Language Selection

English French German Italian Portuguese Spanish

Security

Open source software security: Who can you trust?

Filed under
OSS
Security

Fears of backdoors and heightened concerns about encryption software are running rampant.

Read more

Red Hat: Open source "more secure" than proprietary

Filed under
Red Hat
Security

Open source technologies are "more secure" than software that is developed in a proprietary way, Red Hat's JBoss middleware business unit general manager, Mike Piech, said in a meeting with journalists.

On the one hand, open source software code is freely available, which means that hackers will see how to hack it. But, on the other, there is also a vast community of people working to maintain open source software security.

Read more

Tails 1.1.1 is out

Filed under
GNU
Linux
Security
Debian

The next Tails release is scheduled for October 14.

Have a look to our roadmap to see where we are heading to.

Read more

Healthdirect Australia sees value in open source for security solution

Filed under
OSS
Security

Commonwealth and state/territory government funded public company, Healthdirect Australia, has used open source software to build an identity and access management (IAM) solution.

The IAM solution allows users to have one identity across all of its websites and applications. For example, users can sign in using their Facebook, LinkedIn or Gmail account.

Read more

Kali Tools Website Launched, 1.0.9 Released

Filed under
GNU
Linux
Security

Now that we have caught our breath after the Black Hat and DEF CON conferences, we have put aside some time to fix an annoying bug in our 1.0.8 ISO releases related to outdated firmware as well as regenerate fresh new ARM and VMware images (courtesy of Offensive Security) for our new 1.0.9 release.

Read more

Is Open Source an Open Invitation to Hack Webmail Encryption?

Filed under
OSS
Security

While the open source approach to software development has proven its value over and over again, the idea of opening up the code for security features to anyone with eyeballs still creates anxiety in some circles. Such worries are ill-founded, though.

One concern about opening up security code to anyone is that anyone will include the NSA, which has a habit of discovering vulnerabilities and sitting on them so it can exploit them at a later time. Such discoveries shouldn't be a cause of concern, argued Phil Zimmermann, creator of PGP, the encryption scheme Yahoo and Google will be using for their webmail.

Read more

Open source software: The question of security

Filed under
OSS
Security

The logic is understandable - how can a software with source code that can easily be viewed, accessed and changed have even a modicum of security?

opensource-security-question
Open source software is safer than many believe.
But with organizations around the globe deploying open source solutions in even some of the most mission-critical and security-sensitive environments, there is clearly something unaccounted for by that logic. According to a November 28 2013 Financial News article, some of the world's largest banks and exchanges, including Deutsche Bank and the New York Stock Exchange, have been active in open source projects and are operating their infrastructure on Linux, Apache and similar systems.

Read more

GNU hackers discover HACIENDA government surveillance and give us a way to fight back

Filed under
GNU
Security

GNU community members and collaborators have discovered threatening details about a five-country government surveillance program codenamed HACIENDA. The good news? Those same hackers have already worked out a free software countermeasure to thwart the program.

According to Heise newspaper, the intelligence agencies of the United States, Canada, United Kingdom, Australia, and New Zealand, have used HACIENDA to map every server in twenty-seven countries, employing a technique known as port scanning. The agencies have shared this map and use it to plan intrusions into the servers. Disturbingly, the HACIENDA system actually hijacks civilian computers to do some of its dirty work, allowing it to leach computing resources and cover its tracks.

Read more

Black Hat 2014: Open Source Could Solve Medical Device Security

Filed under
OSS
Security

On the topic of source code liability, Greer suggests that eventually software developers, including medical device development companies, will be responsible for the trouble their software causes (or fails to prevent). I think it’s fair to say that it is impossible to guarantee a totally secure system. You cannot prove a negative statement after all. Given enough time, most systems can be breached. So where does this potential liability end? What if my company has sloppy coding standards, no code reviews, or I use a third-party software library that has a vulnerability? Should hacking be considered foreseeable misuse?

Read more

Linux kernel devs made to finger their dongles before contributing code

Filed under
Development
Linux
Security

Beginning on Monday, the security of the Linux kernel source code has become a little bit tighter with the addition of two-factor authentication for the kernel's Git code repositories.

Contributing code changes to the Linux kernel sources at Kernel.org already required more than just a password, even before the change. Developers must use their own unique SSH public keys to login to the Git repositories. But not even this added security layer was truly failsafe – as the software's maintainers found out in 2011 when their servers were rooted.

Read more

Syndicate content

More in Tux Machines

Mozilla Wants to Save the Open Web, but is it Too Late?

Again, I think this is absolutely correct. But what it fails to recognise is that one of the key ways of making the Web medium "less free and open" is the use of legally-protected DRM. DRM is the very antithesis of openness and of sharing. And yet, sadly, as I reported back in May, Mozilla has decided to back adding DRM to the Web, starting first with video (but it won't end there...) This means Mozilla's Firefox is itself is a vector of attack against openness and sharing, and undermines its own lofty goals in the Open Web Fellows programme. Read more

Open source is starting to make a dent in proprietary software fortunes

Open source has promised to unseat proprietary competitors for decades, but the cloud may make the threat real. Read more

Chakra-2014.09-Euler released

The Chakra team is happy to announce the first release of the Chakra Euler series, which will follow the 4.14 KDE releases. A noticeable change in this release is the major face-lift of Kapudan, which now gives the option to users to enable the [extra] repository during first boot so they can easily install the most popular GTK-based applications. Kudos to george2 for the development and Malcer for the artwork. Read more

What Linux User Groups Can Do for FOSS

On a monthly basis — on the last Saturday each month — members of the Felton Linux Users Group drag their collective butts out of bed at the crack of 9:30, or possibly earlier, and make their way from various points in the sleepy little town just northeast of Santa Cruz to the solar-powered Felton Fire Station for their meeting. It’s a good group with core regulars hosting meetings since the Lindependence Project held three open houses to introduce the town to Linux in the summer of 2008. In those open houses, various distros like Debian, Fedora, Ubuntu and Mandriva, along with hardware maker ZaReason, and even an open-source stuffed penguin maker called Open Animals based in Phoenix, appeared to show their wares to the curious in the San Lorenzo Valley area. Around 600 people appeared over the three days and more than 300 live CDs went out the door. Read more