Language Selection

English French German Italian Portuguese Spanish

Security

Security: Jobs, Linux 4.14, Bruce Schneier, Spyhunter

Filed under
Security
  • Security updates for Wednesday
  • Security Jobs Are Hot: Get Trained and Get Noticed

    The demand for security professionals is real. On Dice.com, 15 percent of the more than 75K jobs are security positions. “Every year in the U.S., 40,000 jobs for information security analysts go unfilled, and employers are struggling to fill 200,000 other cyber-security related roles, according to cyber security data tool CyberSeek” (Forbes). We know that there is a fast-increasing need for security specialists, but that the interest level is low.

  • security things in Linux v4.14
  • Schneier: It's Time to Regulate IoT to Improve Cyber-Security

    The time has come for the U.S. government and other governments around the world, to start regulating Internet of Things (IoT) security, according to Bruce Schneier, CTO of IBM's Resilient Systems.

    Schneier delivered his message during a keynote address at the SecTor security conference here. He noted that today everything is basically a computer, whether it's a car, a watch, a phone or a television. IoT today has several parts including sensors that collect data, computing power to figure out what to do with the collected data and then actuators that affect the real world.

  • Shady Anti-Spyware Developer Loses Lawsuit Against Competitor Who Flagged Its Software As Malicious

    Enigma Software makes Spyhunter, a malware-fighting program with a very questionable reputation. But the company isn't known so much for containing threats as it's known for issuing threats. It sued a review site for having the audacity to suggest its pay-to-clean anti-spyware software wasn't a good fit for most users… or really any users at all.

    Bleeping Computer found itself served with a defamation lawsuit for making fact-based claims (with links to supporting evidence) about Enigma's dubious product, dubious customer service tactics (like the always-popular "auto-renew"), and dubious lawsuits. Somehow, this dubious lawsuit managed to survive a motion to dismiss. Fortunately, Bleeping Computer was propped up by Malwarebytes' developers, who tossed $5,000 into Bleeping Computer's legal defense fund.

Security Leftovers

Filed under
Security
  • Survey of bug bounty hunters shows who pans for pwns

    Asking the crowd for help in fixing security problems is going mainstream. Microsoft, Facebook, and other tech giants have offered "bug bounties"—cash rewards or other prizes and recognition—to individuals discovering vulnerabilities in their products for years. (Ars even made it onto Google's security wall of fame in 2014 for reporting a Google search bug, though we didn't get a cash payout.)

  • Mother-Son Duo Fools iPhone X Face ID Like It’s No Big Deal

    Uploaded by Attaullah Malik on YouTube, the 41-second clip shows his 10-year-old son unlocking Face ID on an iPhone X which was configured to accept the mother’s face.

  • Watch a 10-Year-Old's Face Unlock His Mom's iPhone X

     

    Malik offered to let Ammar look at his phone instead, but the boy picked up his mother's, not knowing which was which. And a split second after he looked at it, the phone unlocked.

  • This 10-year-old was able to unlock his mom’s iPhone using Face ID

     

    Although Apple says Face ID is more secure than Touch ID, this raises questions about the possibility of false positives not only happening with twins and siblings around the same age, but with people of different sexes and significantly different ages. It is possible that the son’s age played a role as Apple has said that the “undeveloped facial features” in those under the age of 13 could cause issues with Face ID.

  • Safety alert: see how easy it is for almost anyone to hack [sic] your child’s connected toys

    Watch our video below to see just how easy it is for anyone to take over the voice control of a popular connected toy, and speak directly to your child through it. And we’re not talking professional hackers [sic]. It’s easy enough for almost anyone to do.

  • Trump administation to release rules on disclosure of cybersecurity flaws: NSA

    The Trump administration is expected to publicly release on 15 November its rules for deciding whether to disclose cybersecurity flaws or keep them secret, a national security official told Reuters.

Tails 3.3 is out

Filed under
Security
Debian

This release fixes many security issues and users should upgrade as soon as possible.

Read more

Security: USB Bugs, OnePlus 'Back Door', and ME 'Back Door'

Filed under
Security

Security: Kaspersky in the UK and Apple's Face ID

Filed under
Security

Security: Kaspersky, Shadow Brokers, Core Infrastructure Initiative, Face ID

Filed under
Security
  • The Daily Mail whisks up Kaspersky fears - but where's the meat?

