Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • School Creates Own Security Hole; Tries To Have Concerned Parent Arrested For Hacking

    We've seen it so often over the years, it's probably now time to accept the fact that this will never change: when entities are presented evidence of security holes and breaches, far too often the initial reaction is to shoot the messenger.

    A school whose online student portal exposed a lot of sensitive data decided the best way to handle a concerned parent's repeated questions about how it was handling the problem was to file a criminal complaint against the parent. (via the Office of Inadequate Security)

    The details of the breach (since closed) were reported by independent journalist Sherrie Peif.

  • [Tor] A New Bridge Authority

    After ten years of volunteer maintenance of Tonga, Tor's bridge Authority—a piece of critical infrastructure within the Tor network—our colleague and friend, Lucky Green, a long time cypherpunk, and free speech and privacy advocate, has decided to step down from this role. Tonga's cryptographic keys will be destroyed this week. We are incredibly thankful to Lucky for all his support and selfless labour in maintaining a key component of our censorship circumvention efforts, grateful for the years we have spent working with him, and very sorry to see him go.

  • More Than 40% Of Attacks Abuse SSL Encryption

    There’s an important caveat about encrypted traffic from new research released this week: Encryption works so well that hackers are using it as cover.

    A new study from A10 and the Ponemon Institute found that 80% of respondents say their organizations have been the victim of a cyberattack or malicious insiders in the past year -- and 41% of the attacks have used encryption to evade detection. In addition, 75% say malware hidden within encrypted traffic is a risk to their organizations.

    At issue: The report found that SSL encryption not only hides data from would-be hackers but also from common security tools.

    “Hackers are using SSL encryption to slide by standard perimeter defenses,” says Chase Cunningham, director of cyber operations at A10 Networks.

  • The Cloud Security Alliance publishes its best practices for Big Data security

    Big Data is a boon for businesses worldwide, but the benefits come at a cost. The more data companies store, the more vulnerable they are to potential security breaches. And data breaches can be enormously expensive when they occur. IBM’s 2016 Cost of Data Breach report found that the average consolidated total cost of a data breach grew from $3.8 million to $4 million in the last year, which makes securing their data an important goal for any company that’s invested in it.

Redis Misconfiguration and Ransom

Filed under
Linux
Security

Leftovers: Security

Filed under
Security
  • Tor 0.2.8.7 Addresses Important Bug Related to ReachableAddresses Option

    The Tor Project, through Nick Mathewson, is pleased to inform the Tor community about the release and general availability of yet another maintenance update to the Tor 0.2.8 stable series.

  • Emergency Service Window for Kolab Now

    We’re going to need to free up a hypervisor and put its load on other hypervisors, in order to pull out the one hypervisor and have some of its faulty hardware replaced — but there’s two problems;

    The hypervisor to free up has asserted required CPU capabilities most of the eligible targets do not have — this prevents a migration that does not involve a shut down, reconfiguration, and restart of the guest.

TheSSS 19.0 Linux Server Out with Kernel 4.4.14, Apache 2.4.23 & MariaDB 10.1.16

Filed under
GNU
Linux
Security

TheSSS (The Smallest Server Suite) is one of the lightest Linux kernel-based operating systems designed to be used as an all-around server for home users, as well as small- and medium-sized businesses looking for a quick and painless way of distributing files across networks or to simply test some web-based software.

Read more

Leftovers: Security

Filed under
Security

Security Leftovers

Filed under
Security
  • FBI detects breaches against two state voter systems

    The Federal Bureau of Investigation has found breaches in Illinois and Arizona's voter registration databases and is urging states to increase computer security ahead of the Nov. 8 presidential election, according to a U.S. official familiar with the probe.

    The official, speaking on condition of anonymity, said on Monday that investigators were also seeking evidence of whether other states may have been targeted.

    The FBI warning in an Aug. 18 flash alert from the agency's Cyber Division did not identify the intruders or the two states targeted.

    Reuters obtained a copy of the document after Yahoo News first reported the story Monday.

  • Russians Hacked Two U.S. Voter Databases, Say Officials [Ed: blaming without evidence again]

    Two other officials said that U.S. intelligence agencies have not yet concluded that the Russian government is trying to do that, but they are worried about it.

  • FBI Says Foreign Hackers Got Into Election Computers

    We've written probably hundreds of stories on just what a dumb idea electronic voting systems are, highlighting how poorly implemented they are, and how easily hacked. And, yet, despite lots of security experts sounding the alarm over and over again, you still get election officials ridiculously declaring that their own systems are somehow hack proof.

