Language Selection

English French German Italian Portuguese Spanish

Security

Ubuntu Phone Users Getting Patch for Mir Bug That Made Their Devices Unstable

Filed under
Security
Ubuntu

On February 3, 2016, Canonical's Łukasz Zemczak sent his daily report to inform all Ubuntu Phone users about the latest work done by the Ubuntu Touch development team on the upcoming OTA-9.5 hotfix.

Read more

Go phish your own staff: Dev builds open-source fool-testing tool

Filed under
OSS
Security

The platform was written in Go and has been posted to GitHub where it's had more than 300 commits at the time of writing. It differs from some other anti-phishing platforms in part because it is hosted on premise rather than in the cloud, “There are many commercial offerings that provide phishing simulation/training [but] unfortunately, these are SaaS solutions that require you to hand over your data to someone else,” the GoFish team says.

Read more

Security Leftovers

Filed under
Security
  • Tuesday's security advisories
  • Best practice - Don't serve writeable PHP files

    I deal with compromises often enough of PHP-based websites that I wish to improve hardening.

    One obvious way to improve things is to not serve PHP files which are writeable by the webserver-user. This would ensure that things like wp-content/uploads didn't get served as PHP if a compromise wrote valid PHP there.

  • New Cross-Platform Backdoors Go From Linux to Windows

    Kaspersky Lab has once again found a nasty little piece of malware that started out in Linux and made the jump to Windows. These cross-platform backdoors spy on the user and are by no means the first backdoor virus of this kind.

  • Obama’s $6bn Security Firewall EINSTEIN Is Not Good Enough To Protect The US Government

    The U.S. Department of Homeland Security (DHS) has spent about $6 billion on a firewall named EINSTEIN intrusion detection system. Officially known as the National Cybersecurity Protection System, the firewall is being developed with an intention to protect the U.S. government agencies against the malicious cyber attacks.

  • Another Serious Bug Hits OpenSSL, But this Time, It's No Heartbleed

    OpenSSL, the open source encryption toolkit that made headlines in 2014 for the Heartbleed security bug, has been hit by another serious vulnerability. This time, however, the real-world damage seems minimal.

    The project disclosed the bug, which results from a new method for generating numbers used for key exchanges, on Jan. 28. It assigned the bug a high severity level, presumably since the flaw could be exploited in order to decrypt data that is encrypted using OpenSSL, the protocol widely used for encrypting information transmitted to and from HTTPS-protected websites.

The top 10 Linux security distros

Filed under
Linux
Security

Linux distros can be used for a lot of things, from games to education, but when it comes to security, there’s a whole mini-universe available.

Not only can you find distros made to protect your privacy, making sure you leave no trace as you move around the web, but also those that help you test your network and system security.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • Your Smartphone Can Be Hacked Due To A Backdoor In Your Processor

    A new security vulnerability has been reported in the smartphones which use MediaTek Processors. MediaTek company is a Taiwan-based company which manufacturers processors for the budget range smartphones. The security bug was found because a debug feature was not closed on the smartphone after testing.

    A new bug has surfaced lately on the Android smartphones or tablets which use a MediaTek processor. These devices are vulnerable to remote hacking via a backdoor. This security vulnerability was discovered by a security researcher, Justin Case. The MediaTek company has been informed about the flaw. This security vulnerability is apparently due to a debug tool which was left open by MediaTek in the shipped devices.

  • Using IPv6 with Linux? You’ve likely been visited by Shodan and other scanners
  • Trojanized Android games hide malicious code inside images

    Over 60 Android games hosted on Google Play had Trojan-like functionality that allowed them to download and execute malicious code hidden inside images.

    The rogue apps were discovered by researchers from Russian antivirus vendor Doctor Web and were reported to Google last week. The researchers dubbed the new threat Android.Xiny.19.origin.

  • Google fixes multiple Wi-Fi flaws, mediaserver bugs in Android
  • On WebKit Security Updates

    Major desktop browsers push automatic security updates directly to users on a regular basis, so most users don’t have to worry about security updates. But Linux users are dependent on their distributions to release updates. Apple fixed over 100 vulnerabilities in WebKit last year, so getting updates out to users is critical.

Celebrating 15 Years of SELinux

Filed under
Red Hat
Security

On Dec. 22, 2000, the NSA released their code to the wider open source world in the form of SELinux, and in doing so forever changed the security landscape of not just Linux, but the technology world at large. A combination of policies and security frameworks, SELinux is one of the most widely-used Linux security modules. Without these innovations, Common Criteria, a crucial government security certification, would likely not exist for Linux.

Read more

Kali Linux Literature

Filed under
GNU
Linux
Security
  • Migrating from Kali Linux 2 to Kali Linux 2016.1

    The first edition of Kali Linux Rolling, Kali 2016.1, was released more than a week ago. It marks the end of Kali Linux 2 and the beginning of a new release regime.

