Language Selection

English French German Italian Portuguese Spanish

Security

New Firefox cookie vulnerability, workaround

Filed under
Security

Security researcher/hacker, Michal Zalewski has released a report on a security vulnerability affecting Firefox 2.0.0.1 and possibly earlier versions. The vulnerability could allow a malicious web site to impersonate an authentic one and set a cookie on its behalf. Zalewski recommends this workaround:

Filesystem encryption in mixed environments with TrueCrypt

Filed under
Security

If you want to encrypt your sensitive files so that no one can access them without your personal password or decryption key, you have several options. But if you want a free, cross-platform, open source encryption application, try TrueCrypt.

Ubuntu: Linux kernel vulnerabilities

Filed under
Security

Mark Dowd discovered that the netfilter iptables module did not correctly handle fragmented IPv6 packets. By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules.

Two flaws found in Firefox

Filed under
Security

A security company has reported two new flaws in the Mozilla Firefox browser that may leave locally saved files vulnerable to outside attacks.

Debian warns of Mozilla bugs

Filed under
Security

Linux distributor Debian issued a security advisory over the weekend, warning of several problems in Mozilla and associated products such as Mozilla Firefox.

M$ and Open Source Experts to Brief House of Lords

Filed under
Security

Representatives of Microsoft Corp and the open source community will this week brief members of the UK's House of Lords as part of its ongoing inquiry into personal internet security.

Automatically Scan Uploaded Files For Viruses With php-clamavlib

Filed under
Security
Ubuntu
HowTos

This guide describes how you can automatically scan files uploaded by users through a web form on your server using PHP and ClamAV. That way you can make sure that your upload form will not be abused to distribute malware. To glue PHP and ClamAV, we install the package php5-clamavlib/php4-clamavlib which is rather undocumented at this time. That package is available for Debian Etch and Sid and also for Ubuntu Dapper Drake and Edgy Eft.

Opera Has Words For Mozilla

Filed under
Software
Security

Opera Software is calling accusations made by Mozilla staffer Asa Dotzler regarding Opera's security disclosure policies, "dangerous and irresponsible."

Some unpleasant X.org vulnerabilities

Filed under
Security

iDefense Lab security researchers discovered that the expressions computing the parameters for ALLOCATE_LOCAL() in those functions are using client-provided value in an expression that is subject to integer overflows, which could lead to memory corruption. All X.Org X server version implementing the X render and dbe extensions are vulnerable.

Mozilla Takes Aim at Opera Security

Filed under
Software
Security

Opera Software may well be putting its browser users at risk by not properly disclosing security vulnerabilities to vulnerable users. At least that's the allegation made by Mozilla Corp.'s Asa Dotzler.

Syndicate content

More in Tux Machines

[GNU IceCat] browser is (finally) on Fedora

GNU Icecat will be available on Fedora updates-testing repositories for some days. That’s right time to test harshly this new web browser (really it’s not so new considering it’s a fork of Firefox) and leave a positive/negative karma or open a bug. Read more

today's howtos

today's howtos

Leftovers: Gaming

  • Ryan Icculus Gordon On The Linux Action Show
    Ryan Icculus Gordon has just recently been on a guest on the excellent Linux Action Show to talk about Linux gaming. Ryan Icculus Gordon is the name behind a number of big ports, and you can see here just what he has done. Hint: It's a lot.
  • Empire: Total War Looks Close To A Linux Version, Pokes Fun At Linux Gamers
    We already knew that Total War: Rome II would come to Linux which sadly didn't come out when expected early this year, but now it looks like the original Empire: Total War will come to Linux too.
  • Another (Linux) game added to the Humble Jumbo Bundle 2
    - Legend of Grimrock: Old school and modern gaming combines in this thrilling dungeon crawler RPG from Almost Human Games. A group of prisoners are sentenced to certain death by exile to the secluded Mount Grimrock for vile crimes they may or may not have committed. Unbeknownst to their captors, the mountain is riddled with ancient tunnels, dungeons, and tombs built by crumbled civilizations long perished now. If they ever wish to see daylight again and reclaim their freedom, the ragtag group of prisoners must form a team and descend through the mountain, level by level.