Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Notice of security breach on Ubuntu Forums [Ed: this is proprietary software on top of proprietary software. Shame!]

    Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched.

  • Ubuntu Forums Hacked! Here Is What Hacker Stole?
  • ChaosKey

    The Linux Kernel, starting with version 4.1, includes source for this driver. It should be built by default in your distribution. If your using Linux + KVM to host other Linux instances, read the VirtualMachine page to see how you can configure the guests to share the host entropy source.

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Room for Application Security Improvement

    Using open source components is a common software development process; just how common, however, may come as a surprise -- even a shock -- to some. The average organization uses 229,000 open source components a year, found research by Sonatype, a provider of software development lifecycle solutions that manages a Central Repository of these components for the Java development community.

    There were 31 billion requests for downloads from the repository in 2015, up from 17 billion in 2014, according to Sonatype.

    The number "blows people's minds," said Derek Weeks, a VP and DevOps advocate at Sonatype. "The perspective of the application security professional or DevOps security professional or open source governance professional is, 'This really changes the game. If it were 100, I could control that, but if it is 200,000 the world has changed."

  • Ubuntu Forums Suffer Data breach; Credit Goes to SQL Flaw

Ubuntu Forums Cracked. Again.

Filed under
Security
Ubuntu

Security Leftovers

Filed under
Security

Canonical Patches Linux Kernel Vulnerability in All Supported Ubuntu OSes

Filed under
Security
Ubuntu

Today, July 14, 2016, Canonical published multiple security notices to inform users of the Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr) and Ubuntu 15.10 (Wily Werewolf) operating systems about the availability of a new kernel update.

Read more

Changes in Tor

Filed under
OSS
Security

Security News

Filed under
Security
  • David A. Wheeler: Working to Prevent the Next Heartbleed

    The Heartbleed bug revealed that some important open source projects were so understaffed that they were unable to properly implement best security practices. The Linux Foundation’s Core Infrastructure Initiative , formed to help open source projects have the ability to adopt these practices, uses a lot of carrot and very little stick.

  • The First iPhone Hacker Shows How Easy It Is To Hack A Computer

    Viceland is known for its extensive security-focused coverage and videos. In the latest CYBERWAR series, it’s showing us different kinds of cyber threats present in the world around us. From the same series, recently, we covered the story of an ex-NSA spy that showed us how to hack a car.

    In another spooky addition to the series, we got to see how easily the famous iPhone hacker George Hotz hacked a computer.

    George Hotz, also known as geohot, is the American hacker known for unlocking the iPhone. He developed bootrom exploit and limera1n jailbreak tool for Apple’s iOS operating system. Recently, he even built his own self-driving car in his garage.

  • Beware; Adwind RAT infecting Windows, OS X, Linux and Android Devices

    Cyber criminals always develop malware filled with unbelievable features but hardly ever you will find something that targets different operating systems simultaneously. Now, researchers have discovered a malware based on Java infecting companies in Denmark but it’s only a matter of time before it will probably hit other countries.

  • 7 Computers Fighting Against Each Other To Become “The Perfect Hacker”

    Are automated “computer hackers” better than human hackers? DARPA is answering this question in positive and looking to prove its point with the help of its Cyber Grand Challenge. The contest finale will feature seven powerful computer fighting against each other. The winner of the contest will challenge human hackers at the annual DEF CON hacking conference.

Security Leftovers

Filed under
Security
  • Security updates for Wednesday
  • Download This Security Fix Now — All Versions Of Windows Operating System Hackable

    As a part of its monthly update cycle, Microsoft has released security patches for all versions of Windows operating system. This update addresses a critical flaw that lets an attacker launch man-in-the-middle attacks on workstations. This security vulnerability arises as the print spooler service allows a user to install untrusted drivers with elevated privileges.

  • The Truth About Penetration Testing Vs. Vulnerability Assessments

    Vulnerability assessments are often confused with penetration tests. In fact, the two terms are often used interchangeably, but they are worlds apart. To strengthen an organization’s cyber risk posture, it is essential to not only test for vulnerabilities, but also assess whether vulnerabilities are actually exploitable and what risks they represent. To increase an organization’s resilience against cyber-attacks, it is essential to understand the inter-relationships between vulnerability assessment, penetration test, and a cyber risk analysis.

