Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • Peer-Seeking Webcam Reveals the Security Dangers of Internet Things

    Last week security blogger Brian Krebs revealed that a popular internet-enabled security camera “secretly and constantly connects into a vast peer-to-peer network run by the Chinese manufacturer of the hardware.”

  • Joomla Sites Join WordPress As TeslaCrypt Ransomware Target

    Exploit kits infecting thousands of WordPress websites are setting their sights on the open-source content management system Joomla in a new campaign spotted by a researcher at the SANS Institute’s Internet Storm Center.

    “The group behind the WordPress ‘admedia’ campaign is now apparently targeting Joomla sites,” said Brad Duncan, security researcher at Rackspace. “We are starting to see the same traffic characteristics in infections that are associated with Joomla sites – as we did with the WordPress campaign,” Duncan said.

  • Most software already has a “golden key” backdoor: the system update

    In 2014 when The Washington Post Editorial Board wrote "with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant," the Internet ridiculed them. Many people painstakingly explained that even if there were somehow wide agreement about who would be the "right" people and governments to hold such an all-powerful capability, it would ultimately be impossible to ensure that such power wouldn't fall in to the "wrong" hands.

Security Leftovers

Filed under
Security
  • Thursday's security updates
  • Friday's security updates
  • Rewrite Everything In Rust

    I just read Dan Kaminsky's post about the glibc DNS vulnerability and its terrifying implications. Unfortunately it's just one of many, many, many critical software vulnerabilities that have made computer security a joke.

    It's no secret that we have the technology to prevent most of these bugs. We have programming languages that practically guarantee important classes of bugs don't happen. The problem is that so much of our software doesn't use these languages. Until recently, there were good excuses for that; "safe" programming languages have generally been unsuitable for systems programming because they don't give you complete control over resources, and they require complex runtime support that doesn't fit in certain contexts (e.g. kernels).

    Rust is changing all that. We now have a language with desirable safety properties that offers the control you need for systems programming and does not impose a runtime. Its growing community shows that people enjoy programming in Rust. Servo shows that large, complex Rust applications can perform well.

  • Forthcoming OpenSSL releases
  • Improvements on Manjaro Security Updates
  • What is Glibc bug: Things To Know About It
  • IRS Cyberattack Total is More Than Twice Previously Disclosed

    Cyberattacks on taxpayer accounts affected more people than previously reported, the Internal Revenue Service said Friday.

    The IRS statement, originally reported by Dow Jones, revealed tax data for about 700,000 households might have been stolen: Specifically, a government review found potential access to about 390,000 more accounts than previously disclosed.

    In August, the IRS said that the number of potential victims stood at more than 334,000 — more than twice the initial estimate of more than 100,000.

  • Protect your file server from the Locky trojan
  • Google's Project Shield defends small websites from DDoS bombardment

    If you want to apply, there's an online form to fill in here which asks for the details of your site, and poses a few other questions about security and whether you've been hit by DDoS in the past. Note that you'll need to set up a Google account if you don't already have one.

  • 90 Percent of All SSL VPNs Use Insecure or Outdated Encryption

    Information security firm High-Tech Bridge has conducted a study of SSL VPNs (Virtual Private Networks) and discovered that nine out of ten such servers don't provide the security they should be offering, mainly because they are using insecure or outdated encryption.

Security Leftovers

Filed under
Security

Canonical Patches Ubuntu 15.10 Kernel Regression That Broke Graphics Displays

Filed under
Security

Linux kernel regressions in Ubuntu don't happen all the time, but from time to time Canonical manages to introduce a small issue when it updates the kernel package of one of its supported Ubuntu OSes, which is quickly fixed.

Read more

Security Leftovers

Filed under
Security
  • The Downside of Linux Popularity

    Popularity is becoming a two-edged sword for Linux.

    The open source operating system has become a key component of the Internet's infrastructure, and it's also the foundation for the world's largest mobile OS, Google's Android.

    Widespread use of the OS, though, has attracted the attention of hackers looking to transfer the dirty tricks previously aimed at Windows to Linux.

    Last year, for example, ransomware purveyors targeted Linux. Granted, it wasn't a very virulent strain of ransomware, but more potent versions likely will be on the way.

  • Baidu Browser Acts like a Mildly Tempered Infostealer Virus

    The Baidu Web browser for Windows and Android exhibits behavior that could easily allow a security researcher to categorize it as an infostealer virus because it collects information on its users and then sends it to Baidu's home servers.

  • Malware déjà vu - why we're still falling for the same old threats

    In second place was Conficker - first discovered in 2008 - which again allows remote control and malware downloads. Together, these two families were responsible for nearly 40% of all malware attacks detected in 2015.

  • Conficker, AndroRAT Continue Malware Reigns of Terror

    Conficker meanwhile continued in its position as King of the Worms, remaining the most prevalent malware type and accounting for 25% of all known attacks during the period. Conficker is popular with criminals thanks to its focus on disabling security services to create more vulnerabilities in the network, enabling them to be compromised further and used for launching DDoS and spam attacks.

  • Child-Monitoring Company Responds To Notification Of Security Breach By Publicly Disparaging Researcher Who Reported It

    "Thanks for letting us know about this! We'll get it fixed immediately!" said almost no company ever.

    There's a long, but definitely not proud, tradition of companies shooting the messenger when informed of security flaws or possible breaches. The tradition continues.

    uKnowKids is monitoring software parents can install on their children's cell phones that allows them to track their child's location, as well as social media activity, text messages and created media. As such, it collects quite a bit of info.

Tor users are actively discriminated against by website operators

Filed under
Security

Computer scientists have documented how a large and growing number of websites discriminate against people who browse them using Tor.