    Make a note. Whenever you see the Daily Mail publish a headline which asks a question, the correct answer is invariably "no". If they had any reason to believe it was "yes", then they wouldn't have posed it as a question.

    The truth is that newspapers post these "Is the Loch Ness Monster on Tinder?"-style headlines because they know they'll get more clicks than if they use a headline which reflects the actual conclusion of the article.

  • NSA Cyber Weapons Turned Against Them in Hack

    A hack on the National Security Agency, claimed by a group called the “Shadow Brokers,” has caused a chilling effect on agency staffers, as they wonder whether it was a foreign hacker or someone on the inside.

  • Why the cybersecurity industry should care about Open Source maintenance

    In June of this year, Thales eSecurity joined the Core Infrastructure Initiative (CII), a project both founded and managed by The Linux Foundation, with the aim of collaboratively enhancing and strengthening the security and resilience of critical Open Source projects. Many of the world’s largest technology companies already belong to the CII, with Thales being officially recognised as the first global security firm to join the initiative.

  • You Can Easily Beat iPhone X Face ID Using This 3D-Printed Mask

    When it launched the iPhone X, Apple said that the company has worked with professional mask makers and Hollywood makeup artists. It was to make sure their facial recognition tech doesn’t fail when someone attempts to beat it.

Security: Proprietary Software and Microsoft's Back Doors

Filed under
Microsoft
Security
  • Hackers Can Use Your Antivirus Software To Spread Malware [Ed: Crackers can use just about any proprietary software to spread other (even more malicious) proprietary software]
  • NYT: NSA Spy Units Forced to 'Start Over' After Leaks, Hacks
  • Media: homeland security USA “shocked” by the data theft [Ed: "shocked" by impact of its own collusion with Microsoft]
  • Report: NSA Hunts for Moles Amid Crippling Information Leaks

    The National Security Agency has spent more than a year investigating a series of catastrophic breaches and has yet to determine whether it’s fighting foreign hackers or a mole inside the agency, The New York Times reports. At the center of the saga is a mysterious group called the Shadow Brokers, which has been taunting the agency with periodic dumps of secret code online—leaks that employees say are much more damaging to national security than the information leaked by former NSA contractor Edward Snowden. Some of the stolen code has been used in global malware attacks such as the WannaCry cyberattack, which crippled hospitals and government institutions across the world. Current and former employees have described a mole hunt inside the agency, with some employees reportedly asked to hand over their passports and undergo questioning. Yet investigators still don’t know who the culprits are, be it an insider who stole an entire thumb drive of sensitive code, or a group of Russian hackers—for some, the prime suspects—who managed to breach NSA defenses. “How much longer are the releases going to come?” one former employee was cited as saying. “The agency doesn’t know how to stop it—or even what ‘it’ is.”

pfSense: Not Linux, Not Bad

Filed under
Security
BSD

Through the years, I've used all sorts of router and firewall solutions at home and at work. For home networks, I usually recommend something like DD-WRT, OpenWRT or Tomato on an off-the-shelf router. For business, my recommendations typically are something like a Ubiquiti router or a router/firewall solution like Untangled or ClearOS. A few years ago, however, a coworker suggested I try pfSense instead of a Linux-based solution. I was hesitant, but I have to admit, pfSense with its BSD core is a rock-solid performer that I've used over and over at multiple sites.

Read more

Security: Minix, Shadow Brokers, Kaspersky

Filed under
Security
  • The Truth About the Intel’s Hidden Minix OS and Security Concerns

    That supplemental unit is part of the chipset and is NOT on the main CPU die. Being independent, that means Intel ME is not affected by the various sleep state of the main CPU and will remain active even when you put your computer in sleep mode or when you shut it down.

  • Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core

    Mr. Williams had written on his company blog about the Shadow Brokers, a mysterious group that had somehow obtained many of the hacking tools the United States used to spy on other countries. Now the group had replied in an angry screed on Twitter. It identified him — correctly — as a former member of the National Security Agency’s hacking group, Tailored Access Operations, or T.A.O., a job he had not publicly disclosed. Then the Shadow Brokers astonished him by dropping technical details that made clear they knew about highly classified hacking operations that he had conducted.

