Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Chrome Extensions – AKA Total Absence of Privacy

    Google, claiming that Chrome is the safest web browser out there, is actually making it very simple for extensions to hide how aggressively they are tracking their users. We have also discovered exactly how intrusive this sort of tracking actually is and how these tracking companies actually do a lot of things trying to hide it. Due to the fact that the gathering of data is made inside an extension, all other extensions created to prevent tracking (such as Ghostery) are completely bypassed.

  • 10 dumb security mistakes sys admins make

    When you log in as root, you have full control over the box. This can be extremely dangerous because if your credentials get stolen, an attacker can do whatever he or she wants.

  • Friday's security updates

Libpng Vulnerabilities Fixed in All Supported Ubuntu OSes

Filed under
Security
Ubuntu

Canonical revealed details about three libpng vulnerabilities that have been identified and repaired in Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS.

Read more

Security Leftovers

Filed under
Security
  • Web Stores Held Hostage

    Last week has seen an explosion of e-commerce sites infected with the Linux.Encoder.1 ransomware. For those not familiar with the term, ransomware is a particularly vicious type of malware that aims to extort money from the owners of compromised systems.

  • Ransomware Encrypting Files Proliferating Rapidly on Linux, warn security Researchers
  • The danger of 'exceptional access'

    In the wake of the horrific attacks in Paris on Friday, there have been renewed calls to find some way to allow the government to read encrypted communications. And on the surface, it sounds simple and obvious -- why wouldn't we want the government to be able to monitor terrorists? But the reality is that it's a very bad idea, not only because it won't work, but because it will hurt Internet security more broadly.

    Of course, at this point, we don't even know if the Paris attackers used encryption. There's speculation they did, because reports suggest that no intelligence agency has found any traffic by them. But right now it's just that: speculation.

Leftovers: Security

Filed under
Security

LXCFS Vulnerabilities Fixed in Ubuntu 15.10 and Ubuntu 15.04

Filed under
Security
Ubuntu

A couple of LXCFS vulnerabilities have been found and repaired in the Ubuntu 15.10 and Ubuntu 15.04 operating systems.

Read more

Security Leftovers

Filed under
Security
  • The most popular curl download – by a malware

    During October 2015 the curl web site sent out 1127 gigabytes of data. This was the first time we crossed the terabyte limit within a single month.

    [...]

    The downloads came from what appears to be different locations. They don’t use any HTTP referer headers and they used different User-agent headers. I couldn’t really see a search bot gone haywire or a malicious robot stuck in a crazy mode.

  • Your containers were built in some guy's barn!

    Except even with as new as this technology is, we are starting to see reports of how many security flaws exist in docker images. This will only get worse, not better, if nothing changes. Almost nobody is paying attention, containers mean we don't have to care about this stuff, right!? We're at a point where we have guys building cars in their barns. Would you trust your family in a car built in some guy's barn? No, you want a car built with good parts and has been safety tested. Your containers are being built in some guy's barn.

  • More Privacy, Less Latency - Improved Handshakes in TLS version 1.3

    TLS must be fast. Adoption will greatly benefit from speeding up the initial handshake that authenticates and secures the connection. You want to get the protocol out of the way and start delivering data to visitors as soon as possible. This is crucial if we want the web to succeed at deprecating non-secure HTTP.

​How to easily defeat Linux Encoder ransomware

Filed under
GNU
Linux
Security

This malware relies on a security hole in the Magento web e-commerce platform, not Linux.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Java vulnerability caused by unpatched open source library
  • How long will Flash survive?

    A few years ago, it was difficult to browse the web without coming across a site using Flash.

    Released in 1996, the browser plug-in enabled animations, interactivity and streaming video on what was a largely static web.

    But the software has been plagued by security problems, and has been criticised for affecting computer performance and battery life.

    Now many experts say the media plug-in's days are numbered. Watch the video to find out more.

  • Continuous integration tools can be the Achilles heel for a company's IT security

    Some of the most popular continuous integration tools used by software development teams have not been designed with security in mind and can open a door for attackers to compromise enterprise networks.

    Some of the most popular automated software building and testing tools used by developers have not been designed with security in mind and can open the door for attackers to compromise enterprise networks.

  • Linux Ransomware Infects 2,000+ Websites

    Linux.Encoder.1 is targeting websites deployed on servers running Linux and created on various content management systems, including WordPress and Magento.

Numerous Kerberos Vulnerabilities Have Been Fixed in All Ubuntu OSes

Filed under
Security
Ubuntu

Canonical published details in a security notice about a number of Kerberos vulnerabilities that have been found and fixed in Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems.

Read more

Syndicate content

More in Tux Machines

Phoronix on AMD Linux Graphics News

Today in Techrights

today's leftovers

Leftovers: Software

  • Announcement: GnuCash 2.6.13 Release
  • Beamforming in PulseAudio
    In case you missed it — we got PulseAudio 9.0 out the door, with the echo cancellation improvements that I wrote about. Now is probably a good time for me to make good on my promise to expand upon the subject of beamforming.
  • Oracle Releases VirtualBox 5.0.24 to Add Better Linux 4.6 Support, Fix Bugs
    Today, June 28, 2016, Oracle has announced the general availability of the VirtualBox 5.0.24 virtualization software for all supported platforms, including GNU/Linux, Mac OS X, and Microsoft Windows.
  • Can't make it to GUADEC this year
    I loved attending the GNOME Users And Developers European Conference (GUADEC). I want to go back, but it's hard to get away for such a long trip.
  • Moving to the project phase in Outreachy
    I've coded the research phase in blue, and the usability testing phase in red. As you can see, we moved pretty quickly through the research phase, learning about "What is usability," different ways to test usability, personas, scenarios, and scenario tasks. And Ciarrai, Diana, and Renata have done very well here. We've taken the last week to settle into a project focus, and figure out who wants to do what. And today, we are officially starting the usability testing phase!
  • Watchmaster App Released for Tizen on the Gear S2
    WatchMaster features a collection of 200+ high quality and unique watch face designs that up to now have been available for Android wear devices, but have now finally been released for the Tizen based Gear S2. The company has many capable designers, such as Liongate, Pluto, Excalibur and Monostone that create a wide variety of watchfaces that include: Analog to illustration, moonphase, ambient and animation design. If your looking some aesthetically pleasing watches to enhance your individuality then they are definitely worth a look.
  • A first look at Google's Science Journal app
    Google recently announced the release of its Science Journal app, a tool intended to "inspire future makers and scientists." All you need to get started is an Android phone—it will make use of the sensors on your phone and offers a digital science notebook to record your findings. The app is free and slated to be released open source later this summer. Google has already released microcontroller firmware for Arduino-based sensors on GitHub.