Language Selection

English French German Italian Portuguese Spanish

Security

More Security News

Filed under
Security
  • FreeBSD devs ponder changes to security processes

    The developers of FreeBSD have announced they'll change the way they go about their business, after users queried why known vulnerabilities weren't being communicated to users.

    This story starts with an anonymous GitHub post detailing some vulnerabilities in the OS, specifically in freebsd-update, libarchive, bspatch and portsnap. Some of the problems in that post were verified and the FreeBSD devs started working on repairs.

  • Your Linux Distro Can Be Hacked In 60 Seconds Due To Serious TCP Flaw: Research [Ed: This headline is nonsense and shows that the author lacks technical understanding of it.]
  • Virtual Machine Introspection: A Security Innovation With New Commercial Applications

    A few weeks ago, Citrix and Bitdefender launched XenServer 7 and Bitdefender Hypervisor Introspection, which together compose the first commercial application of the Xen Project Hypervisor’s Virtual Machine Introspection (VMI) infrastructure. In this article, we will cover why this technology is revolutionary and how members of the Xen Project Community and open source projects that were early adopters of VMI (most notably LibVMI and DRAKVUF) collaborated to enable this technology.

  • 10 IoT Security Best Practices For IT Pros

    IT professionals have to treat internet of things (IoT) vulnerabilities as they would vulnerabilities in databases or web applications. Any flaw can bring unwelcome attention, for those making affected products and those using them. Any flaw may prove useful to compromise other systems on the network. When everything is connected, security is only as strong as the weakest node on the network.

  • Like The Rest Of The Internet Of Things, Most 'Smart' Locks Are Easily Hacked

    Smart refrigerators that leak your e-mail credentials. Smart TVs that collect but then fail to secure your living room conversations. Smart thermostats that can be loaded with ransomware. Smart vehicles that can be hacked and potentially kill you. This is the end result of "Internet of Things" evangelists and companies that for the last half-decade put hype and profit (the cart) well ahead of consumer privacy and security (the horse), in the process exposing us all to thousands of new attack vectors in homes and businesses around the world.

Security News

Filed under
Security

Security Leftovers

Filed under
Security
  • Security advisories for Wednesday
  • Google: QuadRooter Threat Blocked On Most Android Devices
  • Linux Distributions Vulnerable to Cyber-Attacks: Report
  • Windows 10 Attack Surface Grows with Linux Support in Anniversary Update [Ed: Does Kaspersky not know CrowdStrike is a Microsoft-connected firm that spreads Linux FUD?]
  • Web pages, Word docs, PDF files, fonts – behold your latest keys to infecting Windows PCs

    Microsoft has fixed 38 CVE-listed security vulnerabilities in Edge, Internet Explorer, and Office, as well as high-profile flaws that have allowed researchers to circumvent Windows boot protections.

    None of the programming blunders were publicly disclosed or actively exploited in the wild prior to today's patch release.

  • If census site was taken down after DDoS attack it wasn't prepared: expert

    The attack against the census website that resulted in it being taken down last night appears, at face value, to have been nothing more than the standard attack perpetrated against countless sites every day by everyone from children to malcontents with an axe to grind, an expert says.

    That the site was attacked is not in the least bit surprising, security adviser Troy Hunt told Fairfax Media, but it was unexpected that an attack of this kind would result in the site going down.

  • Census 2016: ABS needs to provide proof of DDoS

    Technical people like him are what we need to cut through all the bulldust. One person who is an expert in this art is Craig Sanders, a systems administrator of many decades, and one who can speak plainly. Many years ago, following a major distributed denial of service of attack on the Internet's root name servers, he was one who educated me on the phenomenon. This time was no different with Sanders; he calmly and clearly pointed me in the direction of the evidence that was needed.

    If the census website crashed due to foreign intervention — either through a denial of service or a distributed denial of service — how is it that none of the major security companies around the world did not notice it? You would need an attack of some magnitude to take down the ABS census site.

  • Researchers crack Microsoft feature, say encryption backdoors similarly crackable [Ed: by design]

    Researchers who uncovered a security key that protects Windows devices as they boot up say their discovery is proof that encryption backdoors do not work.

    The pair of researchers, credited by their hacker nicknames MY123 and Slipstream, found the cryptographic key protecting a feature called Secure Boot.

    They believe the discovery highlights a problem with requests law enforcement officials have made for technology companies to provide police with some form of access to otherwise virtually unbreakable encryption that might be used by criminals.

    “Microsoft implemented a ‘secure golden key’ system. And the golden keys got released from [Microsoft's] own stupidity,” wrote the researchers in their report, in a section addressed by name to the FBI.

