Language Selection

English French German Italian Portuguese Spanish

Security

OPSWAT adds support for Linux to their Multi Anti-Malware Scanner Metascan

Filed under
Linux
Security

OPSWAT, provider of solutions to secure and manage IT infrastructure, today announced the next generation of Metascan, that can be deployed on Linux. Metascan is a multi scanning solution for ISVs, IT admins and malware researchers that detects and prevents known and unknown threats. Metascan for Linux offers improved security and scalability, as well as enhanced usability and a new user interface.

Read more

The End of Adobe Flash?

Filed under
Software
Security
  • Hacking Team claims terrorists can now use its tools
  • Hacking Team: government-sponsored cyberattack company likely hacked by another country, it claims

    An elite cyberattack group that was employed by governments and agencies was probably hacked by another country, it has said — and the attack has led to its powerful hacking tools being released into the wild.

    Hacking Team was hacked last week, revealing private emails and documents as well as insights into its tools. The leaked documents showed many of the vulnerabilities that were being used by the group — such as a bug in Adobe Flash that can be exploited to get complete control of a computer — which has meant that anyone can counteract them as well as use them for their own ends.

  • Flash HOLED AGAIN TWICE below waterline in fresh Hacking Team reveals
  • Adobe to Patch Two More Zero-Day Flaws in Flash
  • Mozilla blocks Flash as Facebook security chief calls for its death

    After yesterday's news that Facebook's new chief security officer wants to set a date to kill Flash once and for all, the latest version Mozilla's Firefox browser now blocks Adobe's vulnerability-riddled software as standard. Mark Schmidt, the head of the Firefox support team at Mozilla, tweeted that all versions of Flash Player are blocked in the browser as of its latest update, accompanying the news with an image showing a raised fist and the phrase "Occupy Flash."

  • Can we kill Adobe Flash?

    Yesterday the usual tech news outlets were buzzing over an accidental tweet which the media incorrectly interpreted as Mozilla was ditching flash (Blame The Verge for the chain reaction of copied news articles) entirely as a policy. While that is not the case, I was just as excited as many at the faux-news. This got me thinking: what would it really take for the web to kill Adobe Flash? Could Mozilla really make such a move and kill Flash on its own if it wanted to?

  • No Flash 0.5 - still fighting the legacy

    Last week I released No Flash 0.5, my addon for Firefox to fix the legacy of video embedding done with Flash. If you are like me and don't have Flash installed, sometime you encounter embedded video that don't work. No Flash will fix some by replacing the Flash object with a HTML5 video. This is done using the proper video embedding for HTML5.

  • Facebook's New Security Chief Calls On Adobe To Kill Flash

    This message comes after it was revealed that the recently hacked "Hacking Team" was using Flash zero-day vulnerabilities to hack journalists, activists, governments and more. Alex Stamos, like other security experts, must have also gotten tired of hearing about so many security vulnerabilities that Flash has had during its entire lifetime.

  • How to disable Flash Player: Why now's a better time than ever

    Now more than ever, leaving Adobe Flash Player on your system is looking like a dubious proposition.

    While Flash has long been a popular vector for malware, last week’s security breach of surveillance software firm Hacking Team underscored just how vulnerable Flash can be. Hacking Team was relying on at least three unpatched Flash exploits, which cybercriminals immediately adapted for their own nefarious uses. Adobe is scrambling to patch the exploits, but at least one remains unfixed as of this writing.

The NSA Is Looking At Systemd's KDBUS

Filed under
Red Hat
Security

While it's true that an NSA analyst sent out an email about KDBUS security, it hopefully shouldn't raise any alarm bells. The thread in question is about credential faking for KDBUS and why it's even there. Stephen Smalley of the NSA was asking why there's support for credential faking for this soon-to-be-in-kernel code while it wasn't part of the original D-Bus daemon in user-space. The preference of Stephen Smalley is to actually get rood of this functionality that could be abused.

