Language Selection

English French German Italian Portuguese Spanish

Security

IoT and Linux

Filed under
Linux
Security
  • Linux’s Torvalds surprised by IoT uptake

    Linux founder Linus Torvalds is starting to appreciate the use of his operating system as a backbone for embedded systems, especially in the world of Internet of Things (IoT), speaking at the Embedded Linux Conference & OpenIoT Summit for the first time this week.

  • Linus Torvalds isn't worried about IoT security

    Devices like smart heaters, smart bulbs and smart refrigerators have direct access to unlimited power supply; they have direct access to the internet. And things can go really bad.

    And with IDC predicting that the worldwide IoT market will grow from $655.8 billion in 2014 to $1.7 trillion in 2020, security is becoming a very serious topic.

  • Samsung's SmartThings

    If you pick up a Samsung Smart TV this year, you'll be certain to find "Linux Inside" in many ways. Samsung continues to build on its Tizen-powered Smart TV UI, which this year it will enhance with integrated SmartThings IoT hub technology, enabling the TV as the control center for a smart home. Samsung's SUHD TVs for 2016 will enable users to connect with, control and monitor hundreds of other compatible devices including lights, locks, thermostats, cameras, speakers, appliances, sensors and the like.

Canonical Patches Six New Linux Kernel Vulnerabilities in Ubuntu 15.10 and 14.04

Filed under
Security
Ubuntu

Today, April 6, Canonical has announced the availability of new kernel versions for its Ubuntu 15.10 (Wily Werewolf), Ubuntu 15.10 for Raspberry Pi 2, and Ubuntu 14.04 LTS (Trusty Tahr) operating systems.

Read more

Security Leftovers

Filed under
Security
  • Shodan2Sheets

    After spending last night working on a Reverse DNS Function for Google Sheets I couldnt leave well enough alone and wrote Shodan2Sheets tonight using the shodan.io api.

  • Security is a process, not a reaction

    If this sounds familiar, you are probably running a web application of some kind. Maybe your whole business depends on it. Maybe you didn't hear about the latest world-on-fire vulnerability. Panic.

    How do you keep up with security issues when everything is happening so fast? Which parts of your technical stack are the most at risk? Is the customer data safe? Do you really need to care?

  • Three-year-old IBM patch for critical Java flaw is broken

    Attackers can easily bypass the patch to exploit a vulnerability that allows them to escape from the Java security sandbox

  • FBI Says a Mysterious Hacking Group Has Had Access to US Govt Files for Years

    The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard.

    The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years. This comes months after the US government revealed that a group of hackers, widely believed to be working for the Chinese government, had for more than a year infiltrated the computer systems of the Office of Personnel Management, or OPM. In the process, they stole highly sensitive data about several millions of government workers and even spies.

  • Sources: Trump Hotels Breached Again

    Banking industry sources tell KrebsOnSecurity that the Trump Hotel Collection — a string of luxury properties tied to business magnate and Republican presidential candidate Donald Trump — appears to be dealing with another breach of its credit card systems. If confirmed, this would be the second such breach at the Trump properties in less than a year.

Security Leftovers

Filed under
Security

Matriux Linux Operating System For Hackers — An Alternative To Kali Linux

Filed under
GNU
Linux
Security

Matriux is an open source Linux-based operating system that’s designed in accordance with the needs of security researchers and professionals. The OS comes with more than 300 hacking tools that include the likes of Wireshark, Aircrack-ng, Nmap, Vidalia, TrueCrypt and more. Matriux hacking OS features a traditional desktop environment that’s powered by GNOME Classic

Read more

Security Leftovers

Filed under
Security
  • Linux Ransomware and why everyone could be affected [Ed: Bitdefender ad as ‘article’]
  • Kaiten targets Linux routers, gateways, access points and now IoT

    Change default passwords on network equipment even if it is not reachable from the Internet.

  • Security is really about Risk vs Reward

    Every now and then the conversation erupts about what is security really? There's the old saying that the only secure computer is one that's off (or fill in your favorite quote here, there are hundreds). But the thing is, security isn't the binary concept: you can be secure, or insecure. That's not how anything works. Everything is a sliding scale, you are never secure, you are never insecure. You're somewhere in the middle. Rather than bumble around about your risk though, you need to understand what's going on and plan for the risk.

Safety/Privacy in Firefox

Filed under
Moz/FF
Security
  • Firefox and cookie micromanagement

    For most of its existence, Firefox has provided users with the ability to manage how cookies are stored with a rather high degree of granularity: users can block specific cookies, create site-wide exceptions to the accept/block policy, and configure behavior for third-party cookies. Up until Firefox 44, there was an additional option as well, one that allowed users to choose the expiration point (that is, expiring them at the end of the session or letting them persist) for every cookie they encounter. That option was removed in the Firefox 44 release, which has made some users rather unhappy.

    The option in question was found in the Privacy preferences screen, labeled "Ask me every time" on the "Keep until:" selector. When enabled, the option raised a dialog box asking the user to accept or reject each cookie encountered, with a "accept for this session only" choice provided. Removing the option was proposed in 2010, although the patch to perform the removal did not land until 2015. It was released in Firefox 44 in January 2016.

  • How Safe Browsing works in Firefox

    If you want to learn more about how Safe Browsing works in Firefox, you can find all of the technical details on the Safe Browsing and Application Reputation pages of the Mozilla wiki or you can ask questions on our mailing list.

  • Decentraleyes Addon Fixes Browser Privacy, Circumvents CDNs

    Widespread CDN acceptance has been a security flaw that sacrifices privacy simply because it breaks web pages on anything put a text-based browser, which is a sacrifice few are willing to make for the sake of their information remaining local.

