Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Chrome Extensions – AKA Total Absence of Privacy

    Google, claiming that Chrome is the safest web browser out there, is actually making it very simple for extensions to hide how aggressively they are tracking their users. We have also discovered exactly how intrusive this sort of tracking actually is and how these tracking companies actually do a lot of things trying to hide it. Due to the fact that the gathering of data is made inside an extension, all other extensions created to prevent tracking (such as Ghostery) are completely bypassed.

  • 10 dumb security mistakes sys admins make

    When you log in as root, you have full control over the box. This can be extremely dangerous because if your credentials get stolen, an attacker can do whatever he or she wants.

  • Friday's security updates

Libpng Vulnerabilities Fixed in All Supported Ubuntu OSes

Filed under
Security
Ubuntu

Canonical revealed details about three libpng vulnerabilities that have been identified and repaired in Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS.

Read more

Security Leftovers

Filed under
Security
  • Web Stores Held Hostage

    Last week has seen an explosion of e-commerce sites infected with the Linux.Encoder.1 ransomware. For those not familiar with the term, ransomware is a particularly vicious type of malware that aims to extort money from the owners of compromised systems.

  • Ransomware Encrypting Files Proliferating Rapidly on Linux, warn security Researchers
  • The danger of 'exceptional access'

    In the wake of the horrific attacks in Paris on Friday, there have been renewed calls to find some way to allow the government to read encrypted communications. And on the surface, it sounds simple and obvious -- why wouldn't we want the government to be able to monitor terrorists? But the reality is that it's a very bad idea, not only because it won't work, but because it will hurt Internet security more broadly.

    Of course, at this point, we don't even know if the Paris attackers used encryption. There's speculation they did, because reports suggest that no intelligence agency has found any traffic by them. But right now it's just that: speculation.

Leftovers: Security

Filed under
Security

LXCFS Vulnerabilities Fixed in Ubuntu 15.10 and Ubuntu 15.04

Filed under
Security
Ubuntu

A couple of LXCFS vulnerabilities have been found and repaired in the Ubuntu 15.10 and Ubuntu 15.04 operating systems.

Read more

Security Leftovers

Filed under
Security
  • The most popular curl download – by a malware

    During October 2015 the curl web site sent out 1127 gigabytes of data. This was the first time we crossed the terabyte limit within a single month.

    [...]

    The downloads came from what appears to be different locations. They don’t use any HTTP referer headers and they used different User-agent headers. I couldn’t really see a search bot gone haywire or a malicious robot stuck in a crazy mode.

  • Your containers were built in some guy's barn!

    Except even with as new as this technology is, we are starting to see reports of how many security flaws exist in docker images. This will only get worse, not better, if nothing changes. Almost nobody is paying attention, containers mean we don't have to care about this stuff, right!? We're at a point where we have guys building cars in their barns. Would you trust your family in a car built in some guy's barn? No, you want a car built with good parts and has been safety tested. Your containers are being built in some guy's barn.

  • More Privacy, Less Latency - Improved Handshakes in TLS version 1.3

    TLS must be fast. Adoption will greatly benefit from speeding up the initial handshake that authenticates and secures the connection. You want to get the protocol out of the way and start delivering data to visitors as soon as possible. This is crucial if we want the web to succeed at deprecating non-secure HTTP.

​How to easily defeat Linux Encoder ransomware

Filed under
GNU
Linux
Security

This malware relies on a security hole in the Magento web e-commerce platform, not Linux.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Java vulnerability caused by unpatched open source library
  • How long will Flash survive?

    A few years ago, it was difficult to browse the web without coming across a site using Flash.

    Released in 1996, the browser plug-in enabled animations, interactivity and streaming video on what was a largely static web.

    But the software has been plagued by security problems, and has been criticised for affecting computer performance and battery life.

    Now many experts say the media plug-in's days are numbered. Watch the video to find out more.

  • Continuous integration tools can be the Achilles heel for a company's IT security

    Some of the most popular continuous integration tools used by software development teams have not been designed with security in mind and can open a door for attackers to compromise enterprise networks.

    Some of the most popular automated software building and testing tools used by developers have not been designed with security in mind and can open the door for attackers to compromise enterprise networks.

  • Linux Ransomware Infects 2,000+ Websites

    Linux.Encoder.1 is targeting websites deployed on servers running Linux and created on various content management systems, including WordPress and Magento.

Numerous Kerberos Vulnerabilities Have Been Fixed in All Ubuntu OSes

Filed under
Security
Ubuntu

Canonical published details in a security notice about a number of Kerberos vulnerabilities that have been found and fixed in Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems.

Read more

Syndicate content

More in Tux Machines

Raspberry Pi analog input board has weather station option

RasPi.TV has Kickstartered a $12 “RasPiO Analog Zero” Raspberry Pi add-on board the size of an Raspberry Pi Zero. It offers eight 10-bit analog inputs. The RasPiO Analog Zero has surpassed its Kickstarter goals, and is available through May 31 starting at 8 Pounds ($12). Designed for reading up to eight analog sensors simultaneously on a Raspberry Pi, the add-on board is matched to the size of the 65 x 30mm Raspberry Pi Zero. However, it plugs into any Pi with a 40-pin expansion connector, and can work with older 26-pin Pi models with the help of an adapter. Read more

GhostBSD 10.3 Development Continues, Now with UEFI Support for 64-bit Platforms

Today, May 25, 2016, GhostBSD maintainer Eric Turgeon announced the general availability of the second Alpha release of the upcoming GhostBSD 10.3 operating system. Read more

Samsung still undecided on their Android Wear future

Yesterday the Internet lit up like a Christmas tree with the news that Samsung was no longer going to use Android Wear for any of its Smartwatches, but it seems that might not be quite the case. The report from Fast Company cited some Samsung executives confirming that Samsung was not looking into developing any further Android Wear products. Now, In a statement provided to the Engadget website Samsung states: “We disagree with Fast Company’s interpretation. Samsung has not made any announcement concerning Android Wear and we have not changed our commitment to any of our platforms.” Read more

Meizu Pro 5 Ubuntu Edition review

The Meizu Pro 5 is the latest flagship smartphone to run on Canonical’s Ubuntu operating system. Ubuntu is designed to work across all device types – including mobile, tablets, convertibles and desktops – using a common core code. This is similar to Microsoft Windows 10 Mobile. However, unlike Microsoft’s code, Ubuntu is totally open source and has largely been developed and improved by the desktop OS’s millions-strong user base. This means the OS is capable of evolving and changing at a great pace and has update cycles that would make most sysadmins weep. Read more