Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Security advisories for Monday
  • Outdated authentication practices create an opportunity for threat hunter Infocyte

    “Having Linux allows us to look at web servers, for instance. If you’re going to bypass the biometrics, you’re going to need to get into that system itself,” Gerritz says. “That’s where we come in, is finding people who have inserted themselves under that authentication layer.”

  • Cable Sees NFV Enhancing Network Security

    Network functions virtualization is all the rage because of the money it can save, and because of the network flexibility it helps afford, but the cable industry is enthused about NFV for yet another, less publicized benefit: the potential NFV creates for improving network security.

  • IoT Consensus - A Solution Suggestion to the 'Baskets of Remote' Problem by Benedikt Herudek

    Bitcoin is able to integrate and have endpoints (in Bitcoin terminology ‘wallets’ and ‘miners’) seamlessly talk to each other in a large and dynamic network. Devices and their protocols do not have the ability to seamlessly communicate with other devices. This presentation will try to show where Bitcoin and the underlying Blockchain and Consenus Technology can offer an innovative approach to integrating members of a large and dynamic network.

  • Ready to form Voltron! why security is like a giant robot make of lions

    Due to various conversations about security this week, Voltron came up in the context of security. This is sort of a strange topic, but it makes sense when we ponder modern day security. If you talk to anyone, there is generally one thing they push as a solution for a problem. This is no different for security technologies. There is always one thing that will fix your problems. In reality this is never the case. Good security is about putting a number of technologies together to create something bigger and better than any one thing can do by itself.

  • Email Address Disclosures, Preliminary Report, June 11 2016

    On June 11 2016 (UTC), we started sending an email to all active subscribers who provided an email address, informing them of an update to our subscriber agreement. This was done via an automated system which contained a bug that mistakenly prepended between 0 and 7,618 other email addresses to the body of the email. The result was that recipients could see the email addresses of other recipients. The problem was noticed and the system was stopped after 7,618 out of approximately 383,000 emails (1.9%) were sent. Each email mistakenly contained the email addresses from the emails sent prior to it, so earlier emails contained fewer addresses than later ones.

  • Universities Become New Target for Ransomware Attacks [iophk: "Calgary has no excuse, given the particular tech activity headquartered specifically in their town. Some top Univ executives need firing +fines for having allowed Microsoft into their infrastructure."]

    This week the University of Calgary in Canada admitted paying C$20,000 (€13,900) to a hacker to regain access to files stored in 600 computers, after it suffered a ransomware attack compromising over 9,000 email accounts. In order to receive the keys, the school paid the equivalent of C$20,000 in Bitcoins.

  • Blue Coat to Sell Itself to Symantec, Abandoning I.P.O. Plans

    Blue Coat Systems seemed poised to begin life as a public company, after selling itself to a private equity firm last year.

    Now, the cybersecurity software company plans to sell itself to Symantec instead.

    Blue Coat said late on Sunday that it would sell itself to Symantec for $4.65 billion. As part of the deal, Blue Coat’s chief executive, Greg Clark, will take over as the chief executive of the combined security software maker.

    To help finance the transaction, Blue Coat’s existing majority investor, Bain Capital, will invest an additional $750 million in the deal. The private equity firm Silver Lake, which invested $500 million in Symantec in February, will invest an additional $500 million.

Security Leftovers

Filed under
Security

App stores and Linux repositories: Maybe the worst ideas ever

Filed under
Linux
Security

Technically, since we’re talking about Linux and free/open source software here, there’s nothing stopping someone from cloning the entire repository for a system before it goes offline and then providing that repository as a service to people who still want it. But this is a big undertaking and is something that a casual user of a platform simply isn’t going to do.