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Reviewing Important Healthcare Cybersecurity Frameworks [Ed: Microsoft Windows]

    Just recently, a ransomware attack affected Hollywood Presbyterian in California, causing the hospital to pay $17,000 to regain access to its databases.

  • U.S., Canada issue joint alert on 'ransomware' after hospital attacks [iophk: The governments need to track down those spreading Windows in the hospitals.]

    The United States and Canada on Thursday issued a rare joint cyber alert, warning against a recent surge in extortion attacks that infect computers with viruses known as "ransomware," which encrypt data and demand payments for it to be unlocked.

    The warning follows reports from several private security firms that they expect the crisis to worsen, because hackers are getting more sophisticated and few businesses have adopted proper security measures to thwart such attacks.

  • NIST Publishes New Security Standard For Encrypting Credit Card, Medical Info

    The National Institute of Standards and Technology (NIST) has developed new encryption methods for securing financial data and other sensitive information.

    The NIST publication SP 800-38G authored by Morris Dworkin specifies cryptography standards for both binary and non-binary data, preserving the look and feel of the unencrypted digits. Earlier encryption methods designed by NIST worked for binary data. But for strings of decimal numbers, there was no feasible technique to produce coded data that preserves the original format.

Syndicate content

More in Tux Machines

PC-BSD Becomes TrueOS, FreeBSD 11.0 Reaches RC2

  • More Details On PC-BSD's Rebranding As TrueOS
    Most Phoronix readers know PC-BSD as the BSD operating system derived from FreeBSD that aims to be user-friendly on the desktop side and they've done a fairly good job at that over the years. However, the OS has been in the process of re-branding itself as TrueOS. PC-BSD has been offering "TrueOS Server" for a while now as their FreeBSD-based server offering. But around the upcoming FreeBSD 11.0 release they are looking to re-brand their primary desktop download too now as TrueOS.
  • FreeBSD 11.0-RC2 Arrives With Fixes
    The second release candidate to the upcoming FreeBSD 11 is now available for testing. FreeBSD 11.0-RC2 ships with various bug fixes, several networking related changes, Clang compiler fixes, and other updates. FreeBSD 11.0 is bringing updated KMS drivers, Linux binary compatibility layer improvements, UEFI improvements, Bhyve virtualization improvements, and a plethora of other work. Those not yet familiar with FreeBSD 11 can see the what's new guide.

Hosting, Servers, VMs and Containers

  • Open Source, Containers and the Cloud: News from ContainerCon and LinuxCon
    LinuxCon and ContainerCon, events focused on Linux, containers and open source software, wrapped up this week in Toronto. Here's a round-up of the announcements and insights related to cloud computing that emerged from the meeting. LinuxCon and ContainerCon are co-located events. That made for an interesting combination this year because Linux is an established technology, which is celebrating its twenty-fifth anniversary. In contrast, containers remain a new and emerging enterprise technology. (Yes, containers themselves are much older, but it has only been in the past three years, with the launch of Docker, that containers are becoming a big deal commercially.) The two events thus paired discussion of a very entrenched platform, Linux, with one that is still very much in development. But open source, the coding and licensing model behind both Linux and container platforms like Docker, tied everything together.
  • Citrix Enables NetScaler for Containers and Micro-Services
    At the LinuxCon ContainerCon event here, a core topic of discussion is about how to enable enterprises to be able to embrace containers. Citrix has a few ideas on how to help and is announcing enhancements to its NetScaler networking gear to enable load balancing for containers and micro-services.
  • Want to Work for a Cloud Company? Here’s the Cream of the Crop
    What do Asana, Greenhouse Software, WalkMe, Chef Software, and Sprout Social have in common? They’ve been deemed the very best privately held “cloud” companies to work for, according to new rankings compiled by Glassdoor and venture capital firm Battery Ventures. For “The 50 Highest Rated Private Cloud Computing Companies,” Glassdoor and Battery worked with Mattermark to come up with a list of non-public companies that offer cloud-based services, and then culled them, making sure that each entry had at least 30 Glassdoor reviews, Neeraj Agrawal, Battery Ventures general partner told Fortune.
  • Red Hat Updates its Kernel-based Virtual Machine
    Red Hat updated its Kernel-based Virtual Machine (KVM)-powered virtualization platform for both Linux- and Windows-based workloads.
  • Red Hat Virtualization 4 Takes on Proprietary Competition
    Red Hat continues to move well beyond its core enteprise Linux-based roots with a string of new releases. The company has announced the general availability of Red Hat Virtualization 4, the latest release of its Kernel-based Virtual Machine (KVM) -powered virtualization platform. It fully supports OpenStack’s Neutron – the networking project leveraged in SDNs. The company emphasizes that Red Hat Virtualization 4 challenges the economics and complexities of proprietary virtualization solutions by providing a fully-open, high-performing, more secure, and centrally managed platform for both Linux- and Windows-based workloads. It combines an updated hypervisor, advanced system dashboard, and centralized networking for users’ evolving workloads.

Windows, Mac or Linux... Which operating system best suits your business?

Linux is a free alternative. Apart from the zero-cost factor, it's still less prone to viruses than Windows. Most Linux machines start out as Windows computers that are reformatted. Linux is also adaptable -- Linux is an OS kernel, not a full system, but is the heart of software distributions such as Ubuntu or Fedora. As for cons, Linux is more complex to learn and use. There are also far fewer programs written for Linux systems. Of course, someone with an advanced online computer science master’s degree will help you make the most of a Linux system by supplying the skills needed to innovate and implement custom solutions for your business environment. Read more

LinuxCon, Linux at 25, and Linux Development