Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • Russian cyberspy group uses simple yet effective Linux Trojan

    A cyberespionage group of Russian origin known as Pawn Storm is infecting Linux systems with a simple but effective Trojan program that doesn't require highly privileged access.

  • Security update for Chromium 48

    Google released an update for Chrome/Chromium – their version 48 of the browser is now at “48.0.2564.109“. The chromium sources are still not available six days after the announcement, even though the official Chrome binary distributions were available right from the start. I think that this is inexcusable for a big company like Google, but this is not the first time that their autobots falter and no one cares enough to fix the release process. Notwithstanding some complaints by fellow application packagers.

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Internet Providers to Use Private Routers as Public Hotspots

    The Juniper report highlighted the consumer benefits that the policy offers, such as free or reduced-fee access to the operator’s homespot network.
    At least one in three home routers will be used as public WiFi hotspots by 2017, and the total installed base of such dual-use routers will reach 366 million globally by the end of 2020, according to a report from Juniper Research.

  • Will you be my cryptovalentine?

    Over the last few year Free Software Foundation Europe runs a campaign called "I love Free Software Day". It's an opportunity to share your appreciation (or love) with the developers of your favorite Free Software project. So after you are done reading this post, choose your favorite project and send its developer(s) an appreciation email.

    Last year Zak Rogoff , had a great similar idea. On a post he wrote he suggested we use the Valentine's Day as an opportunity to use Free Software in order to setup secure and private communications with our significant other.

  • Pwn2Own Hacking Contest Returns as Joint HPE-Trend Micro Effort

    Over a half million dollars in prize money is up for grabs as the Zero Day Initiative browser hacking contest continues even as corporate ownership shifts.
    The annual Pwn2Own browser hacking competition that takes place at the CanSecWest conference is one of the premier security events in any given year, as security researchers attempt to demonstrate in real time zero-day exploits against modern Web browsers. This year there was initial concern that the event wouldn't happen, as the Zero Day Initiative (ZDI), which is the primary sponsor of Pwn2Own, is currently in a state of transition.

  • Kaspersky Researcher Shows How He Hacked His Hospital While Sitting In His Car

    When we visit a hospital, we put our complete trust in our doctor and the medical equipment that he/she uses. With advancement in technology, these equipment have become more complex and interconnected. Sadly, ensuring standard cybersecurity measures is not a top priority of the medical professionals. This fact was recently outlined by a Kaspersky security researcher who hacked a hospital while sitting in his car.

  • Amazon Cloud is Prepared for the Zombie Apocalypse

    There are a number of reasons why an Amazon Web Services (AWS) user might need to violate the acceptable terms of use - including the onset of a zombie apocalypse.

    Amazon updated its terms of service this week alongside its Lumberyard gaming development platform, with a new provision about acceptable use in connection with safety-critical systems.

Fysbis: The Linux Backdoor Used by Russian Hackers

Filed under
Linux
Security

Fysbis (or Linux.BackDoor.Fysbis) is a new malware family that targets Linux machines, on which it sets up a backdoor that allows the malware's author to spy on victims and carry out further attacks.

Read more

Security Leftovers

Filed under
Security
  • Security advisories for Thursday
  • These Vigilante Hackers Aim To Hack 200,000 Routers To Make Them More Secure

    Remember the white hat hackers — The White Team — responsible for creating the Linux.Wifatch malware last October? The same hackers are now planning to take over Lizard Squad’s botnet of infected IoT devices in an attempt to shut down their operations.

  • Skimmers Hijack ATM Network Cables

    If you have ever walked up to an ATM to withdraw cash only to decide against it after noticing a telephone or ethernet cord snaking from behind the machine to a jack in the wall, your paranoia may not have been misplaced: ATM maker NCR is warning about skimming attacks that involve keypad overlays, hidden cameras and skimming devices plugged into the ATM network cables to intercept customer card data.

Three nginx Vulnerabilities Closed in Ubuntu OSes

Filed under
Security

Canonical published details in a security notice regarding a few nginx vulnerabilities that have been identified in Ubuntu 15.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

The Linux Foundation’s Core Infrastructure Initiative Working with White House on Cybersecurity National Action Plan

Filed under
Linux
Security

The White House today announced its Cybersecurity National Action Plan (CNAP), which includes a series of steps and programs to enhance cybersecurity capabilities within the Federal Government and across the country. In the proposal, the White House announced collaboration with The Linux Foundation’s Core Infrastructure Initiative(CII) to better secure Internet "utilities" such as open-source software, protocols and standards.

Read more

Security Leftovers

Filed under
Security
  • Docker Engine Hardened with Secure Computing Nodes and User Namespaces

    Enterprise systems need enterprise-grade security. With this in mind, Docker Inc. has updated its core container engine with some potentially powerful security measures.

    Docker Inc. has described this release as “huge leap forward for container security.” The company also added a plethora of networking enhancements to Docker 1.10, released Thursday.