In my case, I absolutely would have done this for my N810. I would have cloned the entire repository, including system updates, and hosted it on my server for personal use (and provided it to anyone else who needed it). Would I have ever bothered to update it? Probably not. But I would have had it there for as long as I ran that device. But, alas, I didn’t know the company was killing the entire repository (perhaps I should have expected it, but I didn’t). So, I’m plum out of luck. Plus, I’m weird. Most people would absolutely not clone a repository and self-host it. That's just a crazy thing to do.

Read more

Security Leftovers

Filed under
Security
  • EFF's Badge Hack Pageant Returns to DEF CON

    We are proud to announce the return of EFF's Badge Hack Pageant at the 24th annual DEF CON hacking conference in Las Vegas. EFF invites all DEF CON attendees to stretch their creative skills by reinventing past conference badges as practical, artful, and over-the-top objects of their choosing. The numerous 2015 pageant entries included a crocheted badge cozy, a quadcopter, counterfeit badges, a human baby, a breathalyzer, a dazzling array of LED shows, and more than one hand-made record player that would make MacGyver weep. We encourage you to join us and contribute something whether you are a crafter, a beginner, or a hardware hacking wizard. It's a great summer project so get started now and enjoy a great show!

  • @Deray’s Twitter Hack Reminds Us Even Two-Factor Isn’t Enough

    This has been the week of Twitter hacks, from Mark Zuckerberg to a trove of millions of passwords dumped online to, most recently, Black Lives Matter activist DeRay McKesson.

  • System calls for memory protection keys

    "Memory protection keys" are an Intel processor feature that is making its first appearance in Skylake server CPUs. They are a user-controllable, coarse-grained protection mechanism, allowing a program to deny certain types of access to ranges of memory. LWN last looked at kernel support for memory protection keys (or "pkeys") at the end of 2015. The system-call interface is now deemed to be in its final form, and there is a push to stage it for merging during the 4.8 development cycle. So the time seems right for a look at how this feature will be used on Linux systems.

YubiKey NEO: Ubuntu 16.04 usefulness (+ review)

Filed under
Reviews
Security
Ubuntu

I got a hold of a YubiKey NEO, so I was wondering how useful it is and what can I do with it. Here’s my “tutorial” on setting it up using Ubuntu 16.04 and actually using it.

Read more

Tails 2.4 Launched With TOR 6.0 — Best Linux Distro For Anonymity And Privacy

Filed under
GNU
Linux
Security
Debian

Tails is a popular privacy-focused Linux distribution–here are some other Linux distros for different purposes–with an aim to provide anonymous computing experience. This distro was most famously used by NSA whistleblower Edward Snowden.

If you are acquainted with Tails, you might be knowing that Tails forces all the network activity to go through the TOR network, making your all activities anonymous. Being a Live Linux distro, it can be booted from an SD card, DVD, or USB drive.

Read more

Security Leftovers

Filed under
Security
  • Massive DDoS attacks reach record levels as botnets make them cheaper to launch

    There were 19 distributed denial-of-service (DDoS) attacks that exceeded 100 Gbps during the first three months of the year, almost four times more than in the previous quarter.

    Even more concerning is that these mega attacks, which few companies can withstand on their own, were launched using so-called booter or stresser botnets that are common and cheap to rent. This means that more criminals can now afford to launch such crippling attacks.

  • Twitter locks user accounts that need 'extra protection'

    Better safe than sorry, or so goes Twitter's latest thinking.

    The social network on Friday maintained it was not the victim of a hack or data breach, as previously reported. But Michael Coates, Twitter's head of information security, wrote in a blog post that the company has identified some accounts that need "extra protection." Those accounts have been locked, requiring users to reset their passwords in order to access them.

Security Leftovers

Filed under
Security
  • Tuesday's security updates
  • Security advisories for Wednesday
  • Thursday's security updates
  • Security advisories for Friday
  • Slicing Into a Point-of-Sale Botnet

    Point-of-sale based malware has driven most of the credit card breaches over the past two years, including intrusions at Target and Home Depot, as well as breaches at a slew of point-of-sale vendors. The malware usually is installed via hacked remote administration tools. Once the attackers have their malware loaded onto the point-of-sale devices, they can remotely capture data from each card swiped at that cash register.

