Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Security updates for Tuesday
  • Montreal researcher helped convict one of gang behind Linux botnet

    The Montreal branch of a security company is patting itself on the back for being among the resources used by the FBI to help convict a Russian for his role in creating and spreading the Linux-based Ebury botnet.

    Alexis Dorais-Joncas, security intelligence team lead at the Montreal malware lab of ESET, said work done by researcher Marc-Étienne Léveillé contributed to the evidence mounted by the FBI which led to the guilty plea last week of Maxim Senakh to conspiring to violate the U.S. Computer Fraud and Abuse Act and to commit wire fraud. In exchange for the plea nine other charges were dropped.

  • Samsung’s Tizen is riddled with security flaws, amateurishly written [Ed: When Microsoft Peter covers anything Linux it’s basically Linux bashing… “amateurishly written”]

Security Leftovers

Filed under
Security

Linux and IoT Security

Filed under
Linux
Security

Security Leftovers

Filed under
Security
  • Weekend security updates
  • Microsoft won't patch zero-day flaw affecting 600,000 web servers [iophk: "if it's running Microsoft, it should not be on the net. turn off those machines"]

    Microsoft has no plans to fix a flaw in Internet Information Services (IIS) 6.0 which could affect up to 600,000 web servers.

  • The expectation of security

    What I mean is expecting anyone to go without a "screen" for a weekend doesn't make sense. A substantial number of activities we do today rely on some sort of screen because we've replace more inefficient ways of accomplishing tasks with these screens. Need to look something up? That's a screen. What's the weather? Screen. News? Screen. Reading a book? Screen!

    You get the idea. We've replaced a large number of books or papers with a screen. But this is a security blog, so what's the point? The point is I see a lot of similarities with a lot of security people. The world has changed quite a bit over the last few years, I feel like a number of our rules are similar to anyone thinking spending time without a screen is some sort of learning experience. I bet we can all think of security people we know who think it's still 1995, if you don't know any you might be that person (time for some self reflection).

  • Why I Always Tug on the ATM

    Once you understand how easy and common it is for thieves to attach “skimming” devices to ATMs and other machines that accept debit and credit cards, it’s difficult not to closely inspect and even tug on the machines before using them. Several readers who are in the habit of doing just that recently shared images of skimmers they discovered after gently pulling on various parts of a cash machine they were about to use.

  • USB Canary: This Open Source Tool Sends SMS If A Hacker Connects A USB Device

    There are a lot of USB devices which can be fatal to your innocent machine. An office worker leaving his computer even for a short span of time is making it vulnerable to USB-led attacks.

Network/Security

Filed under
Security
  • Ask Hackaday: Which Balaclava Is Best For Hacking?

    At Hackaday, we’re tapped into Hacker Culture. This goes far beyond a choice of operating system (Arch Linux, or more correctly, ‘Arch GNU/Linux’, or as I’ve recently taken to calling it, ‘Arch GNU plus Linux’). This culture infects every fiber of our soul, from music (DEF CON’s station on Soma FM), our choice in outerwear (black hoodies, duh), and our choice in laptops (covered in stickers). We all wear uniforms, although a gaggle of computer science and electronics nerds all wearing black t-shirts won’t tell you that. We all conform, whether we’re aware of it or not.

  • Bits from keyring-maint [action required]

    A potential issue in the DFSG freeness of the Debian keyrings has been brought to the attention of the keyring-maint team. We have already had a similar issue[0] in the past with OpenPGP User Attributes (commonly used to attach images to keys). This was resolved by stripping such data from the keyrings; they add no extra information that is useful for the purposes of the keyrings within the project.

    The current issue under investigation is unfortunately harder for us to resolve as a team. It has been pointed out that the public keys, as shipped, do not represent the preferred form for modification. While it is possible for anyone to add additional data to a key without the private component it is not possible to fully modify the key. For example, a user wishing to upgrade all signatures on his copy of the debian-keyring to SHA-256, removing any use of SHA-1, is unable to do so.

  • BBR: Congestion-based congestion control

    This is the story of how members of Google’s make-tcp-fast project developed and deployed a new congestion control algorithm for TCP called BBR (for Bandwidth Bottleneck and Round-trip propagation time), leading to 2-25x throughput improvement over the previous loss-based congestion control CUBIC algorithm. In fact, the improvements would have been even more significant but for the fact that throughput became limited by the deployed TCP receive buffer size. Increasing this buffer size led to a huge 133x relative improvement with BBR (2Gbps), while CUBIC remained at 15Mbps. BBR is also being deployed on YouTube servers, with a small percentage of users being assigned BBR playback.

