Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Fitbit can allegedly be hacked in 10 seconds

    Fitness-tracking wristband Fitbit, which has sold more than 20 million devices worldwide, and tracks your calorie count, heart rate and other highly personal information, can be remotely hacked, according to research by Fortinet. This gives hackers access to the computer to which you sync your Fitbit.

  • Adobe releases emergency patch for Flash zero-day flaw
  • Adobe confirms major Flash vulnerability, and the only way to protect yourself is to uninstall Flash

    Just one day after Adobe released its monthly security patches for various software including Flash Player, the company confirmed a major security vulnerability that affects all versions of Flash for Windows, Mac and Linux computers. You read that correctly… all versions. Adobe said it has been made aware that this vulnerability is being used by hackers to attack users, though it says the attacks are limited and targeted. Using the exploit, an attacker can crash a target PC or even take complete control of the computer.

  • Western Digital self-encrypting hard drives riddled with security flaws

    Several versions of self-encrypting hard drives from Western Digital are riddled with so many security flaws that attackers with physical access can retrieve the data with little effort, and in some cases, without even knowing the decryption password, a team of academics said.

    The paper, titled got HW crypto? On the (in)security of a Self-Encrypting Drive series, recited a litany of weaknesses in the multiple versions of the My Passport and My Book brands of external hard drives. The flaws make it possible for people who steal a vulnerable drive to decrypt its contents, even when they're locked down with a long, randomly generated password. The devices are designed to self-encrypt all stored data, a feature that saves users the time and expense of using full-disk encryption software.

Tails Amnesic Incognito Live Linux OS Spotted on 'Homeland' TV Show

Filed under
GNU
Linux
Security
Debian

Spoiler alert! Don't read this if you haven't watched the third episode of the fifth season of Homeland, an acclaimed American television series that airs on the Showtime network.

If you've watched the show so far, then you know that there are a few new characters, such as Laura Sutton, an American journalist in Berlin, played by the beautiful Sarah Sokolovic, as well as Numan, a bearded hacker played by Atheer Adel.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Tuesday's security updates
  • Why Aren't There Better Cybersecurity Regulations for Medical Devices?

    This summer, the Food and Drug Administration warned hospitals to stop using a line of drug pumps because of a cybersecurity risk: a vulnerability that could allow an attacker to remotely deliver a fatal dose to a patient. SAINT Corporation engineer Jeremy Richards, one of the researchers who discovered the vulnerability, called the drug pump the “the least secure IP enabled device I’ve ever touched in my life.”

    There is a growing body of research that shows just how defenseless many critical medical devices are to cyberattack. Research over the last couple of years has revealed that hundreds of medical devices use hard-coded passwords. Other devices use default admin passwords, then warn hospitals in the documentation not to change them.

  • Congress Introduces Provision That Could Make Vehicle Security Research Illegal

    Far too often Congress proposes tech legislation that is either poorly researched or poorly drafted (or both). Fortunately, most of the bills don't advance. Unfortunately, this doesn’t seem to dissuade Congress from constantly writing these types of bills. The House Energy and Commerce Committee released such a bill last week. It's only a discussion draft and hasn't been introduced as a formal bill yet, but its provisions would not only effectively put the brakes on car security research, but also immunize auto manufactures from FTC privacy enforcement when (not if) they fail to secure our cars. It's a classic one-two punch from Congress: not understanding something and then deciding to draft a bill about it anyway.

  • Crypto researchers: Time to use something better than 1024-bit encryption

    It’s possible for entities with vast computing resources – such as the NSA and major national governments - to compromise commonly used Diffie-Hellman keys, and over time more groups will be able to afford cracking them as computing costs go down.

  • The first rule of zero-days is no one talks about zero-days (so we’ll explain)

    How do you defend yourself against the unknown? That is crux of the zero-day vulnerability: a software vulnerability that, by definition, is unknown by the user of the software and often its developer as well.

