Language Selection

English French German Italian Portuguese Spanish

Security

Debian, Red Hat patch numerous OpenOffice flaws

Filed under
Security

Debian released a patch to fix multiple vulnerabilities in OpenOffice that open up the users' systems to compromise, Secunia reported on Wednesday.

One vulnerability was originally discovered by an anonymous researcher and reported to VeriSign’s iDefense Labs.

iDefense reported that research by Sean Larsson found additional flaws.

KDE Konqueror FTP PASV Response Handling Client-Side Port Scanning Vulnerability

Filed under
Security

A vulnerability has been identified in KDE Konqueror, which could be exploited by attackers to gain knowledge of sensitive information.

Two vulnerabilities in KDE BitTorrent client KTorrent

Filed under
Security

Version 2.1.2 of the open-source BitTorrent client KTorrent for KDE removes two vulnerabilities. The first one is said to enable an attacker to cause the application to crash. According to the bug report by Ubuntu the vulnerability also allows code to be injected onto a system and executed. The vulnerability is found in the module chunkcounter.cpp and is triggered by large idx values.

WordPress server hacked, downloads rigged with serious flaw

Filed under
Security

An unknown cracker broke into a server hosting downloads of the popular WordPress blogging software and rigged the file with a remotely exploitable code execution vulnerability. If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker.

Snort no fort, could be mugged by bug

Filed under
Security

A flaw in Snort, the popular open-source intrusion detection system, could be used by attackers to run malicious code on vulnerable machines, several security organizations reported yesterday.

Microsoft, Mozilla look into browser flaws

Filed under
Security

Microsoft and Mozilla are each working to tackle recently disclosed security flaws in the Internet Explorer and Firefox Web browsers.

New Firefox cookie vulnerability, workaround

Filed under
Security

Security researcher/hacker, Michal Zalewski has released a report on a security vulnerability affecting Firefox 2.0.0.1 and possibly earlier versions. The vulnerability could allow a malicious web site to impersonate an authentic one and set a cookie on its behalf. Zalewski recommends this workaround:

Filesystem encryption in mixed environments with TrueCrypt

Filed under
Security

If you want to encrypt your sensitive files so that no one can access them without your personal password or decryption key, you have several options. But if you want a free, cross-platform, open source encryption application, try TrueCrypt.

Ubuntu: Linux kernel vulnerabilities

Filed under
Security

Mark Dowd discovered that the netfilter iptables module did not correctly handle fragmented IPv6 packets. By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules.

Two flaws found in Firefox

Filed under
Security

A security company has reported two new flaws in the Mozilla Firefox browser that may leave locally saved files vulnerable to outside attacks.

Syndicate content

More in Tux Machines

Rugged mini-PC runs Android on Via’s Cortex-A9 SoC

Via debuted a rugged fanless low-power Android mini-PC based on Via’s dual-core Cortex-A9 Elite E1000 SoC, and offering mini-PCIe, mSATA, HDMI, and GbE I/O. Via designed the “Artigo A900″ mini-PC for use in Android-based interactive kiosks, home automation devices, signage, and other HMI solutions. The 125 x 125 x 30mm mini-PC can be configured to “blend locally-captured real-time video streams with cloud-delivered content to create visually-compelling interactive displays for retail, banking, museums, and other environments,” says Via Technologies. The device can integrate peripherals including sensors, cameras, ticket printers, and barcode and fingerprint scanners, adds the company. Read more

Newest Androids will join iPhones in offering default encryption, blocking police

The next generation of Google’s Android operating system, due for release next month, will encrypt data by default for the first time, the company said Thursday, raising yet another barrier to police gaining access to the troves of personal data typically kept on smartphones. Android has offered optional encryption on some devices since 2011, but security experts say few users have known how to turn on the feature. Now Google is designing the activation procedures for new Android devices so that encryption happens automatically; only somebody who enters a device's password will be able to see the pictures, videos and communications stored on those smartphones. Read more

X.Org Server Shatter Project Fails

Earlier this summer was the start of an X.Org-funded project to develop Shatter. Shatter has long been talked about as a new feature for the X.Org Server to replace Xinerama. Shatter comes down to allowing the X.Org Server to split the rendering between multiple GPUs with each GPU covering different areas of a larger desktop. A student from Cameroon hoped to develop the Shatter support after such feature was talked about for years. The student, Nyah Check, was being funded by the X.Org Foundation through the foundation's Endless Vacation of Code project that's similar in nature to Google's GSoC but runs year-round and is much more loose about requirements. Read more

today's howtos