Language Selection

English French German Italian Portuguese Spanish

Security

Leftovers: Security

Filed under
Security

Security Leftovers

Filed under
Security
  • FBI detects breaches against two state voter systems

    The Federal Bureau of Investigation has found breaches in Illinois and Arizona's voter registration databases and is urging states to increase computer security ahead of the Nov. 8 presidential election, according to a U.S. official familiar with the probe.

    The official, speaking on condition of anonymity, said on Monday that investigators were also seeking evidence of whether other states may have been targeted.

    The FBI warning in an Aug. 18 flash alert from the agency's Cyber Division did not identify the intruders or the two states targeted.

    Reuters obtained a copy of the document after Yahoo News first reported the story Monday.

  • Russians Hacked Two U.S. Voter Databases, Say Officials [Ed: blaming without evidence again]

    Two other officials said that U.S. intelligence agencies have not yet concluded that the Russian government is trying to do that, but they are worried about it.

  • FBI Says Foreign Hackers Got Into Election Computers

    We've written probably hundreds of stories on just what a dumb idea electronic voting systems are, highlighting how poorly implemented they are, and how easily hacked. And, yet, despite lots of security experts sounding the alarm over and over again, you still get election officials ridiculously declaring that their own systems are somehow hack proof.

    And now, along comes the FBI to alert people that it's discovered at least two state election computer systems have been hacked already, and both by foreign entities.

  • Researchers Reveal SDN Security Vulnerability, Propose Solution

    Three Italian researchers have published a paper highlighting a security vulnerability in software-defined networking (SDN) that isn't intrinsic to legacy networks. It's not a showstopper, though, and they propose a solution to protect against it.

    "It" is a new attack they call Know Your Enemy (KYE), through which the bad guys could potentially collect information about a network, such as security tool configuration data that could, for example, reveal attack detection thresholds for network security scanning tools. Or the collected information could be more general in nature, such as quality-of-service or network virtualization policies.

  • NV Gains Momentum for a Secure DMZ

    When it comes to making the shift to network virtualization (NV) and software-defined networking (SDN), one of the approaches gaining momentum is using virtualization technology to build a secure demilitarized zone (DMZ) in the data center.

    Historically, there have been two major drawbacks to deploying firewalls as a secure mechanism inside a data center. The first is the impact a physical hardware appliance has on application performance once another network hop gets introduced. The second is the complexity associated with managing the firewall rules.

    NV technologies make it possible to employ virtual firewalls that can be attached to specific applications and segregate them based on risk. This is the concept of building a secure DMZ in the data center. The end result is that the virtual firewall is not only capable of examining every packet associated with a specific application, but keeping track of what specific firewall rules are associated with a particular application becomes much simpler.

Parsix GNU/Linux 8.10 "Erik" Users Receive the Latest Debian Security Updates

Filed under
GNU
Linux
Security

Today, August 29, 2016, the maintainers of the Parsix GNU/Linux distribution announced the availability of multiple security updates, along with a new kernel version for the Parsix GNU/Linux 8.10 "Erik" release.

Read more

Ubuntu 14.04 LTS and 12.04 LTS Users Get New Kernel Updates with Security Fixes

Filed under
Security
Ubuntu

Immediately after informing us about the availability of a new kernel update for the Ubuntu 16.04 LTS (Xenial Xerus) operating system, Canonical published more security advisories about updated kernel versions for Ubuntu 14.04 LTS and Ubuntu 12.04 LTS.

Read more

5 Best Linux Distros for Security

Filed under
Linux
Security

Security is nothing new to Linux distributions. Linux distros have always emphasized security and related matters like firewalls, penetration testing, anonymity, and privacy. So it is hardly surprising that security conscious distributions are common place. For instance, Distrowatch lists sixteen distros that specialize in firewalls, and four for privacy.

Most of these specialty security distributions, however, share the same drawback: they are tools for experts, not average users. Only recently have security distributions tried to make security features generally accessible for desktop users.

Read more

Security News

Filed under
Security
  • New FairWare Ransomware targeting Linux Computers [Ed: probably just a side effect of keeping servers unpatched]

    A new attack called FaireWare Ransomware is targeting Linux users where the attackers hack a Linux server, delete the web folder, and then demand a ransom payment of two bitcoins to get their files back. In this attack, the attackers most likely do not encrypt the files, and if they do retain the files, probably just upload it to a server under their control.

  • How do we explain email to an "expert"?

    This has been a pretty wild week, more wild than usual I think we can all agree. The topic I found the most interesting wasn't about one of the countless 0day flaws, it was a story from Slate titled: In Praise of the Private Email Server

    The TL;DR says running your own email server is a great idea. Almost everyone came out proclaiming it a terrible idea. I agree it's a terrible idea, but this also got me thinking. How do you explain this to someone who doesn't really understand what's going on?

    There are three primary groups of people.

