Language Selection

English French German Italian Portuguese Spanish

Security

Tor Development and Bugfix

Filed under
Moz/FF
Security

Security: DBD, Windows Botnet, Updates and Reproducible Builds

Filed under
Security
  • How we are addressing a mistake we made while running defectivebydesign.org

    On Wednesday, October 25th, we received an email letting us know that an old Drupal database backup file was publicly accessible on defectivebydesign.org, a site operated by the Free Software Foundation. This backup file contained contact information and other details that should not have been public, submitted from 2007-2012.

    Within minutes of receiving the report, we removed the file and started auditing defectivebydesign.org and the rest of our sites. The file did not contain any passwords or password hashes, financial information, mailing addresses, or information about users who interacted with the site without ever logging in.

    On Friday, October 27th, once we were reasonably confident we understood the scope of the problem and had fixed the most urgent issues, we sent a notification email to every address that was in the database backup file. We explained what had happened, took responsibility, and apologized.

  • Man who developed a botnet of over 77,000 infected computers to pay for college avoids jail time

    Tierman created the botnet by covertly infecting users' computers with malware via social media without their knowledge. Since at least August 2011, he sold access to his botnet to those looking to send spam messages to unsuspecting victims. When he was arrested in October 2012 as a student at California Polytechnic State University, more than 77,000 infected computers were active in Tiernan's botnet.

  • Security updates for Friday
  • Reproducible Builds: Weekly report #131

Parrot 3.9 “Intruder” Ethical Hacking Linux Distro Released With New Features — Download Here

Filed under
GNU
Linux
Security

In mid-October, The Parrot Project announced that it’s going to be releasing the latest Parrot Security 3.9 operating system for ethical hacking and penetration testing in the upcoming weeks. The team also released its beta release for testers. After the wait of a couple of weeks, the final Parrot 3.9 release is here.

Read more

Tor Improvements and Bugfix

Filed under
Security
Web
  • Next-Gen Algorithms Make Tor Browser More Secure And Private, Download The Alpha Now

    Tor, the anonymity network was in need of an upgrade, as the world started raising concerns about its reliability. It was this year only when a hacker managed to take down almost 1/5th of the onion network.

    The possible applications of Tor have reached far ahead than calling it a grey market for drugs and other illegal things. It’s already actively used for the exchange of confidential information, file transfer, and cryptocurrency transactions with an expectation that nobody can track it.

  • TorMoil Vulnerability Leaks Real IP Address from Tor Browser Users

    The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users' real IP addresses.

    The vulnerability was spotted by Filippo Cavallarin, CEO of We Are Segment, an Italian company specialized in cyber-security and ethical hacking.

  • Critical Tor flaw leaks users’ real IP address—update now

    Mac and Linux versions of the Tor anonymity browser just received a temporary fix for a critical vulnerability that leaks users' IP addresses when they visit certain types of addresses.

    TorMoil, as the flaw has been dubbed by its discoverer, is triggered when users click on links that begin with file:// rather than the more common https:// and http:// address prefixes. When the Tor browser for macOS and Linux is in the process of opening such an address, "the operating system may directly connect to the remote host, bypassing Tor Browser," according to a brief blog post published Tuesday by We Are Segment, the security firm that privately reported the bug to Tor developers.

IPFire 2.19 - Core Update 115 released

Filed under
GNU
Linux
Security

finally, we are releasing the long-awaited IPFire 2.19 – Core Update 115 which brings the shiny new Captive Portal and various security and performance improvements as well as fixing security vulnerabilities.

This is a large Core Update with a huge number of changes and to support our efforts to develop new features and maintain the existing system as well as constantly improving it, we would like to ask you to donate!

Read more

Security: Dashlane, Coverity, FireEye's GoCrack

Filed under
Security

Security: Pwn2Own, WordPress, Black Duck's Latest FUD (Sales Pitch), Claims of Russian Meddling

Filed under
Security

Security: Kaspersky, GDPR, NIST, Voting

Filed under
Security
  • Kaspersky purged from 'vast majority' of US government systems

    Michael Duffy, who leads cybersecurity and communications at the DHS, explained that fewer than half of their agencies were using Kaspersky's anti-virus software.

  • The EU’s GDPR is even more relevant to Linux systems, and here is why

    This new regulation represents a tightening of the data protection laws. The new regulation requires far faster responses to data breaches (within 72 hours), and the maximum penalty for breaching the legislation has increased by over four times to twenty million euros or four percent of a business’s annual global turnover, whichever is higher. In addition, GDPR will unify the processes by which EU countries regulate their data security. This will ensure breaches are easier to report, investigate and respond to the new supervisory authorities being introduced.

  • New Network Security Standards Will Protect Internet’s Routing

    Electronic messages traveling across the internet are under constant threat from data thieves, but new security standards created with the technical guidance of the National Institute of Standards and Technology (NIST) will reduce the risk of messages being intercepted or stolen. These standards address a security weakness that has been a part of the internet since its earliest days.

