Language Selection

English French German Italian Portuguese Spanish

Security

Tor: a landmark for hidden services

Filed under
OSS
Security

The Tor Project's .onion (hidden services) addresses have been formally
approved as a Special Use Domain Name by the Internet Engineering Task
Force (IETF), a body that sets standards for the Internet. IETF’s
recognition of .onion names is a landmark in the movement to build
privacy into the structure of the Internet. Jacob Appelbaum's official
blog post for the Tor Project
(https://blog.torproject.org/blog/landmark-hidden-services...)
about this development is available.

Read more

IPFire 2.17 - Core Update 94 released

Filed under
GNU
Linux
Security

This is the official release announcement for IPFire 2.17 – Core Update 94 which is a release with smaller security fixes and a maintenance release in general.

Read more

Security Leftovers

Filed under
Security
  • Fitbit can allegedly be hacked in 10 seconds

    Fitness-tracking wristband Fitbit, which has sold more than 20 million devices worldwide, and tracks your calorie count, heart rate and other highly personal information, can be remotely hacked, according to research by Fortinet. This gives hackers access to the computer to which you sync your Fitbit.

  • Adobe releases emergency patch for Flash zero-day flaw
  • Adobe confirms major Flash vulnerability, and the only way to protect yourself is to uninstall Flash

    Just one day after Adobe released its monthly security patches for various software including Flash Player, the company confirmed a major security vulnerability that affects all versions of Flash for Windows, Mac and Linux computers. You read that correctly… all versions. Adobe said it has been made aware that this vulnerability is being used by hackers to attack users, though it says the attacks are limited and targeted. Using the exploit, an attacker can crash a target PC or even take complete control of the computer.

  • Western Digital self-encrypting hard drives riddled with security flaws

    Several versions of self-encrypting hard drives from Western Digital are riddled with so many security flaws that attackers with physical access can retrieve the data with little effort, and in some cases, without even knowing the decryption password, a team of academics said.

    The paper, titled got HW crypto? On the (in)security of a Self-Encrypting Drive series, recited a litany of weaknesses in the multiple versions of the My Passport and My Book brands of external hard drives. The flaws make it possible for people who steal a vulnerable drive to decrypt its contents, even when they're locked down with a long, randomly generated password. The devices are designed to self-encrypt all stored data, a feature that saves users the time and expense of using full-disk encryption software.

Tails Amnesic Incognito Live Linux OS Spotted on 'Homeland' TV Show

Filed under
GNU
Linux
Security
Debian

Spoiler alert! Don't read this if you haven't watched the third episode of the fifth season of Homeland, an acclaimed American television series that airs on the Showtime network.

If you've watched the show so far, then you know that there are a few new characters, such as Laura Sutton, an American journalist in Berlin, played by the beautiful Sarah Sokolovic, as well as Numan, a bearded hacker played by Atheer Adel.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Tuesday's security updates
  • Why Aren't There Better Cybersecurity Regulations for Medical Devices?

    This summer, the Food and Drug Administration warned hospitals to stop using a line of drug pumps because of a cybersecurity risk: a vulnerability that could allow an attacker to remotely deliver a fatal dose to a patient. SAINT Corporation engineer Jeremy Richards, one of the researchers who discovered the vulnerability, called the drug pump the “the least secure IP enabled device I’ve ever touched in my life.”

    There is a growing body of research that shows just how defenseless many critical medical devices are to cyberattack. Research over the last couple of years has revealed that hundreds of medical devices use hard-coded passwords. Other devices use default admin passwords, then warn hospitals in the documentation not to change them.

  • Congress Introduces Provision That Could Make Vehicle Security Research Illegal

    Far too often Congress proposes tech legislation that is either poorly researched or poorly drafted (or both). Fortunately, most of the bills don't advance. Unfortunately, this doesn’t seem to dissuade Congress from constantly writing these types of bills. The House Energy and Commerce Committee released such a bill last week. It's only a discussion draft and hasn't been introduced as a formal bill yet, but its provisions would not only effectively put the brakes on car security research, but also immunize auto manufactures from FTC privacy enforcement when (not if) they fail to secure our cars. It's a classic one-two punch from Congress: not understanding something and then deciding to draft a bill about it anyway.

