Language Selection

English French German Italian Portuguese Spanish

Security

Security News

Filed under
Security

Security Leftovers

Filed under
Security

Security News

Filed under
Security

Security Leftovers

Filed under
Security
  • How to secure MongoDB on Linux or Unix production server

    MongoDB is a free and open-source NoSQL document database server. It is used by web application for storing data on a public facing server. Securing MongoDB is critical. Crackers and hackers are accessing insecure MongoDB for stealing data and deleting data from unpatched or badly-configured databases. In this tutorial you will learn about how to secure a MongoDB instance or server running cloud server.

  • MongoDB Ransomware Attacks Grow in Number

    Last week when the news started hitting the net about ransomware attacks focusing on unprotected instances of MongoDB, it seemed to me to be a story that would have a short life. After all, the attacks weren’t leveraging some unpatched vulnerabilities in the database, but databases that were misconfigured in a way that left them reachable via the Internet, and with no controls — like a password other than the default — over who had privileges. All that was necessary to get this attack vector under control was for admins to be aware of the situation and to be ready and able to reconfigure and password protect.

  • FTC will pay you to build an IoT security checker

    The Federal Trade Commission (FTC) wants the public to take a crack at developing tools to improve security around Internet of Things (IoT) devices.

    Specifically, the FTC is hosting a competition challenging the public to create a technical solution that would, at a minimum, help protect consumers from security vulnerabilities caused by out-of-date software. Contestants have the option of adding features, such as those that would address hard-coded, factory default or easy-to-guess passwords.

  • Security advisories for Monday
  • Security Advice: Bad, Terrible, or Awful

    As an industry, we suck at giving advice. I don’t mean this in some negative hateful way, it’s just the way it is. It’s human nature really. As a species most of us aren’t very good at giving or receiving advice. There’s always that vision of the wise old person dropping wisdom on the youth like it’s candy. But in reality they don’t like the young people much more than the young people like them. Ever notice the contempt the young and old have for each other? It’s just sort of how things work. If you find someone older and wiser than you who is willing to hand out good advice, stick close to that person. You won’t find many more like that.

Open source server simplifies HTTPS, security certificates

Filed under
OSS
Security

For administrators seeking an easier method to turn on HTTPS for their websites, there is Caddy, an open source web server that automatically sets up security certificates and serves sites over HTTPS by default.

Built on Go 1.7.4, Caddy is a lightweight web server that supports HTTP/2 out of the box and automatically integrates with any ACME-enabled certificate authority such as Let’s Encrypt. HTTP/2 is enabled by default when the site is served over HTTPS, and administrators using Caddy will never have to deal with expired TLS certificates for their websites, as Caddy handles the process of obtaining and deploying certificates.

Read more

MongoDB Misconfiguration and Ransom, NSA Windows Cracking

Filed under
Security

Security News

Filed under
Security
  • 6 ways to secure air-gapped computers from data breaches

    How do you avoid this? Depending upon the nature of the data contained within the air-gapped system, you should only allow certain staff members access to the machine. This might require the machine to be locked away in your data center or in a secured room on the premises. If you don't have a data center or a dedicated room that can be locked, house the computer in the office of a high-ranking employee.

  • Possibly Smart, Possibly Stupid, Idea Regarding Tor & Linux Distributions

    I will admit that I have not fully thought this through yet, so I am
    writing this in the hope that other folk will follow up, share their
    experiences and thoughts.

    So: I have installed a bunch of Tor systems in the past few months -
    CentOS, Ubuntu, Raspbian, Debian, OSX-via-Homebrew - and my abiding
    impression of the process is one of "friction".

    Before getting down to details, I hate to have to cite this but I have been
    a coder and paid Unix sysadmin on/off since 1988, and I have worked on
    machines with "five nines" SLAs, and occasionally on boxes with uptimes of
    more than three years; have also built datacentres for Telcos, ISPs and
    built/setup dynamic provisioning solutions for huge cluster computing. The
    reason I mention this is not to brag, but to forestall

  • [Older] Introducing rkt’s ability to automatically detect privilege escalation attacks on containers

    Intel's Clear Containers technology allows admins to benefit from the ease of container-based deployment without giving up the security of virtualization. For more than a year, rkt's KVM stage1 has supported VM-based container isolation, but we can build more advanced security features atop it. Using introspection technology, we can automatically detect a wide range of privilege escalation attacks on containers and provide appropriate remediation, making it significantly more difficult for attackers to make a single compromised container the beachhead for an infrastructure-wide assault.

