Language Selection

English French German Italian Portuguese Spanish

Security

Ubuntu Phone Users Will Receive an OTA-6 Hotfix to Patch a Security Vulnerability

Filed under
Security
Ubuntu

We're reported earlier today, October 15, that a member of the Ubuntu App Developer Google+ community has discovered a malicious app on the Ubuntu Touch Store that could give root access to an intruder.

Read more

Security Leftovers

Filed under
Security
  • Security advisories for Wednesday
  • HP perfomance monitor can climb through Windows

    Crimp nasty privilege escalation bug by running it in Linux instead says Rapid7

  • Why Cybersecurity Experts Want Open Source Routers

    A coalition of 260 cybersecurity experts is taking advantage of a Federal Communications Commission (FCC) public comment period to push for open source Wi-Fi router firmware.

  • Have your say on the FCC's plan to lock down WiFi routers

    You may know that you can replace your WiFi router's software with an open source version like DD-WRT or Tomato to make it more secure or powerful. However, the US wireless regulator (FCC) only seems to have figured that out recently, and is not happy with your ability to boost the signal power excessively on such devices. As such, it proposed changes to regulations, with one document suggesting it may ban or restrict third-party software altogether. That caught the eye of the Electronic Frontier Foundation (EFF), which created an online petition asking the FCC to make changes.

    The EFF petition says that "router manufacturers are notoriously slow about updating their software -- even with critical security fixes on the way. Under the FCC's proposal, you could have no alternative to running out-of-date and vulnerable firmware." It's referring, in part, to an FCC demand that manufacturer's "describe in detail how the device is protected from 'flashing' and the installation of third-party firmware such as DD-WRT."

  • Vint Cerf, hundreds of researchers, call on FCC to mandate open-source router firmware

    The FCC is currently inviting open comments on its plan to require router manufacturers to lock down device firmware as a means of ensuring that consumer devices can’t operate in certain frequency bands or at power levels that violate FCC guidelines. While these requirements are made to guarantee that limited spectrum is allocated fairly and in a manner that minimizes interference, many have raised concerns that locking down devices in this way will prevent open source firmware projects from continuing as well as hampering critical security research.

    Now, a group of more than 250 researchers and developers, including the Internet’s grandpa, Vint Cerf, have sent the FCC a letter proposing an altogether different set of rules that would actually mandate open-source firmware while simultaneously protecting the FCCs original goals. There are multiple reasons, the letter argues, why open-source firmware updates are a necessary part of securing the Internet against attack.

  • Hackers Can Silently Control Siri From 16 Feet Away

    Siri may be your personal assistant. But your voice is not the only one she listens to. As a group of French researchers have discovered, Siri also helpfully obeys the orders of any hacker who talks to her—even, in some cases, one who’s silently transmitting those commands via radio from as far as 16 feet away.

  • Is Apple's security honeymoon on OS X ending?

    Apple scored unforgettable hits against Microsoft with its Mac vs. PC ads, which anthropomorphized Windows as a sneezing, miserable office worker.

    Security experts always knew that the campaign was a clever bit of marketing fluff, one that allowed Apple to capitalize on Microsoft's painful, years-long security revamp.

Security Leftovers

Filed under
Security

KDE Applications 15.08.2 Officially Released with Over 30 Fixes

Filed under
KDE
Security

The KDE Community has just announced that KDE Applications 15.08.2 has been released and is now available for download and testing.

Read more

GTK+ 3.18 Gets a Second Bugfix Release, Prepares for GNOME 3.18.1

Filed under
GNOME
Security

The GNOME developers are working hard these days to push the first point release of the GNOME 3.18 desktop environment to users of Linux kernel-based operating systems.

Read more

Security Leftovers

Filed under
Security

NSA's XKEYSCORE Surveillance Is Running on Hundreds of Red Hat Linux Servers

Filed under
Red Hat
Security

Details about the NSA surveillance program unveiled by Edward Snowden are still coming to light, two years after the initial revelations were made. From the looks of it, at least one of the components of the NSA surveillance is being run from Red Hat Linux servers.

Read more

Claws Mail 3.13 Open-Source Email Client Has Great New Features, Bugfixes

Filed under
OSS
Security

A new version of the GTK+ based, open-source, user-friendly, free, fast and lightweight Claws Mail email client for GNU/Linux and Windows operating systems is now available for download, as announced by its developers on October 11, 2015.

Read more

Security Leftovers

Filed under
Security
  • Tor browser co-creator: Experian breach shows encryption may not be security panacea

    The Experian/T-Mobile hack may be more worrisome than Experian’s carefully worded description of it suggests, some security experts said Friday.

