Language Selection

English French German Italian Portuguese Spanish

Security

Gentoo-Based Pentoo 2015.0 Linux Distro for Ethical Hackers Gets New RC Release

Filed under
Gentoo
Security

The Pentoo Linux development team proudly announces today, August 2, 2016, the availability for download of the fifth Release Candidate (RC) build towards the Pentoo 2015.0 GNU/Linux operating system.

We don't write so often about the Pentoo GNU/Linux operating system because new releases are being made available to the public online when a new DEF CON event (the world's largest annual hacker convention) is taking place. So yes, it's now a tradition to see a new Pentoo release around a DEF CON conference.

Read more

Security Leftovers

Filed under
Security

Kaspersky Selling His Snake Oil

Filed under
GNU
Linux
Security

Security News

Filed under
Security
  • Securing Embedded Linux

    Until fairly recently, Linux developers have been spared many of the security threats that have bedeviled the Windows world. Yet, when moving from desktops and servers to the embedded Internet of Things, a much higher threat level awaits.

    “The basic rules for Linux security are the same whether it’s desktop, server, or embedded, but because IoT devices are typically on all the time, they pose some unique challenges,” said Mike Anderson, CTO and Chief Scientist for The PTR Group, Inc. during an Embedded Linux Conference talk called “Securing Embedded Linux.”

  • Security updates for Monday
  • Packt security bundle winner announced!
  • Everyone has been hacked

    Unless you live in a cave (if you do, I'm pretty jealous) you've heard about all the political hacking going on. I don't like to take sides, so let's put aside who is right or wrong and use it as a lesson in thinking about how we have to operate in what is the new world.

    In the past, there were ways to communicate that one could be relatively certain was secure and/or private. Long ago you didn't write everything down. There was a lot of verbal communication. When things were written down there was generally only one copy. Making copies of things was hard. Recording communications was hard. Even viewing or hearing many of these conversations if you weren't supposed to was hard. None of this is true anymore, it hasn't been true for a long time, yet we still act like what we do is just fine.

  • Android Security Bulletin—July 2016
  • The July 2016 Android security bulletin
  • How To Use Google For Hacking?
  • Securing Embedded Linux by Michael E. Anderson
  • Botnet DDoS attacks in Q2: Linux Botnets on the rise, length of attacks increase

    Kaspersky Lab has released its report on botnet-assisted DDoS attacks for the second quarter of 2016 based on data provided by Kaspersky DDoS Intelligence*. The number of attacks on resources located on Chinese servers grew considerably, while Brazil, Italy and Israel all appeared among the leading countries hosting C&C servers.

  • Cisco Cybersecurity Report Warns of Serious Ransomware Dangers

SubgraphOS: Security Becomes Accessible

Filed under
Software
Security

Increased security often comes at a price in Linux distributions. Tails, for example, allows anonymous browsing at the cost of running from a flash drive. Similarly, Qubes OS provides comprehensive security but with an enormous increase in memory requirements. By contrast, Subgraph OS (SGOS) increase security by installing existing security features that other distributions leave out, adding graphical access to them at a cost no higher than some extra configuration after installation.

The maker of SGOS is Subgraph, an open source security company based in Montreal, Canada. Subgraph is also the developer of Vega, a web application security testing tool, and Orchid, a Java Tor client. SGOS itself is a Debian-derivative running a GNOME desktop environment, and currently in a usable if somewhat rough alpha release.

SGOS uses the standard Debian installer, with options for a Live Disk, and a standard or advanced installation. The standard install differs from Debian’s chiefly in the fact that disk encryption is mandatory and that partitions are over-written with random data before set up before installation — a process that can be skipped, but at the cost of some unspecified loss os security. Somewhat surprisingly, it enforces strong passwords or passphrases only by the number of characters, although whether that is due a conviction that passwords are weak security, or of less concern with disk encryption is uncertain. Or possibly SGOS will enforce passwords that include characters and a variety of cases in later releases.

Read more

Security News

Filed under
Security
  • Endian Firewall Community 3.2.1 Adds Extended 3G Modem Support, Linux Kernel 4.1

    Today, July 31, 2016, the Endian Team proudly announced that the Endian Firewall Community 3.2 GNU/Linux distribution is out of Beta and ready to be deployed in stable, production environments.

    Endian Firewall Community 3.2.1 is now the latest stable and most advanced version of the CentOS-based GNU/Linux operating system that has been designed to be used in routers and network firewall devices. And it looks like it's also a pretty major update that introduces lots of enhancements, many new features, as well as the usual under-the-hood improvements.

