Language Selection

English French German Italian Portuguese Spanish

Security

Thunderbird’s defective method of enabling anti-virus software to scan incoming POP3 e-mail messages

Filed under
Security

Thunderbird’s method of enabling anti-virus software to scan incoming e-mail messages is explained in the mozillaZine article 'Download each e-mail to a separate file before adding to Inbox' and in Mozilla bug report no. 116443 (the bug report that resulted in the functionality being implemented).

Chromebook/Google/Gentoo Security

Filed under
Gentoo
Google
Security
  • Google has doubled its bounty for a Chromebook hack to $100,000

    Google doubled the bounty it will pay for a successful exploit of its Chromebook laptop to $100,000, sweetening the pot in hopes of drawing more attention from security researchers.

    The larger reward is intended for someone who finds a persistent compromise of a Chromebook in guest mode, according to Google's security blog on Monday.

  • Google's Bug Bounty for a Chromebook Hack Rises to $100,000

    We've reported a few times on bug bounties--cash prizes offered by open source communities to anyone who finds key software bugs--ranging from bounties offered by Google (for the Chrome browser) and Mozilla. This open method of discovering security vulnerabilities has been embraced at Google, especially. In fact, Google has offered up as much as $1 million to people who identify key vulnerabilities in the Chrome browser.

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Monday's security advisories
  • Building a Jenkins Security Realm

    Last week I spent a good while on writing a new security realm for KDE's Jenkins setups. The result of my tireless java brewing is that the Jenkins installation of KDE neon now uses KDE's Phabricator setup to authenticate users and manage permissions via OAuth.

  • The Great Linux Mint Heist: the Aftermath

    In a shocking move, cyber criminals recently hacked the Linux Mint Web server and used it to launch an attack against the popular distro's user base.

  • These Are the Best System Rescue Tools After a Malware Attack

    System rescue tools provided by antivirus makers are often used to clean infected systems after the main antivirus software detects infections.

    Most antivirus makers bundle this functionality in their main products, but a few offer more specialized tools that also repair damaged files, attempting to restore the system to its earlier working point as much as possible.

    Only five of such tools are currently available on the market as free tools. They are AVG Rescue CD, Avira EU-Clean, Bitdefender Rescue CD, ESET SysRescue, and Kaspersky Virus Removal Tool.

  • Documents with malicious macros deliver fileless malware to financial-transaction systems

    Spammed Word documents with malicious macros have become a popular method of infecting computers over the past few months. Attackers are now taking it one step further by using such documents to deliver fileless malware that gets loaded directly in the computer's memory.

    Security researchers from Palo Alto Networks analyzed a recent attack campaign that pushed spam emails with malicious Word documents to business email addresses from the U.S., Canada and Europe.

Canonical Releases Major Kernel Update for Ubuntu 14.04 LTS, Patches 13 Issues

Filed under
Security
Ubuntu

We reported on March 14 that Canonical published two new Ubuntu Security Notices with detailed information on multiple Linux kernel vulnerabilities patched for Ubuntu 12.04 LTS (Precise Pangolin) and Ubuntu 15.10 (Wily Werewolf) operating systems.

Read more

Canonical Patches Seven Linux Kernel Vulnerabilities in Ubuntu 15.10, Update Now

Filed under
Security
Ubuntu

We reported earlier that Canonical released a minor kernel update for its Ubuntu 12.04 LTS (Precise Pangolin) operating system, and now the company announces a new kernel update for Ubuntu 15.10 (Wily Werewolf).

Read more

Security Leftovers

Filed under
Security
  • Hackers turn to angr for automated exploit discovery and patching

    A team of researchers are battling to trouser the US Defense Advanced Research Projects Agency's US$2m prize to build a system that aims to best human offensive and defensive security personnel at exploitation discovery and patching.

    The Shellphish team, with hackers in the US, France, China, Brazil, and Senegal, is big in the capture-the-flag circuit and won the DEF CON competition in 2006.

    And so it jumped when DARPA in 2014 pinned the word "cyber" to the title of its then decade-old Grand Challenge competition and the quest to automate vulnerability discovery and remediation.

