Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

Security News

Filed under
Security
  • Linux – Justice Grinds Slowly But Eventually Gets Its Hacker
  • Do electronic voting machines put 2016 election at risk? [Ed: Microsoft inside]

    Soon after the 2000 presidential elections went to a recount, Americans got acquainted with an exotic new vocabulary – hanging chads and butterfly ballots – and what lawmakers saw as a modern solution to the nightmare of punchcard voting systems: electronic voting machines.

    In 2002, Congress passed the Help America Vote Act, pouring nearly $3 billion into an effort to get states to adopt those machines.

  • FBI says foreign hackers penetrated state election systems [Ed: FBI also insists on back doors in everything!]

    The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials.

  • Hack Brief: As FBI Warns Election Sites Got Hacked, All Eyes Are on Russia

    In any other year, hackers breaking into a couple of state government websites through common web vulnerabilities would hardly raise a blip on the cybersecurity community’s radar. But in this strange and digitally fraught election season, the breach of two state board of election websites not only merits an FBI warning—it might just rise to the level of an international incident.

  • Ransomware Targets UK Hospitals, But NHS Won't Pay Up

    Ransomware has caused massive headaches for hospitals. In February of this year, at least a dozen hospitals around the world had been seriously infected with malware demanding cash to retrieve their files. Some even resorted to pen-and-paper systems, and others gave the hackers over $10,000 worth of bitcoin to unlock their systems.

    But judging by responses to Freedom of Information requests, UK hospitals are not paying hackers when ransomware strikes.

    Motherboard asked National Health Service (NHS) trusts for details on attack figures and payments stretching back to January 2012. Many had been successfully hacked at some point (although on a limited scale, infecting only a small number of computers). Another piece of research carried out by cybersecurity company NCC Group found nearly half of 60 NHS Trusts suffered a ransomware attack in the last year.

  • Malware-ridden Word docs lead to Microsoft alert blurt

    MICROSOFT HAS taken the trouble to warn Windows users about an attack that takes what trust people have left in the software and throws it out of the window.

    The firm explained that the problem involves macros and the use of social engineering. People are tricked into downloading and then enabling malicious content that ultimately leads to trouble when they innocently use Word.

    "Attackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigation investments in Windows," said the firm in a Microsoft TechNet blog post suggesting that this is a cheap shot by hackers.

  • About 70 credit card skimmers found at Michigan gas stations in past year

    In the year since the first credit-card skimmer was found in a Michigan gas station, about 70 more have been discovered in the state according to a press release from the Michigan Department of Agriculture and Rural Development.

    "Approximately 70 credit card skimmers have been found and removed from gas pumps statewide since last year," said MDARD director Jamie Clover Adams. "Credit card skimmers will not be tolerated in Michigan. MDARD's Weights and Measures inspectors, gas station owners, and law enforcement remain on the hunt for skimmers to protect the state's consumers from fraud."

    According to the MDARD, which inspects gas station pumps, the skimmers can't be seen from outside the pump and can be installed in seconds

    The skimmers copy the consumer's card information for criminals to make fraudulent purchases.

  • Dropbox has been hacked for a reported 68 million personal records

    ANOTHER DAY, another hacked site. Dropbox is the latest company to have its users' data dangled in harm's way after what appears to be a major cyber attack involving 68 million personal records.

    The incident has been confirmed by venerable security researcher Troy Hunt, who claimed that he and his wife were affected.

  • Let's Encrypt client imported into -current

    Kristaps Dzonsons' Let's Encrypt client, letskencrypt, has been imported into OpenBSD-current as acme-client.

    letskencrypt, which has previously been available as a port, is a privilege-separated Let's Encrypt (ACME protocol) client written in C.

  • The story of how WoSign gave me an SSL certificate for GitHub.com
  • Attackers Infect Transmission Torrent Client With OS X Malware

    Researchers at ESET say that malware designed to steal the content of OS X’s keychain and maintain a permanent backdoor was found in a recent build of open source torrent client Transmission. Following an investigation, the Transmission team say they were subjected to an attack on their servers. Steps have been taken to ensure greater security in the future.

