Language Selection

English French German Italian Portuguese Spanish


Chromebook/Google/Gentoo Security

Filed under
  • Google has doubled its bounty for a Chromebook hack to $100,000

    Google doubled the bounty it will pay for a successful exploit of its Chromebook laptop to $100,000, sweetening the pot in hopes of drawing more attention from security researchers.

    The larger reward is intended for someone who finds a persistent compromise of a Chromebook in guest mode, according to Google's security blog on Monday.

  • Google's Bug Bounty for a Chromebook Hack Rises to $100,000

    We've reported a few times on bug bounties--cash prizes offered by open source communities to anyone who finds key software bugs--ranging from bounties offered by Google (for the Chrome browser) and Mozilla. This open method of discovering security vulnerabilities has been embraced at Google, especially. In fact, Google has offered up as much as $1 million to people who identify key vulnerabilities in the Chrome browser.

Security Leftovers

Filed under

Security Leftovers

Filed under
  • Monday's security advisories
  • Building a Jenkins Security Realm

    Last week I spent a good while on writing a new security realm for KDE's Jenkins setups. The result of my tireless java brewing is that the Jenkins installation of KDE neon now uses KDE's Phabricator setup to authenticate users and manage permissions via OAuth.

  • The Great Linux Mint Heist: the Aftermath

    In a shocking move, cyber criminals recently hacked the Linux Mint Web server and used it to launch an attack against the popular distro's user base.

  • These Are the Best System Rescue Tools After a Malware Attack

    System rescue tools provided by antivirus makers are often used to clean infected systems after the main antivirus software detects infections.

    Most antivirus makers bundle this functionality in their main products, but a few offer more specialized tools that also repair damaged files, attempting to restore the system to its earlier working point as much as possible.

    Only five of such tools are currently available on the market as free tools. They are AVG Rescue CD, Avira EU-Clean, Bitdefender Rescue CD, ESET SysRescue, and Kaspersky Virus Removal Tool.

  • Documents with malicious macros deliver fileless malware to financial-transaction systems

    Spammed Word documents with malicious macros have become a popular method of infecting computers over the past few months. Attackers are now taking it one step further by using such documents to deliver fileless malware that gets loaded directly in the computer's memory.

    Security researchers from Palo Alto Networks analyzed a recent attack campaign that pushed spam emails with malicious Word documents to business email addresses from the U.S., Canada and Europe.

Canonical Releases Major Kernel Update for Ubuntu 14.04 LTS, Patches 13 Issues

Filed under

We reported on March 14 that Canonical published two new Ubuntu Security Notices with detailed information on multiple Linux kernel vulnerabilities patched for Ubuntu 12.04 LTS (Precise Pangolin) and Ubuntu 15.10 (Wily Werewolf) operating systems.

Read more

Canonical Patches Seven Linux Kernel Vulnerabilities in Ubuntu 15.10, Update Now

Filed under

We reported earlier that Canonical released a minor kernel update for its Ubuntu 12.04 LTS (Precise Pangolin) operating system, and now the company announces a new kernel update for Ubuntu 15.10 (Wily Werewolf).

Read more

Security Leftovers

Filed under
  • Hackers turn to angr for automated exploit discovery and patching

    A team of researchers are battling to trouser the US Defense Advanced Research Projects Agency's US$2m prize to build a system that aims to best human offensive and defensive security personnel at exploitation discovery and patching.

    The Shellphish team, with hackers in the US, France, China, Brazil, and Senegal, is big in the capture-the-flag circuit and won the DEF CON competition in 2006.

    And so it jumped when DARPA in 2014 pinned the word "cyber" to the title of its then decade-old Grand Challenge competition and the quest to automate vulnerability discovery and remediation.

  • How to foil a bank heist

    Essentially, Windows security updates ensure that some zero-day vulnerabilities are fixed as the Microsoft programming team become aware of them and are able to fix them. As a result of Microsoft security updates for Windows XP being discontinued, there is no way for anyone running Windows XP to secure their computer.1

  • Containers are like sandwiches

    There are loads of containers available out there you can download that aren't trusted sources. Don't download random containers from random places. It's no different than trying to buy a sandwich from a filthy shop that has to shoo the rats out of the kitchen with a broom.

