Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers (Parrot Security OS 3.0 “Lithium”, Regulation)

Filed under
Security
  • Parrot Security OS 3.0 “Lithium” — Best Kali Linux Alternative Coming With New Features

    The Release Candidate of Parrot Security OS 3.0 ‘Lithium’ is now available for download. The much-anticipated final release will come in six different editions with the addition of Libre, LXDE, and Studio editions. The version 3.0 of this Kali Linux alternative is based on Debian Jessie and powered by custom hardened Linux 4.5 kernel.

  • Regulation can fix security, except you can't regulate security

    Every time I start a discussion about how we can solve some of our security problems it seems like the topics of professional organizations and regulation are where things end up. I think regulations and professional organizations can fix a lot of problems in an industry, I'm not sure they work for security. First let's talk about why regulation usually works, then, why it won't work for security.

Parrot Security OS 3.0 "Lithium" Is a Linux Distro for Cryptography & Anonymity

Filed under
GNU
Linux
Security

A few days ago, Parrot Security OS developer Frozenbox Network teased users on Twitter with the upcoming release of the long anticipated Parrot Security OS 3.0 "Lithium" distribution.

Based on the latest Debian GNU/Linux technologies and borrowing many of the packages from the Debian 8 "Jessie" stable repositories, Parrot Security OS 3.0 just received new Release Candidate (RC) ISO builds that users can now download and install on their personal computer if they want to get an early taste of what's coming.

Read more

Security Leftovers

Filed under
Security

Black Duck's Free Tool Digs Out Open Source Bugs

Filed under
OSS
Security

The main advantage of such tools is ease of use. The main limitation is that a tool is only as effective as its creators' list of vulnerabilities. Using a given tool implies that you trust the vendor to stay alert and on the job, noted King.

Developers have "a ton of other similar offerings out there," he said. By offering a free scanner, Black Duck can draw attention to its other products.

"If the new tool delivers what the company promises, it will help put the company in good stead with customer developers. Satisfied customers tend to be repeat customers," King said.

Read more

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Judge Says The FBI Can Keep Its Hacking Tool Secret, But Not The Evidence Obtained With It

    Michaud hasn't had the case against him dismissed, but the government will now have to rely on evidence it didn't gain access to by using its illegal search. And there can't be much of that, considering the FBI had no idea who Michaud was or where he resided until after the malware-that-isn't-malware had stripped away Tor's protections and revealed his IP address.

    The FBI really can't blame anyone but itself for this outcome. Judge Bryan may have agreed that the FBI had good reason to keep its technique secret, but there was nothing preventing the FBI from voluntarily turning over details on its hacking tool to Michaud. But it chose not to, despite his lawyer's assurance it would maintain as much of the FBI's secrecy as possible while still defending his client.

    Judge Bryan found the FBI's ex parte arguments persuasive and declared the agency could keep the info out of Michaud's hands. But doing so meant the judicial playing field was no longer level, as he acknowledged in his written ruling. Fortunately, the court has decided it's not going to allow the government to have its secrecy cake and eat it, too. If it wants to deploy exploits with minimal judicial oversight, then it has to realize it can't successfully counter suppression requests with vows of silence.

  • Researcher Pockets $30,000 in Chrome Bounties

    Having cashed in earlier in May to the tune of $15,500, Mlynski pocketed another $30,000 courtesy of Google’s bug bounty program after four high-severity vulnerabilities were patched in the Chrome browser, each worth $7,500 to the white-hat hacker.

Kali Linux Alternative: BackBox Linux 4.6 Released With Updated Hacking Tools

Filed under
GNU
Linux
Security

BackBox Linux, a Kali Linux alternative, is here with its latest version i.e. BackBox Linux 4.6. Based on Ubuntu Linux, this hacking operating system is now available for download with updated hacking tools and Ruby 2.2.

Read more

Secure Desktops with Qubes: Introduction

Filed under
OS
Security

This is the first in a multipart series on Qubes OS, a security-focused operating system that is fundamentally different from any other Linux desktop I've ever used and one I personally switched to during the past couple months. In this first article, I provide an overview of what Qubes is, some of the approaches it takes that are completely different from what you might be used to on a Linux desktop and some of its particularly interesting security features. In future articles, I'll give more how-to guides on installing and configuring it and how to use some of its more-advanced features.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Thursday
  • Paul Vixie on IPv6 NAT, IPv6 security and Internet of Things

    Internet pioneer Paul Vixie spoke with SearchSecurity about IPv6 NAT, IPv6 and the Internet of Things, and the long, thankless path to deploying IPv6.

