Language Selection

English French German Italian Portuguese Spanish

Security

BackBox Linux 4.5 Security-Oriented OS Comes Preinstalled with New Hacking Tools

Filed under
GNU
Linux
Security

The developers of the BackBox Linux operating system have announced the release and immediate availability for download of the BackBox Linux 4.5 release, which promises to bring a new kernel and lots of updated packages.

According to the release notes, BackBox Linux 4.5 comes preinstalled with Linux kernel 4.2 and adds various new and special tools, such as Automotive Analysis and OpenVAS, which promise to make a big difference when talking about the overall performance of the system.

Read more

Also: Are There Open Source Vulnerability Assessment Options?

Managing Security Vulnerabilities and Risks

Security Leftovers

Filed under
Security

eCryptfs Vulnerability Closed in Ubuntu OSes

Filed under
Security
Ubuntu

A eCryptfs vulnerability has been found and repaired in Ubuntu 15.10, Ubuntu 15.04 and Ubuntu 14.04 LTS, and a new updated has been issued.

Read more

Which Linux Is Secure? The Analysis Of Top Popular Distributions

Filed under
Linux
Security

So, can I be sure that web site of my lovely Linux Distribution is real and hackers doesn’t replace it with infected software? Can I get a backdoor in my operating system from installed updates? No, but only with these conditions:

Read more

Security Leftovers

Filed under
Security

BlackArch Linux Expands Its Roster of Tools for Security Research

Filed under
Linux
Security

If having more tools is better for security, then the latest release of the BlackArch Linux distribution will be warmly received by security researchers. Version 2016.01.10 of BlackArch Linux, which was released on Jan. 10, boasts more than 30 new security tools, bringing the total number of security tools to 1,330. BlackArch is a security-focused operating system that is based on the Arch Linux distribution. Arch Linux is what is known as a rolling release Linux distribution because it is constantly being updated. BlackArch builds on top of Arch and includes anti-forensic, automation, backdoor, crypto, honeypot, networking, scanner, spoofer and wireless security tools for security research. Among the new tools is a utility to conduct attacks against IBM Lotus Domino servers. The new Jooforce tool, meanwhile, enables security researchers to attack the open-source Joomla content management system. Another interesting addition is the credential mapper (credmap) tool that aims to show researchers when user and account credentials have been reused. In this slide show, eWEEK takes a look at some of the features in the BlackArch 2016.01.10 milestone release.

Read more

Linux's Latest Security Vulnerability: Hype vs. Reality

Filed under
Linux
Security

In the latest bout of alarmist frenzy to sweep the security world, researchers disclosed a vulnerability in the Linux kernel's open source code last week. It turns out to pose little real threat.

The flaw, which has existed in Linux since 2012 but remained unknown, was reported by the Israeli security company Perception Point. It allows attackers to gain root access to computers running affected versions of the kernel. With root access, they can do anything they want to the system.

Read more

Security Leftovers

Filed under
Security
  • LeChiffre Ransomware Hits Three Indian Banks, Causes Millions in Damages

    An unknown hacker has breached the computer systems of three banks and a pharmaceutical company and infected most of their computers with crypto-ransomware.

    The incident took place at the start of January, all companies were located in India, and the hacker(s) used the LeChiffre ransomware family to encrypt files on the infected computers.

  • LeChiffre, Ransomware Ran Manually

    It encrypts files and appends to their names an extension “.LeChiffre”.

  • when preloads go sideways

    One solution would be to install an alternative operating system, like OpenBSD. Sorry, I meant to say ARCH LINUX.

    I note that a fair bit of the above foolishness revolves around adding some amount of pollution to the OS’s cabal store. Maybe we can use an OS that comes with a store we trust? For example, there’s several ways a user can install OpenBSD and verify that cert.pem has only the 4943 lines it’s supposed to have. That only pushes the question back a step, however. What lines are supposed to be in this file?

    [...]

    The trials and tribulations of bundleware mirror those of the government. For as long as most traffic was unencrypted, it was easy to inject value. But as sites started moving to full time https, the well of value started to dry up, requiring workarounds to stay in the game. Governments are facing much the same challenge, hence the large number of proposals to build a socialized, universal AV software, so that all citizens can enjoy its benefits on both desktop and mobile. How else will TrendMicro keep us safe from Let’s Encrypt?

    When asked to comment, Hillary Clinton responded with a statement. “I clearly specified that the problem was to be solved by Silicon Valley’s best and brightest, not bumbling mediocrity.” Donald Trump promised to build a wall around malware and make the neckbeards pay for it. Carly Fiorina simply tweeted, “Go Iowa!”

  • Microsoft putting users at risk by forcing Windows 10 upgrade

    Microsoft is forcing Windows users to upgrade to Windows 10 by quietly slipping in code through its regular updates. This has been confirmed by multiple sources.

    But what of those Windows users who want to stick with a known devil — in this case, their own versions of Windows, be they 7, 8 or 8.1 — until a little more is known by the public at large about the strengths and weaknesses of Windows 10?

  • Playing with Letsencrypt

    While I'm not convinced that encrypting everything by default is necessarily a good idea, it is certainly true that encryption has its uses. Unfortunately, for the longest time getting an SSL certificate from a CA was quite a hassle -- and then I'm not even mentioning the fact that it would cost money, too. In that light, the letsencrypt project is a useful alternative: rather than having to dabble with emails or webforms, letsencrypt does everything by way of a few scripts. Also, the letsencrypt CA is free to use, in contrast to many other certificate authorities.

