Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

Tor 0.3.0.6 is released: a new series is stable!

Filed under
Security

Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series.

With the 0.3.0 series, clients and relays now use Ed25519 keys to authenticate their link connections to relays, rather than the old RSA1024 keys that they used before. (Circuit crypto has been Curve25519-authenticated since 0.2.4.8-alpha.) We have also replaced the guard selection and replacement algorithm to behave more robustly in the presence of unreliable networks, and to resist guard- capture attacks.

Read more

Easy ways to make your Android device more secure

Filed under
Android
Security

How secure is your data on that Android smartphone? On a scale of "Alcatraz" to "open field of flowers," where does yours rank? If you're truly concerned about the security of your mobile device (which you should be), you know there are always steps to take to further clamp it down. Because some of these steps a bit more complicated, they are often overlooked by the average user. That's why I want to offer up a few easy ways anyone can bring a bit more security to their Android device.

Read more

Security Leftovers

Filed under
Security

Microsoft Begs, Bugs, and Bug Doors

Filed under
Microsoft
Security
  • Don't install our buggy Windows 10 Creators Update, begs Microsoft

    Microsoft has urged non-tech-savvy people – or anyone who just wants a stable computer – to not download and install this year's biggest revision to Windows by hand. And that's because it may well bork your machine.

    It's been two weeks since Microsoft made its Creators Update available, and we were previously warned it will be a trickle-out rather than a massive rollout. Now, Redmond has urged users to stop manually fetching and installing the code, and instead wait for it to be automatically offered to your computer when it's ready.

  • Microsoft Word flaw took so long to fix that hackers used it to send fraud software to millions of computers

    A flaw in Microsoft Word took the tech giant so long to fix that hackers were able to use it to send fraud software to millions of computers, it has been revealed.

    The security flaw, officially known as CVE-2017-0199, could allow a hacker to seize control of a personal computer with little trace, and was fixed on April 11 in Microsoft's regular monthly security update - nine months after it was discovered.

Security Leftovers

Filed under
Security

Security updates and no more patches from grsecurity (without a fee)

Filed under
Security
  • Security updates for Wednesday
  • GrSecurity Kernel Patches Will No Longer Be Free To The Public

    The GrSecurity initiative that hosts various out-of-tree patches to the mainline Linux kernel in order to enhance the security will no longer be available to non-paying users.

    GrSecurity has been around for the better part of two decades and going back to the 2.4 kernel days. In 2015 the stable GrSecurity patches became available to only commercial customers while the testing patches had still been public. That's now changing with all GrSecurity users needing to be customers.

  • Passing the Baton: FAQ

    This change is effective today, April 26th 2017. Public test patches have been removed from the download area. 4.9 was specifically chosen as the last public release as being the latest upstream LTS kernel will help ease the community transition.

  • grsecurity - Passing the Baton

    Anyone here use grsecurity and have any thoughts about this?

More Coverage of Kali Linux 2017.1 Release

Filed under
GNU
Linux
Security
  • Kali Linux 2017.1 Security OS Brings Wireless Injection Attacks to 802.11 AC

    Offensive Security, the developers of the BackTrack-derived Kali Linux open-source, security-oriented operating system announced the availability of the Kali Linux 2017.1 rolling release.

    Since Kali Linux become a rolling distro, the importance of such updated images was never the same, but Kali Linux 2017.1 appears to be a major release of the ethical hacking distro, adding a bunch of exciting new features and improvements to the Debian-based operating system.

  • Kali Linux 2017.1 Released With New Features | Download ISO Files And Torrents Here

    Offensive Security has updated the Kali Linux images with new features and changes. Termed Kali Linux 2017.1, this release comes with support for wireless injection attacks to 802.11ac and Nvidia CUDA GPU. You can simply update your existing installation by running few commands if you don’t wish to download the updated images from Kali repos.

Security Leftovers

Filed under
Security
  • NSA backdoor detected on >55,000 Windows boxes can now be remotely removed

    After Microsoft officials dismissed evidence that more than 10,000 Windows machines on the Internet were infected by a highly advanced National Security Agency backdoor, private researchers are stepping in to fill the void. The latest example of this open source self-help came on Tuesday with the release of a tool that can remotely uninstall the DoublePulsar implant.