  • Microsoft's BITS file transfer tool fooled into malware distribution

    Researchers at Dell SecureWorks have spotted a new and dangerous way to misuse of Microsoft's Background Intelligent Transfer Service (BITS).

    While working on a customer clean-up project, SecureWorks staff found that attackers had created self-contained BITS tasks that didn't appear in the registries of affected machines, and their footprints were limited to entries on the BITS database.

    The attack was spotted on a Windows 7 machine in an academic administration environment.

iTWire shows Linux Australia the right way to host a server

Filed under
GNU
Linux
Server
Security

An iTWire article appears to have resulted in Linux Australia seeing the folly of not having proper arrangements in place for hosting its website.

Further, a member of Linux Australia has suggested the office-bearers should resign en masse for not anticipating a breakdown in hosting the organisation's website recently.

Linux Australia secretary, Sae Ra Germaine, posted to the Linux-aus mailing list in April to explain why the organisation experienced server downtime, ultimately because the team charged with managing this task, while recognising a risk of disruption, did not engage with the University hosting the server instead choosing only to liaise with ex-employees, and discontinued searching for a new host between December 2015 and March 2016.

Read more

Also: Preventing break-ins on your Linux system

Imagination’s new router chips could save open source firmware from FCC rules

Filed under
OSS
Security

A company that designs MIPS processors for networking hardware says it is developing technology that would allow installation of open source firmware on wireless routers while still complying with the US Federal Communications Commission's latest anti-interference rules.

The FCC now requires router makers to prevent third-party firmware from changing radio frequency parameters in ways that could cause interference with other devices, such as FAA Doppler weather radar systems.

Read more

Also: Small footprint open source hypervisor makes highly efficient use of hardware virtualization technology in Imagination’s MIPS CPUs

Syndicate content

More in Tux Machines

Red Hat News

  • Improving Storage Performance with Ceph and Flash
    Ceph is a storage system designed to be used at scale, with clusters of Ceph in deployment in excess of 40 petabytes today. At LinuxCon Europe, Allen Samuels, Engineering Fellow at Western Digital, says that Ceph has been proven to scale out reasonably well. Samuels says, “the most important thing that a storage management system does in the clustered world is to give you availability and durability,” and much of the technology in Ceph focuses on controlling the availability and the durability of your data. In his presentation, Samuels talks not just about some of the performance advantages to deploying Ceph on Flash, but he also goes into detail about what they are doing to optimize Ceph in future releases.
  • Ceph and Flash by Allen Samuels, Western Digital
  • Red Hat Opens Up OpenShift Dedicated to Google Cloud Platform
    When businesses and enterprises begin adopting data center platforms that utilize containerization, then and only then can we finally say that the container trend is sweeping the planet. Red Hat’s starter option for containerization platforms is OpenShift Dedicated — a public cloud-based, mostly preconfigured solution, which launched at this time last year on Amazon AWS.
  • Volatility Numbers in View for Red Hat, Inc. (NYSE:RHT)