  • PHP 7.0.7 Released Fixing 28 Bugs

    As is the case with a .xy update, this is mostly a bug fix update, with at least 28 different issues being fixed in an effort to make PHP 7.x more stable. Though the PHP project hasn't identified any specific security vulnerabilities that are fixed in the update, I see at least one with bug #72162.

  • Skimmers Found at Walmart: A Closer Look

    Recent local news stories about credit card skimmers found in self-checkout lanes at some Walmart locations reminds me of a criminal sales pitch I saw recently for overlay skimmers made specifically for the very same card terminals.

Anonymous Live CD Tails to Use Tor Browser 6.0, Firewall and Kernel Hardening

Filed under
Security
Debian

The next major version of the Tails amnesic incognito live system, also known as the Anonymous Live CD used by ex-CIA employee Edward Snowden to stay hidden online using the latest Tor technologies, is now in the works.

Tails 2.4 development is open, and it looks like the first Release Candidate (RC) build has already landed for public beta testing, incorporating some major new features and changes, among which we can mention the upgrade to the latest Tor Browser 6.0 web browser based on Mozilla Firefox 45.2.

Read more

Also: Ubuntu 16.04 LTS (Xenial Xerus) Release Party in Japan to Take Place June 26

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

Android Leftovers

Arduino-Compatible RISC-V and More

  • HiFive1 Is an Open-Source, Arduino-Compatible RISC-V Dev Kit
    Bay Area startup SiFive has announced the Freedom Everywhere 310 (FE310) system-on-chip — the industry’s first commercially-available SoC based on the free, open-source RISC-V architecture, along with the corresponding low-cost, Arduino-compatible HiFive1 development kit.
  • Samsung Defection From ARM to RISC-V.
    It was always thought that, when ARM relinquished its independence, its customers would look around for other alternatives. The nice thing about RISC-V is that it’s independent, open source and royalty-free. And RISC-V is what Samsung is reported to be using for an IoT CPU in preference to ARM.
  • Neutralize ME firmware on SandyBridge and IvyBridge platforms
    First introduced in Intel’s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).

Moving From Microsoft to GNU/Linux

  • Is Linux the Right Choice for My Business?
    In these hard-economic times, cutting expense is among the keys to the success of a business. Licensing costs can be a huge drain on the wallet of any service. Of course, Microsoft Windows servers are still the standard in a lot of offices, however, there is an unsung hero out there simply waiting to be discovered by more business-owners. This article is obviously describing Linux. While it does have some appeal in both the general public and economic sectors, it is widely used for servers and still not a really popular operating system for workstations but among geeks. Why? You might ask. Microsoft has the marketplace cornered and remains the norm simply by being the standard. This is not to state that Microsoft does not produce quality software application; this post indicates absolutely nothing of the sort. Microsoft got where they are today by their sweat and devoted developers, in no way is this article lessening the quality of Microsoft or their line of products.
  • Moving with SQL Server to Linux? Move from SQL Server to MySQL as well! [Ed: SQL Server DOES NOT (!) run on Linux]
    Over the recent years, there has been a large number of individuals as well as organizations who are ditching the Windows platform for Linux platform, and this number will continue to grow as more developments in Linux are experienced. Linux has for long been the leader in Web servers as most of the web servers run on Linux, and this could be one of the reasons why the high migration is being experienced.
  • Does Linux community trust Microsoft?
    Does actually Linux community like Microsoft? Does actually Linux community trust Microsoft? I cannot answer the first question for sure, but I have a sure answer for the second question.

Mozilla Reports 2015 Revenue of $421.3M

For its fiscal 2015 year, Mozilla reported revenue of $421.3 million, up from $329.6 million that it reported Mozilla's revenue's have grown significantly over the last decade. The first year that Mozilla ever publicly disclosed its financial status was for its 2005 fiscal year, when the open-source organization generated $52.9 million in revenue. Read more Finance/ial issues: Open source wearable Angel shuts down