    One is the co-creator of the Tor secure browser, David Goldschlag, (now SVP of strategy at Pulse Secure). Goldschlag previously was head of mobile at McAfee, and also once worked at the NSA.

    I asked Goldschlag a simple question: “After the Office of Personnel Management and Experian hacks, is there reason to fear that hackers now have the means to steal actual financial information (credit card numbers, etc.) from banks or insurers?”

  • AV-TEST tests Linux security solutions against Linux and Windows threats

    To do so, it is often sufficient to copy files from a Linux environment to Windows.” it further adds. The most obvious mode of attack involves luring victims to install software or updates via third-party package sources. The team conducted test by running 16 different Anti-virus solutions and splitting test session into three distinct phases,

    The detection of Windows malware
    The detection of Linux malware and
    The test for false positives.

    Out of 16 antivirus solutions 8 detected between 95-99% of the 12,000 Windows threat used in the test: The Anti-virus solutions that helped in detection include Bitdefender, ESET, Avast, F-Secure, eScan, G Data, Sophos and Kaspersky Lab (server version).

  • Outlook.com had classic security blunder in authentication engine

    The cross-site request forgery vulnerability means that any user visiting a malicious page can have their accounts hijacked without further interaction.

    The since-patched hole existed in Microsoft Live.com and could have been spun into a dangerous worm, Wineberg says.

  • Meet the White Team, Makers of the Linux.Wifatch Viligante Malware

    However, Softpedia News noted that the Linux.Wifatch source code has not been released in its entirety. That’s likely because the White Team is worried that traditional cybercriminals would exploit the malware for more nefarious purposes. It also explains why it was a clandestine operation in which router owners weren’t aware their systems had been infected, even if it was only to defend them against black-hat attackers.

    Whether or not anyone appreciates the White Team’s form of vigilante security tactics, they may believe the work should serve as a warning to those who don’t follow basic data protection procedures, Hacked said. For example, there are still untold numbers of home routers that use default passwords and leave admin access wide open to malware and other threats.

  • Practical SHA-1 Collision Months, Not Years, Away
  • Search engine can find the VPN that NUCLEAR PLANT boss DIDN'T KNOW was there - report

    The nuclear industry is ignorant of its cybersecurity shortcomings, claimed a report released today, and despite understanding the consequences of an interruption to power generation and the related issues, cyber efforts to prevent such incidents are lacking.

    The report adds that search engines can "readily identify critical infrastructure components with" VPNs, some of which are power plants. It also adds that facility operators are "sometimes unaware of" them.

    Nuclear plants don't understand their cyber vulnerability, stated the Chatham House report, which found industrial, cultural and technical challenges affecting facilities worldwide. It specifically pointed to a "lack of executive-level awareness".

FreeNAS 10 Enters Alpha, Brings Lots of New Technologies, Based on FreeBSD 10.2

Filed under
Security
BSD

FreeNAS' Jordan Hubbard was proud to announce the other day, October 8, the release and immediate availability for download of the first Alpha build of the upcoming FreeNAS open source Network Attached Storage (NAS) solution.

Read more

Syndicate content

More in Tux Machines

Review: Linux Mint 18 (Sarah)

If you were looking to jump the Ubuntu ship completely, then we recommend taking a look at our recent Review of Fedora 24. It’s equally as good as Mint 18 and equally worthy of your consideration. Between Linux Mint 18 and Fedora 24, we reckon it’s exciting times in the Linux world. With the exception and onset of the boring world of vanilla Ubuntu releases, Linux feels reinvigorated and fresh once again. Jump on board, because it can only get better from here. Read more

