Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Security advisories for Monday
  • Outdated authentication practices create an opportunity for threat hunter Infocyte

    “Having Linux allows us to look at web servers, for instance. If you’re going to bypass the biometrics, you’re going to need to get into that system itself,” Gerritz says. “That’s where we come in, is finding people who have inserted themselves under that authentication layer.”

  • Cable Sees NFV Enhancing Network Security

    Network functions virtualization is all the rage because of the money it can save, and because of the network flexibility it helps afford, but the cable industry is enthused about NFV for yet another, less publicized benefit: the potential NFV creates for improving network security.

  • IoT Consensus - A Solution Suggestion to the 'Baskets of Remote' Problem by Benedikt Herudek

    Bitcoin is able to integrate and have endpoints (in Bitcoin terminology ‘wallets’ and ‘miners’) seamlessly talk to each other in a large and dynamic network. Devices and their protocols do not have the ability to seamlessly communicate with other devices. This presentation will try to show where Bitcoin and the underlying Blockchain and Consenus Technology can offer an innovative approach to integrating members of a large and dynamic network.

  • Ready to form Voltron! why security is like a giant robot make of lions

    Due to various conversations about security this week, Voltron came up in the context of security. This is sort of a strange topic, but it makes sense when we ponder modern day security. If you talk to anyone, there is generally one thing they push as a solution for a problem. This is no different for security technologies. There is always one thing that will fix your problems. In reality this is never the case. Good security is about putting a number of technologies together to create something bigger and better than any one thing can do by itself.

  • Email Address Disclosures, Preliminary Report, June 11 2016

    On June 11 2016 (UTC), we started sending an email to all active subscribers who provided an email address, informing them of an update to our subscriber agreement. This was done via an automated system which contained a bug that mistakenly prepended between 0 and 7,618 other email addresses to the body of the email. The result was that recipients could see the email addresses of other recipients. The problem was noticed and the system was stopped after 7,618 out of approximately 383,000 emails (1.9%) were sent. Each email mistakenly contained the email addresses from the emails sent prior to it, so earlier emails contained fewer addresses than later ones.

  • Universities Become New Target for Ransomware Attacks [iophk: "Calgary has no excuse, given the particular tech activity headquartered specifically in their town. Some top Univ executives need firing +fines for having allowed Microsoft into their infrastructure."]

    This week the University of Calgary in Canada admitted paying C$20,000 (€13,900) to a hacker to regain access to files stored in 600 computers, after it suffered a ransomware attack compromising over 9,000 email accounts. In order to receive the keys, the school paid the equivalent of C$20,000 in Bitcoins.

  • Blue Coat to Sell Itself to Symantec, Abandoning I.P.O. Plans

    Blue Coat Systems seemed poised to begin life as a public company, after selling itself to a private equity firm last year.

    Now, the cybersecurity software company plans to sell itself to Symantec instead.

    Blue Coat said late on Sunday that it would sell itself to Symantec for $4.65 billion. As part of the deal, Blue Coat’s chief executive, Greg Clark, will take over as the chief executive of the combined security software maker.

    To help finance the transaction, Blue Coat’s existing majority investor, Bain Capital, will invest an additional $750 million in the deal. The private equity firm Silver Lake, which invested $500 million in Symantec in February, will invest an additional $500 million.

Security Leftovers

Filed under
Security

App stores and Linux repositories: Maybe the worst ideas ever

Filed under
Linux
Security

Technically, since we’re talking about Linux and free/open source software here, there’s nothing stopping someone from cloning the entire repository for a system before it goes offline and then providing that repository as a service to people who still want it. But this is a big undertaking and is something that a casual user of a platform simply isn’t going to do.