Untangle Announces NG Firewall Version 12.1

Filed under
GNU
Linux
Security

Untangle® Inc., a security software and appliance company, announced the release of version 12.1 of its award-winning NG Firewall software. Untangle NG Firewall version 12.1 brings new features and functionality to the popular and powerful small business firewall platform.

NG Firewall delivers a comprehensive solution for small-to-medium businesses, schools, governmental organizations and nonprofits that require enterprise-grade perimeter security with the flexibility of a convergent Unified Threat Management (UTM) device. Untangle’s industry-leading approach to network traffic visibility and policy management gives its customers deep insight into what’s happening on their network via its database-driven reporting engine and 360° dashboard.

“Version 12.1 is the next step in the evolution of the Untangle NG Firewall user interface,” said Dirk Morris, founder and chief product officer at Untangle. “Building on the base provided by the last two major releases, version 12.1 provides a fully responsive mobile management console as well as faster performing, more flexible reporting and dashboard widget capabilities.”

Read more

Security Leftovers

Filed under
Security
  • Posing as ransomware, Windows malware just deletes victim’s files

    There has been a lot of ingenuity poured into creating crypto-ransomware, the money-making malware that has become the scourge of hospitals, businesses, and home users over the past year. But none of that ingenuity applies to Ranscam, a new ransom malware reported by Cisco's Talos Security Intelligence and Research Group.

    Ranscam is a purely amateur attempt to cash in on the cryptoransomware trend that demands payment for "encrypted" files that were actually just plain deleted by a batch command. "Once it executes, it, it pops up a ransom message looking like any other ransomware," Earl Carter, security research engineer at Cisco Talos, told Ars. "But then what happens is it forces a reboot, and it just deletes all the files. It doesn't try to encrypt anything—it just deletes them all."

    Talos discovered the file on the systems of a small number of customers. In every case, the malware presented exactly the same message, including the same Bitcoin wallet address. The victim is instructed:

    "You must pay 0.2 Bitcoins to unlock your computer. Your files have been moved to a hidden partition and crypted. Essential programs in your computer have been locked and your computer will not function properly. Once your Bitcoin payment is received your computer and files will be returned to normal instantly."

  • Webpages, Word files, print servers menacing Windows PCs, and disk encryption bypasses – yup, it's Patch Tuesday

    Microsoft will fix critical holes in Internet Explorer, Edge, Office and Windows with this month's Patch Tuesday security bundle. Meanwhile, Adobe has patched dozens of exploitable vulnerabilities in its Flash player.

    Redmond's July release includes 11 sets of patches, six rated as "critical" and five classified as "important." The highlights are: a BitLocker device encryption bypass, evil print servers executing code on vulnerable machines, booby-trapped webpages and Office files injecting malware into PCs, and the usual clutch of privilege elevation flaws.

  • Ad blocking: yes, its war now

    idnes.cz: they put moving advertisment on that their web, making browsers unusable -- they eat 100% CPU and pages lag when scrolling. They put video ads inside text that appear when you scroll. They have video ads including audio... (Advertisment for olympic games is particulary nasty, Core Duo, it also raises power consumption by like 30W). Then they are surpised of adblock and complain with popup when they detect one. I guess I am either looking for better news source, or for the next step in adblock war...