  • Diving back into coreboot development

    Let me first introduce myself: I’m Youness Alaoui, mostly known as KaKaRoTo, and I’m a Free/Libre Software enthusiast and developer. I’ve been hired by Purism to work on porting coreboot to the Librem laptops, as well as to try and tackle the Intel ME issue afterwards.

    I know many of you are very excited about the prospect of having coreboot running on your Librem and finally dropping the proprietary AMI BIOS that came with it. That’s why I’ll be posting reports here about progress I’m making—what I’ve done so far, and what is left to be done.

  • Web databases hit in ransom attacks

    Gigabytes of medical, payroll and other data held in MongoDB databases have been taken by attackers, say security researchers.

  • Why HTTPS for Everything?

    HTTPS enables privacy and integrity by default. It is going to be next big thing. The internet’s standards bodies, web browsers, major tech companies, and the internet community of practice have all come to understand that HTTPS should be the baseline for all web traffic. Ultimately, the goal of the internet community is to establish encryption as the norm, and to phase out unencrypted connections. Investing in HTTPS makes it faster, cheaper, and easier for everyone.

Security Leftovers

Filed under
Security
  • Security updates for Friday
  • Linux KillDisk Ransomware Can't Decrypt

    Disk-wiping malware known as KillDisk, which has previously been used in hack attacks tied to espionage operations, has been given an update. Now, the malware works on Linux as well as Windows systems and also includes the ability to encrypt files, demand a bitcoin ransom and leave Linux systems unbootable.

  • GNU Officially Boots Libreboot

    FSF and GNU decide to grant Libreboot lead developer Leah Rowe’s wishes. The project is no longer a part of GNU says RMS.

Security News

Filed under
Security

Security News

Filed under
Security
  • 8 Docker security rules to live by

    Odds are, software (or virtual) containers are in use right now somewhere within your organization, probably by isolated developers or development teams to rapidly create new applications. They might even be running in production. Unfortunately, many security teams don’t yet understand the security implications of containers or know if they are running in their companies.

    In a nutshell, Linux container technologies such as Docker and CoreOS Rkt virtualize applications instead of entire servers. Containers are superlightweight compared with virtual machines, with no need for replicating the guest operating system. They are flexible, scalable, and easy to use, and they can pack a lot more applications into a given physical infrastructure than is possible with VMs. And because they share the host operating system, rather than relying on a guest OS, containers can be spun up instantly (in seconds versus the minutes VMs require).

  • Zigbee Writes a Universal Language for IoT

    The nonprofit Zigbee Alliance today unveiled dotdot, a universal language for the Internet of Things (IoT).

    The group says dotdot takes the IoT language at Zigbee’s application layer and enables it to work across different networking technologies.

  • $25,000 Prize Offered in FTC IoT Security Challenge

    It appears as if the Federal Trade Commission is getting serious about Internet of Things security issues -- and it wants the public to help find a solution. The FTC has announced a contest it's calling the "IoT Home Inspector Challenge." What's more, there's a big payoff for the winners, with the Top Prize Winner receiving up to $25,000 and each of a possible three "honorable Mentions" getting $3,000. Better yet, winners don't have to fork over their intellectual property rights, and will retain right to their submissions.

    Of course, the FTC is a federal agency, and with a change of administrations coming up in a couple of weeks, it hedges its bet a bit with a caveat: "The Sponsor retains the right to make a Prize substitution (including a non-monetary award) in the event that funding for the Prize or any portion thereof becomes unavailable." In other words, Obama has evidently given the go-ahead, but they're not sure how Trump will follow through.

  • LG threatens to put Wi-Fi in every appliance it releases in 2017

    In the past few years, products at CES have increasingly focused on putting the Internet in everything, no matter how "dumb" the device in question is by nature. It's how we've ended up with stuff like this smart hairbrush, this smart air freshener, these smart ceiling fans, or this $100 pet food bowl that can order things from Amazon.

  • Ex-MI6 Boss: When It Comes To Voting, Pencil And Paper Are 'Much More Secure' Than Electronic Systems

    Techdirt has been worried by problems of e-voting systems for a long time now. Before, that was just one of our quaint interests, but over the last few months, the issue of e-voting, and how secure it is from hacking, specifically hacking by foreign powers, has become a rather hot topic. It's great that the world has finally caught up with Techdirt, and realized that e-voting is not just some neat technology, and now sees that democracy itself is at play. The downside is that because the stakes are so high, the level of noise is too, and it's really hard to work out how worried we should be about recent allegations, and what's the best thing to do on the e-voting front.