    1) People who know they know nothing
    2) People who think they're experts
    3) People who are actually experts

  • Why the term “zero day” needs to be in your brand’s cybersecurity vocabulary

    Linux is “open source” which means anyone can look at the code and point out flaws. In that sense, I’d say Linus Torvalds doesn’t have to be as omniscient as Tim Cook. Linux source code isn’t hidden behind closed doors. My understanding is, all the Linux code is out there for anyone to see, naked for anyone to scrutinize, which is why certain countries feel safer using it–there’s no hidden agenda or secret “back door” lurking in the shadows. Does that mean Android phones are safer? That’s up for debate.

Security News

Filed under
Security

  • Hacking the American College Application Process

    In recent years, foreign students have streamed into American universities, their numbers nearly doubling in the last decade. About half of all international students are coming from Asian countries, many of which have been subject to heavy recruitment from American colleges.

    Taking advantage of the popularity of an American education, a new industry has sprung up in East Asia, focused on guiding students through the U.S. college application process with SAT preparation courses, English tutors and college essay advisors.

    But not all college prep companies are playing by the rules. In their investigative series for Reuters, a team of reporters found that foreign companies are increasingly helping students game the U.S. college application process. Some companies have leaked questions from college entrance exams to their students before they take the test. Others have gone so far as to ghostwrite entire college applications and complete coursework for students when they arrive on campus. We spoke with Steve Stecklow, one of the reporters on the team, about what they uncovered.

  • illusive networks' Deceptions Everywhere

    illusive networks' bread and butter is its deception cybersecurity technology called Deceptions Everywhere whose approach is to neutralize targeted attacks and Advanced Persistent Threats by creating a deceptive layer across the entire network. By providing an endless source of false information, illusive networks disrupts and detects attacks with real-time forensics and without disruption to business.

  • Mozila Offers Free Security Scanning Service: Observatory

    With an eye toward helpiing administrators protect their websites and user communities, Mozilla has developed an online scanner that can check if web servers have optimal security settings in place.

    It's called Observatory and was initially built for in-house use, but it may very well be a difference maker for you.

    "Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely," the company reports.

Opera Data Breach, Security of Personal Data

Filed under
Security
  • Opera User? Your Stored Passwords May Have Been Stolen

    Barely a week passes without another well-known web company suffering a data breach or hack of some kind. This week it is Opera’s turn. Opera Software, the company behind the web-browser and recently sold to a Chinese consortium for $600 million, reported a ‘server breach incident’ on its blog this weekend.

  • When it comes to protecting personal data, security gurus make their own rules

    Marcin Kleczynski, CEO of a company devoted to protecting people from hackers, has safeguarded his Twitter account with a 14-character password and by turning on two-factor authentication, an extra precaution in case that password is cracked.

    But Cooper Quintin, a security researcher and chief technologist at the Electronic Frontier Foundation, doesn’t bother running an anti-virus program on his computer.

    And Bruce Schneier? The prominent cryptography expert and chief technology officer of IBM-owned security company Resilient Systems, won’t even risk talking about what he does to secure his devices and data.

Security News

Filed under
Security
  • OpenSSL 1.1.0 Series Release Notes
  • Linux.PNScan Malware Brute-Forces Linux-Based Routers
  • St. Jude stock shorted on heart device hacking fears; shares drop

    The stock of pacemaker manufacturer St. Jude Medical Inc (STJ.N) fell sharply on Thursday after short-selling firm Muddy Waters said it had placed a bet that the shares would fall, claiming its implanted heart devices were vulnerable to cyber attacks.

    St. Jude, which agreed in April to sell itself for $25 billion to Abbott Laboratories (ABT.N), said the allegations were false. St Jude shares closed down 4.96 percent, the biggest one-day fall in 7 months and at a 7.4 percent discount to Abbott's takeover offer.

    Muddy Waters head Carson Block said the firm's position was motivated by research from a cyber security firm, MedSec Holdings Inc, which has a financial arrangement with Muddy Waters. MedSec asserted that St. Jude's heart devices were vulnerable to cyber attack and were a risk to patients.

  • BlackArch Linux ISO now comes with over 1,500 hacking tools

    On a move to counter distros like Kali Linux and BackBox, BlackArch has got a new ISO image that includes more than 1,500 hacking tools. The update also brings several security and software tweaks to deliver an enhanced platform for various penetration testing and security assessment activities.

    The new BlackArch Linux ISO includes an all new Linux installer and more than 100 new penetration testing and hacking tools. There is also Linux 4.7.1 to fix the bugs and compatibility issues of the previous kernel. Additionally, the BlackArch team has updated all its in-house tools and system packages as well as updated menu entries for the Openbox, Fluxbox and Awesome windows managers.

Security News

Filed under
Security
  • OpenSSL 1.1.0 released
  • Security advisories for Friday
  • Openwall 3.1-20160824 is out

    New Openwall GNU/*/Linux ISO images and OpenVZ container templates are out.