  • Do you trust this package?

    But what guarantee is there that no MITM attacker compromised the tarballs when they were downloaded from upstream by a distro package maintainer? If you think distro package maintainers bother with silly things like GPG signature checking when downloading tarballs, then I regret to inform you that Santa is not real, and your old pet is not on vacation, it is dead.

  • Your next car will be hacked. Will autonomous vehicles be worth it?

    Self-driving cars could cut road deaths by 80%, but without better security they put us at risk of car hacking and even ransom demands, experts at SXSW say

  • Microsoft: We Store Disk Encryption Keys, But We’ve Never Given Them to Cops [Ed: just to spies. The following page includes several clear examples where Microsoft is caught giving crypto keys to spies. Microsoft is answering/addressing concerns not as they were raised. This is a non-denying denial.]

    Microsoft says it has never helped police investigators unlock its customers’ encrypted computers—despite the fact that the company often holds they key to get their data.

    If you store important stuff on your computer, it’s great to have the option to lock it up and encrypt your data so that no one can access it if you ever lose your laptop or it gets stolen. But what happens if, one day, you forget your own password to decrypt it? To give customers a way to get their data back in this situation, Microsoft has been automatically uploading a recovery key in the cloud for Windows computers since 2013.

Latest Manjaro Linux 15.12 Update Pack Includes an Important OpenSSL Bugfix

Filed under

The Manjaro development team announced the general availability of the twelfth update pack for the stable and current release of the Arch Linux-based operating system.

Read more

Security Leftovers

Filed under
  • 600,000 TFTP Servers Can Be Abused for Reflection DDoS Attacks

    A new study has revealed that improperly configured TFTP servers can be easily abused to carry out reflection DDoS attacks that can sometimes have an amplification factor of 60, one of the highest such values.

  • Do you trust this application?

    Much of the software you use is riddled with security vulnerabilities. Anyone who reads Matthew Garrett knows that most proprietary software is a lost cause. Some Linux advocates claim that free software is more secure than proprietary software, but it’s an open secret that tons of popular desktop Linux applications have many known, unfixed vulnerabilities. I rarely see anybody discuss this, as if it’s taboo, but it’s been obvious to me for a long time.

  • Do you trust this website?

Security Leftovers

Filed under

Android Security Update March 2016: What you need to know

Filed under

As of this writing, the security update hasn't rolled out to all devices. My Verizon-branded Nexus 6 has yet to see the update hit.

To check to see if your device has updated to the latest security patch, go to Settings | About Phone and scroll down to Android Security Patch Level. If you see March 1, 2016, your device is current. If your device reads February 1, 2016 (Figure A), check back regularly to ensure the update does eventually reach your device. You might also go to Settings | About Phone | System Updates and tap CHECK FOR UPDATE.

