Language Selection

English French German Italian Portuguese Spanish

Security

Tor: a landmark for hidden services

Filed under
OSS
Security

The Tor Project's .onion (hidden services) addresses have been formally
approved as a Special Use Domain Name by the Internet Engineering Task
Force (IETF), a body that sets standards for the Internet. IETF’s
recognition of .onion names is a landmark in the movement to build
privacy into the structure of the Internet. Jacob Appelbaum's official
blog post for the Tor Project
(https://blog.torproject.org/blog/landmark-hidden-services...)
about this development is available.

Read more

IPFire 2.17 - Core Update 94 released

Filed under
GNU
Linux
Security

This is the official release announcement for IPFire 2.17 – Core Update 94 which is a release with smaller security fixes and a maintenance release in general.

Read more

Security Leftovers

Filed under
Security
  • Fitbit can allegedly be hacked in 10 seconds

    Fitness-tracking wristband Fitbit, which has sold more than 20 million devices worldwide, and tracks your calorie count, heart rate and other highly personal information, can be remotely hacked, according to research by Fortinet. This gives hackers access to the computer to which you sync your Fitbit.

  • Adobe releases emergency patch for Flash zero-day flaw
  • Adobe confirms major Flash vulnerability, and the only way to protect yourself is to uninstall Flash

    Just one day after Adobe released its monthly security patches for various software including Flash Player, the company confirmed a major security vulnerability that affects all versions of Flash for Windows, Mac and Linux computers. You read that correctly… all versions. Adobe said it has been made aware that this vulnerability is being used by hackers to attack users, though it says the attacks are limited and targeted. Using the exploit, an attacker can crash a target PC or even take complete control of the computer.

  • Western Digital self-encrypting hard drives riddled with security flaws

    Several versions of self-encrypting hard drives from Western Digital are riddled with so many security flaws that attackers with physical access can retrieve the data with little effort, and in some cases, without even knowing the decryption password, a team of academics said.

    The paper, titled got HW crypto? On the (in)security of a Self-Encrypting Drive series, recited a litany of weaknesses in the multiple versions of the My Passport and My Book brands of external hard drives. The flaws make it possible for people who steal a vulnerable drive to decrypt its contents, even when they're locked down with a long, randomly generated password. The devices are designed to self-encrypt all stored data, a feature that saves users the time and expense of using full-disk encryption software.

Tails Amnesic Incognito Live Linux OS Spotted on 'Homeland' TV Show

Filed under
GNU
Linux
Security
Debian

Spoiler alert! Don't read this if you haven't watched the third episode of the fifth season of Homeland, an acclaimed American television series that airs on the Showtime network.

If you've watched the show so far, then you know that there are a few new characters, such as Laura Sutton, an American journalist in Berlin, played by the beautiful Sarah Sokolovic, as well as Numan, a bearded hacker played by Atheer Adel.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Tuesday's security updates
  • Why Aren't There Better Cybersecurity Regulations for Medical Devices?

    This summer, the Food and Drug Administration warned hospitals to stop using a line of drug pumps because of a cybersecurity risk: a vulnerability that could allow an attacker to remotely deliver a fatal dose to a patient. SAINT Corporation engineer Jeremy Richards, one of the researchers who discovered the vulnerability, called the drug pump the “the least secure IP enabled device I’ve ever touched in my life.”

    There is a growing body of research that shows just how defenseless many critical medical devices are to cyberattack. Research over the last couple of years has revealed that hundreds of medical devices use hard-coded passwords. Other devices use default admin passwords, then warn hospitals in the documentation not to change them.

  • Congress Introduces Provision That Could Make Vehicle Security Research Illegal

    Far too often Congress proposes tech legislation that is either poorly researched or poorly drafted (or both). Fortunately, most of the bills don't advance. Unfortunately, this doesn’t seem to dissuade Congress from constantly writing these types of bills. The House Energy and Commerce Committee released such a bill last week. It's only a discussion draft and hasn't been introduced as a formal bill yet, but its provisions would not only effectively put the brakes on car security research, but also immunize auto manufactures from FTC privacy enforcement when (not if) they fail to secure our cars. It's a classic one-two punch from Congress: not understanding something and then deciding to draft a bill about it anyway.

  • Crypto researchers: Time to use something better than 1024-bit encryption

    It’s possible for entities with vast computing resources – such as the NSA and major national governments - to compromise commonly used Diffie-Hellman keys, and over time more groups will be able to afford cracking them as computing costs go down.

  • The first rule of zero-days is no one talks about zero-days (so we’ll explain)

    How do you defend yourself against the unknown? That is crux of the zero-day vulnerability: a software vulnerability that, by definition, is unknown by the user of the software and often its developer as well.

    Everything about the zero-day market, from research and discovery through disclosure and active exploitation, is predicated upon this fear of the unknown—a fear that has been amplified and distorted by the media. Is the world really at threat of destabilisation due to lone-wolf hackers digging up vulnerabilities in popular software packages and selling them to whichever repressive government offers the most money? Or is it just a classic case of the media and megacorp lobbyists focusing on the sexy, scary, offensive side of things, and glossing over the less alluring aspects?

VirtualBox 5.0.8 Has Better systemd Support, Debian and El Capitan Fixes

Filed under
OSS
Security

On October 20, Oracle announced the immediate availability for download of the eighth maintenance release of their open-source and cross-platform VirtualBox virtualization software for GNU/Linux, Mac OS X, and Windows operating systems.

Read more

Canonical Releases Important Security Patches for Ubuntu 15.04 and 14.04 LTS

Filed under
Security
Ubuntu

After announcing the general availability of a new kernel version of its Ubuntu 12.04 LTS (Precise Pangolin) operating system, Canonical published details about an important security patch for the kernel packages of Ubuntu 15.04 and Ubuntu 14.04 LTS.

Read more

AllSeen Alliance Adds Security Updates to Open Source IoT Platform

Filed under
OSS
Security

The AllSeen Alliance claims to have made open source Internet of Things (IoT) development more secure with the latest update to its AllJoyn IoT framework, Security 2.0. The new feature brings authentication, device authorization and encryption enhancements to the platform.

Read more

Syndicate content

More in Tux Machines

GNOME and KDE

  • Community Time at Collabora [Ed: Mono]
  • Refocus
    Sometimes all those GNOME programming projects are driving me crazy. [...] Note that for that last item, I would use LaTeXila of course, so if there are some regressions due to some library changes (you perfectly know which library in particular I mean), I’ll probably become aware of the regressions and fix them. Without any guarantees, I repeat. So if someone wants to take over LaTeXila maintenance, I would be more than happy. In the condition that I can still recognize my old pet project afterwards and is still mostly bug-free.
  • Chakra GNU/Linux Users Get KDE Plasma 5.5.4 and Calligra 2.9.11 Office Suite
    Users of the Chakra GNU/Linux operating system were informed this past weekend by the project's maintainer Neofytos Kolokotronis of the availability of two essential software distributions for the rolling OS.
  • Konqi emoji shipped! and a little preview…
    It will end up in your KDE distribution soon !!! I am really very happy that many of you have appreciated my work.

Leftovers: Gaming

today's howtos

Kernel Space: Linux, Graphics