  • Five things that got broken at the oldest hacking event in the world

    Chaos Communications Congress is the world’s oldest hacker conference, and Europe’s largest. Every year, thousands of hackers gather in Hamburg to share stories, trade tips and discuss the political, social and cultural ramifications of technology.

    As computer security is a big part of the hacker world, they also like to break things. Here are five of the most important, interesting, and impressive things broken this time.

Syndicate content

More in Tux Machines

Linux on Servers

  • Who's cashing in on containers? Look to the cloud
    Docker-style containers are so hot they’ve broken the scale ETR uses to measure CIO intent to purchase enterprise technology, registering “the strongest buying intention score ever recorded in [its] six-year history.” While that data is more than a year old, more recent analyses peg Docker adoption up by a factor of 2.6 in 2016 over 2015, yielding a market worth $762 million in 2016, projected to bloat to $2.7 billion by 2020, according to 451 Research.
  • Serverless Computing Is the Stack Reimagined [Ed: Serverless=you have less control over the computer you use. Cloud=you have no ownership of the computer you use. Serverless Cloud=suicide.]
    In Ho's own words, "Serverless computing is the code execution model that the cloud provider abstracts the complexity of managing individual servers." This basically means the provider worries about the servers. You just run your code on them.
  • Docker 1.13 Prunes Containers, Improves Security
    The Docker 1.13 release introduces multiple new commands including prune and squash, which can help containers to use disk space more efficiently. Docker officially announced its 1.13 release on Jan. 19, with new capabilities to help build, manage and secure containers.

