Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Fitbit can allegedly be hacked in 10 seconds

    Fitness-tracking wristband Fitbit, which has sold more than 20 million devices worldwide, and tracks your calorie count, heart rate and other highly personal information, can be remotely hacked, according to research by Fortinet. This gives hackers access to the computer to which you sync your Fitbit.

  • Adobe releases emergency patch for Flash zero-day flaw
  • Adobe confirms major Flash vulnerability, and the only way to protect yourself is to uninstall Flash

    Just one day after Adobe released its monthly security patches for various software including Flash Player, the company confirmed a major security vulnerability that affects all versions of Flash for Windows, Mac and Linux computers. You read that correctly… all versions. Adobe said it has been made aware that this vulnerability is being used by hackers to attack users, though it says the attacks are limited and targeted. Using the exploit, an attacker can crash a target PC or even take complete control of the computer.

  • Western Digital self-encrypting hard drives riddled with security flaws

    Several versions of self-encrypting hard drives from Western Digital are riddled with so many security flaws that attackers with physical access can retrieve the data with little effort, and in some cases, without even knowing the decryption password, a team of academics said.

    The paper, titled got HW crypto? On the (in)security of a Self-Encrypting Drive series, recited a litany of weaknesses in the multiple versions of the My Passport and My Book brands of external hard drives. The flaws make it possible for people who steal a vulnerable drive to decrypt its contents, even when they're locked down with a long, randomly generated password. The devices are designed to self-encrypt all stored data, a feature that saves users the time and expense of using full-disk encryption software.

Tails Amnesic Incognito Live Linux OS Spotted on 'Homeland' TV Show

Filed under
GNU
Linux
Security
Debian

Spoiler alert! Don't read this if you haven't watched the third episode of the fifth season of Homeland, an acclaimed American television series that airs on the Showtime network.

If you've watched the show so far, then you know that there are a few new characters, such as Laura Sutton, an American journalist in Berlin, played by the beautiful Sarah Sokolovic, as well as Numan, a bearded hacker played by Atheer Adel.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Tuesday's security updates
  • Why Aren't There Better Cybersecurity Regulations for Medical Devices?

    This summer, the Food and Drug Administration warned hospitals to stop using a line of drug pumps because of a cybersecurity risk: a vulnerability that could allow an attacker to remotely deliver a fatal dose to a patient. SAINT Corporation engineer Jeremy Richards, one of the researchers who discovered the vulnerability, called the drug pump the “the least secure IP enabled device I’ve ever touched in my life.”

    There is a growing body of research that shows just how defenseless many critical medical devices are to cyberattack. Research over the last couple of years has revealed that hundreds of medical devices use hard-coded passwords. Other devices use default admin passwords, then warn hospitals in the documentation not to change them.

  • Congress Introduces Provision That Could Make Vehicle Security Research Illegal

    Far too often Congress proposes tech legislation that is either poorly researched or poorly drafted (or both). Fortunately, most of the bills don't advance. Unfortunately, this doesn’t seem to dissuade Congress from constantly writing these types of bills. The House Energy and Commerce Committee released such a bill last week. It's only a discussion draft and hasn't been introduced as a formal bill yet, but its provisions would not only effectively put the brakes on car security research, but also immunize auto manufactures from FTC privacy enforcement when (not if) they fail to secure our cars. It's a classic one-two punch from Congress: not understanding something and then deciding to draft a bill about it anyway.

  • Crypto researchers: Time to use something better than 1024-bit encryption

    It’s possible for entities with vast computing resources – such as the NSA and major national governments - to compromise commonly used Diffie-Hellman keys, and over time more groups will be able to afford cracking them as computing costs go down.

  • The first rule of zero-days is no one talks about zero-days (so we’ll explain)

    How do you defend yourself against the unknown? That is crux of the zero-day vulnerability: a software vulnerability that, by definition, is unknown by the user of the software and often its developer as well.

    Everything about the zero-day market, from research and discovery through disclosure and active exploitation, is predicated upon this fear of the unknown—a fear that has been amplified and distorted by the media. Is the world really at threat of destabilisation due to lone-wolf hackers digging up vulnerabilities in popular software packages and selling them to whichever repressive government offers the most money? Or is it just a classic case of the media and megacorp lobbyists focusing on the sexy, scary, offensive side of things, and glossing over the less alluring aspects?

VirtualBox 5.0.8 Has Better systemd Support, Debian and El Capitan Fixes

Filed under
OSS
Security

On October 20, Oracle announced the immediate availability for download of the eighth maintenance release of their open-source and cross-platform VirtualBox virtualization software for GNU/Linux, Mac OS X, and Windows operating systems.

Read more

Canonical Releases Important Security Patches for Ubuntu 15.04 and 14.04 LTS

Filed under
Security
Ubuntu

After announcing the general availability of a new kernel version of its Ubuntu 12.04 LTS (Precise Pangolin) operating system, Canonical published details about an important security patch for the kernel packages of Ubuntu 15.04 and Ubuntu 14.04 LTS.

Read more

AllSeen Alliance Adds Security Updates to Open Source IoT Platform

Filed under
OSS
Security

The AllSeen Alliance claims to have made open source Internet of Things (IoT) development more secure with the latest update to its AllJoyn IoT framework, Security 2.0. The new feature brings authentication, device authorization and encryption enhancements to the platform.

Read more

Git 2.6.2 Distributed Version Control System Has Many Bugfixes, Some Features

Filed under
OSS
Security

This past weekend, the developers of the open-source Git distributed version control system published details about the second maintenance release in the Git 2.6 series.

Read more

Attacker slips malware past Ubuntu Phone checks

Filed under
Security
Ubuntu

Canonical has issued a security advisory to all fifteen people who installed a particular Ubuntu Phone app.

While its reach might be trivial, the bug itself was serious: someone worked out how to bypass checks that are supposed to protect the Ubuntu Phone operating system's single-click app installation process.

Read more

Syndicate content

More in Tux Machines

Leftovers: OSS

Security Leftovers (Parrot Security OS 3.0 “Lithium”, Regulation)

  • Parrot Security OS 3.0 “Lithium” — Best Kali Linux Alternative Coming With New Features
    The Release Candidate of Parrot Security OS 3.0 ‘Lithium’ is now available for download. The much-anticipated final release will come in six different editions with the addition of Libre, LXDE, and Studio editions. The version 3.0 of this Kali Linux alternative is based on Debian Jessie and powered by custom hardened Linux 4.5 kernel.
  • Regulation can fix security, except you can't regulate security
    Every time I start a discussion about how we can solve some of our security problems it seems like the topics of professional organizations and regulation are where things end up. I think regulations and professional organizations can fix a lot of problems in an industry, I'm not sure they work for security. First let's talk about why regulation usually works, then, why it won't work for security.

Phoronix on Graphics

AMD's gaming-optimized AMDGPU-PRO driver for Linux is in beta

AMD has been working on a new Linux graphics driver stack, and it’s finally becoming usable. You can install the gaming-optimized AMDGPU-PRO driver on Ubuntu 16.04 today, and Valve just added it to the latest beta version of SteamOS. Read more