Language Selection

English French German Italian Portuguese Spanish


Thunderbird’s defective method of enabling anti-virus software to scan incoming POP3 e-mail messages

Filed under

Thunderbird’s method of enabling anti-virus software to scan incoming e-mail messages is explained in the mozillaZine article 'Download each e-mail to a separate file before adding to Inbox' and in Mozilla bug report no. 116443 (the bug report that resulted in the functionality being implemented).

Chromebook/Google/Gentoo Security

Filed under
  • Google has doubled its bounty for a Chromebook hack to $100,000

    Google doubled the bounty it will pay for a successful exploit of its Chromebook laptop to $100,000, sweetening the pot in hopes of drawing more attention from security researchers.

    The larger reward is intended for someone who finds a persistent compromise of a Chromebook in guest mode, according to Google's security blog on Monday.

  • Google's Bug Bounty for a Chromebook Hack Rises to $100,000

    We've reported a few times on bug bounties--cash prizes offered by open source communities to anyone who finds key software bugs--ranging from bounties offered by Google (for the Chrome browser) and Mozilla. This open method of discovering security vulnerabilities has been embraced at Google, especially. In fact, Google has offered up as much as $1 million to people who identify key vulnerabilities in the Chrome browser.

Security Leftovers

Filed under

Security Leftovers

Filed under
  • Monday's security advisories
  • Building a Jenkins Security Realm

    Last week I spent a good while on writing a new security realm for KDE's Jenkins setups. The result of my tireless java brewing is that the Jenkins installation of KDE neon now uses KDE's Phabricator setup to authenticate users and manage permissions via OAuth.

  • The Great Linux Mint Heist: the Aftermath

    In a shocking move, cyber criminals recently hacked the Linux Mint Web server and used it to launch an attack against the popular distro's user base.

  • These Are the Best System Rescue Tools After a Malware Attack

    System rescue tools provided by antivirus makers are often used to clean infected systems after the main antivirus software detects infections.

    Most antivirus makers bundle this functionality in their main products, but a few offer more specialized tools that also repair damaged files, attempting to restore the system to its earlier working point as much as possible.

    Only five of such tools are currently available on the market as free tools. They are AVG Rescue CD, Avira EU-Clean, Bitdefender Rescue CD, ESET SysRescue, and Kaspersky Virus Removal Tool.

  • Documents with malicious macros deliver fileless malware to financial-transaction systems

    Spammed Word documents with malicious macros have become a popular method of infecting computers over the past few months. Attackers are now taking it one step further by using such documents to deliver fileless malware that gets loaded directly in the computer's memory.

    Security researchers from Palo Alto Networks analyzed a recent attack campaign that pushed spam emails with malicious Word documents to business email addresses from the U.S., Canada and Europe.

Canonical Releases Major Kernel Update for Ubuntu 14.04 LTS, Patches 13 Issues

Filed under

We reported on March 14 that Canonical published two new Ubuntu Security Notices with detailed information on multiple Linux kernel vulnerabilities patched for Ubuntu 12.04 LTS (Precise Pangolin) and Ubuntu 15.10 (Wily Werewolf) operating systems.

Read more

Canonical Patches Seven Linux Kernel Vulnerabilities in Ubuntu 15.10, Update Now

Filed under

We reported earlier that Canonical released a minor kernel update for its Ubuntu 12.04 LTS (Precise Pangolin) operating system, and now the company announces a new kernel update for Ubuntu 15.10 (Wily Werewolf).

Read more

Security Leftovers

Filed under
  • Hackers turn to angr for automated exploit discovery and patching

    A team of researchers are battling to trouser the US Defense Advanced Research Projects Agency's US$2m prize to build a system that aims to best human offensive and defensive security personnel at exploitation discovery and patching.

    The Shellphish team, with hackers in the US, France, China, Brazil, and Senegal, is big in the capture-the-flag circuit and won the DEF CON competition in 2006.

    And so it jumped when DARPA in 2014 pinned the word "cyber" to the title of its then decade-old Grand Challenge competition and the quest to automate vulnerability discovery and remediation.

