Language Selection

English French German Italian Portuguese Spanish

Security

Debian Server restored after Compromise

Filed under
Security

One core Debian server has been reinstalled after a compromise and services have been restored. On July 12th the host gluck.debian.org has been compromised using a local root vulnerability in the Linux kernel. The intruder had access to the server using a compromised developer account.

Debian server hacked

Filed under
Security

"Early this morning we discovered that someone had managed to compromise gluck.debian.org," Debian developer James Troup wrote in an e-mail to the Debian community shortly before 4am AEST.

FBI plans new Net-tapping push

Filed under
Security

The FBI has drafted sweeping legislation that would require Internet service providers to create wiretapping hubs for police surveillance and force makers of networking gear to build in backdoors for eavesdropping.

Researcher Promises Browser Bug-A-Day

Filed under
Security

A security researcher has promised to release one browser vulnerability each day for the next month as part of his self-proclaimed "Month of Browser Bugs."

SQL Injection Weaknesses Found in Mambo, Joomla

Filed under
Security

Potentially serious security flaws have been found in existing versions of the Mambo and Joomla content management systems, and developers of the two projects are advising users to install upgrades or security patches as soon as possible.

The battle of the spam

Filed under
Security

A French-based Englishman, John Graham-Cumming, is about 666,666 clicks away from creating a weapon to kill spam for good.

Security Vendor Warns Of Porn-clicking Browser

Filed under
Security

A free Web browser that bills itself as a tool for privacy protection is, in fact, a click-fraud engine for pornographic Web sites, security vendor Panda Software warned Friday.

MySQL Mistakenly Shares Customer E-mail Addresses

Filed under
Security

A mass e-mail sent out last week by open-source database vendor MySQL erroneously contained the e-mail addresses of about 9,300 customers instead of information on a series of software-support special offers that the company meant to publicize.

KDE Security Updates: Artswrapper and KDM

Filed under
Security

KDE made two security announcements today, the KDM Symlink Vulnerability is a potential local exploit on systems using KDM as their login manager. Artswrapper return value checking vulnerability affects Linux 2.6 systems that have artswrapper installed SUID root.

Syndicate content

More in Tux Machines

35 Open Source Tools for the Internet of Things

In a nutshell, IoT is about using smart devices to collect data that is transmitted via the Internet to other devices. It's closely related to machine-to-machine (M2M) technology. While the concept had been around for some time, the term "Internet of Things" was first used in 1999 by Kevin Ashton, who was a Procter & Gamble employee at the time. Read more

IoT tinkerers get new Linux hub & open platforms

Cloud Media, the maker of entertainment box Popcorn Hour, launched a project on Kickstarter, Inc. that will add to the growing number of smart hubs for people to connect and control smart devices. Called the STACK Box, it features a Cavium ARM11 core processor, 256MB DDR3 RAM, 512MB flash, SD slot, 802.11n WiFi, Bluetooth LE 4.0, Z-Wave, standard 10/100 Ethernet port, optional X10 wired communication, 5 USB 2.0 ports, RS-232 port, 2 optocoupler I/O, Xbee Bus, Raspberry Pi-compatible 26-pin bus and runs Linus Kernel 3.10. IT also features optional wireless communications for Dust Networks and Insteon with RF433/315, EnOcean, ZigBee, XBee, DCLink, RFID, IR coming soon. Read more

Citrix and Google partner to bring native enterprise features to Chromebooks

Chromebooks are making inroads into the education sector, and a push is coming for the enterprise with new native Chrome capabilities from Citrix. Google and Citrix have announced Citrix Receiver for Chrome, a native app for the Chromebook which has direct access to the system resources, including printing, audio, and video. To provide the security needed for the enterprise, the new Citrix app assigns a unique Receiver ID to each device for monitoring, seamless Clipboard integration across remote and local applications, end user experience monitoring with HDX Insight, and direct SSL connections. Read more

Is Open Source an Open Invitation to Hack Webmail Encryption?

While the open source approach to software development has proven its value over and over again, the idea of opening up the code for security features to anyone with eyeballs still creates anxiety in some circles. Such worries are ill-founded, though. One concern about opening up security code to anyone is that anyone will include the NSA, which has a habit of discovering vulnerabilities and sitting on them so it can exploit them at a later time. Such discoveries shouldn't be a cause of concern, argued Phil Zimmermann, creator of PGP, the encryption scheme Yahoo and Google will be using for their webmail. Read more