Language Selection

English French German Italian Portuguese Spanish

Security

Tails Call for testing: 2.0~rc1

Filed under
GNU
Linux
Security
Debian

You can help Tails! The first release candidate for the upcoming version 2.0 is out. We are very excited and cannot wait to hear what you think about it Smile

Read more

Security Leftovers

Filed under
Security

Drupal Hardens Its Security in Response to Criticism

Filed under
OSS
Drupal
Security

The open-source Drupal content-management system (CMS) is talking steps to help protect against multiple potential risks that have been publicly revealed. On Jan. 6, security research vendor IOactive first disclosed the issues, which are focused on the Drupal update process. The Drupal project's security team is aware of the concerns and is fixing all the issues, though it is also downplaying the overall risk.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • Gmail and a Can of Spam

    I am still trying to figure out the events that led to this intrusion. I’ve read almost everything there is to read on Google’s Gmail pages, without finding much. Google seems adamant about not giving-out one-on-one help, but maybe I just didn’t look long enough. On my own, I’ve evoked two step verification on my main email addresses, so that’s settled. But still…I’d like to figure out when and how this breach took place. What magic sequence of events happened to allow this?

    Did I mention I’m a security idiot? Yeah…I thought I did.

    It feels strange to again delve into antivirus and malware protection. I’ve been a smug, self-assured dummy when it comes to online threats and Linux in general. And while what happened can’t really be blamed on Linux per se, it happened in a Linux neighborhood, so I am going to arm myself against any and all malware comers

    Although I’m not above paying for good software, trying to discern what software is good and which is shiny junk can be a daunting challenge, especially in the Linuxsphere. In the tests I’ve studied over the past four days, ClamAV seems to be an online favorite, but they lack the one thing I am going to need on our Reglue kid’s computers: a friendly, useful graphical interface. I’m not going to tell an 11-year-old to drop to the command line to do anything, even if they do need to learn that the blinking prompt can make magic things happen. In time, I will teach them, but for now…. ClamAV failed the initial tests.

  • 602 Gbps! This May Have Been the Largest DDoS Attack in History

    Cyber attacks are getting evil and worst nightmare for companies day-by-day, and the Distributed Denial of Service (DDoS) attack is one of the favorite weapon for hackers to temporarily suspend services of a host connected to the Internet.

    Until now, nearly every big website had been a victim of this attack, and the most recent one was conducted against the BBC's websites and Republican presidential candidate Donald Trump's main campaign website over this past holiday weekend.

  • How to Set up a Successful Bug Bounty Program [VIDEO]

    A bug bounty program is among the most impactful additions to a software security process. With a bug bounty program, security researchers submit reports on potential vulnerabilities, typically with the promise of a reward or "bounty" for their efforts.

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • 602 Gbps DDoS Attack On BBC Proves That 2016 Isn’t Going To Be Any Different

    On New Year’s eve, the BBC website and iPlayer service went down due to a massive Distributed Denial of Service (DDoS) attack. The attack peaked up to 602 Gbps, according to the claims made by the New World Hacking group, who took the responsibility of the attack. In another recent attack, the Republican presidential candidate Donald Trump’s main campaign website was also targeted by the same group.

  • Fatally weak MD5 function torpedoes crypto protections in HTTPS and IPSEC

    If you thought MD5 was banished from HTTPS encryption, you'd be wrong. It turns out the fatally weak cryptographic hash function, along with its only slightly stronger SHA1 cousin, are still widely used in the transport layer security protocol that underpins HTTPS. Now, researchers have devised a series of attacks that exploit the weaknesses to break or degrade key protections provided not only by HTTPS but also other encryption protocols, including Internet Protocol Security and secure shell.

Ubuntu Touch to Support Encryption of User Data

Filed under
Security
Ubuntu

The Ubuntu Touch operating system is also going to provide support for encryption of user data; developers have revealed.

It wasn’t a secret that Ubuntu Touch will get encryption, but it’s also not listed as an upcoming feature. It’s buried in a wiki entry with plans for Ubuntu Touch, but it’s nice to see that it’s still being considered, even if it’s not going to arrive anytime soon.

Read more

Also: Ubuntu ‘Spyware’ Will Be Disabled In Ubuntu 16.04 LTS

Tails 1.8.2 is out

Filed under
GNU
Linux
Security
Debian

This release fixes numerous security issues. All users must upgrade as soon as possible.

Read more

Also: Debian LTS Work December 2015

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Hackers caused a major blackout for the first time

    Hackers were behind a cyber attack on Ukraine in December that had real offline consequences: A blackout that killed electricity to roughly 700,000 homes.

    On December 23, around half the homes in Ukraine's Ivano-Frankivsk region lost power for at least a few hours. Initially reported in Ukrainian media as being caused by hackers, cybersecurity experts have now confirmed that was the case, saying the power company was infected with malicious software.

  • Finland extradites Russian hacking suspect to US

    US authorities are to escort Maxim Senakh out of Finland within a month. They suspect him of stealing millions of dollars from infected computer servers in the US, Finland and elsewhere.

  • Linux Ransomware creators third time unlucky as researchers crack encryption again

    Researchers find Linux.Encoder 3 version still uses buggy encryption and allows file recovery

    Much to the delight of security researchers, a group of malware creators are currently having difficulty getting cryptographic implementations right in their ransomware. This has not happened once but thrice.

Syndicate content

More in Tux Machines

Linux Turns 25 Exactly Today. More LinuxCon and Anniversary Coverage. Plus Microsoft Interjection PR.

Red Hat Virtualization 4

  • Red Hat’s gunning for VMware with virtualization platform update
    Open-source Linux vendor Red Hat Inc. has thrown in support for OpenStack Neutron and other new technologies with the latest release of its software virtualization package, in what looks like a bid to steal customers away from VMware Inc.’s more widely-used solution. Targeted at convergence, Red Hat Virtualization 4 is the first version of the platform that doesn’t include the word “enterprise,” in a move that suggests the company is hoping its virtualized stack will become the platform for convergence, rather than a server density product. OpenStack Neutron is the open-source networking project used by Software-Defined Networks (SDNs), which up until now has only been available as a preview. Many have criticized Neutron’s development for lagging behind the rest of OpenStack’s code base, and Red Hat was one of several vendors to concede that things could be sped up a bit. With the inclusion of the software in Red Hat Virtualization, the company says its Linux platform can be used to run both cloud-enabled and “traditional” workloads in concert.
  • Red Hat Virtualization 4 woos VMware faithful
    It's easy for a virtual machine user to feel left out these days, what with containers dominating the discussion of how to run applications at scale. But take heart, VM fans: Red Hat hasn't forgotten about you. RHV (Red Hat Virtualization) 4.0, released today, refreshes Red Hat's open source virtualization platform with new technologies from the rest of Red Hat's product line. It's a twofold strategy to consolidate Red Hat's virtualization efforts across its various products and to ramp up the company's intention to woo VMware customers.

NOAA Breaks Weather Apps, Slackware Updates, Valve @ 20

The LinuxCon headlines continue to dominate but, more importantly, our desktop weather apps are broken thanks to NOAA decommissioning the site. Liam Dawe looked back at 20 years of Valve and Sebastian "sebas" Kügler introduced new KDE kscreen-doctor. Slackware rolled out some updates including a rare kernel upgrade and The VAR Guy wants to hear about your first time. Read more

Android Leftovers