Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • SELinux and --no-new-privs and the setpriv command.
  • Qualcomm study says sure, you can control a drone over LTE

    Internet-connected drones will be necessary if you're going to see fliers that can communicate when they're delivering packages, livestreaming video or otherwise coordinating with the outside world. But how well can you control them over an LTE data connection when they're soaring hundreds of feet above the ground? Quite well, if you ask Qualcomm. The chip maker has published the results of a trial run using LTE-linked drones, and it believes that they're ready for prime time... mostly.

    The dry run (which included over 1,000 flights) showed that existing cellular networks are up to the job. Drones will still get a strong LTE signal at altitudes as high as 400 feet, and they get "comparable" coverage. In fact, they have an advantage over the phone in your pocket -- they don't have to hand over connections as often as ground-based devices.

  • Fake Google Docs phishing deluge hits Gmail
  • 7 Steps to Fight Ransomware

    Perpetrators are shifting to more specific targets. This means companies must strengthen their defenses, and these strategies can help.

    Ransomware can be a highly lucrative system for extracting money from a customer. Victims are faced with an unpleasant choice: either pay the ransom or lose access to the encrypted files forever. Until now, ransomware has appeared to be opportunistic and driven through random phishing campaigns. These campaigns often, but not always, rely on large numbers of emails that are harvested without a singular focus on a company or individual.

  • Open Source Security Audit 'Should Be a Wake-Up Call' [Ed: Microsoft-connected media uses Microsoft-connected Black Duck to smear FOSS]

pfSense 2.3.4 RELEASE Now Available!

Filed under
Security
BSD

We are happy to announce the release of pfSense® software version 2.3.4!

This is a maintenance release in the 2.3.x series, bringing stability and bug fixes, fixes for a few security issues, and a handful of new features. The full list of changes is on the 2.3.4 New Features and Changes page, including a list of FreeBSD and internal security advisories addressed by this release.

This release includes fixes for 24 bugs and 11 Features.

Read more

Security Leftovers

Filed under
Security
  • CII Project Advances Linux Kernel Security as Firm Ends Free Patches

    There has been some public discussion in the last week regarding the decision by Open Source Security Inc. and the creators of the Grsecurity® patches for the Linux kernel to cease making these patches freely available to users who are not paid subscribers to their service. While we at the Core Infrastructure Initiative (CII) would have preferred them to keep these patches freely available, the decision is absolutely theirs to make.

    From the point of view of the CII, we would much rather have security capabilities such as those offered by Grsecurity® in the main upstream kernel rather than available as a patch that needs to be applied by the user. That said, we fully understand that there is a lot of work involved in upstreaming extensive patches such as these and we will not criticise the Grsecurity® team for not doing so. Instead we will continue to support work to make the kernel as secure as possible.

  • Google Was Warned About This Week’s Mass Phishing Email Attack Six Years Ago

    For almost six years, Google knew about the exact technique that someone used to trick around one million people into giving away access to their Google accounts to hackers on Wednesday. Even more worrisome: other hackers might have known about this technique as well.

  • Mobile phone security's been busted for years, and now 2-factor auth is busted too [iophk: "now we are reminded that a phone never was a second authentication factor"]

    SS7 is now confirmed to be exploited in the wild, with crooks taking big scores through it.

  • We Were Warned About Flaws in the Mobile Data Backbone for Years. Now 2FA Is Screwed.

    But on Wednesday, German newspaper The Süddeutsche Zeitung reported that financially-motivated hackers {sic} had used those flaws to help drain bank accounts.

  • Mac malware: Coming soon to a computer near you

    In fact, the number of malware attacks on Apple’s operating system skyrocketed by 744 percent in 2016. Despite this, most people still believe that Macs don’t get viruses. Add to this the fact that, despite the seeming ubiquity of Apple’s products, the company’s user base is still growing. There are nearly 100 million Apple users worldwide, myself included.

  • IT meltdown forces Barts Health NHS Trust to cancel hundreds of appointments

    Earlier thsi year, Barts Health admitted that it has fallen victim to a "ransomware virus attack," likely because it's PCs are still running Microsoft's now-defunct Windows [...]

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

Kali Linux Review: Not Everyone’s Cup of Tea

Filed under
Reviews
Security

Kali Linux has gained a lot of popularity recently. And there is a reason for that. Hacking is back as the cool-thing-to-do in popular culture and this can be attributed significantly to the TV series Mr. Robot.

Kali is one of the few hacking focused Linux distributions and quite obviously, Mr. Robot’s popularity helped Kali Linux in getting new users. The graph below validates this claim.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Wednesday
  • Serverless Security implications—from infra to OWASP
  • Xen hypervisor faces third highly critical VM escape bug in 10 months

    The Xen paravirtualization mode is proving to be a constant source of serious vulnerabilities, allowing attackers to escape from virtual machines

  • Security like it's 2005!

    The 2017 world has a solution to these problems. Use the cloud. Stuff as a Service is without question the way to solve these problems because it makes them go away. There are plenty who will naysay public cloud citing various breeches, companies leaking data, companies selling data, and plenty of other problems. The cloud isn't magic, but it lets you trade a lot of horrible problems for "slightly bad". I guarantee the problems with the cloud are substantially better than letting most people try to run their own infrastructure. I see this a bit like airplane vs automobile crashes. There are magnitudes more deaths by automobile every year, but it's the airplane crashes that really get the attention. It's much much safer to fly than to drive, just as it's much much safer to use services than to manage your own infrastructure.

