Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • SMEs vulnerable through insufficient IT, data security

    Small businesses are particularly vulnerable to breaches of IT security, according to a newly published survey which finds that security of data and IT systems is a growing concern for business leaders across Australia.

    Despite facing the same online risks as larger corporates, research by recruitment agency Robert Half the shows that small and medium businesses typically use fewer data protection tools than large companies.

  • US School Agrees to Pay $8,500 to Get Rid of Ransomware [Ed: Microsoft Windows]

    Administrators of the Horry County school district (South Carolina, US) have agreed to make a $8,500 / €7,600 payment to get rid of a ransomware infection that has affected the school's servers.

  • Linux Computers Targeted with Fresh Fysbis Spying Malware

    One fresh malicious program called Fysbis, whose other name is Linux.BackDoor.Fysbis has been created for targeting Linux computers through installation of a backdoor which reportedly opens the machine's access to the malware owner, thus facilitating him with spying on the user as well as carrying out more attacks.

  • CVE-2016-2384: arbitrary code execution due to a double-free in the usb-midi linux kernel driver

    This post describes an exploitable vulnerability (CVE-2016-2384) in the usb-midi Linux kernel driver. The vulnerability is present only if the usb-midi module is enabled, but as far as I can see many modern distributions do this. The bug has been fixed upstream.

Security Leftovers

Filed under
Security
  • Friday's security updates
  • A few words about the glibc vulnerability, CVE-2015-7547

    On February 16th, news reached ISC about CVE-2015-7547, a serious defect in the getaddrinfo() library call in glibc. This defect allows an attacker to cause buffer overflow to occur, creating the possibility of remote code execution in some circumstances. ISC has been asked by several of our customers and partners to comment on whether this vulnerability should be of concern to operators using our products.

  • Change direction, increase speed! (or why glibc changes nothing)

    The conclusion I came up with is we are basically the aliens from space invaders. Change direction, increase speed! While this can give the appearance of doing something, we are all very busy all the time.

  • Glibc 2.23 Released With Many Changes

    The GNU C Library 2.23 adds Unicode 8.0.0 support, a fix for a defect in malloc going back a number of years, some optimized functions for the IBM z13, a number of security related changes, and a whole lot of bug fixing.

How To Install & Use VeraCrypt In Linux An Alternative To TrueCrypt [COMPLETE TUTORIAL]

Filed under
Linux
News
Security

VeraCrypt is a free, open source and cross platform data encryption tool. It's an alternative to TrueCrypt(project discontinued), the popular encryption tool for all Operating systems. VeraCrypt is an easy to use tool. In this article I will walk you through the complete process of installing & using VeraCrypt in any Linux distributions such as Debian, Arch, Ubuntu, Linux Mint etc. So let's get started.

Read more

Leftovers: Security

Filed under
Security

Linux Mint Website Hacked, Users Tricked Into Downloading ISOs with Backdoors

Filed under
GNU
Linux
Security
Web

Just a few moments ago, Clement Lefebvre, leader of the Linux Mint project, informes users of the popular, Ubuntu-based distribution that the servers where the Linux Mint website is hosted have been hacked to point the download links to specially crafted ISOs.

According to Mr. Lefebvre, it appears that a group of hackers created a modified Linux Mint ISO, which included a backdoor. Then, they hacked into the Linux Mint website and modified the download links to trick users into downloading the malicious ISO image.

Read more

Open source security is not as big of a concern as it once was

Filed under
OSS
Security

Many tools that are open sourced are more readily usable than the closed source alternatives. The visibility of how the code works allows an end user the ability to quickly integrate the open source tool into existing systems. “When we are examining potential new tools, selecting an open source project which satisfies our needs is typically a better option than the alternatives. This is because we are able to rapidly deploy an open source tool without making a financial commitment to another company. It also lets us determine a proof of concept for using the new project,” he said.

Read more

Linux distros aren't updating WebKit, making web browsers and email clients vulnerable

Filed under
Linux
Security

The WebKit rendering engine used in many Linux applications is a complete security mess. That’s the takeaway from a blog post by Michael Catanzaro, who works on GNOME’s WebKitGTK+ project. He’s sounding the alarm about a problem the open-source community needs to fix.

Read more

FreeBSD, Variants Not Affected by Recent GNU Bug

Filed under
Security
BSD

Much has been made about a vulnerability in a function in the GNU C Library. And searching far and wide over the Internet, there was little — actually nothing — I could find regarding how this affected BSD variants.

However, you can rest easy, BSDers: Not our circus, not our monkeys.

Dag-Erling Smørgrav, a FreeBSD developer since 1998 and the current FreeBSD Security Officer, writes in his blog that “neither FreeBSD itself nor native FreeBSD applications are affected.”

Read more

Security Leftovers

Filed under
Security

Glibc:

Security:

Syndicate content

More in Tux Machines

Oracle Desperate

Leftovers: OSS and Sharing

Security Leftovers

  • Friday's security updates
  • Judge Says The FBI Can Keep Its Hacking Tool Secret, But Not The Evidence Obtained With It
    Michaud hasn't had the case against him dismissed, but the government will now have to rely on evidence it didn't gain access to by using its illegal search. And there can't be much of that, considering the FBI had no idea who Michaud was or where he resided until after the malware-that-isn't-malware had stripped away Tor's protections and revealed his IP address. The FBI really can't blame anyone but itself for this outcome. Judge Bryan may have agreed that the FBI had good reason to keep its technique secret, but there was nothing preventing the FBI from voluntarily turning over details on its hacking tool to Michaud. But it chose not to, despite his lawyer's assurance it would maintain as much of the FBI's secrecy as possible while still defending his client. Judge Bryan found the FBI's ex parte arguments persuasive and declared the agency could keep the info out of Michaud's hands. But doing so meant the judicial playing field was no longer level, as he acknowledged in his written ruling. Fortunately, the court has decided it's not going to allow the government to have its secrecy cake and eat it, too. If it wants to deploy exploits with minimal judicial oversight, then it has to realize it can't successfully counter suppression requests with vows of silence.
  • Researcher Pockets $30,000 in Chrome Bounties
    Having cashed in earlier in May to the tune of $15,500, Mlynski pocketed another $30,000 courtesy of Google’s bug bounty program after four high-severity vulnerabilities were patched in the Chrome browser, each worth $7,500 to the white-hat hacker.

Gentoo "Choice Edition" Released, Slackware & Tumbleweed Latest

The big news today was the release of Gentoo 20160514, dubbed "Choice Edition" because it is especially good, cool, and excellent. In related news, Calculate Linux received an updated release and Computer Business Reviews answers, "What is Ubuntu?" Dimstar posted the latest changes to Tumbleweed and Slackware-current got some new updates. Laurent Montel answered Andreas Huettel's post on Akonadi must die and Fedora 24 sports new font improvements. Read more