Read more

Syndicate content

More in Tux Machines

Leftovers: Software

  • Easy, Automated Benchmarking On Linux With PTS
    It's easy to run benchmarks on Linux as well as Solaris, BSD, and other operating systems, using our own Phoronix Test Suite open-source benchmarking software. For those that haven't had the opportunity to play with the Phoronix Test Suite for Linux benchmarking, it's really easy to get started. Aside from the official documentation, which is admittedly limited due to time/resource constraints, there are a few independent guides, Wiki pages, and other resources out there to get started.
  • LibreOffice 5.3 Alpha Tagged, New Features Inbound
    The first alpha release of the upcoming LibreOffice 5.3 open-source office suite was tagged a short time ago in Git. LibreOffice 5.3 is a major update to this distant fork of LibreOffice 5.3.0 is planned to be officially released in late January or early February while this week's alpha one is just the first step of the process. The hard feature freeze on 5.3 is at the end of November followed by a series of betas and release candidates. Those interested in more details on the release schedule can see this Wiki page.
  • MPV 0.21 Player Adds CUDA, Better Raspberry Pi Support
    MPV Player 0.21 is now available as the latest version of this popular fork of MPlayer/MPlayer2. MPV 0.21 adds support for CUDA and NVDEC (NVIDIA Decode) as an alternative to VDPAU. The NVIDIA decode support using CUDA was added to make up for VDPAU's current lack of HEVC Main 10 profile support. Those unfamiliar with NVDEC can see NVIDIA's documentation.
  • MPV 0.21.0 Media Player Adds Nvidia CUDA Support, Raspberry Pi Hardware Decoding
    Today, October 20, 2016, MPV developer Martin Herkt proudly announced the release of another maintenance update of the very popular MPV open-source and cross-platform media player software based on MPlayer. Looking at the release notes, which we've also attached at the end of the story for your reading pleasure, MPV 0.21.0 is a major update that adds a large amount of new features, options and commands, but also addresses dozens of bugs reported by users since the MPV 0.20.0 release, and introduces other minor enhancements. Among the most important new features, we can mention the ability to allow profile forward-references in the default profile, as well as support for Nvidia CUDA and cuvid/NvDecode, which appears to be a welcome addition to GNU/Linux distributions where HEVC Main 10 support is missing.
  • anytime 0.0.4: New features and fixes
    A brand-new release of anytime is now on CRAN following the three earlier releases since mid-September. anytime aims to convert anything in integer, numeric, character, factor, ordered, ... format to POSIXct (or Date) objects -- and does so without requiring a format string. See the anytime page for a few examples.

KDE Leftovers

  • Choose Your Own Experience in Plasma 5.8 and beyond
    One of the key points of Plasma is while giving a simple default desktop experience, not limiting the user to that single, pre-packed one size fits all UI.
  • KDevelop 5.0.2 released for Windows and Linux
    Four weeks after the release of KDevelop 5.0.1, we are happy to announce the availability of KDevelop 5.0.2, a second stabilization release in the 5.0 series. We highly recommend to update to version 5.0.2 if you are currently using version 5.0.1 or 5.0.0.
  • Wayland improvements since Plasma 5.8 release
    Two weeks have passed since the Plasma 5.8 release and our Wayland efforts have seen quite some improvements. Some changes went into Plasma 5.8 as bug fixes, some changes are only available in master for the next release. With this blog post I want to highlight what we have improved since Plasma 5.8.
  • Wayland For KDE Plasma 5.9 Should Shape Up Quite Nicely
    Plasma 5.8 was only released at the beginning of October but already there has been a number of Wayland improvements queuing up for the next milestone, Plasma 5.9. KWin maintainer Martin Gräßlin wrote a blog post yesterday about some of the early Wayland changes coming for Plasma 5.9. Some of this early work for the next KDE Plasma 5 release includes resize-only borders, global shortcut handling, support for keyboard LEDs via libinput, relative pointer support, the color scheme syncing to the window decoration, window icon improvements, multi-screen improvements, panel imporvements, and more.
  • Autumn Sale in the Krita Shop
  • .

Linux/FOSS Events

  • FOSDEM Desktops DevRoom 2016 all for Participation
    FOSDEM is one of the largest (5,000+ hackers!) gatherings of Free Software contributors in the world and happens each February in Brussels (Belgium, Europe). Once again, one of the tracks will be the Desktops DevRoom (formerly known as “CrossDesktop DevRoom”), which will host Desktop-related talks. We are now inviting proposals for talks about Free/Libre/Open-source Software on the topics of Desktop development, Desktop applications and interoperability amongst Desktop Environments. This is a unique opportunity to show novel ideas and developments to a wide technical audience.
  • LatinoWare
    Yesterday, Wednesday 19 oct, was the first day of LatinoWare thirteen edition hosted in the city of Foz do Iguaçu in Parana state with presence of 5155 participants and temperature of 36ºC. Currently this is the biggest event of free software in Brazil.
  • Attending a FUDcon LATAM 2016
    From my experience I will share my days at FUDcon 2016 held on Puno last week. There were 3 core days, and 2 more days to visit around.

Linux Graphics