Right now Fedora allows for SSH log-ins as root, which is the default behavior as currently shipped by sshd. However, for Fedora 22 there is a proposal that the packaged sshd will default the option of PermitRootLogin to no so that root log-ins wouldn't be permitted into Fedora SSH servers. This change is being proposed to try to avoid brute-force attacks against root passwords of Fedora servers.
Open source code security has been in the spotlight since the Heartbleed bug infected the Canada Revenue Agency website last year. Found embedded in OpenSSL, one of the Web’s most common security systems, Heartbleed sent public-sector IT personnel scrambling to test their agencies’ websites to make sure they were clean and protected.
North Korea is a technological island in many ways. Almost all of the country's "Internet" is run as a private network, with all connections to the greater global Internet through a collection of proxies. And the majority of the people of the Democratic People's Republic of Korea who have access to that network rely on the country's official operating system: a Linux variant called Red Star OS.
Red Star OS, first introduced in 2003, was originally derived from Red Hat Linux. In theory, it gave North Korea an improved level of security against outside attack—a Security Enhanced Linux operating system based on Red Hat that could enforce strict government access controls on the few who got to use it.
4MRescueKit provides its users with software for antivirus protection, data backup, disk partitioning, and data recovery. It is distributed in the form of a multiboot CD, which includes four (extremely small) operating systems. Each of the systems tries to follow the UNIX philosophy (Small is beautiful. Make each program do one thing well).
Fact is, we don’t yet know enough details about all possible attack surfaces against SSH available to the agencies and we badly need more information to know what infrastructure components remain save and reliable for our day to day work. However we do have an idea about the weak spots that should be avoided.
The online community tore the project apart and discovered that the makers of Anonabox were disingenuous when they were saying that it was something original, custom built. As it turned out, it was actually a repurposed Chinese device with a slightly better memory. Also, the operating system used was OpenWRT, which is basically Linux distro for routers and other such devices. Most, if not all of the information provided on Kickstarter was a lie. Eventually, the Kickstarter project was suspended and no one got hurt, financially.
In 2014, open source technology came under a heavy barrage of criticism as a result of high-profile security vulnerabilities. Mark Shuttleworth, the founder of Ubuntu Linux and its lead commercial sponsor Ubuntu, has a very different view and remains a stalwart defender of the open source model for software development and security.
In a video interview with Datamation, Shuttleworth details his view on open-source security as Ubuntu Linux celebrates its 10th anniversary.
In 2014, the Heartbleed vulnerability in the open source OpenSSL cryptographic library had wide ranging impact. OpenSSL is widely deployed on servers, VPNs and even mobile devices and it took some time for vendors and users to get systems and devices patched.
"We have a big responsibility to proactively make sure that the system is as robust in the face of inevitable flaws as it can be," Shuttleworth said.