    “Now, what happens if you tell everyone to make a ‘secure golden key’ system? Hopefully you can add 2+2.”

    Secure Boot is a built into the firmware of computer — software unique to different types of hardware that exists outside the operating system and is used to boot the OS.

Security News

Filed under
Security
  • Containerized Security: The Next Evolution of Virtualization?

    We in the security industry have gotten into a bad habit of focusing the majority of our attention and marketing dollars on raising awareness of the latest emerging threats and new technologies being developed to detect them. One just has to look at the headlines or spend fifteen minutes walking the show floor at a major security conference to see this trend. However, while we are focusing on what all the bad guys are doing, we’ve taken the eye off the ball of where our infrastructure business is going.

  • SDN Security Researchers State Their Case at Black Hat

    So say two of his grad students, Seungsoo Lee and Changhoon Yoon (left and right, respectively, in the photo above). But along with Shin, who’s now an assistant professor at the Korea Advanced Institute of Science and Technology (Kaist) and a research associate at the Open Networking Foundation (ONF), they’re hoping the industry is ready to start looking at the vulnerabilities that SDN introduces.

  • Widespread Linux Flaw Allows TCP Session Hijacking, Termination
  • Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea [Ed: Microsoft and backdoor should become synonymous. At every level, online and offline, Microsoft products booby-trapped with backdoors.]

    Microsoft leaked the golden keys that unlock Windows-powered tablets, phones and other devices sealed by Secure Boot – and is now scrambling to undo the blunder.

    These skeleton keys can be used to install non-Redmond operating systems on locked-down computers. In other words, on devices that do not allow you to disable Secure Boot even if you have administrator rights – such as ARM-based Windows RT tablets – it is now possible to sidestep this block and run, say, GNU/Linux or Android.

    What's more, it is believed it will be impossible for Microsoft to fully revoke the leaked keys.

    And perhaps most importantly: it is a reminder that demands by politicians and crimefighters for special keys, which can be used by investigators to unlock devices in criminal cases, will inevitably jeopardize the security of everyone.

    Microsoft's misstep was uncovered by two researchers, MY123 and Slipstream, who documented their findings here in a demoscene-themed writeup published on Tuesday. Slip believes Microsoft will find it impossible to undo its leak.

  • Microsoft Creates Backdoor In Windows, Accidentally Leaks UEFI Secure Boot Keys

    Two researchers reported that Microsoft accidentally compromised the golden keys to its UEFI Secure boot feature.

  • Can Copperhead OS fix Android's security problems?

Canonical Patches Multiple Kernel Vulnerabilities in All Supported Ubuntu OSes

Filed under
Security
Ubuntu

Today, August 10, 2016, Canonical published several security notices to inform Ubuntu Linux users about new kernel updates for their distributions, patching several vulnerabilities discovered recently.

Read more

Internet of Insecurity

Filed under
Security
  • Linux TCP flaw enables remote attacks

    Researchers at the University of California, Riverside, say they have found a weakness in the transmission control protocol (TCP) used by Linux since late 2012 which allows the remote hijacking of Internet communications.

  • Serious security threat to many Internet users highlighted
  • Your 'Smart' Thermostat Is Now Vulnerable To Ransomware

    We've noted time and time again how the much ballyhooed "internet of things" is a privacy and security dumpster fire, and the check is about to come due. Countless companies and "IoT" evangelists jumped head first into the profit party, few bothering to cast even a worried look over at the reality that basic security and privacy standards hadn't come along for the ride. The result has been an endless parade of not-so-smart devices and appliances that are busy either leaking your personal details or potentially putting your life at risk.

    Of course, the Internet of Things hype machine began with smart thermostats and the sexy, Apple-esque advertising of Nest. The fun and games didn't last however, especially after several botched firmware updates resulted in people being unable to heat or cool their homes (relatively essential for a thermostat).

Security News

Filed under
Security
  • No, 900 million Android devices are not at risk from the 'Quadrooter' monster

    Guys, gals, aardvarks, fishes: I'm running out of ways to say this. Your Android device is not in any immediate danger of being taken over a super-scary malware monster.

    It's a silly thing to say, I realize, but we go through this same song and dance every few months: Some company comes out with a sensational headline about how millions upon millions of Android users are in danger (DANGER!) of being infected (HOLY HELL!) by a Big, Bad Virus™ (A WHAT?!) any second now. Countless media outlets (cough, cough) pick up the story and run with it, latching onto that same sensational language without actually understanding a lick about Android security or the context that surrounds it.