    It’s still based on Debian Testing, so existing users don’t have to do anything special but run a few commands to upgrade from Kali Linux 2 to Kali Linux 2016.1. Aside from installation images for the GNOME 3 desktop, there are also installation images for the Light edition, which uses the Xfce desktop environment. And there are also ARM installation images.

  • Kali Linux Cookbook eBook - $24 value, now free!

Lexumo Lands $4.89 Million Seed Round To Help Ensure Open Source Code Security

Filed under
OSS
Security

What has Lexumo created to warrant that kind of financial attention? It indexed all of the open source code in the world and created a cloud security service aimed at helping companies using open source code inside embedded systems or enterprise software. These groups can submit their code to the Lexumo service and it checks for any known security vulnerabilities. What’s more, it will then continuously monitor the code for updates and inform developers when one is available.

Read more

Security Leftovers

Filed under
Security
  • Forcing out bugs with stress-ng

    I've also tried to make stress-ng portable, so it can build fine on GNU/Hurd and Debian kFreeBSD (with Linux specific tests not built-in of course). It also contains some architecture specific features, such as handling the data and instruction cache as well as the x86 rdrand instruction and cache line locking. If there are any ARM specific features than can be stressed I'd like to know and perhaps implement stressors for them.

  • OpenSSH and the dangers of unused code

    Unused code is untested code, which probably means that it harbors bugs—sometimes significant security bugs. That lesson has been reinforced by the recent OpenSSH "roaming" vulnerability. Leaving a half-finished feature only in the client side of the equation might seem harmless on a cursory glance but, of course, is not. Those who mean harm can run servers that "implement" the feature to tickle the unused code. Given that the OpenSSH project has a strong security focus (and track record), it is truly surprising that a blunder like this could slip through—and keep slipping through for roughly six years.

  • Why Is Usable Security Hard, and What Should We Do about it?
  • Linux-Based Botnets Accounted for More than Half of DDoS Attacks in Q4 2015

IPFire 2.17 Open Source Linux Firewall OS Gets OpenSSL 1.0.2f and OpenSSH 7.1p2

Filed under
OSS
Security

The IPFire development team announced last evening the immediate availability for download or update of the IPFire 2.17 Core Update 97 Linux kernel-based firewall distribution.

