Language Selection

English French German Italian Portuguese Spanish

Security

KDE Plasma 5.5.5 Bugfix Release Is Out

Filed under
KDE
Security

The KDE Community has announced that a new iteration of the famous Plasma desktop has been released, bringing the version number up to 5.5.5.

Read more

Security Leftovers (New Hype With Brand and Logo)

Filed under
Security

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • Peer-Seeking Webcam Reveals the Security Dangers of Internet Things

    Last week security blogger Brian Krebs revealed that a popular internet-enabled security camera “secretly and constantly connects into a vast peer-to-peer network run by the Chinese manufacturer of the hardware.”

  • Joomla Sites Join WordPress As TeslaCrypt Ransomware Target

    Exploit kits infecting thousands of WordPress websites are setting their sights on the open-source content management system Joomla in a new campaign spotted by a researcher at the SANS Institute’s Internet Storm Center.

    “The group behind the WordPress ‘admedia’ campaign is now apparently targeting Joomla sites,” said Brad Duncan, security researcher at Rackspace. “We are starting to see the same traffic characteristics in infections that are associated with Joomla sites – as we did with the WordPress campaign,” Duncan said.

  • Most software already has a “golden key” backdoor: the system update

    In 2014 when The Washington Post Editorial Board wrote "with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant," the Internet ridiculed them. Many people painstakingly explained that even if there were somehow wide agreement about who would be the "right" people and governments to hold such an all-powerful capability, it would ultimately be impossible to ensure that such power wouldn't fall in to the "wrong" hands.

Security Leftovers

Filed under
Security
  • Thursday's security updates
  • Friday's security updates
  • Rewrite Everything In Rust

    I just read Dan Kaminsky's post about the glibc DNS vulnerability and its terrifying implications. Unfortunately it's just one of many, many, many critical software vulnerabilities that have made computer security a joke.

    It's no secret that we have the technology to prevent most of these bugs. We have programming languages that practically guarantee important classes of bugs don't happen. The problem is that so much of our software doesn't use these languages. Until recently, there were good excuses for that; "safe" programming languages have generally been unsuitable for systems programming because they don't give you complete control over resources, and they require complex runtime support that doesn't fit in certain contexts (e.g. kernels).

    Rust is changing all that. We now have a language with desirable safety properties that offers the control you need for systems programming and does not impose a runtime. Its growing community shows that people enjoy programming in Rust. Servo shows that large, complex Rust applications can perform well.

  • Forthcoming OpenSSL releases
  • Improvements on Manjaro Security Updates
  • What is Glibc bug: Things To Know About It
  • IRS Cyberattack Total is More Than Twice Previously Disclosed

    Cyberattacks on taxpayer accounts affected more people than previously reported, the Internal Revenue Service said Friday.

    The IRS statement, originally reported by Dow Jones, revealed tax data for about 700,000 households might have been stolen: Specifically, a government review found potential access to about 390,000 more accounts than previously disclosed.

    In August, the IRS said that the number of potential victims stood at more than 334,000 — more than twice the initial estimate of more than 100,000.

  • Protect your file server from the Locky trojan
  • Google's Project Shield defends small websites from DDoS bombardment

    If you want to apply, there's an online form to fill in here which asks for the details of your site, and poses a few other questions about security and whether you've been hit by DDoS in the past. Note that you'll need to set up a Google account if you don't already have one.

  • 90 Percent of All SSL VPNs Use Insecure or Outdated Encryption

    Information security firm High-Tech Bridge has conducted a study of SSL VPNs (Virtual Private Networks) and discovered that nine out of ten such servers don't provide the security they should be offering, mainly because they are using insecure or outdated encryption.

Security Leftovers

Filed under
Security

Canonical Patches Ubuntu 15.10 Kernel Regression That Broke Graphics Displays

Filed under
Security

Linux kernel regressions in Ubuntu don't happen all the time, but from time to time Canonical manages to introduce a small issue when it updates the kernel package of one of its supported Ubuntu OSes, which is quickly fixed.

Read more

Security Leftovers

Filed under
Security
  • The Downside of Linux Popularity

    Popularity is becoming a two-edged sword for Linux.

    The open source operating system has become a key component of the Internet's infrastructure, and it's also the foundation for the world's largest mobile OS, Google's Android.

    Widespread use of the OS, though, has attracted the attention of hackers looking to transfer the dirty tricks previously aimed at Windows to Linux.

    Last year, for example, ransomware purveyors targeted Linux. Granted, it wasn't a very virulent strain of ransomware, but more potent versions likely will be on the way.

  • Baidu Browser Acts like a Mildly Tempered Infostealer Virus

    The Baidu Web browser for Windows and Android exhibits behavior that could easily allow a security researcher to categorize it as an infostealer virus because it collects information on its users and then sends it to Baidu's home servers.

  • Malware déjà vu - why we're still falling for the same old threats

    In second place was Conficker - first discovered in 2008 - which again allows remote control and malware downloads. Together, these two families were responsible for nearly 40% of all malware attacks detected in 2015.