Security Leftovers

GNU News

Leftovers: OSS

  • Mozilla Firefox 47.0.1 Is Now Available in the Arch Linux and Solus Repos
    Mozilla quietly delivered the first point release of the Mozilla Firefox 47.0 web browser to users of Microsoft Windows and Mac OS X operating systems on the day of June 28, 2016. However, because the built-in updater of the Mozilla Firefox web browser doesn't work on GNU/Linux distributions, users have to wait for the latest version of the software to be first pushed by the maintainers of their operating systems on the main repositories before they can upgrade.
  • Questions loom about the future of open source at VA
    The CIO for the Department of Veterans' Affairs sought to reassure stakeholders that the agency was committed to open source in the future, but with Congress pressuring the agency to give up the homegrown health record system VistA, the open source community is a bit perplexed.
  • Watch out for job offers from Google after this open source course
    Over five lakh polytechnic students from 500 colleges across Tamil Nadu would begin training on open source software from Friday, learning more about the nitty-gritties of ‘free’ software under a programme run by the Indian Institute of Technology – Bombay along with the Tamil Nadu government.
  • Bombay Stock Exchange: Open source is a mindset
    Open source is still gaining momentum in the industry worldwide. Despite naysayers, open-source software and hardware are making believers out of a broad array of users. In the case of Bombay Stock Exchange, LTD (BSE), the transition has been cost efficient, as well as has improved order processing power. By switching from proprietary hardware to open source, Kersi Tavadia, CIO of BSE, reported going from being able to process 10 million orders a day to 400 million. Even with the increase, the new open-source hardware is only using 10 percent capacity.
  • GitHub releases data on 2.8 million open source repositories through Google BigQuery
    GitHub today announced that it’s releasing activity data for 2.8 million open source code repositories and making it available for people to analyze with the Google BigQuery cloud-based data warehousing tool. The data set is free to explore. (With BigQuery you get to process up to one terabyte each month free of charge.) This new 3TB data set includes information on “more than 145 million unique commits, over 2 billion different file paths and the contents of the latest revision for 163 million files, all of which are searchable with regular expressions,” Arfon Smith, program manager for open source data at GitHub, wrote in a blog post.
  • How one company is using open source to double its customers’ mobile business
    Most retailers today stay a step or two behind when it comes to modern technology, especially on the mobile side. Sawyer Effect, LLC, a consultant for J.Crew Group, Inc., has been using Red Hat, Inc.’s open-source product Ansible, an IT automation engine, to get its customer’s mobile business up to speed and greatly improve its business.
  • Can Capital One change banking with open source, mobile apps, and NoSQL?
    Oron Gill Haus of Capital One came to MongoDB World to present on Hygieia, an open source DevOps dashboard built on MongoDB. Behind that dashboard lies an ambition to change the customer banking experience – no small feat. Prior to his keynote, Haus shared his team’s story with me.
  • How bank Capital One developed an open source DevOps visualisation tool based on MongoDB
    In order to keep up with customers' expectation of a proactive service available 24x7 on many devices, US bank Capital One moved to an agile DevOps structure and a year ago released its own DevOps dashboard. While visualisation tools were available for continuous integration, scanning and testing, Capital One's development team was unable to find one that provided a complete overview of the whole production process. The dashboard they developed, called Hygieia, was open sourced to encourage rapid development. It is currently in version 2.0. VP of engineering Gil Haus explained some of the thought processes that went into the creation of Hygieia.
  • What is DC/OS?
    What if we could take the total amount of power in any cloud computing datacentre and provide a means of defining that as one total abstracted compute resource? This notion has given brith to DC/OS, a technology base built on Apache Mesos to abstract a datacentre into a single computer, pooling distributed workloads and (allegedly) simplifying both rollout and operations.
  • What's holding your conference back
  • Airtel Leverages Cloudera Enterprise to Improve Customer Experience and Product Personalization
  • Airtel adopts Cloudera for business intelligence
  • Airtel moves customer data on an open source platform
  • ​RightScale can help you pick out the right public cloud
    For example, let's say you need a local cloud in Australia. With the tool, you'll see that Google can't help you while the others can. Or, for instance say you've tied your business to Oracle and you want Oracle Linux as your operating system. The program will quickly and easily tell you that AWS and Azure are the clouds for you.
  • The Apache Software Foundation Announces Apache® Bahir™ as a Top-Level Project
    Apache Bahir bolsters Big Data processing by serving as a home for existing connectors that initiated under Apache Spark, as well as provide additional extensions/plugins for other related distributed system, storage, and query execution systems.
  • Bahir is the Latest Big Data Project to Advance at Apache
    Recently, we've taken note of the many projects that the Apache Software Foundation has been elevating to Top-Level Status. The organization incubates more than 350 open source projects and initiatives, and has squarely turned its focus to Big Data and developer-focused tools in recent months. As Apache moves Big Data projects to Top-Level Status, they gain valuable community support and more.
  • MongoDB launches Atlas, its new database-as-a-service offering
    MongoDB, the company behind the eponymous open source database, is launching Atlas today, its third major revenue-generating service. Atlas is MongoDB’s database-as-a-service offering that provides users with a managed database service. The service will offer pay-as-you-go pricing and will initially allow users to deploy on Amazon Web Services (AWS), with support for Microsoft Azure and Google Cloud Platform coming later.