Language Selection

English French German Italian Portuguese Spanish

Security

Parsix GNU/Linux 8.15 (Nev) and 8.10 (Erik) Get Latest Debian Security Patches

Filed under
Security

It's been two weeks since our last report on the latest security updates pushed to the stable repositories of the Debian-based Parsix GNU/Linux operating system, and a new set of patches for various software components arrived the other day.

Read more

KDE Plasma 5.8.5 Is the Last Bugfix Release for 2016, over 55 Issues Resolved

Filed under
KDE
Security

As expected, KDE announced today the general and immediate availability of the fifth maintenance update to the long-term supported KDE Plasma 5.8 desktop environment for GNU/Linux distributions.

Read more

Security News

Filed under
Security
  • Security advisories for Monday
  • Is Mirai Really as Black as It’s Being Painted?

    An important feature of the way the Mirai botnet scans devices is that the bot uses a login and password dictionary when trying to connect to a device. The author of the original Mirai included a relatively small list of logins and passwords for connecting to different devices. However, we have seen a significant expansion of the login and password list since then, achieved by including default logins and passwords for a variety of IoT devices, which means that multiple modifications of the bot now exist.

    [...]

    If you ignore trivial combinations like “root:root” or “admin:admin”, you can get a good idea of which equipment the botnet is looking for. For example, the pairs “root:xc3511” and “root:vizxv” are default accounts for IP cameras made by rather large Chinese manufacturers.

  • Parrot Security 3.3 Ethical Hacking OS Updates Anonsurf, Fixes Touchpad Support

    A new stable release of the Debian-based Parrot Security ethical hacking and penetration testing operating system has been released on Christmas Day, versioned 3.3.

    Powered by a kernel from the Linux 4.8 series, Parrot Security OS 3.3 is here a little over two months since the release of Parrot Security 3.2, but it doesn't look like it's a major update and all that, as it only updates a few core components and hacking tools, and addresses a few of the bugs reported by users since version 3.2.

  • Linux Top 3: Guix, Parrot Security and OpenMandriva Lx

    The GNU Guix project builds a transactional package manager system and it is the base feature around which Guix SD(system distribution) is built.

    [...]

    The 3.01 release brings a number of major fixes since 3.0 release:

    updated software
    new drivers and kernel – better support for newer hardware
    many bugs fixed
    stable Plasma running on Wayland

  • LibreOffice 5.2.4 packages

    The computers worked frantically while I relaxed with my family. Slackware 14.2 and -current packages are ready for LibreOffice 5.2.4. Enjoy the newest version of this highly popular office suite.

Security News

Filed under
Security
  • SQL is Insecure

    SQL is insecure, tell everyone. If you use SQL, your website will get hacked. Tell everyone.

    I saw the news that the US Elections Agency was hacked by a SQL injection attack and I kind of lost it. It’s been well over two decades since prepared statements were introduced. We’ve educated and advised developers about how to avoid SQL injection, yet it still happens. If education failed, all we can do is shame developers into never using SQL.

    I actually really like SQL, I’ve even made a SQL dialect. SQL’s relational algebra is expressive, probably more so than any other NoSQL database I know of. But developers have proven far too often that it’s simply too difficult to know when to use prepared statements or just concatenate strings — it’s time we just abandon SQL altogether. It isn’t worth it. It’s time we called for all government’s to ban use of SQL databases in government contracts and in healthcare. There must be utter clarity.

  • Cyber-criminals target African countries with ransom-ware

    Once again Conficker retained its position as the world’s most prevalent malware, responsible for 15% of recognised attacks. Second-placed Locky, which only started its distribution in February of this year, was responsible for 6% of all attacks, and third-placed Sality was responsible for 5% of known attacks. Overall, the top ten malware families were responsible for 45% of all known attacks.

  • It's Incredibly Easy to Tamper with Someone's Flight Plan, Anywhere on the Globe

    It’s easier than many people realize to modify someone else’s flight booking, or cancel their flight altogether, because airlines rely on old, unsecured systems for processing customers’ travel plans, researchers will explain at the Chaos Communication Congress hacking festival on Tuesday. The issues predominantly center around the lack of any meaningful authentication for customers requesting their flight information.

    The issues highlight how a decades-old system is still in constant, heavy use, despite being susceptible to fairly simple attacks and with no clear means for a solution.

    “Whenever you take a trip, you are in one or more of these systems,” security researcher Karsten Nohl told Motherboard in a phone call ahead of his and co-researcher Nemanja Nikodijevic’s talk.

