Language Selection

English French German Italian Portuguese Spanish

Security

How Linux Kernel Development Impacts Security

Filed under
Linux
Security

The Linux kernel is a fast moving project, and it's important for both users and developers to quickly update to new releases to remain up-to-date and secure. That was the keynote message Greg Kroah-Hartman, maintainer of the stable Linux kernel, delivered at CoreOS Fest on May 9 here.

Kroah-Hartman is a luminary in the Linux community and is employed by the Linux Foundation, publishing on average a new Linux stable kernel update every week. In recent years, he has also taken upon himself the task of helping to author the "Who Writes Linux" report that details the latest statistics on kernel development. He noted that, from April 2015 to March 2016, there were 10,800 new lines of code added, 5,300 lines removed and 1,875 lines modified in Linux every day.

Read more

Also: Neat drm/i915 Stuff for 4.7

Here's a List of All the Ethical Hacking Tools Included in BlackArch Linux

Filed under
GNU
Linux
Security

At the beginning of the month, we informed you about the general availability of an updated ISO image for the Arch Linux-based BlackArch Linux operating system, which gave users access to over 1,400 penetration testing tools.

BlackArch Linux 2016.04.28 was, as its version number suggests, baked and cooked at the end of April, and it introduced 80 new security-oriented utilities to the ever growing collection of tools that are available in the software repositories of this GNU/Linux operating system.

Read more

Compare to: IE and Graphics head Microsoft's Patch Tuesday critical list

Debian-Based Univention Corporate Server 4.1-2 Brings Important Security Updates

Filed under
Security
Debian

Maren Abatielos of Univention GmbH informs us today, May 10, 2016, about the release of the second maintenance build of Univention Corporate Server (UCS) 4.1.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Tuesday
  • This Botnet, Called Jaku, Only Targets Scientists, Engineers, And Academics

    Jaku Botnet discriminates while targeting its victims in the wild. It is easier to download from the famous sources like images or Torrents — thanks to the unforced human errors — and once installed, it grips that computer and makes that a part of the Botnet network.

  • Reproducible builds: week 54 in Stretch cycle

    There has been a surprising tweet last week: "Props to @FiloSottile for his nifty gvt golang tool. We're using it to get reproducible builds for a Zika & West Nile monitoring project." and to our surprise Kenn confirmed privately that he indeed meant "reproducible builds" as in "bit by bit identical builds". Wow. We're looking forward to learn more details about this; for now we just know that they are doing this for software quality reasons basically.

  • Security Analyst Arrested For Disclosing Security Flaw In Florida County's Election Systems

    A Florida man has been charged with felony criminal hacking charges after disclosing vulnerabilities in the voting systems used in Lee County, Florida. Security analyst David Levin was arrested 3 months after reporting un-patched SQL injection vulnerabilities in the county's election systems. Levin was charged with three counts of unauthorized access to a computer, network, or electronic device and released on $15,000 bond. Levin's first and biggest mistake was to post a video of himself on YouTube logging into the Lee County Elections Office network using the credentials of Sharon Harrington, the Lee County Supervisor of Elections.

KDE Applications 16.04 Gets Its First Point Release, Includes Over 25 Bug Fixes

Filed under
KDE
Security

Today, May 10, 2016, KDE has announced the general availability of the first point release in the latest stable and most advanced KDE Applications 16.04 series of the software suite used for the KDE Plasma 5 desktop environment.

Read more

Security Leftovers

Filed under
Security

Ubuntu LTS Kernel Vulnerabilities

Filed under
Security
Ubuntu

Security Leftovers

Filed under
Security
  • Secure from whom

    Side-channel attacks are a thing, this is true. But they also cost a lot of time and money to develop. If you want something that can be applied to more than just a single target, that cost explodes. That is why the two most common places where side-channel attacks are developed are nation states and universities specializing in that research.

    [...]

    So in summation, I’m far more interested in focusing on our ability to get security fixes out to users in a timely fashion. Herd immunity can work for software too.

  • Security isn't a feature, it's a part of everything

    Almost every industry goes through a time when new novel features are sold as some sort of add on or extra product. Remember needing a TCP stack? What about having to buy a sound card for your computer, or a CD drive? (Does anyone even know what a CD is anymore?) Did you know that web browsers used to cost money? Times were crazy.

  • Student Tried to Hack His School Network, Police Calls Him An Anonymous Member

    The State police and school district officials in Pennsylvania are investigating a case that involves a school student trying to hack into the school’s Wi-Fi network. The officials have told a local newspaper that they have found some evidence regarding his association with the hacktivist group Anonymous

Security Leftovers

Filed under
Security
  • This Single Command Can Hack Your Windows AppLocker In Seconds

    If you use Windows AppLocker to restrict others from using some applications and locking down your Windows PC, here’s something to worry about. Casey Smith, a security researcher, has found a way to bypass the AppLocker whitelist and run arbitrary scripts. IT admins are advised to run this command on their systems and see if some loopholes exist in their network.