Leftovers: OSS and Sharing

  • Rhizome is working on an open-source tool to help archive digital content
    "The stability of this kind of easy archiving for document storage, review and revision is a great possibility, but the workflow for journalists is very specific, so the grant will allow us to figure out how it could function." Another feature of Webrecorder that journalists might find appealing, and one of the software's core purposes, is to preserve material that might be deleted or become unavailable in time. However, the tool is currently operated under a Digital Millennium Copyright Act (DMCA) Takedown policy. This means any individual can ask for a record of their web presence or materials to be removed, so Rhizome will be working to "answer the more complicated questions and figure out policies" around privacy and copyright with the latest round of funding.
  • An ode to releasing software
    There is one particular moment in every Free and Open Source Software project: it’s the time when the software is about to get released. The software has been totally frozen of course, QA tests have been made, all the lights are green; the website still needs to be updated with the release notes, perhaps some new content and of course the stable builds have to be uploaded. The release time is always a special one. The very day of the release, there is some excitement and often a bit of stress. The release manager(s), as well as everyone working on the project’s infrastructure are busy making sure everything is ready when the upload of the stable version of the software, binaries and source, has been completed. In many cases, some attention is paid to the main project’s mirror servers so that the downloads are fluid and work (mostly) flawlessly as soon as the release has been pushed and published.
  • Diversity Scholarship Series: My Time at CloudNativeCon 2016
    CloudNativeCon 2016 was a wonderful first conference for me and although the whirlwind of a conference is tiring, I left feeling motivated and inspired. The conference made me feel like I was a part of the community and technology I have been working with daily.
  • WordPress 4.7 Content Management System Provides New Design Options
    WordPress is among the most widely used open-source technologies in the world, powering more than 70 million websites. WordPress 4.7 was released Dec. 6, providing a new milestone update including new features for both users and developers. As is typically the case with new WordPress releases, there is also a new default theme in the 4.7 update. The 2017 theme provides users with a number of interesting attributes including the large feature image as well as the ability to have a video as part of the header image. The Theme Customizer feature enables users to more intuitively adjust various elements of a theme, to fit the needs of websites that use will upgrade to WordPress 4.7. In addition, the new custom CSS (Cascading Style Sheets) feature within a theme preview lets users quickly see how style changes will change the look of a site. As an open-source project, WordPress benefits from participation of independent contributors and for the 4.7 release there were 482 contributors. In this slideshow eWEEK takes a look at some of the highlights of the WordPress 4.7 release.
  • Psychology Professor Releases Free, Open-Source, Preprint Software
    The Center for Open Science, directed by University of Virginia psychology professor Brian Nosek, has launched three new services to more quickly share research data as the center continues its mission to press for openness, integrity and reproducibility of scientific research. Typically, researchers send preprint manuscripts detailing their research findings to peer-reviewed academic journals, such as Nature and Science. The review process can take months or even years before publication – if the research is published at all. By contrast, “preprinting,” or sharing non-peer-reviewed research results online, enables crucial data to get out to the community the moment it is completed. That, said Nosek, is critical.
  • Integral Ad Science Launches Open Source SDK to Drive Mobile Innovation for the Advertising Industry
  • Tullett Prebon Information, Quaternion and Columbia University form open source risk collaboration
  • Tullett Prebon Information And Quaternion Risk Management Partner To Enhance Transparency And Standardisation In Risk Modelling – Partnership Fuels Columbia University Research To Improve Understanding Of Systemic Risk
  • Integral Ad Science Partners with Google, Others for Open Source Viewability
  • DoomRL creator makes free roguelike open-source to try and counter Zenimax legal threat
  • DoomRL Goes Open-Source in Face of Copyright Claims
    Earlier this week, ZeniMax Medi hit DoomRL, a popular roguelike version of the original first-person shooter, with a cease-and-desist order. This order instructed producer ChaosForge to remove the free downloadable game to prevent further legal action. Instead of taking it down, co-creator Kornel Kisielewicz turned the game open-source.
  • This Indian software company just partnered with the world’s biggest open source community
    In what can be called a major motivation for Indian tech firms, Amrut Software, an end-to-end Software, BPO services and solutions provider has become a GitHub distributor for India region. GitHub hosts world’s biggest open source community along with the most popular version control systems, configuration management and collaboration tools for software developers. It has some of the largest installations of repositories in the world.
  • Python 3.6 released with many new improvements and features
    Python,the high-level interpreted programming language is now one of the most preferred programming language by beginners and professional-level developers.So,here Python 3.6 is now available with many changes,improvements and of course the ease of Python was not left in the work list.

Security Leftovers