Security is a top priority for Google. We've invested a lot in making our products secure, including strong SSL encryption by default for Search, Gmail and Drive, as well as encrypting data moving between our data centers. Beyond securing our own products, interested Googlers also spend some of their time on research that makes the Internet safer, leading to the discovery of bugs like Heartbleed.
The success of that part-time research has led us to create a new, well-staffed team called Project Zero.
OpenBSD developers have announced their first release of LibreSSL portable.
LibreSSL 2.0.0 is the release and is tested to build on Linux, Solaris, Mac OS X, and FreeBSD systems. Bob Beck of OpenBSD explains, "This is intended as an initial release to allow the community to start using and providing feedback. We will be adding support for other platforms as time and resources permit."
Granted, Google has been updating handset issues at a quicker pace – particularly when it comes to security patches, via Play Services –and so far, the telcos have not played spoilers. But remember: Google has not initiated a move to push an entirely new OS directly to users except to those who own Google’s telco independent Nexus brand devices. Keep in mind that there’s a big difference between updating a feature or security patch and producing an entirely new OS. OS updates typically up the Kernel and the radios. It will be interesting (and historical) if the telcos continue to stay out of the way.
"We're heavily involved in Drupal. I'm a member of the Drupal security team and the former lead of the team for over two years," Knaddison said. "So it's an area where we have a fair amount of expertise and depth, and we feel that our situation is best served by fixing vulnerabilities directly in the software itself."
A new story published on the German site Tagesschau and followed up by BoingBoing and DasErste.de has uncovered some shocking details about who the NSA targets for surveillance including visitors to Linux Journal itself.
While it has been revealed before that the NSA captures just about all Internet traffic for a short time, the Tagesschau story provides new details about how the NSA's XKEYSCORE program decides which traffic to keep indefinitely. XKEYSCORE uses specific selectors to flag traffic, and the article reveals that Web searches for Tor and Tails--software I've covered here in Linux Journal that helps to protect a user's anonymity and privacy on the Internet--are among the selectors that will flag you as "extremist" and targeted for further surveillance. If you just consider how many Linux Journal readers have read our Tor and Tails coverage in the magazine, that alone would flag quite a few innocent people as extremist.
The Blackphone is something that had debuted back in February as an anti-surveillance device in the wake of the severe NSA threats which had emerged around that time. This device has been priced at $629 and it comes equipped with an Android-based operating system which kicks in an array of security traits.
Blackphone, an Android-based smartphone developed by Silent Circle, SGP Technologies and Geeksphone, is now shipping. The phone became a sensation during Mobile World Congress as it offered extreme privacy of communication. After the NSA revelations made by Edward Snowden, there is a huge demand for services or devices which offer privacy from NSA and other surveillance agencies. However even the Blackphone doesn’t offer any protection from NSA. Phil Zimmermann, one of the creators of the phone, said that Blackphone doesn’t make you NSA proof.
About the only thing GNU Project founder Richard Stallman and I can agree on when it comes to software freedom is that it's "Free as in free speech, not free beer."
I really hope the Heartbleed vulnerability helps bring home the message to other communities that FOSS does not materialize out of empty space; it is written by people. We love what we do, which is why I'm sitting here, way past midnight on a Saturday evening, writing about it; but we are also real people with kids, cars, mortgages, leaky roofs, sick pets, infirm parents, and all kinds of other perfectly normal worries.
The only way to improve the quality of FOSS is to make it possible for these perfectly normal people to spend time on it. They need time to review patch submissions carefully, to write and run test cases, to respond to and fix bug reports, to code, and most of all, time just to think about the code and what should happen to it.