmKit, but that’s really the repo/library name). And it’s certainly a big change. In this post I’ll try to highlight the changes and why they’re important.
  • Apache Spark Creator Matei Zaharia Describes Structured Streaming in Spark 2.0 [Video]
    Apache Spark has been an integral part of Mesos from its inception. Spark is one of the most widely used big data processing systems for clusters. Matei Zaharia, the CTO of Databricks and creator of Spark, talked about Spark's advanced data analysis power and new features in its upcoming 2.0 release in his MesosCon 2016 keynote.