Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

FreeNAS 9.10 Open-Source Storage Operating System Adds USB 3.0 & Skylake Support

Filed under
Security
BSD

Jordan Hubbard from the FreeNAS project, an open-source initiative to create a powerful, free, secure, and reliable NAS (Network-attached storage) operating system based on BSD technologies, announced the release of FreeNAS 9.10.

FreeNAS 9.10 is the tenth maintenance release in the current stable 9.x series of the project, thus bringing the latest security patches from upstream, support for new devices, as well as several under-the-hood updates. As expected, FreeNAS 9.10 has been rebased on the latest FreeBSD 10.3 RC3 (Release Candidate) release.

Read more

Security Leftovers

Filed under
Security
  • Security advisories for Monday
  • Cryptostalker, a Tool to Detect Crypto-Ransomware on Linux

    A while back, we stumbled upon an interesting GitHub repo dubbed randumb, which included an example called Cryptostalker, advertised as a tool to detect crypto-ransomware on Linux.

    Cryptostalker and the original project randumb are the work of Sean Williams, a developer from San Francisco. Mr. Williams wanted to create a tool that monitored the filesystem for newly written files, and if the files contained random data, the sign of encrypted content, and they were written at high speed, it would alert the system's owner.

  • Google slings critical patch at exploited Linux kernel root hole

    Google has shipped an out-of-band patch for Android shuttering a bug that is under active exploitation to root devices.

    The vulnerability (CVE-2015-1805) affects all Android devices running Linux kernel versions below 3.18.

  • Everything is fine, nothing to see here!

    Today everyone who is REALLY, I mean REALLY REALLY good at security got there through blood sweat and tears. Nobody taught them what they know, they learned it on their own. Many of us didn't have training when we were learning these things. Regardless of this though, if training is fantastic, why does it seem there is a constant march toward things getting worse instead of better? That tells me we're not teaching the right skills to the right people. The skills of yesterday don't help you today, and especially don't help tomorrow. By its very definition, training can only cover the topics of yesterday.

  • Inside the Starburst-sized box that could save the Internet

    Cybercrime is costing us millions. Hacks drain the average American firm of $15.4 million per year, and, in the resulting panic, companies often spend more than $1.9 million to resolve a single attack. It’s time to face facts: Our defenses aren’t strong enough to keep the hackers out.

  • Utah’s Online Caucus Gives Security Experts Heart Attacks

    On Tuesday, registered Republicans in Utah who want to participate in their state’s caucus will have the option to either head to a polling station and cast a vote in person or log onto a new website and choose their candidate online. To make this happen, the Utah GOP paid more than $80,000 to the London-based company Smartmatic, which manages electronic voting systems and internet voting systems in 25 countries and will run the Utah GOP caucus system.

Security Leftovers

Filed under
Security

Snowden: “I Used Free And Open Source Software Like Debian And TOR. I Didn’t Trust Microsoft”

Filed under
GNU
Linux
Security
Debian

At the Free Software Foundation’s LibrePlanet2016 conference on Saturday, NSA whistleblower Edward Snowden participated in a discussion regarding free software and security. He joined the talk via video conferencing from Russia.

Edward Snowden told that he was able to disclose the secrets of American government and its projects of mass surveillance using free software. The event was being held in an MIT lecture hall and this statement drew a wide round of applause.

Praising the likes of Debian, Tails, and TOR, he said — “What happened in 2013 couldn’t have happened without free software.”

Read more

Also: OS X and Linux rise in developer market to threaten Windows

Antivirus Live CD 17.0-0.99.1 Uses ClamAV 0.99.1 to Clean Your PCs of Viruses

Filed under
Linux
Security

4MLinux developer Zbigniew Konojacki today informs Softpedia about the immediate availability for download of a new build of his Antivirus Live CD tool based on the latest 4MLinux and ClamAV projects.

Read more

Security Leftovers

Filed under
Security
  • Leopard Flower firewall – Protect your bytes

    Several months ago, I decided to explore a somewhat obscure topic of outbound per-application firewall control in Linux. A concept that Windows users are well familiar with, it’s been around for ages, providing Windows folks with a heightened sense of – if not practical factual – protection against rogues residing in their system and trying to phone home.

    In Linux, things are a little different, but with the growing flux of Windows converts arriving at the sandy shores of open-source, the notion of need for outbound control of applications has also risen, giving birth to software designed to allay fears if not resolve problems. My first attempt to play with Leopard Flower and Douane was somewhat frustrating. Now, I’m going to revisit the test, focusing only on the former.

    [...]

    Leopard Flower firewall is an interesting concept. Misplaced, though, for most parts. It caters to a Windows need that does not exist on Linux, and to be frank, has no place in the Microsoft world either. Then, it also tries to resolve a problem of control and knowledge by requiring the user to exercise the necessary control and knowledge. But if they had those to begin with, they wouldn’t need to dabble in per-application firewalls. Furthermore, the software is still fairly immature. There are at least half a dozen little things and changes that can be implemented to make lpfw more elegant, starting with installation and followed by service and GUI model, prompts, robustness, and a few others.

  • Critical bug in libotr could open users of ChatSecure, Adium, Pidgin to compromise
  • Clair 1.0 Brings Advances in Container Security

    CoreOS pushes the open-source container security project to the 1.0 milestone and production stability.
    As container use grows, there is an increasing need to understand from a security perspective what is actually running in a container. That's the goal of CoreOS' Clair container security project, which officially hits the 1.0 milestone today, in an effort to help organizations validate container application security.