  • USENIX Enigma 2016 - Defending, Detecting, and Responding to Hardware and Firmware Attacks
  • Vulnerabilities in Font Processing Library Impact Firefox, Linux: Report

    Security researchers have found vulnerabilities in Graphite, also known as Libgraphite font processing library, that affects a number of systems. The vulnerabilities, if exploited, allow an attacker to seed malicious fonts to a machine. The Libgraphite library is utilised by Linux, Thunderbird, WordPad, Firefox, OpenOffice, as well as several other major platforms and applications.

    Security researchers from Cisco have posted an advisory to outline four vulnerabilities in the Libgraphite font processing library. One of the vulnerabilities allows the attackers to execute arbitrary code on the machine, and among other things, crash the system.

Tails 2.0

Filed under
Reviews
Security
Debian

The newest 2.0 release of Tails brings many enhancements to the distribution. Tails is now based on Debian 8 (Jessie), so packages from the 1.x releases of Tails have been updated to much newer versions. The desktop environment is now GNOME 3.14 running in Classic mode, which is a major advancement over the GNOME 3.4. desktop used in Tails 1.x. However, there is one drawback to this update -- Tails' optional Windows 8 look-alike theme is no longer available. While I normally do not like look-alike themes, having the desktop look like Windows 8 was an understandable and helpful feature in Tails. GNOME 3's Classic mode is a nice, clean environment, but it does not look like Windows or Mac OS X, so using Tails in public is bound to attract some attention.

Read more

Syndicate content

More in Tux Machines

today's howtos

Linux Graphics

  • The RADV Radeon Vulkan Linux Driver Continues Picking Up Features
  • OpenChrome Maintainer Making Some Progress On VIA DRM Driver
    Independent developer Kevin Brace took over maintaining the OpenChrome DDX driver earlier this year to improve the open-source VIA Linux graphics support while over the summer he's slowly been getting up to speed on development of the OpenChrome DRM driver. The OpenChrome DRM driver was making progress while James Simmons was developing it a few years back, but since he left the project, it's been left to bit rot. It will take a lot of work even to get this previously "good" code back to working on the latest Linux 4.x mainline kernels given how DRM core interfaces have evolved in recent times.
  • My talk about Mainline Explicit Fencing at XDC 2016!
    Last week I was at XDC in Helsinki where I presented about the Explicit Fencing work we’ve been doing on the Mainline Linux Kernel in the lastest few months. There was a livestream of all presentations during the conference and recorded sections are available. You can check the video of my presentation. Check out the slides too.

Linux Kernel News

  • Linux 4.8 gets rc8
    Chill, penguin-fanciers: Linux lord Linus Torvalds is sitting on the egg that is Linux 4.8 for another week. As Torvalds indicated last week, this version of the kernel still needs work and therefore earned itself an eighth release candidate.
  • Linux 4.8-rc8 Released: Linux 4.8 Next Weekend
  • Linux Kernel 4.7.5 Released with Numerous ARM and Networking Improvements
    The fifth maintenance update to the Linux 4.7 kernel series, which is currently the most advanced, secure and stable kernel branch you can get for your GNU/Linux operating system, has been announced by Greg Kroah-Hartman. Linux kernel 4.7.5 is here only ten days after the release of the previous maintenance version, namely Linux kernel 4.7.4, and it's a big update that changes a total of 213 files, with 1774 insertions and 971 deletions, which tells us that the kernel developers and hackers had a pretty busy week patching all sorts of bugs and security issues, as well as to add various, much-needed improvements.
  • Blockchain Summit Day Two: End-Of-Conference Highlights From Shanghai
    Financial services firms and startups looking to be the bridge to blockchain ledgers continued to dominate presentations on the second and final day of the Blockchain Summit, ending International Blockchain Week in Shanghai that also saw Devcon2 and a startup demo competition.
  • Testing Various HDDs & SSDs On Ubuntu With The Linux 4.8 Kernel
    Here are some fresh benchmarks of various solid-state drives (SATA 3.0 SSDs plus two NVMe M.2 SSDs) as well as two HDDs for getting a fresh look at how they are performing using the Linux 4.8 Git kernel. After publishing Friday's Intel 600P Series NVME SSD tests of this lower-cost NVM Express storage line-up, I continued testing a few other SSDs and HDDs. These additional reference points are available for your viewing pleasure today. The additional data is also going to be used for reference in a Linux 4.8-based BCache SSD+HDD comparison being published next week. Stay tuned for those fresh BCache numbers.

Behind the GNOME 3.22 Release Video

This is less than usual. The time saving mostly stems from spending less time recording for the release video. At first thought you might think recording would be a breeze but it can be one of the most frustrating aspects of making the videos. Each cycle the GNOME community lands improvement a wide set of GNOME’s applications. So before each release I have to find some way to run a dozen of applications from master. I do this either by: Read more