Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Malware Peddling Vigilantes behind Linux.Wifatch Speak Up

    The group also add that Linux.Wifatch was never intended to be secretive and added that to be “truly ethical, it needs to have a free license.” However, the developers did not go out of their way to make the Wifatch’s presence known in the wider community, to avoid detection by other malware authors.

    The group haven’t revealed their identity and contend that they are “nobody important,” while adding that although they can be trusted not to do “evil things” with users’ devices anybody could steal the key (speaking figuratively), no matter how well the group protects it.

  • Government Accountability Offices Finds Government Still Mostly Terrible When It Comes To Cybersecurity

    The government has done a spectacularly terrible job at protecting sensitive personal information over the past couple of years. Since 2013, the FDA, US Postal Service, Dept. of Veterans Affairs, the IRS and the Office of Personnel Management have all given up personal information. So, it's no surprise the Government Accountability Office's latest report on information security contains little in the way of properly-secured information.

  • This New 'Secure' App for Journalists May Not Be Secure At All

    When I started working as a journalist in Colombia in 2006, "What do I do if I get kidnapped?" was a common topic at parties. In fact in 2007, my brother (not a journalist) got kidnapped in a small town outside of Medellín. The Colombian anti-kidnapping squad (GAULA) rescued him.

    So let's just say I take an interest in journalist security tools. New apps have the potential to help journalists do their jobs, and stay safe while doing so.

    Unfortunately, Reporta, a new app from the International Women's Media Foundation (IWMF) billed as "the only comprehensive security app available worldwide created specifically for journalists," sounds like it may put journalists in danger.

Linux Security: Lock Down a New System Immediately

Filed under
GNU
Linux
Security

PCWorld recently published an article about Linux botnets launching DDoS attacks. The attackers find and exploit poorly secured Linux systems. Some Linux users have a fairly cavalier attitude about security, assuming the supposedly superior design of the OS somehow protects them. It doesn't. Now that Chromebooks outsell Windows laptops and Amdroid devices are ubiquitous the days when Linux was a secondary target for malware are long gone. Linux' prominence in both the server room and on consumer devices make it a prime target.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Tuesday
  • LinuxCon 2015 Report: Shrinking the Security Holes in OSS

    Dublin native James Joyce famously wrote that “mistakes are the portals of discovery.” LinuxCon 2015 keynote speaker Leigh Honeywell grabbed hold of the same theme here in Dublin, reminding hundreds of open source professionals that “you’re going to make mistakes; you’re going to introduce security bugs.” The goal, said Honeywell, who works as a senior security engineer at Slack Technologies, shouldn’t be the all-out elimination of these mistakes. Instead, security engineers should strive to make different mistakes next time around.

  • The perils of free digital certificates

    The current certificate is not cross-signed, so loading the page over HTTPS will give visitors an untrusted warning. The warning goes away once the ISRG root is added to the trust store. ISRG expects the certificate to be cross-signed by IdenTrusts’s root in about a month, at which point the certificates will work nearly anywhere. The project also submitted initial applications to the root programs for Mozilla, Google, Microsoft, and Apple so that Firefox, Chrome, Edge, and Safari would recognize Let's Encrypt certificates.

  • Get Simplified Web Encrytion For Your Website With Let's Encrypt
  • InvizBox Go Offers Open Source Online Privacy And Security (video)

    Team InvizBox have unveiled a new pocket sized device which has been created to provide an open source solution to online privacy and security.

    The small InvizBox box is capable of offering users a broad range of privacy options, allowing secure connectivity to the Internet from both desktop and mobile devices.

  • New programmer pow-wow for coders paranoid about Android

    DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, it will exchange and create new ideas on how to leverage the best of both worlds and adopt a new mind-set of inclusiveness and collaboration.

  • Cisco disrupts $30 million browser plug-in hacking operation
  • ​Cisco: notorious hackers using Linux cloak earn $30m a year

    Cisco notes that Linux servers were being managed remotely via SSH using root, adding that they were likely compromised systems in Europe and Asia.