  • Open source risks and rewards – why team structure matters

    An impressive and user-friendly digital presence is an indispensable asset to any brand. It is often the first point of contact for customers who expect and demand great functionality and engaging content across multiple platforms. The finding that nearly half of us won't wait even three seconds for a website to load bears witness to ever increasing customer expectations which must be met.

    Partnership with a digital agency can be a great way to keep up to speed with rapid change and innovation but to ensure the very best outcome, both client and agency need to find an optimum commercial, creative and secure cultural fit. This should be a priority for both sides from the very first pitch. The promise of exceptional creativity and customer experience is one thing, but considering the more practical aspects of how the relationship will work is entirely another.

Security News

Filed under
Security
  • Friday's security advisories
  • The State of Linux Security

    In the last 10 years, GNU/Linux achieved something some foreseen as almost impossible: powering both the smallest and biggest devices in the world, and everything in between. Only the desktop is not a conquered terrain yet.

    The year 2016 had an impact on the world. Both from a real life perspective, as digitally. Some people found their personal details leaked on the internet, others found their software being backdoored. Let’s have a look back on what happened this year regarding Linux security.

BlackArch Linux

Filed under
GNU
Linux
Security
  • BlackArch Linux now has over 1,600 hacking tools

    To extensively support ethical hackers and white-hat cybersecurity experts, BlackArch Linux has released a new update with over 1,600 hacking tools. The latest version also comes with newer Linux kernel and includes enormous improvements and performance fixes.

    Emerged as BlackArch 2016.12.20, the update brings more than 100 new tools to support security professionals. These new tools have expanded the previous list to a total of 1,605 tools. Additionally, the distribution comes with Linux kernel 4.8.13 to deliver an improved and more stable experience than its previous release.

  • BlackArch Linux 2016.12.20 Ethical Hacking Distro Released With 100+ New Tools

Security News

Filed under
Security
  • Thursday's security updates
  • Lithuania said found Russian spyware on its government computers

    The Baltic state of Lithuania, on the frontline of growing tensions between the West and Russia, says the Kremlin is responsible for cyber attacks that have hit government computers over the last two years.

    The head of cyber security told Reuters three cases of Russian spyware on its government computers had been discovered since 2015, and there had been 20 attempts to infect them this year.

    "The spyware we found was operating for at least half a year before it was detected – similar to how it was in the USA," Rimtautas Cerniauskas, head of the Lithuanian Cyber Security Centre said.

  • Dear CIO: Linux Mint Encourages Users to Keep System Up-to-Date

    Swapnil Bhartiya gets it wrong.

    Let me start by pointing out that Bhartiya is not only a capable open source writer, he’s also a friend. Another also: he knows better. That’s why the article he just wrote for CIO completely confounds me. Methinks he jumped the gun and didn’t think it through before he hit the keyboard.

    The article ran with the headline Linux Mint, please stop discouraging users from upgrading. In it, he jumps on Mint’s lead developer Clement Lefebvre’s warning against unnecessary upgrades to Linux Mint.

Security Leftovers

Filed under
Security
  • Most ATMs in India Are Easy Targets for Hackers & Malware Attacks

    Hacking is a hotly debated subject across the country right now, and it’s fair to say that the ATM next door is also in danger. It has been reported that over 70 percent of the 2 lakh money-dispensing ATM machines in our country are running on Microsoft’s outdated Windows XP operating system, leaving it vulnerable to cyber attacks.

    Support for Windows XP was discontinued by Microsoft in 2014 which means that since then the company hasn’t rolled out any security updates for this Windows version.

    While it doesn’t make sense for banks to continue using outdated software, security experts feel that the practice stems from legacy behaviour, when physical attacks were a bigger threat than software hacks.

  • 20 Questions Security Pros Should Ask Themselves Before Moving To The Cloud

    A template for working collaboratively with the business in today's rapidly changing technology environment.

    Everywhere I go lately, the cloud seems to be on the agenda as a topic of conversation. Not surprisingly, along with all the focus, attention, and money the cloud is receiving, comes the hype and noise we’ve come to expect in just about every security market these days. Given this, along with how new the cloud is to most of us in the security world, how can security professionals make sense of the situation? I would argue that that depends largely on what type of situation we’re referring to, exactly. And therein lies the twist.

    Rather than approach this piece as “20 questions security professionals should ask cloud providers,” I’d like to take a slightly different angle. It’s a perspective I think will be more useful to security professionals grappling with issues and challenges introduced by the cloud on a daily basis. For a variety of reasons, organizations are moving both infrastructure and applications to the cloud at a rapid rate - far more rapidly than anyone would have forecast even two or three years ago.