    To wit: As you've no doubt seen by now, our latest Android malware scare du jour is something an antivirus software company called Check Point has smartly dubbed "Quadrooter" (a name worthy of Batman villain status if I've ever heard one). The company is shouting from the rooftops that 900 million (MILLION!) users are at risk of data loss, privacy loss, and presumably also loss of all bladder control -- all because of this hell-raising "Quadrooter" demon and its presence on Qualcomm's mobile processors.

  • 900 Million Androids Could Be Easy Prey for QuadRooter Exploits
  • Annoying "Open PDF in Edge" Default Option Puts Windows 10 Users at Risk

    Microsoft released today its monthly security patch, and one of the five security bulletins labeled as critical was a remote code execution (RCE) flaw in its standard PDF rendering library that could be exploited when opening PDF files.

Syndicate content

More in Tux Machines

Radeon vs. NVIDIA Performance For HITMAN On Linux With 17 GPUs

Last week Feral Interactive released the much anticipated Linux port of HITMAN, which debuted for Windows last year. Now that there's benchmark support for HITMAN on Linux, I have been running a number of tests for this game that's powered by the Glacier Engine and making use of OpenGL for rendering on Linux. In this article are our initial AMD Radeon performance figures making use of the RadeonSI Gallium3D driver compared to NVIDIA's driver and the assortment of GeForce results published yesterday. Read more

How China Mobile Is Using Linux and Open Source

China Mobile is one of the biggest telecom companies in the world, with more than 800 million users in China -- all of whom are served with open source technologies. During the 2016 Mobile World Congress, China Mobile declared that the operational support system running their massive network would be based on open source software. China Mobile is not alone; many major networking vendors are moving to open source technologies. For example, AT&T is building their future network on top of OpenStack, and they have invested in software-defined technology so significantly that they now call themselves a software company. Read more

Today in Techrights

today's leftovers

  • [elementaryOS] AppCenter: Funded
    A few moments ago, we hit 100% funded for our AppCenter campaign on Indiegogo. Thank you, backers! More than 300 people backed us over just two weeks to help bring our pay-what-you-want indie app store to life.
  • Linux Lite To Have These New Features In The Next Release Linux Lite 3.4
    ...we contacted the creator of the Linux Lite “Jerry Bezencon” and enquired the upcoming new features in the latest version of the Linux Lite. We have also done a review of the latest available distro i.e. 3.2 (32 bit) so that the readers can understand easily where are the new features headed towards.
  • Buy or Sell? What Analysts Recommends: CMS Energy Corporation (CMS), Red Hat, Inc. (RHT)
  • What Does The Chart For Red Hat, Inc. (RHT) Tell Us Presently?
  • LEDE-17.01 is coming [Ed: it has actually just come out, just like LWN's paywall]
    For some years, OpenWrt has arguably been the most active router-oriented distribution. Things changed in May of last year, though, when a group of OpenWrt developers split off to form the competing LEDE project. While the LEDE developers have been busy, the project has yet to make its first release. That situation is about to change, though, as evidenced by the LEDE v17.01.0-rc1 release candidate, which came out on February 1. Many of the changes made in LEDE since the 2015 OpenWrt "Chaos Calmer" release will not be immediately visible to most users. The core software has been updated, of course, including a move to the 4.4.42 kernel. There are a number of security-oriented enhancements, including a switch to SHA256 for package verification, the disabling of support for several old and insecure protocols, compilation with stack-overwrite detection, and more. There is support for a number of new devices. Perhaps the most anticipated new feature, though, is the improved smart queue management and the WiFi fairness work that has been done as part of the bufferbloat project. It has been clear for some time that WiFi should work far better than it does; the work that has found its way into the LEDE release candidate should be a significant step in that direction. Your editor decided that it was time to give LEDE a try, but there was some shopping to be done first. Getting the full benefit from the bufferbloat and airtime fairness work requires the right chipset; most of this work has been done on the Atheros ath9k driver. So the first step was to go out and pick up a new router with ath9k wireless. That is where the things turned out to be harder than one might expect.
  • Microsoft Faces European Privacy Probes Over Windows 10
    Microsoft Corp. faces a coordinated investigation by European privacy regulators after it failed to do enough to address their concerns about the collection and processing of user data with a series of changes to Windows 10 last month. European Union data-protection officials sent a letter to Microsoft saying they remain “concerned about the level of protection of users’ personal data,” according to a copy of the document posted by the Dutch watchdog Tuesday. Regulators from seven countries are concerned that even after the announced changes, “Microsoft does not comply with fundamental privacy rules.”