  • Conficker, AndroRAT Continue Malware Reigns of Terror

    Conficker meanwhile continued in its position as King of the Worms, remaining the most prevalent malware type and accounting for 25% of all known attacks during the period. Conficker is popular with criminals thanks to its focus on disabling security services to create more vulnerabilities in the network, enabling them to be compromised further and used for launching DDoS and spam attacks.

  • Child-Monitoring Company Responds To Notification Of Security Breach By Publicly Disparaging Researcher Who Reported It

    "Thanks for letting us know about this! We'll get it fixed immediately!" said almost no company ever.

    There's a long, but definitely not proud, tradition of companies shooting the messenger when informed of security flaws or possible breaches. The tradition continues.

    uKnowKids is monitoring software parents can install on their children's cell phones that allows them to track their child's location, as well as social media activity, text messages and created media. As such, it collects quite a bit of info.

Tor users are actively discriminated against by website operators

Filed under
Security

Computer scientists have documented how a large and growing number of websites discriminate against people who browse them using Tor.

Tor is an anonymity service that is maintained with assistance from the US State Department and designed in part to allows victims of censorship in countries like China and Iran to surf the web. New research show how corporations are discriminating against Tor users, in some cases partly because it’s harder to classify anonymous users for the purpose of pushing ads at them.

Read more

New platform offers endpoint protection for Linux servers

Filed under
Linux
Security

Most of the internet is powered by Linux servers, so it's not surprising that they’re increasingly a target for attack. In particular recent attacks have focussed on using compromised systems to distribute malware to other systems.

Many Linux systems rely on traditional signature-based threat detection which leaves them vulnerable to zero-day attacks. Endpoint security company SentinelOne is announcing a new solution aimed at protecting enterprise data centers and cloud providers from emerging threats that target Linux servers.

Read more

More Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

Android Leftovers

GNOME News

  • The future is here
    Nautilus from master, updated everyday, parallel installable, in less than 3 minutes. I cannot believe this is possible. Note that due to be sandboxed with no permission handling there are things that are not working, like opening with an application. For someone not aware of the whole platform and the Linux desktop, it’s difficult to see how many implications this bring to us and the changes that will allow in the upcoming months. This truly changes the game for GNOME (and any other desktop) as a project and platform, including 3rd party developers and companies using Linux desktops or that want to support it.
  • GUADEC’16 report
    I got a chance to attend GUADEC’16 which happened in Karlsruhe, Germany from 11 – 17 August. I stayed for the whole duration including Workshop Day, core days and the later BOF days which were very learning. I’m grateful to my mentor David Woodhouse who guided me all the time. I thank GNOME community for giving me the chance to speak at intern lightning talk and i tried my best to present my project in front of those great people. I hope to get a chance someday again to speak up. We have finished our GSoC project so i am free now to wander around to find some more places and tasks in GNOME’s huge shelter. My experience of attending GUADEC was awesome, despite being a less speaker i was very comfortable to talk and interact to people in the community. I made some new friends in the community and i came to know a lot more about it. I loved attending social events after the long day of great and motivating talks. I am thankful to the GUADEC organizers, i didn’t feel any problem for a second staying 6,000 kms away from home.
  • GUADEC 2016
    I came back from Karlsruhe last week, where GUADEC 2016 took place. It was a wonderful event. Even though it was only my second GUADEC, I felt at home in this community, meeting with old and new friends.
  • Summer Talks, PurpleEgg
    The topics were different but related: The Flock talk talked about how to make things better for a developer using Fedora Workstation as their development workstation, while the GUADEC talk was about the work we are doing to move Fedora to a model where the OS is immutable and separate from applications. A shared idea of the two talks is that your workstation is not your development environment environment. Installing development tools, language runtimes, and header files as part of your base operating system implies that every project you are developing wants the same development environment, and that simply is not the case.

Fedora News

  • UDP Failures and RNGs
  • F24-20160823 updated Live isos
    New Kernel means new set of updated lives. I am happy to release the F24-20160823 updated lives isos.
  • Curse you, Jon Masters! Why do you always have to be right!
    Long story short, Fedora 24 came out and I'm given the taste of the same medicine: the video on the ASUS is completely busted. I was able to limp along for now by using the old kernel 4.4.6-301.fc23, but come on, this is clearly a massive regression. Think anyone is there to bisect and find the culprit? Of course not. I have to do it it myself. So, how did F24 ship? Well... I didn't test beta versions, so I don't have much ground to complain.
  • Communication Anti-Patterns
  • Autocloud: What's new?
    Autocloud was released during the Fedora 23 cycle as a part of the Two Week Atomic Process. Previously, it used to listen to fedmsg for successful Koji builds. Whenever, there is a new message the AutocloudConsumer queues these message for processing. The Autocloud job service then listens to the queue, downloads the images and runs the tests using Tunir. A more detailed post about it’s release can be read here. During the Fedora 24 cycle things changed. There was a change on how the Fedora composes are built. Thanks to adamw for writing a detailed blogpost on what, why and how things changed.