  • Report: $3-5M in Ad Fraud Daily from ‘Methbot’

    New research suggests that an elaborate cybercrime ring is responsible for stealing between $3 million and $5 million worth of revenue from online publishers and video advertising networks each day. Experts say the scam relies on a vast network of cloaked Internet addresses, rented data centers, phony Web sites and fake users made to look like real people watching short ad segments online.

    Online advertising fraud is a $7 billion a year problem, according to AdWeek. Much of this fraud comes from hacked computers and servers that are infected with malicious software which forces the computers to participate in ad fraud. Malware-based ad fraud networks are cheap to acquire and to run, but they’re also notoriously unstable and unreliable because they are constantly being discovered and cleaned up by anti-malware companies.

  • Linux Backdoor Gives Hackers Full Control Over Vulnerable Devices [Ed: Microsoft booster Bogdan Popa says "Linux Backdoor"; that's a lie. It’s Microsoft that has them.]

IPFire 2.19 - Core Update 108 released

Filed under
GNU
Linux
Security

Just before Christmas, we are going to release the last Core Update for 2016. IPFire 2.19 – Core Update 108 brings some minor bug fixes and feature enhancements, some security fixes in ntp and various fixes in the squid web proxy.

Read more

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

Linux Lite

Linux Lite is a beginner-friendly Linux distribution that is based on the well known Ubuntu LTS and targeted at Windows users. Its mission is to provide a complete set of applications to support users' everyday computing needs, including a complete office suite, media players and other essential applications. Read more

today's leftovers

  • Effective Microservices Architecture with Event-Driven Design
    There’s no doubt, in the IT world, microservices are sexy. But just because you find something cool and attractive doesn’t mean it’s good for you. And it doesn’t mean you know how to use it properly.
  • Cloud Foundry Makes its Mark on the Enterprise
    "Proprietary will have to either get on board or be left in the dust."
  • Tumbleweed Review of the week 2017/25
    With the pace of Tumbleweed having resumed to ‘almost daily snapshots’ I will to the review again weekly instead of bi-weekly. It’s just easier to remember what big updates came in like this. This week I will cover the 6 snapshots 0616,0617,0618,0619,0620 and 0622 (again, 0622 just passed openQA and you will get it shortly on the mirror). There was also a 0621 tested, but discarded by openQA.
  • S10E16 – Enthusiastic Woozy Route
    It’s Season Ten Episode Sixteen of the Ubuntu Podcast! Alan Pope, Mark Johnson, Martin Wimpress and Joey Sneddon are connected and speaking to your brain.
  • My Meetup Slides: Deploy and Manage Kubernetes Clusters on Ubuntu in the Oracle Cloud
  •  
  • MinnowBoard 3 will offer Apollo Lake, triple M.2s, and Raspberry Pi expansion
    Minnowboard.org is prepping an open spec “MinnowBoard 3” SBC with a quad-core Apollo Lake, 4GB LPDDR4, 8GB eMMC, 3x M.2 sockets, and an RPi connector. The Intel-backed Minnowboard.org project has posted preliminary specs for an open-spec MinnowBoard 3 model to follow the recently shipped MinnowBoard Turbo Quad. Due to ship in the fall, the community-backed MinnowBoard 3 stands out with a 14nm Apollo Lake Atom, three M.2 sockets, and an “RPI” adapter. The only RPI we know of is Raspberry Pi, or more specifically, its much copied 40-pin expansion connector.
  • Open source social robot kit runs on Raspberry Pi and Arduino
    Thecorpora’s Scratch-ready “Q.bo One” robot is based on the RPi 3 and Arduino, and offers stereo cams, mics, a speaker, and visual and language recognition. In 2010, robotics developer Francisco Paz and his Barcelona-based Thecorpora startup introduced the first Qbo “Cue-be-oh” robot as an open source proof-of-concept and research project for exploring AI capabilities in multi-sensory, interactive robots. Now, after a preview in February at Mobile World Congress, Thecorpora has gone to Indiegogo to launch the first mass produced version of the social robot in partnership with Arrow.