    And now, along comes the FBI to alert people that it's discovered at least two state election computer systems have been hacked already, and both by foreign entities.

  • Researchers Reveal SDN Security Vulnerability, Propose Solution

    Three Italian researchers have published a paper highlighting a security vulnerability in software-defined networking (SDN) that isn't intrinsic to legacy networks. It's not a showstopper, though, and they propose a solution to protect against it.

    "It" is a new attack they call Know Your Enemy (KYE), through which the bad guys could potentially collect information about a network, such as security tool configuration data that could, for example, reveal attack detection thresholds for network security scanning tools. Or the collected information could be more general in nature, such as quality-of-service or network virtualization policies.

  • NV Gains Momentum for a Secure DMZ

    When it comes to making the shift to network virtualization (NV) and software-defined networking (SDN), one of the approaches gaining momentum is using virtualization technology to build a secure demilitarized zone (DMZ) in the data center.

    Historically, there have been two major drawbacks to deploying firewalls as a secure mechanism inside a data center. The first is the impact a physical hardware appliance has on application performance once another network hop gets introduced. The second is the complexity associated with managing the firewall rules.

    NV technologies make it possible to employ virtual firewalls that can be attached to specific applications and segregate them based on risk. This is the concept of building a secure DMZ in the data center. The end result is that the virtual firewall is not only capable of examining every packet associated with a specific application, but keeping track of what specific firewall rules are associated with a particular application becomes much simpler.

Parsix GNU/Linux 8.10 "Erik" Users Receive the Latest Debian Security Updates

Filed under
GNU
Linux
Security

Today, August 29, 2016, the maintainers of the Parsix GNU/Linux distribution announced the availability of multiple security updates, along with a new kernel version for the Parsix GNU/Linux 8.10 "Erik" release.

Read more

Ubuntu 14.04 LTS and 12.04 LTS Users Get New Kernel Updates with Security Fixes

Filed under
Security
Ubuntu

Immediately after informing us about the availability of a new kernel update for the Ubuntu 16.04 LTS (Xenial Xerus) operating system, Canonical published more security advisories about updated kernel versions for Ubuntu 14.04 LTS and Ubuntu 12.04 LTS.

Read more

Syndicate content

More in Tux Machines

3 little things in Linux 4.10 that will make a big difference

Linux never sleeps. Linus Torvalds is already hard at work pulling together changes for the next version of the kernel (4.11). But with Linux 4.10 now out, three groups of changes are worth paying close attention to because they improve performance and enable feature sets that weren’t possible before on Linux. Here’s a rundown of those changes to 4.10 and what they likely will mean for you, your cloud providers, and your Linux applications. Read more

SODIMM-style module runs Linux on VIA’s 1GHz Cortex-A9 SoC

VIA unveiled an SODIMM-style COM based on its Cortex-A9 WM8850 SoC, with 512MB RAM and 8GB eMMC, plus Ethernet, CSI, graphics, USB, and serial ports. The 68.6 x 43mm “SOM-6X50” computer-on-module appears to be VIA’s second-ever ARM COM. Back in Sept. 2015, the company released a 70 x 70mm Qseven form factor QSM-8Q60 COM, based on a 1GHz NXP DualLite SoC. Read more

Today in Techrights

today's leftovers

  • LinuXatUSIL – Previas 2 for #LinuxPlaya
    Damian from GNOME Argentina explained us some code based on this tutorial and the widgets in Glade were presented.
  • RancherOS v0.8.0 released! [Ed: and a bugfix release, 0.8.1, out today]
    RancherOS v0.8.0 is now available! This release has taken a bit more time than prior versions, as we’ve been laying more groundwork to allow us to do much faster updates, and to release more often.
  • The Technicals For Red Hat, Inc. (RHT) Tell An Interesting Tale
  • Ubuntu 17.04 Beta 1 Released | New Features And Download
    Ubuntu 17.04 Zesty Zapus Beta 1 release is finally here. If you’re interested, you can go ahead and download the ISO images of the participating flavors, which are, Lubuntu, Kubuntu, Xubuntu, Ubuntu Budgie, Ubuntu GNOME, Ubuntu Kylin, and Ubuntu Studio. Powered by Linux kernel 4.10, these releases feature the latest stable versions of their respective desktop environments. This release will be followed by the Final Beta release on March 23 and final release on April 13.
  • Ubuntu 17.04 Beta 1 Now Available to Download
    The first beta releases in the Ubuntu 17.04 development cycle are ready for testing, with Xubuntu, Ubuntu GNOME and Ubuntu Budgie among the flavors taking part.