Read more

Syndicate content

More in Tux Machines

Red Hat and Fedora

Leftovers: OSS and Sharing

  • Learn from the Experts at The Linux Foundation’s Europe Events
    The Linux Foundation has released session details for three major conferences coming up this fall: MesosCon Europe, Embedded Linux Conference / OpenIoT Summit Europe, and LinuxCon + ContainerCon Europe. MesosCon Europe, which will take place August 31-September 1 in Amsterdam, The Netherlands, is an annual conference organized by the Apache Mesos community, bringing together users and developers for two days of sessions about Mesos and related technologies. This year, the MesosCon program will include workshops to get started with Mesos, keynote speakers from industry leaders, and sessions led by adopters and contributors.
  • The Firebird Project's Firebird Relational Database
    Firebird distills its identity into the phrase "True universal open-source database" and boasts not only of being "free like free beer" but also, fittingly, of being "free like a bird". The latter permits anyone to build a custom version of the Firebird, as long as the modifications are made available for others to use and build upon.
  • Report: Austria can benefit from Big Data solutions
    Big Data solutions can contribute significantly to Austrian public administrations, a working group concludes in a report published in June. Benefits include improved quality of life, finding optimal business locations, and offering better guidance to citizens. The report by the Big Data working group aims to help public administration when considering Big Data solutions, providing legal, economic and technical context.
  • Report: over half of Spain’s regions now use SaaS
    In 2014, 59% of Spain’s regional governments used Software as a Service, according to the 2015 eGovernment report published on 30 June by PAe, Spain’s eGovernment portal. Next most-used cloud computing service is Infrastructure as a Service (40%), and third is Platform as a Service (20%). The usage of cloud computing is just one of the attributes of and indicators for eGovernment services that are aggregated in the report. The document shows the use of document management systems and support of electronic signatures. The text looks at interoperability, open data portals and eParticipation, lists region’s maturity levels of eGovernment services, from the availability to download forms online to the fully electronic management of applications.
  • Software Freedom in Kosovo, Waiting for Xfce Mint & More…
    It’s not FOSS, but I reckon the biggest story in tech this week, ignoring claims of Russia hacking for Trump, is the sale of Yahoo to Verizon for $4.8 billion. Considering that traffic watcher Alexa says the site is the fifth most visited address on the web, that seems like something of a bargain to me. Add to that Yahoo’s prime Silicon Valley real estate and the price seems to be in the “it fell of the truck” category. The sale puts Verizon in control of both America Online and Yahoo, so I suspect we’ll be seeing Verizon trying to compete with Google and Bing for a share of the search advertising market. [...] We’ve also heard from Software Freedom Kosova, which tells us it’s issued this year’s call for speakers, which will be open through September 15. This will be the seventh year for the Kosovo event, which aims to “promote free/libre open source software, free culture and open knowledge” — all laudable goals in my estimation. Potential speakers should know “the topic must be related to free software and hardware, open knowledge and culture.” Mike DuPont, the SFK member who made us aware of the event, told FOSS Force, “There might be travel expenses for qualified speakers.” The event will take place October 21-23.
  • Cloud, open source and DevOps: Technology at the GLA
    David Munn, head of IT at the Greater London Authority, explains what technology his organisation has adopted in order to help individuals keep innovating
  • Our attitude towards wealth played a crucial role in Brexit. We need a rethink
    Money was a key factor in the outcome of the EU referendum. We will now have to learn to collaborate and to share [...] Does money matter? Does wealth make us rich any more? These might seem like odd questions for a physicist to try to answer, but Britain’s referendum decision is a reminder that everything is connected and that if we wish to understand the fundamental nature of the universe, we’d be very foolish to ignore the role that wealth does and doesn’t play in our society.
  • France’s Insee and Drees publish microsimulation model to increase transparency
    Insee (Institut national de la statistique), the French public agency for statistics, and Drees (Direction des études du Ministère des Affaires sociales et de la santé), which is in charge of surveys at the Ministry of Social Affairs and Health, has published the source code of the microsimulation algorithmic model called Ines.
  • Plant Sciences pushing open-source berry model
    Several of those opportunities appear to lie in the development of so-called ‘open market’ breeding. Historically, Plant Sciences’ berry varieties have made it into the commercial arena under limited licensing arrangements, with individuals or groups of grower-shippers paying a premium to use them. While Nelson is eager to point out that this model continues to perform well, his company have decided to structure its business in Europe in such a way that it offers varieties to the “largest audience possible” at the most competitive price. “Given the price pressures that producers, marketers and retailers are under, we sense that such an approach is needed to remain most viable going forward and bring new varieties forward to the broadest market,” he explained.
  • Drug discovery test leads to malaria drug prospects at UW
  • Worldwide Open-Source Project Discovers Promising Disease-Fighting Compounds
  • Open-source drug discovery a success
  • The Global Open Data Index to be updated
    Open Knowledge International, a not-for-profit organisation that promotes openness and transparency, has decided to update the survey for its Global Open Data Index. This index measures Open Data publication in 122 countries.
  • This Startup Created the Ultimate Open-Source Prototyping Product
    The world has become a technologically focused place. Unless you’ve set up shop in a cabin in the woods, your life is likely filled with gadgets, wearables, devices, and doodads that control everything from your TV to your laptop. And with all this technology, it’s no wonder tech jobs have become so prevalent in the market. Fortunately, there are a number of ways to learn skills and prototyping projects that will impress even the most critical interviewer. And one startup has built the perfect product to do just that. Created by a group of students from the India Institute of Technology, evive is an open-source prototyping module that can make creating projects easier than ever. It has a power module, plug and play hardware interface, user interface, data acquisition module, shield stack space and more. It’s even IoT ready so it can connect to more devices than you can count. Plus, it works across multiple platforms like LabVIEW, MATLAB, Scratch, Eclipse, ROS, Python, Arduino IDE and many more.
  • Friday's security updates
  • Pwnie Express Open Sources Tools to Lock Down IoT/Android Security
    Pwnie Express isn't a name that everyone is familiar with, but in the security arena the company has a good reputation for its wired and wireless threat detection technologies. Now, the Boston-based firm has announced plans to open source key tools that it has used to secure the Internet of Things (IoT) and Android software. Blue Hydra is a Bluetooth utility that can detect Bluetooth devices, and also work as a sniffer to query devices it detects for threats. Meanwhile, the Android Open Pwn Project (AOPP), is an Android ROM built for security testers. It's based on the Android Open Source Project (AOSP) and community-developed ROMS -- one of which is CyanogenMod. It lets developers on the Android front sniff out threats on mobile platforms.

Openwashing

Sailfish OS 2.0.2

  • Sailfish OS 2.0.2 In Early Access With Variety Of Improvements
    Jolla announced today that their Sailfish OS 2.0.2 "Aurajoki" mobile operating system release is available as early access. Sailfish OS 2.0.2 makes it easier to take screenshots via the volume buttons, a variety of new keyboard layouts, a new layout on the media app, a new Sailfish OS logo, simplified backups, browser improvements, support for flash when recording videos, the cloud services now supports the VK service, dual SIM support on capable devices, Dropbox and OneDrive integration in the photo gallery, and a wide variety of other fixes and improvements.
  • [Early Access] Sailfish OS 2.0.2 Aurajoki
    This update contains of many bug fixes and new added features such as taking screenshot by holding down volume buttons for 0.5 seconds, added keyboard layouts for Indian languages Telugu, Malayalam, Kannada, Punjabi, Tamil and Bengali, new layout on Media app’s front page, new Sailfish OS logo and many more.