Syndicate content

More in Tux Machines

Leftovers: Software and Games

Hardware With Linux

  • Raspberry Pi's new computer for industrial applications goes on sale
    The new Raspberry Pi single-board computer is smaller and cheaper than the last, but its makers aren’t expecting the same rush of buyers that previous models have seen. The Raspberry Pi Compute Module 3 will be more of a “slow burn,” than last year’s Raspberry Pi 3, its creator Eben Upton predicted. That’s because it’s designed not for school and home use but for industrial applications. To make use of it, buyers will first need to design a product with a slot on the circuit board to accommodate it and that, he said, will take time.
  • ZeroPhone — An Open Source, Dirt Cheap, Linux-powered Smartphone Is Here
    ZeroPhone is an open source smartphone that’s powered by Raspberry Pi Zero. It runs on Linux and you can make one for yourself using parts worth $50. One can use it to make calls and SMS, run apps, and pentesting. Soon, phone’s crowdfunding is also expected to go live.
  • MSI X99A RAIDER Plays Fine With Linux
    This shouldn't be a big surprise though given the Intel X99 chipset is now rather mature and in the past I've successfully tested the MSI X99A WORKSTATION and X99S SLI PLUS motherboards on Linux. The X99A RAIDER is lower cost than these other MSI X99 motherboards I've tested, which led me in its direction, and then sticking with MSI due to the success with these other boards and MSI being a supporter of Phoronix and encouraging our Linux hardware testing compared to some other vendors.
  • First 3.5-inch Kaby Lake SBC reaches market
    Axiomtek’s 3.5-inch CAPA500 SBC taps LGA1151-ready CPUs from Intel’s 7th and 6th Generations, and offers PCIe, dual GbE, and optional “ZIO” expansion. Axiomtek’s CAPA500 is the first 3.5-inch form-factor SBC that we’ve seen that supports Intel’s latest 7th Generation “Kaby Lake” processors. Kaby Lake is similar enough to the 6th Gen “Skylake” family, sharing 14nm fabrication, Intel Gen 9 Graphics, and other features, to enable the CAPA500 to support both 7th and 6th Gen Core i7/i5/i3 CPUs as long as they use an LGA1151 socket. Advantech’s Kaby Lake based AIMB-205 Mini-ITX board supports the same socket. The CAPA500 ships with an Intel H110 chipset, and a Q170 is optional.

Leftovers: Ubuntu and Debian

  • Debian Project launches updated Debian GNU/Linux 8.7 with bug fixes
    An updated version of Debian, a popular Linux distribution is now available for users to download and install. According to the post on the Debian website by Debian Project, the new version is 8.7. This is the seventh update to the Debian eight distribution, and the update primarily focuses on fixing bugs and security problems. This update also includes some adjustments to fix serious problems present in the previous version.
  • Freexian’s report about Debian Long Term Support, December 2016
    The number of sponsored hours did not increase but a new silver sponsor is in the process of joining. We are only missing another silver sponsor (or two to four bronze sponsors) to reach our objective of funding the equivalent of a full time position.
  • APK, images and other stuff.
    Also, I was pleased to see F-droid Verification Server as a sign of F-droid progress on reproducible builds effort - I hope these changes to diffoscope will help them!
  • Linux Mint 18.1 "Serena" KDE Gets a Beta Release, Ships with KDE Plasma 5.8 LTS
    After landing on the official download channels a few days ago, the Beta version of the upcoming Linux Mint 18.1 "Serena" KDE Edition operating system got today, January 16, 2017, an official announcement. The KDE Edition is the last in the new Linux Mint 18.1 "Serena" stable series to be published, and it was delayed a little bit because Clement Lefebvre and his team wanted it to ship with latest KDE Plasma 5.8 LTS desktop environment from the Kubuntu Backports PPA repository.
  • Linux AIO Ubuntu 16.10 — Ubuntu GNOME, Kubuntu, Lubuntu, Ubuntu MATE, and Xubuntu In One ISO
    Linux AIO is a multiboot ISO carrying different flavors of a single Linux distribution and eases you from the pain of keeping different bootable USBs. The latest Linux AIO Ubuntu 16.10 is now available for download in both 64-bit and 32-bit versions. It features various Ubuntu flavors including Ubuntu GNOME, Kubuntu, Lubuntu, Ubuntu MATE, and Xubuntu.

Top Ubuntu Editing Apps: Image, Audio, Video

It's been my experience that most people aren't aware of the scope of creative software available for Ubuntu. The reason for this is complicated, but I suspect it mostly comes down to the functional availability provided by each application title for the Linux desktop. In this article, I'm going to give you an introduction to some of the best creative software applications for Ubuntu (and other Linux distros). Read more