  • Here's how I verify data breaches

    Other headlines went on to suggest that you need to change your password right now if you're using the likes of Hotmail or Gmail, among others. The strong implication across the stories I've read is that these mail providers have been hacked and now there's a mega-list of stolen accounts floating around the webs.

  • The Top 4 in a Linux Environment
  • An update on SSH protocol 1

    At this stage, we're most of the way towards fully deprecating SSH protocol 1 - this outlines our plans to complete this task.

  • High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic
  • Firejail 0.9.40-rc1 Release Announcement

    We are happy to announce the release candidate of Firejail version 0.9.40-rc1 (download). Firejail is a generic Linux namespaces security sandbox, capable of running graphic interface programs as well as server programs. This release includes a number of major features, such as X11 sandboxing support, file transfers between sandboxes and the host system, run-time configuration support, Ubuntu 14.04 AppArmor support, and firecfg, a desktop configuration utility. A number of smaller features, documentation and bugfixes are also included:

Security Leftovers

Filed under
Security
  • Friday's security updates
  • OpenSSL Patches Six Vulnerabilities

    Only two of the flaws patched are rated as high impact, and none is getting the Heartbleed treatment.
    The open-source OpenSSL cryptographic library project issued a security update this week that patched six issues, though only two of them are rated "critical."

  • Critical Linux Kernel Update for Ubuntu 16.04 LTS Patches 15 Vulnerabilities

    Canonical published a new security notice to inform the community about the availability of an important kernel update for the Ubuntu 16.04 LTS (Xenial Xerus) operating system.

  • Linus Torvalds Talks IoT, Smart Devices, Security Concerns, and More [Video]

    Torvalds remained customarily philosophical when Hohndel asked about the gaping security holes in IoT. “I don’t worry about security because there’s not a lot we can do,” he said. “IoT is unpatchable -- it’s a fact of life.”

    The Linux creator seemed more concerned about the lack of timely upstream contributions from one-off embedded projects, although he noted there have been significant improvements in recent years, partially due to consolidation on hardware.

    “The embedded world has traditionally been hard to interact with as an open source developer, but I think that’s improving,” Torvalds said. “The ARM community has become so much better. Kernel people can now actually keep up with some of the hardware improvements. It’s improving, but we’re not nearly there yet.”

    Torvalds admitted to being more at home on the desktop than in embedded and to having “two left hands” when it comes to hardware.

    “I’ve destroyed things with a soldering iron many times,” he said. “I’m not really set up to do hardware.” On the other hand, Torvalds guessed that if he were a teenager today, he would be fiddling around with a Raspberry Pi or BeagleBone. “The great part is if you’re not great at soldering, you can just buy a new one.”