In my case, I absolutely would have done this for my N810. I would have cloned the entire repository, including system updates, and hosted it on my server for personal use (and provided it to anyone else who needed it). Would I have ever bothered to update it? Probably not. But I would have had it there for as long as I ran that device. But, alas, I didn’t know the company was killing the entire repository (perhaps I should have expected it, but I didn’t). So, I’m plum out of luck. Plus, I’m weird. Most people would absolutely not clone a repository and self-host it. That's just a crazy thing to do.

Read more

Security Leftovers

Filed under
Security
  • EFF's Badge Hack Pageant Returns to DEF CON

    We are proud to announce the return of EFF's Badge Hack Pageant at the 24th annual DEF CON hacking conference in Las Vegas. EFF invites all DEF CON attendees to stretch their creative skills by reinventing past conference badges as practical, artful, and over-the-top objects of their choosing. The numerous 2015 pageant entries included a crocheted badge cozy, a quadcopter, counterfeit badges, a human baby, a breathalyzer, a dazzling array of LED shows, and more than one hand-made record player that would make MacGyver weep. We encourage you to join us and contribute something whether you are a crafter, a beginner, or a hardware hacking wizard. It's a great summer project so get started now and enjoy a great show!

  • @Deray’s Twitter Hack Reminds Us Even Two-Factor Isn’t Enough

    This has been the week of Twitter hacks, from Mark Zuckerberg to a trove of millions of passwords dumped online to, most recently, Black Lives Matter activist DeRay McKesson.

  • System calls for memory protection keys

    "Memory protection keys" are an Intel processor feature that is making its first appearance in Skylake server CPUs. They are a user-controllable, coarse-grained protection mechanism, allowing a program to deny certain types of access to ranges of memory. LWN last looked at kernel support for memory protection keys (or "pkeys") at the end of 2015. The system-call interface is now deemed to be in its final form, and there is a push to stage it for merging during the 4.8 development cycle. So the time seems right for a look at how this feature will be used on Linux systems.

YubiKey NEO: Ubuntu 16.04 usefulness (+ review)

Filed under
Reviews
Security
Ubuntu

I got a hold of a YubiKey NEO, so I was wondering how useful it is and what can I do with it. Here’s my “tutorial” on setting it up using Ubuntu 16.04 and actually using it.

Read more

Tails 2.4 Launched With TOR 6.0 — Best Linux Distro For Anonymity And Privacy

Filed under
GNU
Linux
Security
Debian

Tails is a popular privacy-focused Linux distribution–here are some other Linux distros for different purposes–with an aim to provide anonymous computing experience. This distro was most famously used by NSA whistleblower Edward Snowden.

If you are acquainted with Tails, you might be knowing that Tails forces all the network activity to go through the TOR network, making your all activities anonymous. Being a Live Linux distro, it can be booted from an SD card, DVD, or USB drive.

Read more

Security Leftovers

Filed under
Security
  • Massive DDoS attacks reach record levels as botnets make them cheaper to launch

    There were 19 distributed denial-of-service (DDoS) attacks that exceeded 100 Gbps during the first three months of the year, almost four times more than in the previous quarter.

    Even more concerning is that these mega attacks, which few companies can withstand on their own, were launched using so-called booter or stresser botnets that are common and cheap to rent. This means that more criminals can now afford to launch such crippling attacks.

  • Twitter locks user accounts that need 'extra protection'

    Better safe than sorry, or so goes Twitter's latest thinking.

    The social network on Friday maintained it was not the victim of a hack or data breach, as previously reported. But Michael Coates, Twitter's head of information security, wrote in a blog post that the company has identified some accounts that need "extra protection." Those accounts have been locked, requiring users to reset their passwords in order to access them.

Security Leftovers

Filed under
Security
  • Tuesday's security updates
  • Security advisories for Wednesday
  • Thursday's security updates
  • Security advisories for Friday
  • Slicing Into a Point-of-Sale Botnet

    Point-of-sale based malware has driven most of the credit card breaches over the past two years, including intrusions at Target and Home Depot, as well as breaches at a slew of point-of-sale vendors. The malware usually is installed via hacked remote administration tools. Once the attackers have their malware loaded onto the point-of-sale devices, they can remotely capture data from each card swiped at that cash register.