Desktop: Popcorn Linux, Purism, Distro Hopping, System76, and 2017 Linux Laptop Survey

  • Popcorn Linux OS gives processors a common language
    Thanks to a new operating system called Popcorn Linux, the Navy may be able to speed systems development and cut maintenance. Developed by engineering researchers at Virginia Tech with support from the Office of Naval Research,  Popcorn Linux can compile different programming languages into a common format. The operating system takes generic coding language and translates it into multiple specialized program languages. Then it determines what pieces of the code are needed to perform particular tasks and transfers these instruction “kernels” (the “popcorn” part) to the appropriate function, ONR officials said. Chips for video systems might be programmed in one language and those for networking functions in another. These multicore processors improve computing speed, but they also force programmers to design or upgrade applications based on what programs run on which processors. That means complex systems like battlespace awareness and artificial intelligence that require specialized processors must be manually adjusted so components can interact with each other.
  • Purism's Security Focused Librem Laptops Go Mainstream as GA Begins, with $2.5M in Total Project Funding and 35 Percent Average Monthly Growth
  • Now it’s easier to buy Purism’s Linux laptops
    After running a crowdfunding campaign in 2015 to raise money for a laptop that runs free and open source software, Purism has been able to ship a limited number of 13 and 15 inch laptops, and the corporation is taking pre-orders for a 2-in-1 tablet.
  • Are You a Distro Hopper?
    Is distro hopping a dying sport or have I just gotten too old? When I first started to use Linux I was the quintessential cliche distro hopper. I swapped and switched flavor of Linux seemingly every other day, certain that at some point I’d find the right fit and stop, content with at whatever combination of distro base and desktop environment I’d hit upon.
  • System76 Continues Working On GNOME Improvements For Future Ubuntu
    System76 continues working on improvements to the GNOME stack as part of their transition in-step to using it over Unity 7, in line with Canonical's decision to switch Ubuntu over to GNOME and abandon their grand Unity 8 ambitions.
  • 2017 Linux Laptop Survey
    It has been a few years since last running any Linux hardware surveys on Phoronix, as overall the ecosystem has rather matured nicely while of course there are still notable improvements to be had in the areas of GPUs and laptops. (Additionally, OpenBenchmarking.org provides a plethora of analytic capabilities when not seeking to collect subjective data / opinions.) But now we are hosting the 2017 Linux Laptop Survey to hopefully further improvements in this area.

Software and GNOME: Pass, Popcorn Time, Nixnote2, Grive, Curlew, and GtkActionMuxer

  • Pass – A Simple command-line Password Manager for Linux
    Keep tracking the password is one of the big challenge to everyone now a days since we has multiple password like email, bank, social media, online portal, and ftp, etc.,. Password managers are become very famous due to the demand and usage. In Linux so many alternatives are available, GUI based and CLI based. Today we are going to discuss about CLI based password manager called pass.
  • Popcorn Time Watch Movies and TV Shows On Linux
    ​Watching your favorite TV shows and movies series is what you all guys do every day. Flash, Iron Fist or Moana and many more awesome movies and tv shows that we love to watch. The problems come when you are traveling. Many of your shows or movies are restricted to a particular region and cannot be accessed when you are traveling or want to just quickly watch that awesome flash punch from an episode of 1 month old.
  • Nixnote2 – A Clone of Evernote for Linux
    When I created a list of Alternative Evernote Clients for Linux, the formerly known NeverNote was on the list as NixNote since it hadn’t gained a “2” to its title yet. It has been 4 months since and I decided to give the app its own review for you guys. Without further ado, let’s get to it. NixNote2 (also called NixNote) is an unofficial client of Evernote for Linux. It possesses most of the features Evernote provides including the use of Notebooks, tags, themes, emails, and multiple accounts.
  • Grive – A Dockerized Google Drive Client for Linux
    Not too long ago I reviewed Grive2 as an alternative Google Drive client for Linux. Today, I’ll introduce you to Grive, a Docker implementation for the Google Drive client, Grive2. Docker (if you don’t already know what it is), is a tool designed to benefit both system admins and developers thanks to its use of containers. Docker’s containers provide a way for developers to create and distribute their apps using containers.
  • Curlew is a GTK Media Converter for the GNOME desktop
    There are plenty of free multimedia converters for Ubuntu available, with command-line champ FFmpeg arguably the most powerful of them all. But this power comes with a complexity. Using FFMpeg to convert media through the command line can be intimidating and arcane. Which is why FFMpeg frontends are popular.
  • Dazzle spotlight – Multi Paned and Action Muxing
    The way the GtkActionMuxer works is by following the widget hierarchy to resolve GActions. Since the HeaderBar is a sibling to the content area (and not a direct ancestor) you cannot activate those actions. It would be nice for the muxer to gain more complex support, but until then… Dazzle.