Language Selection

English French German Italian Portuguese Spanish

Security

Use Linux or Tor? The NSA might just be tracking you

Filed under
Linux
Security

But it seems those intent on keeping pesky government agencies out of their online business may well be shooting themselves in the virtual foot.

As documents related to the XKeyscore snooping program reveal, the US's National Security Agency has started focusing its snooping efforts on Linux Journal readers, Tails Linux, and Tor users.

Read more

Security Leftovers

Filed under
Security
  • Symantec admits it won't patch 'catastrophic' security flaws until mid-July [Ed: that’s proprietary software for you…]

    SECURITY OUTFIT Symantec has warned customers that security flaws in the firm's systems outed by Google's Project Zero last month won't be fixed until mid-July.

  • Cybersecurity: MEPs back rules to help vital services resist online threats

    Firms supplying essential services, e.g. for energy, transport, banking and health, or digital ones, such as search engines and cloud services, will have to improve their ability to withstand cyber-attacks under the first EU-wide rules on cybersecurity, approved by MEPs on Wednesday.

    Setting common cybersecurity standards and stepping up cooperation among EU countries will help firms to protect themselves, and also help prevent attacks on EU countries’ interconnected infrastructure, say MEPs.

  • European Union’s First Cybersecurity Law Gets Green Light

    The European Union approved its first rules on cybersecurity, forcing businesses to strengthen defenses and companies such as Google Inc. and Amazon.com Inc. to report attacks.

    The European Parliament endorsed legislation that will impose security and reporting obligations on service operators in industries such as banking, energy, transport and health and on digital operators like search engines and online marketplaces. The law, voted through on Wednesday in Strasbourg, France, also requires EU national governments to cooperate among themselves in the field of network security.

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Security advisories for Wednesday
  • Java Deserialization attacks on JBoss Middleware

    Recent research by Chris Frohoff and Gabriel Lawrence has exposed gadget chains in various libraries that allow code to be executed during object deserialization in Java. They've done some excellent research, including publishing some code that allows anyone to serialize a malicious payload that when deserialized runs the operating system command of their choice, as the user which started the Java Virtual Machine (JVM). The vulnerabilities are not with the gadget chains themselves but with the code that deserializes them.

  • Linux Mint 18 improves security, but at a cost

    The default update settings of Linux Mint would not update the Linux kernel or notify the user when security updates and bug fixes were published upstream (from Ubuntu, which Mint is directly based on, or Debian, which is the basis of Ubuntu). This default behavior left users vulnerable to root exploits, and potential hardware issues for which patches were issued alongside security fixes. Other upstream updates were also blacklisted from Linux Mint for conflicting with the design of the Cinnamon desktop.

  • Safer automotive software through Open Source?

    Linux is about to conquer one of the last blank spots in the world of open source software: The car. EE Times Europe talked with Dan Cauchy, General Manager of Automotive at the Linux Foundation, about intentions and status of Automotive Grade Linux.

Security Leftovers

Filed under
Security
  • Security updates for Tuesday
  • But I have work to do!

    There’s a news story going around that talks about how horrible computer security tends to be in hospitals. This probably doesn’t surprise anyone who works in the security industry, security is often something that gets in the way, it’s not something that helps get work done.

    There are two really important lessons we should take away from this. The first is that a doctor or nurse isn’t a security expert, doesn’t want to be a security expert, and shouldn’t be a security expert. Their job is helping sick people. We want them helping sick people, especially if we’re the people who are sick. The second is that when security gets in the way, security loses. Security should lose when it gets in the way, we’ve been winning far too often and it’s critically damaged the industry.

  • Lenovo ThinkPwn UEFI exploit also affects products from other vendors [Ed: Intel and Microsoft told us UEFI was about security but it wasn't]

    A critical vulnerability that was recently found in the low-level firmware of Lenovo ThinkPad systems also reportedly exists in products from other vendors, including HP and Gigabyte Technology.

    An exploit for the vulnerability was published last week and can be used to execute rogue code in the CPU's privileged SMM (System Management Mode).

    This level of access can then be used to install a stealthy rootkit inside the computer's Unified Extensible Firmware Interface (UEFI) -- the modern BIOS -- or to disable Windows security features such as Secure Boot, Virtual Secure Mode and Credential Guard that depend on the firmware being locked down.

    The exploit, dubbed ThinkPwn, was released by a security researcher named Dmytro Oleksiuk last week without sharing it with Lenovo in advance. However, since then Oleksiuk has found the same vulnerable code inside older open source firmware for some Intel motherboards.

Debian 8 Gets New Kernel Update, Five Vulnerabilities and a Regression Patched

Filed under
Security
Debian

Exactly one week after the release of the major kernel update for the Debian GNU/Linux 8 "Jessie" operating system on June 28, the Debian Project, through Salvatore Bonaccorso, has released a new Linux kernel security update.

Read more

Parsix GNU/Linux 8.10 and 8.5 Get the Latest Debian Security Fixes, Update Now

Filed under
GNU
Linux
Security
Debian

A few hours ago, the development team behind Parsix GNU/Linux, a Debian-based computer operating system sporting the modern GNOME 3 desktop environment, has announced that new security fixes are available for the stable Parsix GNU/Linux 8.5 "Atticus" distribution, and upcoming Parsix GNU/Linux 8.10 "Erik" release.

Read more

Security Leftovers

Filed under
Security

Network Security Toolkit (NST) Linux OS Released Based on Fedora 24, Linux 4.6

Filed under
Red Hat
Security

Today, July 4, 2016, Ronald Henderson has announced the release of a new version of the Fedora-based Network Security Toolkit (NST) Linux distribution for network security analysis and monitoring.

Read more

Syndicate content

More in Tux Machines

How To Setup Linux Web Server And Host Website On Your Own Computer [Part - 2]

Welcome, everyone. It is the second part of how we can setup Linux Web Server and host website on our own Computer. There are some prerequisites to hosting Linux Web Server that we talked about in part 1. If you've not installed Apache web server or any other prerequisite then you must visit Part 1 before reading any further. In this article, we will show you how you can easily make your local website available for the rest of World! So let's get started. Read
more

15 top Android smartphones we reviewed recently

The second half of 2016 took off with some exciting launches from notable manufacturers like Motorola, HTC, Xiaomi and others. With so many smartphones being launched on a near-daily basis by brands both big and small, it gets quite difficult to keep track of them. To help our readers in making their purchase decisions, here is a list of the 15 top Android smartphones we reviewed recently. Take a look. Read more

Ubuntu tablet and smartphone: a personal "mini" review

So when Ubuntu and Canonical revealed they were partnering with actual, big manufacturers for Ubuntu mobile devices, a spark of hope was rekindled in my heart. Let it be clear, I am by no means an Ubuntu user, not even a fan. I left the fold nearly a decade ago, after having spent quite some time using and contributing to Kubuntu (to the point of becoming a certified “member” even, though I never ascended to the Council). In terms of loyalties and usage, I am a KDE user (and “helper”) foremost. I use Fedora because it just works for me, for now. So, yes, an Ubuntu Touch device would be another compromise for me, but it would be the smallest one. Or so I hoped. Read more

today's leftovers