Android Leftovers

Naltrexone | Order Now Generic Tucson

Looking for a naltrexone? Not a problem! Buy naltrexone online ==> http://newcenturyera.com/med/naltrexone ---- Guaranteed Worldwide Shipping Discreet Package Low Prices 24/7/365 Customer Support 100% Satisfaction Guaranteed. Tags: online naltrexone website cod donde comprar naltrexone anaheim achat de naltrexone 15 mg generique canada order now generic naltrexone tucson how is naltrexone taken drugs zonder recept naltrexone medicijn worldwide naltrexone pill kopen antaxone naltrexone over the counter buy naltrexone online pfizer buy now generic name naltrexone nemexin naltrexone no prescription fedex overnight free waar te koop on line naltrexone samples naltrexone furosemide 40mg generic naltrexone in internet connecticut pharmacy naltrexone free shipping chews buy naltrexone ez ac best price 50mg to buy depade naltrexone online american express without script new jersey best price naltrexone online drug cod accepted massachusetts naltrexone fast visa prijzen naltrexone cod in internet comprar naltrexone 50mg internet naltrexone ups delivery only epinephrine naltrexone free fedex delivery data naltrexone fact buy online naltrexone no script canadian pharmacy macclesfield naltrexone and overnight buy naltrexone without prescription needed naltrexone children low dose buy s naltrexone in australia website kopen cheap naltrexone cod otc need naltrexone canada detox naltrexone implant rapid want naltrexone online on sale topamax naltrexone vs can i purchase naltrexone secure ordering on line naltrexone order licensed shop otc on sale http://nutraco.com/UserProfile/tabid/57/userId/526918/Default.aspx buy in online naltrexone cod accepted naltrexone order now at madison in my case it was also progressive before i started the low dose naltrexone online naltrexone fast delivery carmarthenshire discount pill naltrexone where to purchase for sale where to buy naltrexone visa ach pill emptying naltrexone gastric australia 50mg cheap celupan neovascularization antaxone naltrexone waar kan ik kopen drug get now naltrexone in victorville legal naltrexone can i purchase overnight naltrexone where do i get in internet fedex otc pillen naltrexone medication fast delivery low price naltrexone depade drugs no rx canada buy london naltrexone 50mg winston naltrexone approved round rock naltrexone abstinence similar in internet naltrexone can i buy alternative denton naltrexone on line secure ordering in yonkers discounted naltrexone fedex buy naltrexone cheapest online buy cialis online buy cod naltrexone no doctors oklahoma revia 50mg tablets buy buy pure naltrexone get naltrexone for scabies samples buy naltrexone acetate online cheap buying naltrexone online ach saturday delivery wisconsin get now alternative pill naltrexone internet with check categorieswant naltrexone 20mg where can i purchase order revia 50mg naltrexone in internet barnes noble alcoholism cure naltrexone anorexia buy naltrexone expectorant online with mastercard how to buy naltrexone delivery purchase cheap naltrexone online saturday delivery prix du naltrexone en pharmacie forum best price naltrexone 50mg in internet mastercard priority mail washington easy to buy naltrexone in uk #naltrexone online naltrexone 1000 mg bestellen low cost naltrexone in internet coupon no script tennessee naltrexone canada where to purchase cost implant naltrexone pharmacy revia naltrexone in internet mastercard no rx alaska cheap naltrexone mastercard overnight acheter naltrexone toute securite cats naltrexone naltrexone 4.5 side effects pillen generic naltrexone on line express delivery need naltrexone online pills no doctors colorado The FDA announced the approval of an new weight reduction drug on Sept. 11, 2014. The drug name is Contrave. Using two separate drugs to shed weight can be very effective you can find combinations before the FDA now awaiting approval. When dealing with fat loss and the people that go through it you ought to err to the side of caution and let the FDA do its job and demand some study be done in order that the public understands the side effects and dangers of the medications before we bring them. Keep in mind that drug companies will be in business to generate income and that they would say almost anything to keep people on his or her medications. Researchers found out that participants taking this drug for the year, dropped excess weight within one month and have kept the weight off through the entire 56 weeks from the study. Contrave can be a combination from the drugs naltrexone and bupropion, which seems to reflect a whole new trend of weight-loss drugs that are made up of several active ingredient, which may make them more efficient and safer. Combo-pilling may be the newest fad or also the newest in the future under scrutiny and so it is just more publicly known in recent months, comb-pilling for weight loss has been around since the eighties. The biggest reason that employing a combination of pills is starting to become popular will be the fact that since right now there aren't long term prescription weight loss supplements that have been authorized by the FDA besides orlistat. The truly disturbing part is that doctors are prescribing these combinations of medications even though some of the combinations happen to be rejected or have yet to be authorized by the FDA. Seizures certainly are a side effect with Contrave and mustn't be taken in individuals with seizure disorders. The drug may also raise blood pressure and heartrate, and really should not be used in individuals with a history of cardiac arrest or stroke in the previous six months. Blood pressure and pulse should also be measured before commencing the drug and throughout therapy using the drug. The FDA also warned that Contrave can raise hypertension and heart rate and must not be used in patients with uncontrolled high blood pressure levels, in addition to by you are not heart-related and cerebrovascular (circulation system dysfunction impacting mental performance) disease. Patients using a history of cardiac arrest or stroke in the previous six months, life-threatening arrhythmias, or congestive heart failure were excluded through the clinical trials. Those taking Contrave should have their heart-rate and pulse monitored regularly. In addition, considering that the compound includes bupropion, Contrave comes having a boxed warning to alert health care professionals and patients to the increased probability of suicidal thoughts and behaviors related to antidepressant drugs. The warning also notes that serious neuropsychiatric events are actually reported in patients taking bupropion for quitting smoking. The course of recovery, even for those using the medications, centers more about talk and much less on pills because while drugs like acamprosate and naltrexone help change brain chemistry, they just don't change minds. Once you adopt away the alcohol, sometimes using the successful usage of prescribed medicine, the minds still need work. Alcoholics who slip in recovery and non-alcoholics drink for fundamentally the same reason: It relieves social/physical/emotional tension. With alcoholics however, their own health are programmed differently genetically and react to drinking with more drinking. So counseling or even a 12-step meeting helps those abstinent keep from using the first drink. Recovery has very little to do with stopping the drinking and the ones successful in recovery admit they're success is founded on learning or relearning the way to manage life's tensions.

Linux Kernel 4.4.44 LTS Brings Some x86 Improvements, Various Updated Drivers

After informing us about the availability of the fifth maintenance update of the Linux 4.9 kernel series, which has recently become a long-term supported branch, Greg Kroah-Hartman is today announcing the availability of Linux 4.4.44 LTS. If you're reading our regular reports on the Linux kernel, you should be aware of the fact that the Linux 4.4 kernel branch is a long-term support (LTS) one that should get security patches for one more year, until February 2018. This branch is currently available in several popular GNU/Linux distributions, including Ubuntu 16.04 LTS, Alpine Linux, and Arch Linux, and Linux 4.4.44 LTS is now the most advanced release. Read more Also: Linux 4.9 Confirmed As The New Long-Term Supported Kernel