Antivirus LiveCD 16.0-0.99 Promises to Clean Your PC of Viruses with ClamAV 0.99

Filed under
GNU
Linux
Security

Today, 4MLinux developer Zbigniew Konojacki informs us about the release and immediate availability for download of Antivirus Live CD 16.0-0.99.

If you don't know what Antivirus Live CD is, we will take this opportunity to remind you that it is a small, free and easy-to-use Live ISO image built around the open-source Clam AntiVirus (ClamAV) antivirus software and designed for cleaning your PC of viruses, no matter if you're using Linux, Mac or Windows.

The new release, Antivirus Live CD 16.0-0.99, brings support for the recently announced ClamAV 0.99.0, which has all the latest virus definition updates and bugfixes for protecting your computer from malware. Besides that, Antivirus Live CD 16.0-0.99 is now based on the 4MLinux 16.0 operating system.

Read more

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

Security Leftovers

GeckoLinux 421 Plasma and SUSE Hack Week

  • GeckoLinux 421 Plasma review - It ain't no dragon
    I heard a lot of good praise about this little distro. My inbox is flooded with requests to take it for a spin, so I decided, hey, so many people are asking. Let us. The thing is, openSUSE derivatives are far and few in between, but the potential and the appeal are definitely there. Something like CentOS on steroids, the way Stella did once, the same noble way Fuduntu tried to emancipate Fedora. Take a somewhat somber distro and pimpify it into submission. GeckoLinux is based on openSUSE Leap, and I chose the Plasma Static edition. There's also a Rolling version, based on Tumbleweed, but that one never worked for me. The test box for this review is Lenovo G50. But wait! Dedoimedo, did you not recently write in your second rejection report that GeckoLinux had failed to boot? Indeed I did. But the combo of yet another firmware update on the laptop and a fresh new download fixed it, allowing for a DVD boot. Somewhat like the painful but successful Fedora exercise back in the day. Tough start, but let's see what gives.
  • La Mapería
    It is Hack Week at SUSE, and I am working on La Mapería (the map store), a little program to generate beautiful printed maps from OpenStreetMap data.
  • HackWeek XIV @SUSE: Tuesday

From Vista 10 to Linux Mint

  • Microsoft Scared into Changes, 5 Reasons to Ditch
    Following a small claims court judgment against them, Microsoft announced they would be making declining their Windows 10 upgrade easier. Why not just switch to Linux as Daniel Robinson highlighted five reasons you should. My Linux Rig spoke to Christine Hall of FOSS Force about her "Linux rig" today and Bryan Lunduke had some thoughts on Canonical's collaboration myth. Dedoimedo reviewed GeckoLinux 421 and Gary Newell tested Peppermint 7 on his new Lenovo Ideapad.
  • After Multi-Month Tone Deaf Shitshow, Microsoft Finally Lets Users Control Obnoxious Windows 10 Upgrade
    Microsoft's decision to offer Windows 10 as a free upgrade to Windows 7 and Windows 8.1 made sense on its surface. It was a nice freebie for users happy to upgrade, and an effective way to herd customers on older Windows iterations onto the latest platform to help consolidate support expense. But Microsoft's upgrade in practice has seen no shortage of criticism from users annoyed by a total lack of control over the update, and Microsoft's violent tone deafness in response to the complaints. For example a Reddit post from an anti-poaching organization made the rounds earlier this year after the 17 GB automatic Windows 10 update resulted in huge per megabyte charges from their satellite broadband ISP. Microsoft's response to these complaints? Ignore them. As complaints grew, Microsoft finally provided a way to fully disable the forced upgrade, but made sure it involved forcing users to modify the registry, something Microsoft knew full well less technical users wouldn't be comfortable attempting to hurdle. [...] Things have been escalating ever since, often to comedic effect. But this week things changed somewhat with the news that Microsoft has struck a $10,000 settlement with a California woman who sued the company after an ill-timed Windows 10 upgrade brought her office computers to a crawl. The woman took Microsoft to court after support failed to help resolve the issue, a spokesman saying Microsoft halted its appeal of the ruling "to avoid the expense of further litigation."
  • Microsoft pays $10,000 to unwilling Windows 10 updater
  • The Linux Setup - Christine Hall, FOSS Force
    On my main desktop, I use Linux Mint 17.1, Rebecca. My main laptop, a 64-bit machine, is running Mint 17.2 Rafaela. The laptop got updated from Rebecca so I could write a review, but the desktop never got upgraded because it’s a 32-bit machine and would require another download, which I haven’t had the time to do. I have another laptop running Bodhi, which might be my favorite distro, but I can be more productive with Mint.
  • Linux Mint 18 Finally Arrives — Download Cinnamon and MATE Edition ISO Files Here
    The wait for the summer’s hottest Linux distro is over and you can finally download the release version of Linux Mint 18 “Sarah”. Often called the best Linux distribution for desktop PCs, Mint 18 comes loaded with new features and Linux 4.4 LTS Kernel.

AMD and Linux

  • The Updated AMD Polaris Firmware Blobs Needed For RX 480 Support Land
    One day ahead of the Radeon RX 480 "Polaris" launch, the necessary firmware updates for the production graphics card support have landed in linux-firmware.git.
  • AMD RX 480 released, AMD will possibly open up Radeon Software
    The next generation of AMD GPU's have launched, and it begins with the AMD RX 480. Benchmarks are now out there along with plenty of info. I don't have the card myself as I have no contacts at AMD, but luckily Phoronix managed to bag a card and he's done plenty of testing as you can imagine. I will be referencing the green site due to other sites obviously focusing on Windows.