    Everything about the zero-day market, from research and discovery through disclosure and active exploitation, is predicated upon this fear of the unknown—a fear that has been amplified and distorted by the media. Is the world really at threat of destabilisation due to lone-wolf hackers digging up vulnerabilities in popular software packages and selling them to whichever repressive government offers the most money? Or is it just a classic case of the media and megacorp lobbyists focusing on the sexy, scary, offensive side of things, and glossing over the less alluring aspects?

VirtualBox 5.0.8 Has Better systemd Support, Debian and El Capitan Fixes

Filed under
OSS
Security

On October 20, Oracle announced the immediate availability for download of the eighth maintenance release of their open-source and cross-platform VirtualBox virtualization software for GNU/Linux, Mac OS X, and Windows operating systems.

Read more

Canonical Releases Important Security Patches for Ubuntu 15.04 and 14.04 LTS

Filed under
Security
Ubuntu

After announcing the general availability of a new kernel version of its Ubuntu 12.04 LTS (Precise Pangolin) operating system, Canonical published details about an important security patch for the kernel packages of Ubuntu 15.04 and Ubuntu 14.04 LTS.

Read more

AllSeen Alliance Adds Security Updates to Open Source IoT Platform

Filed under
OSS
Security

The AllSeen Alliance claims to have made open source Internet of Things (IoT) development more secure with the latest update to its AllJoyn IoT framework, Security 2.0. The new feature brings authentication, device authorization and encryption enhancements to the platform.

Read more

Git 2.6.2 Distributed Version Control System Has Many Bugfixes, Some Features

Filed under
OSS
Security

This past weekend, the developers of the open-source Git distributed version control system published details about the second maintenance release in the Git 2.6 series.

Read more

Attacker slips malware past Ubuntu Phone checks

Filed under
Security
Ubuntu

Canonical has issued a security advisory to all fifteen people who installed a particular Ubuntu Phone app.

While its reach might be trivial, the bug itself was serious: someone worked out how to bypass checks that are supposed to protect the Ubuntu Phone operating system's single-click app installation process.

Read more

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

Review: Linux Mint 18 (Sarah)

If you were looking to jump the Ubuntu ship completely, then we recommend taking a look at our recent Review of Fedora 24. It’s equally as good as Mint 18 and equally worthy of your consideration. Between Linux Mint 18 and Fedora 24, we reckon it’s exciting times in the Linux world. With the exception and onset of the boring world of vanilla Ubuntu releases, Linux feels reinvigorated and fresh once again. Jump on board, because it can only get better from here. Read more