Best VPN solutions for Linux users

Filed under
Security

This article was provided to TechRadar by Linux User & Developer, a magazine which is dedicated to passing on the open source knowledge and expertise of grass-roots developers and hackers. Some of the software included may have been updated since the article was first published.

If you use your Linux machine to access the internet, whether it’s at home or particularly on the road, then it’s worth learning about the pros and cons of Virtual Private Networks or VPNs.

A VPN allows you to secure traffic between two locations – the first being your own machine, the other being either a commercial VPN provider or a VPN system that you have deployed yourself, either in the cloud or perhaps at another location of your own, such as in the office.

VPNs are available using a host of different protocols, but their essence is the same – traffic is encrypted at the host end and decrypted at the server end, ensuring that information cannot be snooped on by a middleman on the way to its destination.

Read more

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

OSS Leftovers

  • 20 Most Promising Open Source Solution Providers - 2017
    Open source has become an imperative part of every developer’s arsenal. The potential to gather assistance from the community and the capacity to link into a range of systems and solutions make open source incredibly powerful. As open source software becomes ubiquitous, and used by the vast majority of enterprises throughout the world, 2017 is all set for vendors of application delivery controller (ADC) to start providing improved and tighter integration packages for various open source projects, especially surrounding ADC-generated telemetry. Companies have been extensively using their analytics and machine learning capabilities for quite some time to identify actionable patterns from the collected data. With the rising demand for business intelligence, this year is foreseen to be the year of information superiority with businesses, leveraging data as a key differentiator. In the past couple of years, containers have been emerging as an imminent trend. As the business focus starkly shifts on rightsizing of resources, containers are expected to become a common phenomenon, giving businesses the ability to leverage highly portable assets and make the move into micro services much simpler. Adjacently, automation has become essential now. Mostly intensified by DevOps adoption, the automation of software delivery and infrastructure changes have freed developers to spend more time creating and less time worrying about infrastructure.
  • DevOps pros and open source: Culturally connected
    Like chocolate and peanut butter, DevOps and open source are two great tastes that taste great together. For many DevOps pros, it's the perfect cultural and technical match.
  • Interoperability: A Case For Open Source - GC@PCI Commentary
    He continues: “An open source model allows companies to see the assumptions behind the calculation and lowers the cost of entry into the cat modeling business. More importantly, the standardized and interoperable hazard, vulnerability and financial modules included in a true open source model facilitate the collaboration of data from insurers, reinsurers, entrepreneurs, scientists, computer programmers and individuals, all of which may result in a new generation of cat models.”
  • DevOps Skills Are Key to Collaboration within Organizations
    DevOps is one of the most highly sought skills employers are seeking to fill among 57 percent of respondents in the 2017 Open Source Jobs Report, from Dice and The Linux Foundation. Specifically, firms are looking for developers (73 percent) and DevOps engineers (60 percent).
  • Projects You Can Help With For Advancing Open-Source NVIDIA "Nouveau" Graphics
    Longtime Nouveau contributor Karol Herbst has been working on an updated list of project ideas for new contributors or those that may be wanting to participate in an Endless Vacation of Code / Google Summer of Code.
  • Join The Linux Foundation at Open Source Summit EU for Booth Swag, Project Updates, and More
    Going to Open Source Summit EU in Prague? While you’re there, be sure stop by The Linux Foundation training booth for fun giveaways and a chance to win one of three Raspberry Pi kits.
  • Oracle Promises To Open Source Oracle JDK And Improve Java EE
    Oracle had already announced it would be moving Java EE to the Eclipse Foundation, and the announcements at JavaOne move the language further to a more vendor-neutral future. It's worth noting that the keynote was preceded by a Safe Harbor disclaimer in which Oracle said it could not be held to plans made during the speech, so nothing is actually certain.
  • Linux Kernel Community Enforcement Statement
  • Linux Kernel Gets An "Enforcement Statement" To Deal With Copyright Trolls
    Greg Kroah-Hartman on the behalf of the Linux Foundation Technical Advisory Board has today announced the Linux Kernel Community Enforcement Statement. This statement is designed to better fend off copyright trolls. Among the copyright troll concerns is how a Netfilter developer has been trying to enforce his personal copyright claims against companies for "in secret and for large sums of money by threatening or engaging in litigation."
  • An enforcement clarification from the kernel community
    The Linux Foundation's Technical Advisory board, in response to concerns about exploitative license enforcement around the kernel, has put together this patch adding a document to the kernel describing its view of license enforcement. This document has been signed or acknowledged by a long list of kernel developers. In particular, it seeks to reduce the effect of the "GPLv2 death penalty" by stating that a violator's license to the software will be reinstated upon a timely return to compliance.