Security Leftovers

Filed under
Security
  • Friday's security updates
  • At pwn2Own, Chrome, Flash and Other Key Tools Proved Vulnerable
  • Motor Vehicles Increasingly Vulnerable to Remote Exploits

    As previously reported by the media in and after July 2015, security researchers evaluating automotive cybersecurity were able to demonstrate remote exploits of motor vehicles. The analysis demonstrated the researchers could gain significant control over vehicle functions remotely by exploiting wireless communications vulnerabilities. While the identified vulnerabilities have been addressed, it is important that consumers and manufacturers are aware of the possible threats and how an attacker may seek to remotely exploit vulnerabilities in the future. Third party aftermarket devices with Internet or cellular access plugged into diagnostics ports could also introduce wireless vulnerabilities.

  • Malvertising hits BBC, Newsweek, NYT and MSN

    Links to malware inside online advertising bypassed the security systems of the advertising serving companies and distributed ransomware to unsuspecting ‘link clickers’.

    Earlier this week major websites including BBC, Newsweek, New York Times and MSN ‘hosted’ malvertising on their sites that has been credited as the largest of attack of its type for two years. Previously Google’s DoubleClick and Zedo ad servers were ‘infected’ and YouTube, Amazon and Yahoo websites used advertisements served from them.

    Although ad serving networks try to filter out malicious ones, occasionally altered ones’ slip in. On a high-traffic site, this means a large pool of potential victims. Websites that serve the ads are usually unaware of the problem.

    AppNexus, one of the ad servers said it has an anti-malware detection system called Sherlock it uses to screen ads and also uses a filtering product from a third-party vendor. "We devote considerable financial resources to safeguarding our customers. Unfortunately, bad actors also invest considerably in developing new forms of malware,” said Josh Zeitz, vice president of communications.

  • Security Researcher Goes Missing After Investigating Bangladesh Bank Cyber-Heist

    Tanvir Hassan Zoha, 34, security researcher, has gone missing just days after accusing Bangladesh's central bank officials of negligence, which facilitated the theft of over $81 million from the country's oversea accounts.

Linux Kernel 3.12.57 LTS Out Now with ALSA, EFI, and Xen Improvements, Bugfixes

Filed under
Linux
Security

On March 18, 2016, kernel developer Jiri Slaby announced the release of the fifty-seventh maintenance build of the long-term supported Linux 3.12 kernel series.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Thursday
  • Locky Ransomware Spreading in Massive Spam Attack

    Trustwave said over the last seven days, malware-laced spam has represented 18 percent of total spam collected in its honeypots. Trustwave said malware-infected spam typically represent less than 2 percent of total spam. The recent increase to 18 percent is almost entirely traced to ransomware JavaScript downloaders. Campaigns aren’t continuous, Trustwave reported, but are delivered in hour-long bursts.

  • Considering Docker? Consider Security First

    Containers started making a big splash in IT and dev operations starting in 2014. The benefits of flexibility and go-live times, among many others, are almost undeniable. But large enterprises considering using a container platform for development or IT operations should pause and consider security first.

Syndicate content

More in Tux Machines

Android Leftovers

Licensing resource series: Free GNU/Linux distributions & GNU Bucks

When Richard Stallman set out to create the GNU Project, the goal was to create a fully free operating system. Over 33 years later, it is now possible for users to have a computer that runs only free software. But even if all the software is available, putting it all together yourself, or finding a distribution that comes with only free software, would be quite the task. That is why we provide a list of Free GNU/Linux distributions. Each distro on the list is commited to only distributing free software. With many to choose from, you can find a distro that meets your needs while respecting your freedom. But with so much software making up an entire operating system, how is it possible to make sure that nothing nasty sneaks into the distro? That's where you, and GNU Bucks come in. Read more

Linux 4.7.6

I'm announcing the release of the 4.7.6 kernel. All users of the 4.7 kernel series must upgrade. The updated 4.7.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.7.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-st... Read more Also: Linux 4.4.23

Linaro beams LITE at Internet of Things devices

Linaro launched a “Linaro IoT and Embedded” (LITE) group, to develop end-to-end open source reference software for IoT devices and applications. Linaro, which is owned by ARM and major ARM licensees, and which develops open source software for ARM devices, launched a Linaro IoT and Embedded (LITE) Segment Group at this week’s Linaro Connect event in Las Vegas. The objective of the LITE initiative is to produce “end to end open source reference software for more secure connected products, ranging from sensors and connected controllers to smart devices and gateways, for the industrial and consumer markets,” says Linaro. Read more Also:

  • Linaro organisation, with ARM, aims for end-end open source IoT code
    With the objective of producing reference software for more secure connected products, ranging from sensors and connected controllers to smart devices and gateways, for the industrial and consumer markets, Linaro has announced LITE: Collaborative Software Engineering for the Internet of Things (IoT). Linaro and the LITE members will work to reduce fragmentation in operating systems, middleware and cloud connectivity solutions, and will deliver open source device reference platforms to enable faster time to market, improved security and lower maintenance costs for connected products. Industry interoperability of diverse, connected and secure IoT devices is a critical need to deliver on the promise of the IoT market, the organisation says. “Today, product vendors are faced with a proliferation of choices for IoT device operating systems, security infrastructure, identification, communication, device management and cloud interfaces.”
  • An open source approach to securing The Internet of Things
  • Addressing the IoT Security Problem
    Last week's DDOS takedown of security guru Brian Krebs' website made history on several levels. For one, it was the largest such reported attack ever, with unwanted traffic to the site hitting levels of 620 Gbps, more than double the previous record set back in 2013, and signalling that the terabyte threshold will certainly be crossed soon. It also relied primarily on compromised Internet of Things devices.