  • Turns out, pacemaker security is terrifying

    Ultimately, St. Jude Medical's stock plunged as much as 10 percent in the aftermath. The company launched a lawsuit against MedSec and Muddy Waters, and the three firms skirmished in the press again when MedSec's findings were allegedly reproduced by security firm Bishop Fox. What's more, the second set of researchers claimed they could take over the pacemakers at a distance of around 10 feet.

  • Chrome, Firefox, and Opera users beware: This isn’t the apple.com you want
  • [Older] Phishing with Unicode Domains

    From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as "xn--pple-43d.com", which is equivalent to "аpple.com". It may not be obvious at first glance, but "аpple.com" uses the Cyrillic "а" (U+0430) rather than the ASCII "a" (U+0061). This is known as a homograph attack.

  • New Strain of Linux Malware Could Get Serious [Ed: ECT thinks that people having default username+password is a "Linux" issue? Seriously?

    A new strain of malware targeting Linux systems, dubbed "Linux/Shishiga," could morph into a dangerous security threat.

    Eset on Tuesday disclosed the threat, which represents a new Lua family unrelated to previously seen LuaBot malware.

Kali Linux 2017.1 Release

Filed under
GNU
Linux
Security

Finally, it’s here! We’re happy to announce the availability of the Kali Linux 2017.1 rolling release, which brings with it a bunch of exciting updates and features. As with all new releases, you have the common denominator of updated packages, an updated kernel that provides more and better hardware support, as well as a slew of updated tools – but this release has a few more surprises up its sleeve.

Read more

Also: Kali Linux repository HTTPS support

Syndicate content

More in Tux Machines

Tizen News

OSS Leftovers

  • How Open Source Tech Helps Feds Solve Workforce Turnover Issues
    Just as a mainframe from decades ago might be ready for retirement, the IT staff who originally procured and installed that system might also be preparing for a new phase in their lives. It’s up to the current and next generation of government IT employees to prepare for that eventuality, but there are indications they may not be ready, despite evidence that older IT professionals are retiring or will soon be leaving their positions. Unfortunately, a skills gap exists even among younger generation IT workers. Agencies are scrambling to find personnel with expertise in cloud service management, cybersecurity, technical architecture and legacy technologies, such as common business-oriented language (COBOL) and mainframes, among other areas. At the same time that many workers are getting ready to retire, leaving behind a wealth of knowledge, many younger IT professionals are struggling to gain the knowledge they will need to take their agencies into the future.
  • Introducing Fn: “Serverless must be open, community-driven, and cloud-neutral”
    Fn, a new serverless open source project was announced at this year’s JavaOne. There’s no risk of cloud lock-in and you can write functions in your favorite programming language. “You can make anything, including existing libraries, into a function by packaging it in a Docker container.” We invited Bob Quillin, VP for the Oracle Container Group to talk about Fn, its best features, next milestones and more.
  • Debian seminar in Yokohama, 2017/11/18
    I had attended to Tokyo area debian seminar #157. The day’s special guest is Chris Lamb, the Debian Project Leader in 2017. He had attended to Open Compliance Summit, so we invited him as our guest.
  • Overclock Labs bets on Kubernetes to help companies automate their cloud infrastructure
    Overclock Labs wants to make it easier for developers to deploy and manage their applications across clouds. To do so, the company is building tools to automate distributed cloud infrastructure and, unsurprisingly, it is betting on containers — and specifically the Kubernetes container orchestration tools — to do this. Today, Overclock Labs, which was founded two years ago, is coming out of stealth and announcing that it raised a $1.3 million seed round from a number of Silicon Valley angel investors and CrunchFund — the fund that shares a bit of its name and history with TechCrunch but is otherwise completely unaffiliated with the blog you are currently reading.
  • MariaDB Energizes the Data Warehouse with Open Source Analytics Solution
    MariaDB® Corporation, the company behind the fastest growing open source database, today announced new product enhancements to MariaDB AX, delivering a modern approach to data warehousing that enables customers to easily perform fast and scalable analytics with better price performance over proprietary solutions. MariaDB AX expands the highly successful MariaDB Server, creating a solution that enables high performance analytics with distributed storage and parallel processing, and that scales with existing commodity hardware on premises or across any cloud platform. With MariaDB AX, data across every facet of the business is transformed into meaningful and actionable results.
  • AT&T Wants White Box Routers with an Open Operating System [Ed: AT&T wants to openwash its surveillance equipment]
    AT&T says it’s not enough to deploy white box hardware and to orchestrate its networks with the Open Network Automation Platform (ONAP) software. “Each individual machine also needs its own operating system,” writes Chris Rice, senior vice president of AT&T Labs, Domain 2.0 Architecture, in a blog post. To that end, AT&T announced its newest effort — the Open Architecture for a Disaggregated Network Operating System (dNOS).
  • Intel Lands Support For Vector Neural Network Instructions In LLVM
  • p2k17 Hackathon report: Antoine Jacoutot on ports+packages progress
  • GCC 8 Feature Development Is Over
    Feature development on the GCC 8 compiler is over with it now entering stage three of its development process. SUSE's Richard Biener announced minutes ago that GCC 8 entered stage three development, meaning only general bug fixing and documentation updates are permitted.
  • 2018 Is The Year For Open Source Software For The Pentagon
  • Open-source defenders turn on each other in 'bizarre' trademark fight sparked by GPL fall out
    Two organizations founded to help and support developers of free and open-source software have locked horns in public, betraying a long-running quarrel rumbling mostly behind the scenes. On one side, the Software Freedom Law Center, which today seeks to resolve licensing disputes amicably. On the other, the Software Freedom Conservancy, which takes a relatively harder line against the noncompliance of licensing terms. The battleground: the, er, US Patent and Trademark Office. The law center has demanded the cancellation of a trademark held by the conservancy.
  • Open Source Underwater Glider: An Interview with Alex Williams, Grand Prize Winner
    Alex Williams pulled off an incredible engineering project. He developed an Autonomous Underwater Vehicle (AUV) which uses a buoyancy engine rather than propellers as its propulsion mechanism and made the entire project Open Source and Open Hardware.