Read more

Core Linux tools top list of most at-risk software

Filed under
Linux
Security

In a Core Infrastructure Initiative survey of at-risk software most in need of close attention, many fundamental Linux utilities sit at the top

Read more

CII and OpenSSL

Filed under
OSS
Security
Web

Another day, another OpenSSL patch

Filed under
OSS
Security

The latest OpenSSL security hole isn't a bad one as these things go. It's no Heartbleed, Freak, or Logjam. But it's serious enough that, if you're running alpha or beta operating systems, you shouldn't delay patching it.

Fortunately, the affected OpenSSL versions are not commonly used in enterprise operating systems. For example, it doesn't impact shipping and supported versions of Red Hat Enterprise Linux (RHEL) or Ubuntu. In the case of Ubuntu, it does affect the 15.10 development release, but the patch is already available.

Read more

OPNsense 15.7 Released As Fork Of Pfsense

Filed under
Security
BSD

The OPNsense 15.7 release added i386 and NanoBSD support, LibreSSL support, re-based to FreeBSD 10.1, added OpenDNS support, intrusion detection support, new local/remote backlist options, some security fixes, and added many other new features.

Read more

Also: Pfmatch, a packet filtering language embedded in Lua

bsdtalk 254 [Ogg]

finding bugs in tarsnap

From the Editors: When did open-source software get so scary?

Filed under
OSS
Security

When did the use of open-source software become such a worrisome thought? Big names such as VMware, Oracle, Microsoft and Cisco, to name but a few, have been caught infringing on open-source software licenses.

Read more

Can Data Infrastructure Vendors Stop Hackers?

Filed under
GNU
Linux
Server
Security

The ecosystem is based on Security-Enhanced Linux (SELinux), but it adds role-based access control with a policy for each role, so no one can get to the system root and the root can’t see user data. All access is logged, so any attempts to penetrate the system can be traced. Policies are based on roles such as security admin, audit admin and sysadmin, and each file is tagged with a security level so some users can see it while others can’t.

Read more

Will Red Hat Enter the Security Market?

Filed under
Red Hat
Security

Security is key part of the open source Linux operating system that Red Hat delivers to its customers. Yet despite the fact that security is baked into the operating system, Red Hat doesn't currently have a separate security offering.

Read more

Syndicate content

More in Tux Machines

Create Your Own Free Software Project

Free software is tremendously democratic. Anyone with a computer and an internet connection can get involved – there are no barriers of wealth or social status. Being educated in computer science helps, but there are plenty of people working on free software at Red Hat, Canonical and Intel who’ve never been to university, and who acquired their positions simply by writing great code. So anyone can contribute to free software, and anyone can start a new project as well. But how do you turn that great idea in your head into a real-life success? The likes of SourceForge and GitHub are littered with now-abandoned projects with barely 50 lines of code, which initially started as grand ideas to create the next killer music player, email client or game. Yes, free software is awesome, but 95% of projects never get off the ground or are abandoned after a few weeks. Read more

Ubuntu 6.06 To Ubuntu 16.04 LTS Performance Benchmarks: 10 Years Of Linux Performance

As I'm in the process of retiring an old AMD Opteron dual-socket system, prior to decommissioning it, I figured it would be fun to go back and re-benchmark all of the Ubuntu LTS releases going all the way back to the legendary 6.06 Dapper Drake release. So here are some fresh benchmarks of this AMD Shanghai system with eight cores and 16GB of RAM when re-benchmarking the releases from Ubuntu 6.06 through the latest Ubuntu 16.04 LTS development state. Read more

The Talos Secure Workstation Is A High-Performance Libre System

Raptor Engineering is working on the Talos Secure Workstation, which is being advertised as a high-performance, open-to-the-firmware system that is much better than the commonly antiquated "freed" x86 systems. However, getting a high-performance, free software friendly workstation doesn't come cheap. Read more

Ubuntu Devs Might Skip the OTA-9.5 Hotfix in Favour of a Massive OTA-10 Update

We had just been informed by Łukasz Zemczak of Canonical about the latest things happening in preparation for the upcoming OTA updates for Ubuntu Phone devices. Read more