  • HTTPS Bypassed On Windows, Mac, And Linux

    HTTPS encryption assured users that the addresses of the websites they visit could not be monitored or viewed by data snoopers and other such malicious users. However, a new hack has broken this encryption. This hack can be carried out on any network, most notably in Wi-Fi hotspots, where this encryption is most required.

  • Intel's Crosswalk open source dev library has serious SSL bug

    Developers using Intel's Crosswalk SSL library: it's time to patch and push out an upgrade.

    Crosswalk is a cross-platform library that supports deployment to Android, iOS and Windows Phone, but the bug is Android-specific.

    The library has a bug in how it handles SSL errors, and as a result, end users on Android could be tricked into accepting MITM certificates.

    As consultancy Nightwatch Cyber Security explains, if a user accepts one invalid or self-signed SSL certificate, Crosswalk remembers that choice and applies it to all future certificates.

Security Leftovers

Filed under
Security
  • Xen patches critical guest privilege escalation bug

    A freshly uncovered bug in the Xen virtualisation hypervisor could potentially allow guests to escalate their privileges until they have full control of the hosts they're running on.

    The Xen hypervisor is used by cloud giants Amazon Web Services, IBM and Rackspace.

    Inadequate security checks of how virtual machines access memory means a malicous, paravirtualised guest administrator can raise their system privileges to that of the host on unpatched installations, Xen said.

  • Xen Vulnerability Allows Hackers To Escape Qubes OS VM And Own the Host
  • The Security of Our Election Systems [Too much of Microsoft]

    The FBI is investigating. WikiLeaks promises there is more data to come. The political nature of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation's computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November ­ that our election systems and our voting machines could be vulnerable to a similar attack.

  • Data program accessed in cyber-attack on Democrats, says Clinton campaign [iophk: "Windows still"]

    A data program used by the campaign of the Democratic presidential candidate, Hillary Clinton, was “accessed” as a part of hack on the Democratic National Committee (DNC) that intelligence officials believe was carried out by Russia’s intelligence services, Clinton’s campaign said on Friday.

  • A Famed Hacker Is Grading Thousands of Programs — and May Revolutionize Software in the Process

    “There are applications out there that really do demonstrate good [security] hygiene … and the vast majority are somewhere else on the continuum from moderate to atrocious,” Peiter Zatko says. “But the nice thing is that now you can actually see where the software package lives on that continuum.”

    Joshua Corman, founder of I Am the Cavalry, a group aimed at improving the security of software in critical devices like cars and medical devices, and head of the Cyber Statecraft Initiative for the Atlantic Council, says the public is in sore need of data that can help people assess the security of software products.

    “Markets do well when an informed buyer can make an informed risk decision, and right now there is incredibly scant transparency in the buyer’s realm,” he says.

Security News

Filed under
Security

Fedora 24 Linux OS Gets New, Updated Lives ISOs with Latest Security Patches

Filed under
Red Hat
Security

Founder of The Fedora Unity Project and Fedora Ambassador, Ben Williams, is happy to report that updated Live ISO images of the Fedora 24 GNU/Linux operating system are now available for download.

Read more

Syndicate content

More in Tux Machines

Ubuntu Touch OTA-14 Officially Released with Revamped Unity 8 Interface, Fixes

A few moments ago, we've been informed by Canonical's Lukasz Zemczak about the general availability of the long-anticipated Ubuntu Touch OTA-14 software update for Ubuntu Phone and Ubuntu Tablet devices. Read more Also: Ubuntu OTA-14 Released, Fixes A Number Of Bugs

Cloud convenience is killing the open source database

Open source has never been more important or, ironically, irrelevant. As developers increasingly embrace the cloud to shorten time to market, they're speeding past open source, making it even harder to build an open source business. After all, if open source were largely a way for developers to skirt legal and purchasing departments to get the software they needed when they needed it, the cloud ups that convenience to the nth degree. In Accel's annual business review, the vaunted venture capital firm writes: "'Product' is no longer just the bits of software, it's also how the software is sold, supported, and made successful." The cloud is changing the way all software is consumed, including open source. Read more

Why the operating system matters even more in 2017

Operating systems don't quite date back to the beginning of computing, but they go back far enough. Mainframe customers wrote the first ones in the late 1950s, with operating systems that we'd more clearly recognize as such today—including OS/360 from IBM and Unix from Bell Labs—following over the next couple of decades. Read more

OpenGov Partnership members mull open source policy

The Open Government Partnership (OGP) will suggest to its member governments to create a policy on open source. This week, a draft proposal is to be finalised at the OGP Global Summit in Paris. Read more