  • BitTorrent Client Transmission Again Victimized by OS X Malware

    Just five months after Transmission was infected with the first "ransomware" ever found on the Mac, the popular BitTorrent client is again at the center of newly uncovered OS X malware.

    Researchers at security website We Live Security have discovered the malware, called OSX/Keydnap, was spread through a recompiled version of Transmission temporarily distributed through the client's official website.

Security Leftovers

Filed under
Security

Security News

Filed under
Security
  • Thursday's security updates
  • Friday's security updates
  • Security advisories for Monday
  • Tox Is Your New Secure Chat Application

    In a previous article, I talked about the Ring communication app. The article proved quite popular and aside from drawing a bit of attention -- or maybe because of it -- that article also drew some criticism, including "What about Tox?" That’s a totally fair question, so here we are.

  • Florida Computer Programmer Arrested For Hacking

    A South Florida-based computer programmer made an appearance in the Southern District of Florida today after being arrested Sunday on charges of hacking into computers operated by the Linux Kernel Organization and the Linux Foundation, announced United States Attorney Brian J. Stretch and Federal Bureau of Investigation Special Agent in Charge John F. Bennett.

    The Linux Kernel Organization operates the www.kernel.org website from which it distributes the Linux kernel software. The Linux Foundation is a separate nonprofit foundation that supports the www.kernel.org website.

  • ​Florida Man Arrested for Allegedly Hacking Key Linux Servers

    A computer programmer from South Florida was arrested last week for allegedly hacking into servers related to the Linux operating system, the Department of Justice announced on Thursday. The case acts as a reminder that even the websites that host and distribute the operating systems our devices run on can be targeted by hackers.

Security Leftovers

Filed under
Security
  • School Creates Own Security Hole; Tries To Have Concerned Parent Arrested For Hacking

    We've seen it so often over the years, it's probably now time to accept the fact that this will never change: when entities are presented evidence of security holes and breaches, far too often the initial reaction is to shoot the messenger.

    A school whose online student portal exposed a lot of sensitive data decided the best way to handle a concerned parent's repeated questions about how it was handling the problem was to file a criminal complaint against the parent. (via the Office of Inadequate Security)

    The details of the breach (since closed) were reported by independent journalist Sherrie Peif.

  • [Tor] A New Bridge Authority

    After ten years of volunteer maintenance of Tonga, Tor's bridge Authority—a piece of critical infrastructure within the Tor network—our colleague and friend, Lucky Green, a long time cypherpunk, and free speech and privacy advocate, has decided to step down from this role. Tonga's cryptographic keys will be destroyed this week. We are incredibly thankful to Lucky for all his support and selfless labour in maintaining a key component of our censorship circumvention efforts, grateful for the years we have spent working with him, and very sorry to see him go.

  • More Than 40% Of Attacks Abuse SSL Encryption

    There’s an important caveat about encrypted traffic from new research released this week: Encryption works so well that hackers are using it as cover.

    A new study from A10 and the Ponemon Institute found that 80% of respondents say their organizations have been the victim of a cyberattack or malicious insiders in the past year -- and 41% of the attacks have used encryption to evade detection. In addition, 75% say malware hidden within encrypted traffic is a risk to their organizations.

    At issue: The report found that SSL encryption not only hides data from would-be hackers but also from common security tools.

    “Hackers are using SSL encryption to slide by standard perimeter defenses,” says Chase Cunningham, director of cyber operations at A10 Networks.

  • The Cloud Security Alliance publishes its best practices for Big Data security

    Big Data is a boon for businesses worldwide, but the benefits come at a cost. The more data companies store, the more vulnerable they are to potential security breaches. And data breaches can be enormously expensive when they occur. IBM’s 2016 Cost of Data Breach report found that the average consolidated total cost of a data breach grew from $3.8 million to $4 million in the last year, which makes securing their data an important goal for any company that’s invested in it.