  • Scorpene Leak Could Be Part Of 'Economic War,' Says French Maker: 10 Facts

    The leak, was first reported in The Australian newspaper. Ship maker DCNS has a nearly 38 billion dollar contract with Australia, but the leak has no mention of the 12 vessels being designed for Australia.

  • Homeland Security has 'open investigation' into Leslie Jones hacking

    The Department of Homeland Security is investigating the cyberattack against Ghostbusters actor Leslie Jones one day after her personal information and explicit images were leaked online.

    In a short statement on Thursday, a spokesperson for the US Immigration and Customs Enforcement agency said that the Homeland Security investigations unit in New York “has an open investigation into this matter”.

    “As a matter of agency policy and in order to protect the integrity of an ongoing investigation, we will not disclose any details,” the statement said.

    “As a matter of agency policy, we are unable to disclose any information related to an active investigation,” a spokeswoman said.

Syndicate content

More in Tux Machines

Microsoft Still at It

5 open source RSS feed readers

When Google Reader was discontinued four years ago, many "technology experts" called it the end of RSS feeds. And it's true that for some people, social media and other aggregation tools are filling a need that feed readers for RSS, Atom, and other syndication formats once served. But old technologies never really die just because new technologies come along, particularly if the new technology does not perfectly replicate all of the use cases of the old one. The target audience for a technology might change a bit, and the tools people use to consume the technology might change, too. Read more

Leftovers: Software and OSS

  • 10 Portable Apps Every Linux User Should Use
    Portable apps are great invention that not many people talk about. The ability to take any program to any PC, and continue using it is very handy. This is especially true for those that need to get work done, and don’t have anything with you but a flash drive. In this article, we’ll go over some of the best portable Linux apps to take with you. From secure internet browsing, to eBooks, graphic editing and even voice chat! Note: a lot of the portable apps in this article are traditional apps made portable thanks to AppImage technology. AppImage makes it possible to run an app instantly, from anywhere without the need to install. Learn more here.
  • Linux Watch Command, To Monitor a Command Activity
    Recently i came to know about watch command, from one of my friend when i have a different requirement. I got good benefit from watch command and i want to share with you people to get more benefit on it, when you have a problem on Linux system.
  • Gammu 1.38.2
    Yesterday Gammu 1.38.2 has been released. This is bugfix release fixing for example USSD or MMS decoding in some situations. The Windows binaries are available as well. These are built using AppVeyor and will help bring Windows users back to latest versions.
  • How a lifecycle management tool uses metrics
    Greg Sutcliffe is a long-time member and now community lead of the Foreman community. Foreman is a lifecycle management tool for physical and virtual servers. He's been studying how the real-world application of community metrics gives insight into its effectiveness and discovering the gap that exists between the ideal and the practical. He shares what insights he's found behind the numbers and how he is using them to help the community grow. In this interview, Sutcliffe spoke with me about the metrics they are using, how they relate to the community's goals, and which ones work best for them. He also talks about his favorite tooling and advice for other community managers looking to up their metrics game.
  • Build a private blockchain ecosystem in minutes with this open source project Join our daily free Newsletter
  • Becoming an Agile Leader, Part 5: Learning to Learn
    As an Agile leader, you learn in at least two ways: observing and measuring what happens in the organization (I have any number of posts about qualitative and quantitative measurement); and just as importantly, you learn by thinking, discussing with others, and working with others. The people in the organization learn in these ways, too.
  • Is Scratch today like the Logo of the '80s for teaching kids to code?
    Leave it to technology to take an everyday word (especially in the English language) and give it a whole new meaning. Words such as the web, viral, text, cloud, apple, java, spam, server, and tablets come to mind as great examples of how the general public's understanding of the meaning of a word can change in a relatively short amount of time. Hence, this article is about a turtle and a cat who have changed the lives of many people over the years, including mine.

Linux and FOSS Events

  • Keynote: State of the Union - Jim Zemlin, Executive Director, The Linux Foundation
    As the open source community continues to grow, Jim Zemlin, Executive Director of The Linux Foundation, says the Foundation’s goal remains the same: to create a sustainable ecosystem for open source technology through good governance and innovation.
  • Open Source for Science + Innovation
    We are bringing together open source and open science specialists to talk about the “how and why” of open source and open science. Members of these communities will give brief talks which are followed by open and lively discussions open to the audience. Talks will highlight the role of openness in stimulating innovation but may also touch upon how openness appears to some to conflict with intellectual property interests.
  • Announcing the Equal Rating Innovation Challenge Winners
    Six months ago, we created the Equal Rating Innovation Challenge to add an additional dimension to the important work Mozilla has been leading around the concept of “Equal Rating.” In addition to policy and research, we wanted to push the boundaries and find news ways to provide affordable access to the Internet while preserving net neutrality. An open call for new ideas was the ideal vehicle.