  • Security Sessions: Why CSOs should care about machine learning
  • Reproducible builds folks: Reproducing R packages
  • Hacker Extortion Attempt Falls Flat Because Netflix Actually Competes With Piracy

    A hacking group calling itself TheDarkOverlord (TDO) has tried, and failed (so far) to extort Netflix and several other companies after stumbling onto a server of unreleased content. TDO was apparently able to compromise the servers of an audio post-production company by the name of Larson Studios. Among the content acquired from the hackers were ten episodes of the as-yet-unreleased new season of the popular Netflix show "Orange is the New Black," which isn't supposed to see full release until June. Outside of some free advertising in the news media and some wasted calories, the group's efforts don't appear to have culminated in much.

  • Free search engine tool hunts down malware-infected computers

    Internet search engine Shodan provides enterprise security teams a wealth of information about open ports on servers and other internet-connected devices. Now, as part of a partnership with threat intelligence company Recorded Future, security analysts and researchers can work with Shodan to uncover systems manipulated to control malware-infected devices.

Security Leftovers

Filed under
Security
  • Personal Security Takes A Hit With Public Release Of NSA's Hacking Toolkit [Ed: Moral of the story is, don't use NSA back doors facilities like Microsoft Windows. Microsoft is in bed with the NSA.]

    Former members of Team Espionage recently expressed their concern that the Shadow Brokers' dump of NSA Windows exploits had done serious damage to the security of the nation. The unwanted exposure of NSA power tools supposedly harmed intelligence gathering efforts, even though the tools targeted outdated operating systems and network software.

  • Finnish technology firm wins contract from US Marine Corps

    Sensofusion, a Vantaa-based developer of drone countermeasures, has been awarded a contract by the US Marine Corps Warfighting Laboratory (MCWL) and the Defence Innovation Unit Experimental (DIUx) to further develop its proprietary technology, Airfence.

  • LibreSSL 2.5.4 Released

    This is the first stable fix release for the LibreSSL 2.5.x branch.

  • security things in Linux v4.11

    Building on the efforts of Elena Reshetova, Hans Liljestrand, and David Windsor to port PaX’s PAX_REFCOUNT protection, Peter Zijlstra implemented a new kernel API for reference counting with the addition of the refcount_t type. Until now, all reference counters were implemented in the kernel using the atomic_t type, but it has a wide and general-purpose API that offers no reasonable way to provide protection against reference counter overflow vulnerabilities. With a dedicated type, a specialized API can be designed so that reference counting can be sanity-checked and provide a way to block overflows. With 2016 alone seeing at least a couple public exploitable reference counting vulnerabilities (e.g. CVE-2016-0728, CVE-2016-4558), this is going to be a welcome addition to the kernel. The arduous task of converting all the atomic_t reference counters to refcount_t will continue for a while to come.

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

Android Leftovers

Gaming News: SHOGUN, Reus, Two Worlds and More

Security Leftovers: WCry/Ransomwar, WannaCry, Athena

OSS Leftovers

  • Nextcloud 12 Officially Released, Adds New Architecture for Massive Scalability
    Nextcloud informs Softpedia today about the official availability of the final release of Nextcloud 12, a major milestone of the self-hosting cloud server technology that introduces numerous new features and improvements. The biggest new feature of the Nextcloud 12 release appears to be the introduction of a new architecture for massive scalability, called Global Scale, which is a next-generation open-source technology for syncing and sharing files. Global Scale increases scalability from tens of thousands of users to hundreds of millions on a single instance, while helping universities and other institutions significantly reduce the costs of their existing large installations.
  • ReactOS 0.4.5 Open-Source Windows-Compatible OS Launches with Many Improvements
    ReactOS 0.4.5 is a maintenance update that adds numerous changes and improvements over the previous point release. The kernel has been updated in this version to improve the FreeLoader and UEFI booting, as well as the Plug and Play modules, adding support for more computers to boot ReactOS without issues.
  • Sprint Debuts Open Source NFV/SDN Platform Developed with Intel Labs
    AT&T has been the headliner in the carrier race to software defined networking (SDN) and network function virtualization (NFV). But Sprint is putting its own stamp on the space this week with its debut of a new open source SDN/NFV mobile core solution.
  • Google’s New Home for All Things Open Source Runs Deep
    Google is not only one of the biggest contributors to the open source community but also has a strong track record of delivering open source tools and platforms that give birth to robust technology ecosystems. Just witness the momentum that Android and Kubernetes now have. Recently, Google launched a new home for its open source projects, processes, and initiatives. The site runs deep and has several avenues worth investigating. Here is a tour and some highlights worth noting.
  • Making your first open source contribution
  • Simplify expense reports with Smart Receipts
    The app is called Smart Receipts, it's licensed AGPL 3.0, and the source code is available on GitHub for Android and iOS.
  • How the TensorFlow team handles open source support
    Open-sourcing is more than throwing code over the wall and hoping somebody uses it. I knew this in theory, but being part of the TensorFlow team at Google has opened my eyes to how many different elements you need to build a community around a piece of software.
  • IRC for the 21st Century: Introducing Riot
    Internet relay chat (IRC) is one of the oldest chat protocols around and still popular in many open source communities. IRC's best strengths are as a decentralized and open communication method, making it easy for anyone to participate by running a network of their own. There are also a variety of clients and bots available for IRC.