Tor is an anonymity service that is maintained with assistance from the US State Department and designed in part to allows victims of censorship in countries like China and Iran to surf the web. New research show how corporations are discriminating against Tor users, in some cases partly because it’s harder to classify anonymous users for the purpose of pushing ads at them.

Read more

New platform offers endpoint protection for Linux servers

Filed under
Linux
Security

Most of the internet is powered by Linux servers, so it's not surprising that they’re increasingly a target for attack. In particular recent attacks have focussed on using compromised systems to distribute malware to other systems.

Many Linux systems rely on traditional signature-based threat detection which leaves them vulnerable to zero-day attacks. Endpoint security company SentinelOne is announcing a new solution aimed at protecting enterprise data centers and cloud providers from emerging threats that target Linux servers.

Read more

More Security Leftovers

Filed under
Security

Tiny Core Linux 7.0 Launches with Patched Linux 4.2.9 Kernel and Glibc Library

Filed under
Linux
Security

The team behind Tiny Core Linux, one of the smallest distributions of GNU/Linux on the market, proudly announced the release of Tiny Core Linux 7.0, which users can now download from the official channels.

Read more

Security Leftovers

Filed under
Security
  • Hackers use Microsoft security tool to pwn Microsoft security tool

    FireEye security wonks Abdulellah Alsaheel and Raghav Pande have twisted the barrels of Microsoft's lauded EMET Windows defence gun 180 degrees and fired.

    The result of their research is p0wnage of the enhanced mitigation toolkit so that instead of defending Windows it attacks it.

    The attacks the pair found affect older versions of Windows which rely on EMET for modern defences like address space layout randomisation and data execution prevention.

  • Is Linux Really as Secure as You Think It Is?

    Security is an important topic on everyone’s minds in today’s highly-technological world. With all of the security news that pops up on almost a daily basis, trying to be aware of the choices you make can make a big difference. Linux is often touted as the most secure operating system you can get your hands onto, but is this reputation deserved?

  • A Fedora Distribution download primer

    With the fresh news of a compromise in the Linux Mint distribution images, I thought I would take a few minutes to explain how Fedora handles image downloads and what you can do as an end user to make sure you have the correct and official Fedora images.

  • Mousejack: Hacking Computers Via Your Mouse With 15 Lines Of Code And Radio Dongle
  • How Criminals Could Hijack Wireless Mice to Hack Computers from Afar

    Wireless computer mice give users the convenience of not having to deal with cumbersome wires and cables. But they might also open up the door for malicious hackers to get a way into their computers, researchers warn.

    A flaw in the way several popular models of wireless mice and their corresponding receivers, the sticks or “dongles” that plug into a USB port and transmit data between the mouse and the computer, handle encryption could leave “billions” of computers vulnerable to hackers, security firm Bastille warned on Tuesday.

  • Child tracking firm calls out security researcher on 'hack'

    A CHILD MONITORING COMPANY is mad as heck at a security researcher for highlighting a security problem without asking its consent first. Or something.

    The company in question is uKnowkids and its target is a chap called Chris Vickery, a security researcher. His crime? Security research.

    uKnowKids.com is a kind of virtual Mary Poppins. It does not put children in danger, like Mary Poppins, but it does look out for them and keep an eye on what they do by monitoring their communications and stuff.

    We imagine that in some circumstance it has got some children in trouble. This week it is getting an older person in trouble, and accusing a security researcher of hacking as opposed to security researching.

  • URL shortening – are these services now too big a security risk to use?

    Spammers and malware pushers are still heavily abusing URL shortening services, messaging security firm Cloudmark has reported in its 2015 annual security report (reg required). The popular Bit.ly service has recently become a particular favourite with criminals with 25,000 individual malicious links run though that service every single day in recent times. This sounds alarming but it gets worse. According to the firm, this meant that an extraordinary 97 percent of Bit.ly links now led to malicious websites.

Syndicate content

More in Tux Machines

Android vs iPhone: 15 Reasons Android is Better

We’ll explain 15 reasons why Android is better than the iPhone with a new for 2016 Android vs iPhone comparison. Google is kicking up the competition with Android Marshmallow that is thankfully rolling out to more devices and showing off Android N and a handful of interesting apps that will come later this year. Apple continues to work on iOS 9 updates and is close to showing off iOS 10 this summer, which we hope will fix a number of issues and bring the iPhone on par with Android in key areas. The iPhone 6s and iPhone 6s Plus along with iOS 9 helped Apple users catch up in a number of ways, but there are still a lot of areas where Android is hands down better than the iPhone. Read more

3 open source alternatives to AutoCAD

The trick for deciding whether a replacement piece of software, whether open or closed, is a good choice for you is to tease out exactly what your needs are. The situation is no different than discovering that the person who insists that they "need" Photoshop is just using it to draw a few geometric shapes and remove red eye from photos; what they really need is a graphics editing tool that can replace those specific functions. Whether it has all of the bells and whistles of the original is irrelevant if those features sit paid for but unused. My personal journey through open source CAD programs was no different. I had worked with AutoCAD briefly in grad school, and so when I wanted to play with drawing three-dimensional plans for something, it was pretty much all I knew. But that alone didn't make AutoCAD the best choice. Read more

Manjaro Linux Budgie 16.06 Edition Promises a Clean Budgie Desktop Experience

As part of the upcoming Manjaro Linux 16.06 "Daniella" release, many of the community editions get Release Candidate (RC) builds to showcase what's coming later this year. Read more

DisplayLink USB 3.0 Driver Now Available for Ubuntu 16.04 LTS, Fedora Linux

DisplayLink has recently updated their DisplayLink USB 3.0 driver for the latest Ubuntu Linux operating system launched by Canonical in the last week of April 2016, Ubuntu 16.04 LTS. Read more