  • Disney-branded internet filter had Mickey Mouse security

    A Disney-branded home internet filtering device might keep bad content out, but it was an open door to bad actors until earlier this month.

    That's what Cisco Talos's William Largfent found when he took a look at "Circle with Disney", a Circle Media parental control device on which the entertainment giant slapped its brand.

    Whatever its qualities in filtering an screen time management, the US$99 box is riddled with 23 vulns, as the Talos post discloses.

  • Episode 68 - Ruining the Internet: Episode 68 - Ruining the Internet
  • Security updates for Wednesday
  • Trump administration reportedly kills vehicle-to-vehicle safety mandate [Updated]
  • Members of Congress want you to hack the US election voting system

    This summer, DefCon's "Voting Machine Hacking Village" turned up a host of US election vulnerabilities (PDF). Now, imagine a more mainstream national hacking event backed by the Department of Homeland Security that has the same goal: to discover weaknesses in voting machines used by states for local and national elections.

    That might just become a reality if federal legislation (PDF) unveiled Tuesday becomes law. The proposal comes with a safe harbor provision to exempt participants from federal hacking laws. Several federal exemptions for ethical hacking that paved the way for the DefCon hacking village expire next year.

    The bipartisan "Securing America's Voting Equipment Act" also would provide election funding to the states and would designate voting systems as critical infrastructure—a designation that would open up communication channels between the federal government and the states to share classified threat information.

Security: Nextcloud, Microsoft/Windows, Canonical/Ubuntu

Filed under
Security
Syndicate content

More in Tux Machines

More on Tesla's Compliance

10 Best Open Source Forum Software for Linux

A forum is a discussion platform where related ideas and views on a particular issue can be exchanged. You can setup a forum for your site or blog, where your team, customers, fans, patrons, audience, users, advocates, supporters, or friends can hold public or private discussions, as a whole or in smaller groups. If you are planning to launch a forum, and you can’t build your own software from scratch, you can opt for any of the existing forum applications out there. Some forum applications allow you to setup only a single discussion site on a single installation, while others support multiple-forums for a single installation instance. In this article, we will review 10 best open source forum software for Linux systems. By the end of this article, you will know exactly which open source forum software best suites your needs. Read more

(K)Ubuntu: Playing' Tennis and Dropping 32-bit

  • Tennibot is a really cool Ubuntu Linux-powered tennis ball collecting robot
    Linux isn't just a hobby --  the kernel largely powers the web, for instance. Not only is Linux on many web servers, but it is also found on the most popular consumer operating system in the world -- Android. Why is this? Well, the open source kernel scales very well, making it ideal for many projects. True, Linux's share of the desktop is still minuscule, but sometimes slow and steady wins the race -- watch out, Windows! A good example of Linux's scalability is a new robot powered by Linux which was recently featured on the official Ubuntu Blog. Called "Tennibot," the Ubuntu-powered bot seeks out and collects tennis balls. Not only does it offer convenience, but it can save the buyer a lot of money too -- potentially thousands of dollars per year as this calculator shows. So yeah, a not world-changing product, but still very neat nonetheless. In fact, it highlights that Linux isn't just behind boring nerdy stuff, but fun things too.
  • Kubuntu Drops 32-bit Install Images
    If you were planning to grab a Kubuntu 18.10 32-bit download this October you will want to look away now. Kubuntu has confirmed plans to join the rest of the Ubuntu flavour family and drop 32-bit installer images going forward. This means there will be no 32-bit Kubuntu 18.10 disc image available to download later this year.

Suitcase Computer Reborn with Raspberry Pi Inside

Fun fact, the Osborne 1 debuted with a price tag equivalent to about $5,000 in today’s value. With a gigantic 9″ screen and twin floppy drives (for making mix tapes, right?) the real miracle of the machine was its portability, something unheard of at the time. The retrocomputing trend is to lovingly and carefully restore these old machines to their former glory, regardless of how clunky or underpowered they are by modern standards. But sometimes they can’t be saved yet it’s still possible to gut and rebuild the machine with modern hardware, like with this Raspberry Pi used to revive an Osborne 1. Purists will turn their nose up at this one, and we admit that this one feels a little like “restoring” radios from the 30s by chucking out the original chassis and throwing in a streaming player. But [koff1979] went to a lot of effort to keep the original Osborne look and feel in the final product. We imagine that with the original guts replaced by a Pi and a small LCD display taking the place of the 80 character by 24 line CRT, the machine is less strain on the shoulder when carrying it around. (We hear the original Osborne 1 was portable in the same way that an anvil is technically portable.) The Pi runs an emulator to get the original CP/M experience; it even runs Wordstar. The tricky part about this build was making the original keyboard talk to the Pi, which was accomplished with an Arduino that translates key presses to USB. Read more