Security Leftovers

GNU News

Leftovers: OSS

  • Mozilla Firefox 47.0.1 Is Now Available in the Arch Linux and Solus Repos
    Mozilla quietly delivered the first point release of the Mozilla Firefox 47.0 web browser to users of Microsoft Windows and Mac OS X operating systems on the day of June 28, 2016. However, because the built-in updater of the Mozilla Firefox web browser doesn't work on GNU/Linux distributions, users have to wait for the latest version of the software to be first pushed by the maintainers of their operating systems on the main repositories before they can upgrade.
  • Questions loom about the future of open source at VA
    The CIO for the Department of Veterans' Affairs sought to reassure stakeholders that the agency was committed to open source in the future, but with Congress pressuring the agency to give up the homegrown health record system VistA, the open source community is a bit perplexed.
  • Watch out for job offers from Google after this open source course
    Over five lakh polytechnic students from 500 colleges across Tamil Nadu would begin training on open source software from Friday, learning more about the nitty-gritties of ‘free’ software under a programme run by the Indian Institute of Technology – Bombay along with the Tamil Nadu government.
  • Bombay Stock Exchange: Open source is a mindset
    Open source is still gaining momentum in the industry worldwide. Despite naysayers, open-source software and hardware are making believers out of a broad array of users. In the case of Bombay Stock Exchange, LTD (BSE), the transition has been cost efficient, as well as has improved order processing power. By switching from proprietary hardware to open source, Kersi Tavadia, CIO of BSE, reported going from being able to process 10 million orders a day to 400 million. Even with the increase, the new open-source hardware is only using 10 percent capacity.
  • GitHub releases data on 2.8 million open source repositories through Google BigQuery
    GitHub today announced that it’s releasing activity data for 2.8 million open source code repositories and making it available for people to analyze with the Google BigQuery cloud-based data warehousing tool. The data set is free to explore. (With BigQuery you get to process up to one terabyte each month free of charge.) This new 3TB data set includes information on “more than 145 million unique commits, over 2 billion different file paths and the contents of the latest revision for 163 million files, all of which are searchable with regular expressions,” Arfon Smith, program manager for open source data at GitHub, wrote in a blog post.
  • How one company is using open source to double its customers’ mobile business
    Most retailers today stay a step or two behind when it comes to modern technology, especially on the mobile side. Sawyer Effect, LLC, a consultant for J.Crew Group, Inc., has been using Red Hat, Inc.’s open-source product Ansible, an IT automation engine, to get its customer’s mobile business up to speed and greatly improve its business.
  • Can Capital One change banking with open source, mobile apps, and NoSQL?
    Oron Gill Haus of Capital One came to MongoDB World to present on Hygieia, an open source DevOps dashboard built on MongoDB. Behind that dashboard lies an ambition to change the customer banking experience – no small feat. Prior to his keynote, Haus shared his team’s story with me.
  • How bank Capital One developed an open source DevOps visualisation tool based on MongoDB
    In order to keep up with customers' expectation of a proactive service available 24x7 on many devices, US bank Capital One moved to an agile DevOps structure and a year ago released its own DevOps dashboard. While visualisation tools were available for continuous integration, scanning and testing, Capital One's development team was unable to find one that provided a complete overview of the whole production process. The dashboard they developed, called Hygieia, was open sourced to encourage rapid development. It is currently in version 2.0. VP of engineering Gil Haus explained some of the thought processes that went into the creation of Hygieia.
  • What is DC/OS?
    What if we could take the total amount of power in any cloud computing datacentre and provide a means of defining that as one total abstracted compute resource? This notion has given brith to DC/OS, a technology base built on Apache Mesos to abstract a datacentre into a single computer, pooling distributed workloads and (allegedly) simplifying both rollout and operations.
  • What's holding your conference back
  • Airtel Leverages Cloudera Enterprise to Improve Customer Experience and Product Personalization
  • Airtel adopts Cloudera for business intelligence
  • Airtel moves customer data on an open source platform
  • ​RightScale can help you pick out the right public cloud
    For example, let's say you need a local cloud in Australia. With the tool, you'll see that Google can't help you while the others can. Or, for instance say you've tied your business to Oracle and you want Oracle Linux as your operating system. The program will quickly and easily tell you that AWS and Azure are the clouds for you.
  • The Apache Software Foundation Announces Apache® Bahir™ as a Top-Level Project
    Apache Bahir bolsters Big Data processing by serving as a home for existing connectors that initiated under Apache Spark, as well as provide additional extensions/plugins for other related distributed system, storage, and query execution systems.
  • Bahir is the Latest Big Data Project to Advance at Apache
    Recently, we've taken note of the many projects that the Apache Software Foundation has been elevating to Top-Level Status. The organization incubates more than 350 open source projects and initiatives, and has squarely turned its focus to Big Data and developer-focused tools in recent months. As Apache moves Big Data projects to Top-Level Status, they gain valuable community support and more.
  • MongoDB launches Atlas, its new database-as-a-service offering
    MongoDB, the company behind the eponymous open source database, is launching Atlas today, its third major revenue-generating service. Atlas is MongoDB’s database-as-a-service offering that provides users with a managed database service. The service will offer pay-as-you-go pricing and will initially allow users to deploy on Amazon Web Services (AWS), with support for Microsoft Azure and Google Cloud Platform coming later.