Language Selection

English French German Italian Portuguese Spanish

Security

KDE Applications 16.04 Gets Its First Point Release, Includes Over 25 Bug Fixes

Filed under
KDE
Security

Today, May 10, 2016, KDE has announced the general availability of the first point release in the latest stable and most advanced KDE Applications 16.04 series of the software suite used for the KDE Plasma 5 desktop environment.

Read more

Security Leftovers

Filed under
Security

Ubuntu LTS Kernel Vulnerabilities

Filed under
Security
Ubuntu

Security Leftovers

Filed under
Security
  • Secure from whom

    Side-channel attacks are a thing, this is true. But they also cost a lot of time and money to develop. If you want something that can be applied to more than just a single target, that cost explodes. That is why the two most common places where side-channel attacks are developed are nation states and universities specializing in that research.

    [...]

    So in summation, I’m far more interested in focusing on our ability to get security fixes out to users in a timely fashion. Herd immunity can work for software too.

  • Security isn't a feature, it's a part of everything

    Almost every industry goes through a time when new novel features are sold as some sort of add on or extra product. Remember needing a TCP stack? What about having to buy a sound card for your computer, or a CD drive? (Does anyone even know what a CD is anymore?) Did you know that web browsers used to cost money? Times were crazy.

  • Student Tried to Hack His School Network, Police Calls Him An Anonymous Member

    The State police and school district officials in Pennsylvania are investigating a case that involves a school student trying to hack into the school’s Wi-Fi network. The officials have told a local newspaper that they have found some evidence regarding his association with the hacktivist group Anonymous

Security Leftovers

Filed under
Security
  • This Single Command Can Hack Your Windows AppLocker In Seconds

    If you use Windows AppLocker to restrict others from using some applications and locking down your Windows PC, here’s something to worry about. Casey Smith, a security researcher, has found a way to bypass the AppLocker whitelist and run arbitrary scripts. IT admins are advised to run this command on their systems and see if some loopholes exist in their network.

  • Here's how I verify data breaches

    Other headlines went on to suggest that you need to change your password right now if you're using the likes of Hotmail or Gmail, among others. The strong implication across the stories I've read is that these mail providers have been hacked and now there's a mega-list of stolen accounts floating around the webs.

  • The Top 4 in a Linux Environment
  • An update on SSH protocol 1

    At this stage, we're most of the way towards fully deprecating SSH protocol 1 - this outlines our plans to complete this task.

  • High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic
  • Firejail 0.9.40-rc1 Release Announcement

    We are happy to announce the release candidate of Firejail version 0.9.40-rc1 (download). Firejail is a generic Linux namespaces security sandbox, capable of running graphic interface programs as well as server programs. This release includes a number of major features, such as X11 sandboxing support, file transfers between sandboxes and the host system, run-time configuration support, Ubuntu 14.04 AppArmor support, and firecfg, a desktop configuration utility. A number of smaller features, documentation and bugfixes are also included:

Security Leftovers

Filed under
Security
  • Friday's security updates
  • OpenSSL Patches Six Vulnerabilities

    Only two of the flaws patched are rated as high impact, and none is getting the Heartbleed treatment.
    The open-source OpenSSL cryptographic library project issued a security update this week that patched six issues, though only two of them are rated "critical."

  • Critical Linux Kernel Update for Ubuntu 16.04 LTS Patches 15 Vulnerabilities

    Canonical published a new security notice to inform the community about the availability of an important kernel update for the Ubuntu 16.04 LTS (Xenial Xerus) operating system.

  • Linus Torvalds Talks IoT, Smart Devices, Security Concerns, and More [Video]

    Torvalds remained customarily philosophical when Hohndel asked about the gaping security holes in IoT. “I don’t worry about security because there’s not a lot we can do,” he said. “IoT is unpatchable -- it’s a fact of life.”

    The Linux creator seemed more concerned about the lack of timely upstream contributions from one-off embedded projects, although he noted there have been significant improvements in recent years, partially due to consolidation on hardware.

    “The embedded world has traditionally been hard to interact with as an open source developer, but I think that’s improving,” Torvalds said. “The ARM community has become so much better. Kernel people can now actually keep up with some of the hardware improvements. It’s improving, but we’re not nearly there yet.”

    Torvalds admitted to being more at home on the desktop than in embedded and to having “two left hands” when it comes to hardware.

    “I’ve destroyed things with a soldering iron many times,” he said. “I’m not really set up to do hardware.” On the other hand, Torvalds guessed that if he were a teenager today, he would be fiddling around with a Raspberry Pi or BeagleBone. “The great part is if you’re not great at soldering, you can just buy a new one.”

Security Leftovers

Filed under
Security
  • Security updates for Thursday
  • OpenSSL patches two high-severity flaws

    OpenSSL has released versions 1.0.2h and 1.0.1t of its open source cryptographic library, fixing multiple security vulnerabilities that can lead to traffic being decrypted, denial-of-service attacks, and arbitrary code execution. One of the high-severity vulnerabilities is actually a hybrid of two low-risk bugs and can cause OpenSSL to crash.

  • Linux Foundation Advances Security Efforts via Badging Program

    The Linux Foundation Core Infrastructure Initiative's badging program matures, as the first projects to achieve security badges are announced.

  • Linux Foundation tackles open source security with new badge program
  • WordPress Plugin ‘Ninja Forms’ Security Vulnerability

    FOSS Force has just learned from Wordfence, a security company that focuses on the open source WordPress content management platform, that a popular plugin used by over 500,000 sites, Ninja Forms, contains serious security vulnerabilities.