Programming Leftovers

Security: Linux, Free Software Principles, Microsoft and Intel

  • Some 'security people are f*cking morons' says Linus Torvalds
    Linux overlord Linus Torvalds has offered some very choice words about different approaches security, during a discussion about whitelisting features proposed for version 4.15 of the Linux kernel. Torvalds' ire was directed at open software aficionado and member of Google's Pixel security team Kees Cook, who he has previously accused of idiocy. Cook earned this round of shoutiness after he posted a request to “Please pull these hardened usercopy changes for v4.15-rc1.”
  • Free Software Principles
    Ten thousand dollars is more than $3,000, so the motives don't add up for me. Hutchins may or may not have written some code, and that code may or may not have been used to commit a crime. Tech-literate people, such as the readers of Linux Magazine, understand the difference between creating a work and using it to commit a crime, but most of the media coverage – in the UK, at least – has been desperate to follow the paradigm of building a man up only to gleefully knock him down. Even his achievement of stopping WannaCry is decried as "accidental," a word full of self-deprecating charm when used by Hutchins, but which simply sounds malicious in the hands of the Daily Mail and The Telegraph.
  • New warning over back door in Linux
    Researchers working at Russian cyber security firm Dr Web claim to have found a new vulnerability that enables remote attackers to crack Linux installations virtually unnoticed. According to the anti-malware company, cyber criminals are getting into the popular open-source operating system via a new backdoor. This, they say, is "indirect evidence" that cyber criminals are showing an increasing interest in targeting Linux and the applications it powers. The trojan, which it's calling Linux.BackDoor.Hook.1, targets the library libz primarily. It offers compression and extraction capabilities for a plethora of Linux-based programmes.
  • IN CHATLOGS, CELEBRATED HACKER AND ACTIVIST CONFESSES COUNTLESS SEXUAL ASSAULTS
  • Bipartisan Harvard panel recommends hacking [sic] safeguards for elections
     

    The guidelines are intended to reduce risks in low-budget local races as well as the high-stakes Congressional midterm contests next year. Though most of the suggestions cost little or nothing to implement and will strike security professionals as common sense, notorious attacks including the leak of the emails of Hillary Clinton’s campaign chair, John Podesta, have succeeded because basic security practices were not followed.  

  • Intel Chip Flaws Leave Millions of Devices Exposed
     

    On Monday, the chipmaker released a security advisory that lists new vulnerabilities in ME, as well as bugs in the remote server management tool Server Platform Services, and Intel’s hardware authentication tool Trusted Execution Engine. Intel found the vulnerabilities after conducting a security audit spurred by recent research. It has also published a Detection Tool so Windows and Linux administrators can check their systems to see if they're exposed.