OSS Leftovers

  • 20 Most Promising Open Source Solution Providers - 2017
    Open source has become an imperative part of every developer’s arsenal. The potential to gather assistance from the community and the capacity to link into a range of systems and solutions make open source incredibly powerful. As open source software becomes ubiquitous, and used by the vast majority of enterprises throughout the world, 2017 is all set for vendors of application delivery controller (ADC) to start providing improved and tighter integration packages for various open source projects, especially surrounding ADC-generated telemetry. Companies have been extensively using their analytics and machine learning capabilities for quite some time to identify actionable patterns from the collected data. With the rising demand for business intelligence, this year is foreseen to be the year of information superiority with businesses, leveraging data as a key differentiator. In the past couple of years, containers have been emerging as an imminent trend. As the business focus starkly shifts on rightsizing of resources, containers are expected to become a common phenomenon, giving businesses the ability to leverage highly portable assets and make the move into micro services much simpler. Adjacently, automation has become essential now. Mostly intensified by DevOps adoption, the automation of software delivery and infrastructure changes have freed developers to spend more time creating and less time worrying about infrastructure.
  • DevOps pros and open source: Culturally connected
    Like chocolate and peanut butter, DevOps and open source are two great tastes that taste great together. For many DevOps pros, it's the perfect cultural and technical match.
  • Interoperability: A Case For Open Source - GC@PCI Commentary
    He continues: “An open source model allows companies to see the assumptions behind the calculation and lowers the cost of entry into the cat modeling business. More importantly, the standardized and interoperable hazard, vulnerability and financial modules included in a true open source model facilitate the collaboration of data from insurers, reinsurers, entrepreneurs, scientists, computer programmers and individuals, all of which may result in a new generation of cat models.”
  • DevOps Skills Are Key to Collaboration within Organizations
    DevOps is one of the most highly sought skills employers are seeking to fill among 57 percent of respondents in the 2017 Open Source Jobs Report, from Dice and The Linux Foundation. Specifically, firms are looking for developers (73 percent) and DevOps engineers (60 percent).
  • Projects You Can Help With For Advancing Open-Source NVIDIA "Nouveau" Graphics
    Longtime Nouveau contributor Karol Herbst has been working on an updated list of project ideas for new contributors or those that may be wanting to participate in an Endless Vacation of Code / Google Summer of Code.
  • Join The Linux Foundation at Open Source Summit EU for Booth Swag, Project Updates, and More
    Going to Open Source Summit EU in Prague? While you’re there, be sure stop by The Linux Foundation training booth for fun giveaways and a chance to win one of three Raspberry Pi kits.
  • Oracle Promises To Open Source Oracle JDK And Improve Java EE
    Oracle had already announced it would be moving Java EE to the Eclipse Foundation, and the announcements at JavaOne move the language further to a more vendor-neutral future. It's worth noting that the keynote was preceded by a Safe Harbor disclaimer in which Oracle said it could not be held to plans made during the speech, so nothing is actually certain.
  • Linux Kernel Community Enforcement Statement
  • Linux Kernel Gets An "Enforcement Statement" To Deal With Copyright Trolls
    Greg Kroah-Hartman on the behalf of the Linux Foundation Technical Advisory Board has today announced the Linux Kernel Community Enforcement Statement. This statement is designed to better fend off copyright trolls. Among the copyright troll concerns is how a Netfilter developer has been trying to enforce his personal copyright claims against companies for "in secret and for large sums of money by threatening or engaging in litigation."
  • An enforcement clarification from the kernel community
    The Linux Foundation's Technical Advisory board, in response to concerns about exploitative license enforcement around the kernel, has put together this patch adding a document to the kernel describing its view of license enforcement. This document has been signed or acknowledged by a long list of kernel developers. In particular, it seeks to reduce the effect of the "GPLv2 death penalty" by stating that a violator's license to the software will be reinstated upon a timely return to compliance.

Tizen and Android Leftovers

Tizen and Android Leftovers