  • Preparing Your Network for the IoT Revolution

    While there is no denying that IP-based connectivity continues to become more and more pervasive, this is not a fundamentally new thing. What is new is the target audience is changing and connectivity is becoming much more personal. It’s no longer limited to high end technology consumers (watches and drones) but rather, it is showing up in nearly everything from children’s toys to kitchen appliances (yes again) and media devices. The purchasers of these new technology-enabled products are far from security experts, or even security aware. Their primary purchasing requirements are ease of use.

  • regarding embargoes

    Yesterday I jumped the gun committing some patches to LibreSSL. We receive advance copies of the advisory and patches so that when the new OpenSSL ships, we’re ready to ship as well. Between the time we receive advance notice and the public release, we’re supposed to keep this information confidential. This is the embargo. During the embargo time we get patches lined up and a source tree for each cvs branch in a precommit state. Then we wait with our fingers on the trigger.

    What happened yesterday was I woke up to a couple OpenBSD developers talking about the EBCDIC CVE. Oh, it’s public already? Check the OpenSSL git repo and sure enough, there are a bunch of commits for embargoed issues. Pull the trigger! Pull the trigger! Launch the missiles! Alas, we didn’t look closely enough at the exact issues fixed and had missed the fact that only low severity issues had been made public. The high severity issues were still secret. We were too hasty.

  • Medical Equipment Crashes During Heart Procedure Because of Antivirus Scan [Ed: Windows]

    A critical medical equipment crashed during a heart procedure due to a timely scan triggered by the antivirus software installed on the PC to which the said device was sending data for logging and monitoring.

  • Hotel sector faces cybercrime surge as data breaches start to bite

    Since 2014, things have become a lot more serious with a cross section of mostly US hotels suffering major breaches during Point-of-Sale (POS) terminals. Panda Security lists a string of attacks on big brands including on Trump Hotels, Hilton Worldwide, Hyatt, Starwood, Rosen Hotels & Resorts as well two separate attacks on hotel management outfit White Lodging and another on non-US hotel Mandarin Oriental.

Security Leftovers

Filed under
Security

IPFire 2.19 - Core Update 102 released

Filed under
GNU
Linux
Security

This is the official release announcement for IPFire 2.19 – Core Update 102. This update contains various security fixes in the OpenSSL library. It is recommended to install this update as soon as possible.

Read more

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

today's howtos

Linux Graphics

  • The RADV Radeon Vulkan Linux Driver Continues Picking Up Features
  • OpenChrome Maintainer Making Some Progress On VIA DRM Driver
    Independent developer Kevin Brace took over maintaining the OpenChrome DDX driver earlier this year to improve the open-source VIA Linux graphics support while over the summer he's slowly been getting up to speed on development of the OpenChrome DRM driver. The OpenChrome DRM driver was making progress while James Simmons was developing it a few years back, but since he left the project, it's been left to bit rot. It will take a lot of work even to get this previously "good" code back to working on the latest Linux 4.x mainline kernels given how DRM core interfaces have evolved in recent times.
  • My talk about Mainline Explicit Fencing at XDC 2016!
    Last week I was at XDC in Helsinki where I presented about the Explicit Fencing work we’ve been doing on the Mainline Linux Kernel in the lastest few months. There was a livestream of all presentations during the conference and recorded sections are available. You can check the video of my presentation. Check out the slides too.

Linux Kernel News

  • Linux 4.8 gets rc8
    Chill, penguin-fanciers: Linux lord Linus Torvalds is sitting on the egg that is Linux 4.8 for another week. As Torvalds indicated last week, this version of the kernel still needs work and therefore earned itself an eighth release candidate.
  • Linux 4.8-rc8 Released: Linux 4.8 Next Weekend
  • Linux Kernel 4.7.5 Released with Numerous ARM and Networking Improvements
    The fifth maintenance update to the Linux 4.7 kernel series, which is currently the most advanced, secure and stable kernel branch you can get for your GNU/Linux operating system, has been announced by Greg Kroah-Hartman. Linux kernel 4.7.5 is here only ten days after the release of the previous maintenance version, namely Linux kernel 4.7.4, and it's a big update that changes a total of 213 files, with 1774 insertions and 971 deletions, which tells us that the kernel developers and hackers had a pretty busy week patching all sorts of bugs and security issues, as well as to add various, much-needed improvements.
  • Blockchain Summit Day Two: End-Of-Conference Highlights From Shanghai
    Financial services firms and startups looking to be the bridge to blockchain ledgers continued to dominate presentations on the second and final day of the Blockchain Summit, ending International Blockchain Week in Shanghai that also saw Devcon2 and a startup demo competition.
  • Testing Various HDDs & SSDs On Ubuntu With The Linux 4.8 Kernel
    Here are some fresh benchmarks of various solid-state drives (SATA 3.0 SSDs plus two NVMe M.2 SSDs) as well as two HDDs for getting a fresh look at how they are performing using the Linux 4.8 Git kernel. After publishing Friday's Intel 600P Series NVME SSD tests of this lower-cost NVM Express storage line-up, I continued testing a few other SSDs and HDDs. These additional reference points are available for your viewing pleasure today. The additional data is also going to be used for reference in a Linux 4.8-based BCache SSD+HDD comparison being published next week. Stay tuned for those fresh BCache numbers.

Behind the GNOME 3.22 Release Video

This is less than usual. The time saving mostly stems from spending less time recording for the release video. At first thought you might think recording would be a breeze but it can be one of the most frustrating aspects of making the videos. Each cycle the GNOME community lands improvement a wide set of GNOME’s applications. So before each release I have to find some way to run a dozen of applications from master. I do this either by: Read more