  • UK spymasters raise suspicions over Kaspersky software's Russia links

Security: Fancy Bear, MINIX, WikiLeaks Vault 8, Face ID

Filed under
Security
  • New Microsoft Word attacks infect PCs sans macros

    Fancy Bear, the advanced hacking group researchers say is tied to the Russian government, is actively exploiting a newly revived technique that gives attackers a stealthy means of infecting computers using Microsoft Office documents, security researchers said this week.

    Fancy Bear is one of two Russian-sponsored hacking outfits researchers say breached Democratic National Committee networks ahead of last year's presidential election. The group was recently caught sending a Word document that abuses a feature known as Dynamic Data Exchange. DDE allows a file to execute code stored in another file and allows applications to send updates as new data becomes available.

  • Minix Inside!

    Everything was find but in May a major security flaw was discovered and the fix required an update data to the AMT code. An update that many machines are unlikely to get. Since then various security researchers, mostly Google-based, have been looking into the hardware and the software and have made the discovery that there is an additional layer in the hardware that Intel doesn't talk about. Ring 3 is user land, Ring 0 is OS land and Ring -1 is for hypervisors. These we know about, but in addition there is Ring -2, used for the secure UEFI kernel and Ring -3, which is where the management OS runs. Guess what the management OS is Minix 3 - or rather a closed commercial version of Minix 3.

  • WikiLeaks: CIA impersonated Kaspersky Labs as a cover for its malware operations

    WikiLeaks, under its new Vault 8 series of released documents, has rolled out what it says is the source code to a previously noted CIA tool, called Hive, that is used to help hide espionage actions when the Agency implants malware.
    Hive supposedly allows the CIA to covertly communicate with its software by making it hard or impossible to trace the malware back to the spy organization by utilizing a cover domain. Part of this, WikiLeaks said, is using fake digital certificates that impersonate other legitimate web groups, including Kaspersky Labs.

  • My Younger Brother Can Access My iPhone X: Face ID Is Not Secure

    What this means is family members, who are probably the people you don’t want accessing your device, can now potentially access your iPhone. Especially your younger brother, or Mom… or Grandma.

Syndicate content

More in Tux Machines

Android Leftovers

Graphics: XWayland and Mesa

  • XWayland Gets Patches For Better EGLStreams Handling
    While the recently released X.Org Server 1.20 has initial support for XWayland with EGLStreams so X11 applications/games on Wayland can still benefit from hardware acceleration, in its current state it doesn't integrate too well with Wayland desktop compositors wishing to support it. That's changing with a new patch series.
  • Intel Mesa Driver Finally Supports Threaded OpenGL
    Based off the Gallium3D "mesa_glthread" work for threaded OpenGL that can provide a measurable win in some scenarios, the Intel i965 Mesa driver has implemented this support now too. Following the work squared away last year led in the RadeonSI driver, the Intel i965 OpenGL driver supports threaded OpenGL when the mesa_glthread=true environment variable is set.
  • Geometry & Tessellation Shaders For Mesa's OpenGL Compatibility Context
    With the recent Mesa 18.1 release there is OpenGL 3.1 support with the ARB_compatibility context for the key Gallium3D drivers, but Marek Olšák at AMD continues working on extending that functionality under the OpenGL compatibility context mode.
  • Mesa Begins Its Transition To Gitlab
    Following the news from earlier this month that FreeDesktop.org would move its infrastructure to Gitlab, the Mesa3D project has begun the process of adopting this Git-centered software.

Welcome to Ubuntu 18.04: Make yourself at GNOME. Cup of data-slurping dispute, anyone?

Comment Ubuntu 18.04, launched last month, included a new Welcome application that runs the first time you boot into your new install. The Welcome app does several things, including offering to opt you out of Canonical's new data collection tool. The tool also provides a quick overview of the new GNOME interface, and offers to set up Livepatch (for kernel patching without a reboot). In my review I called the opt-out a ham-fisted decision, but did note that if Canonical wanted to actually gather data, opt-out was probably the best choice. Read more

How CERN Is Using Linux and Open Source

CERN really needs no introduction. Among other things, the European Organization for Nuclear Research created the World Wide Web and the Large Hadron Collider (LHC), the world’s largest particle accelerator, which was used in discovery of the Higgs boson. Tim Bell, who is responsible for the organization’s IT Operating Systems and Infrastructure group, says the goal of his team is “to provide the compute facility for 13,000 physicists around the world to analyze those collisions, understand what the universe is made of and how it works.” Read more