  • Linux.Wifatch: The Wireless Router Malware that Increases IoT Security
  • Vigilante Malware
  • Creators of the Benevolent Linux.Wifatch Malware Reveal Themselves

    The Linux.Wifatch malware, also dubbed as the "vigilante malware" has been going around the Internet, infecting IoT devices, cleaning out malware infections, and boosting the devices' security.

  • Linux.Wifatch Is Protecting Unpatched Routers, Devices

    Today's topics include how vigilante malware is protecting unpatched routers, HP launches its Open-Source Network OS, Twitter locks in Jack Dorsey as its permanent CEO, and Cisco is driving its investments in network chip startup Aquantia.

    Countless numbers of routers and Internet-connected devices around the world are not properly updated, leaving the devices, their owners and the Internet at large at risk. A new code infection, however, dubbed Linux.Wifatch, is taking unpatched routers and devices a different route, protecting them, rather than exploiting them.

  • Microsoft OWA falls victim to password-pinching APT attack

    SECURITY RESEARCHERS FROM Cybereason have sounded a klaxon over a problem with the Microsoft Outlook Web Application (OWA) that could let attackers swoop in and tag and bag data and documents through the use of APT techniques.

    Cybereason discovered the bug when a customer with some 19,000 endpoints suspected that it was the victim of infection.

  • New Outlook mailserver attack steals massive number of passwords

    Backdoor in Outlook Web Application operates inside target's firewall.

  • Vint Cerf: The Headline I Fear Is '100,000 Fridges Hack Bank of America'

    When the ILOVEYOU worm struck on May 4, 2000, it thrust the reality of computer vulnerabilities into the public consciousness in a very big way.

    Sure, computer worms had spread before, but some estimates pegged this particular worm as causing billions of dollars in damage. Entire government departments were crippled. The nature of its spread was unprecedented in scale.

KDE Ships Plasma 5.4.2, bugfix Release for October

Filed under
KDE
Security

Today KDE releases a bugfix update to Plasma 5, versioned 5.4.2.
Plasma 5.4 was released in August with many feature refinements and new modules to complete the desktop experience.

This release adds a month's worth of new translations and fixes from KDE's contributors. The bugfixes are typically small but important and include:

Many new Breeze icons.
Support absolute libexec path configuration, fixes binaries invoked by KWin work again on e.g. Fedora. Commit. Fixes bug #353154. Code review #125466
Set tooltip icon in notifications applet. Commit. Code review #125193

Read more

Incompetence, not Linux, is behind the XOR DDoS botnet

Filed under
Linux
Security

First, no operating system or program is secure. Some are more secure than others. So sure, Linux is inherently more secure than Windows. But a badly managed Linux server will still be more insecure than a well-administered Windows system.

Read more

Canonical Patches Critical Kernel Vulnerability in Ubuntu 15.04 and Ubuntu 14.04 LTS

Filed under
Security
Ubuntu

Just a few moments ago, October 5, Canonical published two new Ubuntu Security Notice reports on their website, informing users of Ubuntu 15.04 (Vivid Vervet) and Ubuntu 14.04 LTS (Trusty Tahr) about the availability of a new kernel update.

Read more

Linux vigilante fixes your router

Filed under
Linux
Security

A new form of “malware” appears to have been set up by a Linux vigilante who wants to improve your security.

Software called Linux.Wifatch compromises routers and other Internet of Things devices and appears to try and improve infected devices’ security.

Read more

Linux.Wifatch ‘malware’ is actually making routers more secure

Filed under
Linux
Security

We seem to have a vigilante white hat hacker on our hands, as newly discovered ‘malware’ aimed at Internet of Things devices and certain routers appears to be making these devices more secure. The Linux.Wifatch virus is doing the exact opposite of what most viruses would, rather than stealing user information or holding systems for ransom, it is actually improving security.

Read more

Network Security Toolkit Is Now Based on Fedora 22, Powered by Linux Kernel 4.1.7

Filed under
GNU
Red Hat
Security

On October 3, the developers of the Network Security Toolkit (NST) open-source network monitoring and security analysis toolkit for Linux kernel-based operating systems announced the release of Network Security Toolkit 22-7248.

Read more

Syndicate content

More in Tux Machines

Today in Techrights

today's leftovers

Linux Foundation and Linux