Redis Misconfiguration and Ransom

Filed under
Linux
Security

Leftovers: Security

Filed under
Security
  • Tor 0.2.8.7 Addresses Important Bug Related to ReachableAddresses Option

    The Tor Project, through Nick Mathewson, is pleased to inform the Tor community about the release and general availability of yet another maintenance update to the Tor 0.2.8 stable series.

  • Emergency Service Window for Kolab Now

    We’re going to need to free up a hypervisor and put its load on other hypervisors, in order to pull out the one hypervisor and have some of its faulty hardware replaced — but there’s two problems;

    The hypervisor to free up has asserted required CPU capabilities most of the eligible targets do not have — this prevents a migration that does not involve a shut down, reconfiguration, and restart of the guest.

Syndicate content

More in Tux Machines

Linux Kernel News

  • Linux: Why do people hate systemd?
    systemd has caused an almost unending amount of controversy in the Linux community. Some Linux users have been unyielding in their opposition to systemd, while others have been much more accepting. The topic of systemd came up in a recent thread in the Linux subreddit and the folks there did not pull any punches when sharing their thoughts about it.
  • PulseAudio 10.0 Linux Sound System Released, Offers OpenSSL 1.1.0 Compatibility
    Today, January 19, 2017, sees the official release of the PulseAudio 10.0 open-source sound server for Linux-based operating systems, a major version that introduces many exciting new features. PulseAudio 10.0 has been in development for the past seven months, since the June 22, 2016, release of PulseAudio 9.0, which is currently used by default in numerous GNU/Linux distributions.
  • Linux is part of the IoT security problem, dev tells Linux conference
    The Mirai botnet? Just the “tip of the iceberg” is how security bods at this week's linux.conf.au see the Internet of Things. Presenting to the Security and Privacy miniconf at linux.conf.au, embedded systems developer and consultant Christopher Biggs pointed out that Mirai's focus on building a big DDoS cannon drew attention away from the other risks posed by insecure cameras and digital video recorders.
  • The Linux Foundation Brings 3 New Open Source Events to China
    LinuxCon, ContainerCon, and CloudOpen will be held in China this year for the first time, The Linux Foundation announced this week. After the success of other Linux Foundation events in the country, including MesosCon Asia and Cloud Foundry Summit Asia, The Linux Foundation decided to offer its flagship LinuxCon, ContainerCon and CloudOpen events in China as well, said Linux Foundation Executive Director Jim Zemlin. “Chinese developers and businesses have strongly embraced open source and are contributing significant amounts of code to a wide variety of projects,” Zemlin said. “We have heard the call to bring more open source events to China.”

Dell Has Sold ‘Tens of Millions’ Dollars’ Worth of Linux Laptops

So popular Linux personality Bryan Lunduke, who recently took an hour out to talk to Dell’s Senior Architect in the office of CTO — try saying that with a mouthful of doughnut — Barton George. What did he learn? Well, for one, Dell says it has ‘no plans’ to start shipping its Linux-powered developer laptops with anything other than Ubuntu. Read more

Open-source voting is the answer to hacking concerns

Will we ever have a voting system that is completely error-proof and impenetrable from malicious forces? Not likely. But the security breaches that are increasingly a part of daily life serve as a call to action. Every day brings a new report of hacking or suspicious activity, and increasingly with fingers pointing to international actors. Whether it is statewide voter registration databases (Illinois and Arizona; some say more); national party organizations (the Democratic National Committee); utilities (Vermont’s Burlington Electric); or Russia’s state-run television station (RT) suddenly interrupting C-SPAN last week — the incident is still under investigation and not confirmed as a hack — it is all very unsettling and leaves us feeling vulnerable. Read more

The Many, the Humble, the Ubuntu Users

I have never been much of a leading-edge computing person. In fact, I first got mildly famous online writing a weekly column titled “This Old PC” for Time/Life about making do with used gear — often by installing Linux on it — and after that an essentially identical column for Andover.net titled “Cheap Computing,” which was also about saving money in a world where most online computing columns seemed to be about getting you to spend until you had no money left to spend on food. Read more