Syndicate content

More in Tux Machines

Leftovers: KDE

  • Plasma Wayland ISO Checkup
    My Plasma Wayland ISOs are building nicely fresh each day. I asked Betty the fuzzy Guinea Pig to gave one a try today and there’s still obvious bugs like no text on task bar and the blue window bars are back but she’s generally impressed at how this is likely to be a good replacement for X in the near future.
  • Call for new KStars splash screen
    KStars gained two seats for Google Summer of Code 2016. The first project is to develop KStars Lite, a small footprint KStars aimed for tablet/mobile and low powered devices. The second project is to port KStars to Windows, including migration of INDI Client library and Ekos. Both projects are progressing along quite nicely and we expect to see stellar results by the end of the summer.
  • KDAB Training Day at QtCon
  • Faster than Fast String Search in Qt
  • Very explicit operator bool
  • Kdenlive: features and next Cafés
    Our monthly Kdenlive Cafés (*) really helped us focusing the development on some awesome features. We now have a small team of really involved people that help us evolve towards the best free open source video editor for professionnals.
  • KDev-Embedded, The alpha version is coming !
    Today one of the most important steps was performed, the first upload to a microController. The code was a blink compiled with a makefile and uploaded with the KDev-Embedded plugin to an AVR microController (Arduino Nano board).
  • Verdigris: Qt without moc
    Verdigris is a header-only library that can be used with Qt. It uses macros to create a QMetaObject that is binary compatible with Qt's own QMetaObject without requiring moc. In other words, you can use Verdigris macros in your Qt or QML application instead of some of the Qt macros and then you do not need to run moc.
  • Kubuntu Party 4 – The Gathering of Halflings
    Come and join us for a most excellent Gathering of Halflings at Kubuntu Party 4, Friday 17th June 19:00 UTC.
  • Some plans do not cooperate with you…
    I reached the creator at the IRC channel of KDE to see if he could help me, and Jonathan Riddel gives me the help that I need it, at the selection of bugs that I could work and others things that I was thinking about Umbrello. After two days, one before the end of submission time, I submitted my project to the KDE Community.
  • Coding at Lakademy
    Today is the third day that Lakademy is happening at Federal University of State of Rio de Janeiro (UNIRIO), and since the first hour, I’m doing a lot of code. The work is concentrate on my GSoC Project, and finally getting on track on my work in Umbrello.
  • if (LaKademy 2016) goto Rio de Janeiro
    Rio de Janeiro, the “Cidade Maravilhosa”, land of the eternal Summer. The sunlight here is always clear and hot, the sea is refreshing, the sand is comfortable. The people is happy, Rio de Janeiro has good music, food, the craziest parties of the world, and beautiful bodies having fun with beach games (do you know futevolei?).
  • Breeze Dark Color Scheme
    Just as quick info, with the next KDE Frameworks 5 release, namely KF5 version 5.23, the KTextEditor framework gains a Breeze Dark color scheme. The colors mostly stick to the Breeze color palette, with some minor changes, since KTextEditor needs more colors the the color palette itself ships. To use this color scheme, go to the config dialog and choose “Breeze Dark” in the Fonts & Colors config page. We hope this is useful – mandatory screenshot:
  • kmail 16.04.1 and Novell Groupwise 2014 IMAP server - anyone?
  • Yet Another GSoC Blog
    TL;DR: Well Hey there, Chantara here. I will be working with 2 awesome mentors, Stikonas and teo-, to add LVM and hopefully RAID support for KDE Partition Manager and KPMCore library over my summer with Google Summer of Code. If you’re interested, read on!!! :)
  • KDE Partition Manager 2.2.0
    KDE Partition Manager and KPMcore 2.2.0 are now released with a proper LUKS support! This is a fairly big feature release but it also got tested more than usual, so a lot of bugs were fixed (including some crashes). Unfortunately there is still one more reproducible crash (bug 363294) on exit when file open/save dialogs are used (and very similar crashes actually exist in some other KDE programs, e.g. kdebugdialog or Marble). If anybody has any idea how to fix it I would be grateful.
  • Hello KDE
    Plasma Mobile Emulator will be the solution for developing, testing and accessing plasma mobile system without having to install on real phone.
  • Interview with Neotheta
  • The work on animation features continues
    While the first stable Krita version with animation is just around the corner, I am already rolling up my sleeves with plans to take the feature to the next level. It's Google Summer of Code time again. A lot has happened since last year. Import for image sequences was added, the timeline docker was reworked and a large number of smaller changes and fixes were implemented to make the animation tools ready for inclusion in Krita 3.0. For a nice overview, check out GDQuest's video tutorial.
  • Free Software Artists and their Tools — Part I: David Revoy & Krita
    The idea that Free Software has no decent design programs, and that it is impossible to produce quality art without proprietary apps is one of those myths that refuses to die. For quite some time now, OCSmag has been on a mission to prove otherwise. In this latest series we talk to three artists who use Free Software tools to produce their works.
  • Krita at KomMissia
    Last weekend, ace Krita hacker Dmitry Kazakov attended KomMissia, the annual Russian comics festival. Best quote award goes to the Wacom booth attendants, who install Krita on all their demo machines because “too many people keep asking about it”!
  • KStars on Windows – Alpha version
    Using emerge tool, I started to build KStars on Windows. Since this process could be very troublesome, I used a Windows 7 32-bit virtual machine. Actually, for building KDE sources, the KDE developers recommend the 32-bit version of Windows 7.

Kubuntu 16.04 Xenial Xerus - Not meant to be

There's one thing that is consistent with the Xenial family of spring disappointments. The disappointment. When one goes bad, you know they all do, and in this regard, Ubuntu LTS delivers badly across its entire range. 16.04 was meant to be sweet hope, salvation and joy, it is just a string of rushed, badly QA-ed images. Kubuntu Xerus does not have any redeeming factors. It's pretty all right, but it's buggy, Samba support is weak, smartphone support is sub-par, package management is atrocious, battery life is just average but still much worse than the spectacularly useless Werewolf release, and there are lots of other small problems everywhere. Nothing about this particular edition oozes confidence, quality or long-term vision. Really sad. 2/10. My weekend has been ruined again, thank you. Don't bother. Bye. Read more

today's howtos

Cinnamon 3.0.4 Desktop Updates the Overlay Scrollbar, Sound and Menu Applets

While the Linux Mint 18 operating system is still in heavy development, Clement Lefebvre and his team of developers announced a new update for the Cinnamon 3.0 desktop environment. Cinnamon 3.0.4 is now the latest version of the acclaimed GNOME 3-based open-source graphical desktop interface, which will be used by default for the upcoming Linux Mint 18 "Sarah" OS, on the Cinnamon Edition, of course. It comes a few days after the release of Cinnamon 3.0.3. Read more Also: The New Control Center Is Being Worked On For GNOME 3.22