  • How to foil a bank heist

    Essentially, Windows security updates ensure that some zero-day vulnerabilities are fixed as the Microsoft programming team become aware of them and are able to fix them. As a result of Microsoft security updates for Windows XP being discontinued, there is no way for anyone running Windows XP to secure their computer.1

  • Containers are like sandwiches

    There are loads of containers available out there you can download that aren't trusted sources. Don't download random containers from random places. It's no different than trying to buy a sandwich from a filthy shop that has to shoo the rats out of the kitchen with a broom.

  • Do you trust this package?

    But what guarantee is there that no MITM attacker compromised the tarballs when they were downloaded from upstream by a distro package maintainer? If you think distro package maintainers bother with silly things like GPG signature checking when downloading tarballs, then I regret to inform you that Santa is not real, and your old pet is not on vacation, it is dead.

  • Your next car will be hacked. Will autonomous vehicles be worth it?

    Self-driving cars could cut road deaths by 80%, but without better security they put us at risk of car hacking and even ransom demands, experts at SXSW say

  • Microsoft: We Store Disk Encryption Keys, But We’ve Never Given Them to Cops [Ed: just to spies. The following page includes several clear examples where Microsoft is caught giving crypto keys to spies. Microsoft is answering/addressing concerns not as they were raised. This is a non-denying denial.]

    Microsoft says it has never helped police investigators unlock its customers’ encrypted computers—despite the fact that the company often holds they key to get their data.

    If you store important stuff on your computer, it’s great to have the option to lock it up and encrypt your data so that no one can access it if you ever lose your laptop or it gets stolen. But what happens if, one day, you forget your own password to decrypt it? To give customers a way to get their data back in this situation, Microsoft has been automatically uploading a recovery key in the cloud for Windows computers since 2013.

Latest Manjaro Linux 15.12 Update Pack Includes an Important OpenSSL Bugfix

Filed under
Security

The Manjaro development team announced the general availability of the twelfth update pack for the stable and current release of the Arch Linux-based operating system.

Read more

Security Leftovers

Filed under
Security
  • 600,000 TFTP Servers Can Be Abused for Reflection DDoS Attacks

    A new study has revealed that improperly configured TFTP servers can be easily abused to carry out reflection DDoS attacks that can sometimes have an amplification factor of 60, one of the highest such values.

  • Do you trust this application?

    Much of the software you use is riddled with security vulnerabilities. Anyone who reads Matthew Garrett knows that most proprietary software is a lost cause. Some Linux advocates claim that free software is more secure than proprietary software, but it’s an open secret that tons of popular desktop Linux applications have many known, unfixed vulnerabilities. I rarely see anybody discuss this, as if it’s taboo, but it’s been obvious to me for a long time.

  • Do you trust this website?

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

OSS Leftovers

  • DataBasin - object inspector and updates
    First, the underlying DataBasinKit framework got an important update.
  • In-demand dev skills, understanding licensing, and more open source news
  • Higher ed systems expanding access to open-source materials
    Open-source learning technology is at the core of higher education for institutions that want to reach broader audiences with very strict ideas about how convenient learning should be. But developing these initiatives does not happen quickly or easily. It requires strong leadership in information technology, expertise to determine which solutions work best for a campus, and a financial commitment to making sure the technology is sustainable.
  • Proxmark Pro Proxmark3 Standalone Open Source RFID Tester (video)
    Rysc Corp has unveiled a new open source board in the form of the Proxmark Pro which now offers a true standalone client and RFID test instrument, check out the video below to learn more. The Proxmark Pro will feature an FPGA with 5 times the logic cells of the Proxmark3 and will remove the need to switch between HF and LF bit streams during operation, to use developers.
  • ErupteD Brings Vulkan To The D Programming Language
    The D programming language is just the latest to have support for Vulkan alongside C++, Rust (via Vulkano, if you missed that project), Go, and many other modern languages getting bindings for this Khronos Group high performance graphics API. Should you not be familiar with the D language, see Wikipedia.

Leftovers: Security