  • Crypto researchers: Time to use something better than 1024-bit encryption

    It’s possible for entities with vast computing resources – such as the NSA and major national governments - to compromise commonly used Diffie-Hellman keys, and over time more groups will be able to afford cracking them as computing costs go down.

  • The first rule of zero-days is no one talks about zero-days (so we’ll explain)

    How do you defend yourself against the unknown? That is crux of the zero-day vulnerability: a software vulnerability that, by definition, is unknown by the user of the software and often its developer as well.

    Everything about the zero-day market, from research and discovery through disclosure and active exploitation, is predicated upon this fear of the unknown—a fear that has been amplified and distorted by the media. Is the world really at threat of destabilisation due to lone-wolf hackers digging up vulnerabilities in popular software packages and selling them to whichever repressive government offers the most money? Or is it just a classic case of the media and megacorp lobbyists focusing on the sexy, scary, offensive side of things, and glossing over the less alluring aspects?

VirtualBox 5.0.8 Has Better systemd Support, Debian and El Capitan Fixes

Filed under
OSS
Security

On October 20, Oracle announced the immediate availability for download of the eighth maintenance release of their open-source and cross-platform VirtualBox virtualization software for GNU/Linux, Mac OS X, and Windows operating systems.

Read more

Canonical Releases Important Security Patches for Ubuntu 15.04 and 14.04 LTS

Filed under
Security
Ubuntu

After announcing the general availability of a new kernel version of its Ubuntu 12.04 LTS (Precise Pangolin) operating system, Canonical published details about an important security patch for the kernel packages of Ubuntu 15.04 and Ubuntu 14.04 LTS.

Read more

AllSeen Alliance Adds Security Updates to Open Source IoT Platform

Filed under
OSS
Security

The AllSeen Alliance claims to have made open source Internet of Things (IoT) development more secure with the latest update to its AllJoyn IoT framework, Security 2.0. The new feature brings authentication, device authorization and encryption enhancements to the platform.

Read more

Syndicate content

More in Tux Machines

Android N’s navigation buttons could get a face-lift

New Zealand vs Wales Live Streaming

Android Leftovers

IT runs on the cloud, and the cloud runs on Linux. Any questions?

A recent survey by the Uptime Institute of 1,000 IT executives found that 50 percent of senior enterprise IT executives expect the majority of IT workloads to reside off-premise in cloud or colocation sites in the future. Of those surveyed, 23 percent expect the shift to happen next year, and 70 percent expect that shift to occur within the next four years. Read more

Security Leftovers

  • Teardrop Attack: What Is It And How Does It Work?
    In Teardrop Attack, fragmented packets that are sent in the to the target machine, are buggy in nature and the victim’s machine is unable to reassemble those packets due to the bug in the TCP/IP fragmentation.
  • Updating code can mean fewer security headaches
    Organizations with high rates of code deployments spend half as much time fixing security issues as organizations without such frequent code updates, according to a newly released study. In its latest annual state-of-the-developer report, Devops software provider Puppet found that by better integrating security objectives into daily work, teams in "high-performing organizations" build more secure systems. The report, which surveyed 4,600 technical professionals worldwide, defines high IT performers as offering on-demand, multiple code deploys per day, with lead times for changes of less than one hour. Puppet has been publishing its annual report for five years.
  • Over half of world's top domains weak against email spoofing
    Over half of the world's most popular online services have misconfigured servers which could place users at risk from spoof emails, researchers have warned. According to Swedish cybersecurity firm Detectify, poor authentication processes and configuration settings in servers belonging to hundreds of major online domains are could put users at risk of legitimate-looking phishing campaigns and fraudulent emails.