  • Microsoft's BITS file transfer tool fooled into malware distribution

    Researchers at Dell SecureWorks have spotted a new and dangerous way to misuse of Microsoft's Background Intelligent Transfer Service (BITS).

    While working on a customer clean-up project, SecureWorks staff found that attackers had created self-contained BITS tasks that didn't appear in the registries of affected machines, and their footprints were limited to entries on the BITS database.

    The attack was spotted on a Windows 7 machine in an academic administration environment.

iTWire shows Linux Australia the right way to host a server

Filed under
GNU
Linux
Server
Security

An iTWire article appears to have resulted in Linux Australia seeing the folly of not having proper arrangements in place for hosting its website.

Further, a member of Linux Australia has suggested the office-bearers should resign en masse for not anticipating a breakdown in hosting the organisation's website recently.

Linux Australia secretary, Sae Ra Germaine, posted to the Linux-aus mailing list in April to explain why the organisation experienced server downtime, ultimately because the team charged with managing this task, while recognising a risk of disruption, did not engage with the University hosting the server instead choosing only to liaise with ex-employees, and discontinued searching for a new host between December 2015 and March 2016.

Read more

Also: Preventing break-ins on your Linux system

Syndicate content

More in Tux Machines

University fuels NextCloud's improved monitoring

Encouraged by a potential customer - a large, German university - the German start-up company NextCloud has improved the resource monitoring capabilities of its eponymous cloud services solution, which it makes available as open source software. The improved monitoring should help users scale their implementation, decide how to balance work loads and alerting them to potential capacity issues. NextCloud’s monitoring capabilities can easily be combined with OpenNMS, an open source network monitoring and management solution. Read more

Linux Kernel Developers on 25 Years of Linux

One of the key accomplishments of Linux over the past 25 years has been the “professionalization” of open source. What started as a small passion project for creator Linus Torvalds in 1991, now runs most of modern society -- creating billions of dollars in economic value and bringing companies from diverse industries across the world to work on the technology together. Hundreds of companies employ thousands of developers to contribute code to the Linux kernel. It’s a common codebase that they have built diverse products and businesses on and that they therefore have a vested interest in maintaining and improving over the long term. The legacy of Linux, in other words, is a whole new way of doing business that’s based on collaboration, said Jim Zemlin, Executive Director of The Linux Foundation said this week in his keynote at LinuxCon in Toronto. Read more

Car manufacturers cooperate to build the car of the future

Automotive Grade Linux (AGL) is a project of the Linux Foundation dedicated to creating open source software solutions for the automobile industry. It also leverages the ten billion dollar investment in the Linux kernel. The work of the AGL project enables software developers to keep pace with the demands of customers and manufacturers in this rapidly changing space, while encouraging collaboration. Walt Miner is the community manager for Automotive Grade Linux, and he spoke at LinuxCon in Toronto recently on how Automotive Grade Linux is changing the way automotive manufacturers develop software. He worked for Motorola Automotive, Continental Automotive, and Montevista Automotive program, and saw lots of original equipment manufacturers (OEMs) like Ford, Honda, Jaguar Land Rover, Mazda, Mitsubishi, Nissan, Subaru and Toyota in action over the years. Read more

Torvalds at LinuxCon: The Highlights and the Lowlights

On Wednesday, when Linus Torvalds was interviewed as the opening keynote of the day at LinuxCon 2016, Linux was a day short of its 25th birthday. Interviewer Dirk Hohndel of VMware pointed out that in the famous announcement of the operating system posted by Torvalds 25 years earlier, he had said that the OS “wasn’t portable,” yet today it supports more hardware architectures than any other operating system. Torvalds also wrote, “it probably never will support anything other than AT-harddisks.” Read more