  • How to foil a bank heist

    Essentially, Windows security updates ensure that some zero-day vulnerabilities are fixed as the Microsoft programming team become aware of them and are able to fix them. As a result of Microsoft security updates for Windows XP being discontinued, there is no way for anyone running Windows XP to secure their computer.1

  • Containers are like sandwiches

    There are loads of containers available out there you can download that aren't trusted sources. Don't download random containers from random places. It's no different than trying to buy a sandwich from a filthy shop that has to shoo the rats out of the kitchen with a broom.

  • Do you trust this package?

    But what guarantee is there that no MITM attacker compromised the tarballs when they were downloaded from upstream by a distro package maintainer? If you think distro package maintainers bother with silly things like GPG signature checking when downloading tarballs, then I regret to inform you that Santa is not real, and your old pet is not on vacation, it is dead.

  • Your next car will be hacked. Will autonomous vehicles be worth it?

    Self-driving cars could cut road deaths by 80%, but without better security they put us at risk of car hacking and even ransom demands, experts at SXSW say

  • Microsoft: We Store Disk Encryption Keys, But We’ve Never Given Them to Cops [Ed: just to spies. The following page includes several clear examples where Microsoft is caught giving crypto keys to spies. Microsoft is answering/addressing concerns not as they were raised. This is a non-denying denial.]

    Microsoft says it has never helped police investigators unlock its customers’ encrypted computers—despite the fact that the company often holds they key to get their data.

    If you store important stuff on your computer, it’s great to have the option to lock it up and encrypt your data so that no one can access it if you ever lose your laptop or it gets stolen. But what happens if, one day, you forget your own password to decrypt it? To give customers a way to get their data back in this situation, Microsoft has been automatically uploading a recovery key in the cloud for Windows computers since 2013.

Latest Manjaro Linux 15.12 Update Pack Includes an Important OpenSSL Bugfix

Filed under

The Manjaro development team announced the general availability of the twelfth update pack for the stable and current release of the Arch Linux-based operating system.

Read more

Security Leftovers

Filed under
  • 600,000 TFTP Servers Can Be Abused for Reflection DDoS Attacks

    A new study has revealed that improperly configured TFTP servers can be easily abused to carry out reflection DDoS attacks that can sometimes have an amplification factor of 60, one of the highest such values.

  • Do you trust this application?

    Much of the software you use is riddled with security vulnerabilities. Anyone who reads Matthew Garrett knows that most proprietary software is a lost cause. Some Linux advocates claim that free software is more secure than proprietary software, but it’s an open secret that tons of popular desktop Linux applications have many known, unfixed vulnerabilities. I rarely see anybody discuss this, as if it’s taboo, but it’s been obvious to me for a long time.

  • Do you trust this website?

Security Leftovers

Filed under
Syndicate content

More in Tux Machines

Leftovers: Software

  • Desktop Gmail App WMail Scores a Sizeable Update
    There's a new stable release of WMail, the app that describes itself as "the missing desktop client for Gmail".
  • 2 free desktop recording tools to try: SimpleScreenRecorder and Kazam
    A picture might be worth a thousand words, but a video demonstration can save a lot of talking. I'm a visual learner, so seeing how to do something has been very helpful in my education. I've found that students benefit from seeing exactly how an application is configured or how a code snippet is written. Desktop screen recorders are great tools for creating instructional videos. In this article, I'll look at two free, open source desktop screen recorders: SimpleScreenRecorder and Kazam.
  • Nightfall on Linux
    I've looked at general astronomy programs in the past that are helpful for many tasks you might need to do in your stargazing career. But, several specific jobs are more complicated and require specialized software to make relevant calculations, so here, let's take a look at Nightfall. Nightfall is a program that can handle calculations involving binary star systems. It can animate binary star systems, taking into account not only orbital speeds but also rotational motion and the changing shape of stars due to their close positions. You can model what it would look like and what kind of light curves you would register when observing a binary system. You even can take a set of actual observational data and find a best-fit model for the system you are studying.
  • Nmap 7.31 Security Scanner Updates Npcap with Raw 802.11 Wi-Fi Capture Support
    The first point release of the popular, open-source, and cross-platform Nmap 7.30 free security scanner and network mapper arrived, versioned 7.31, adding several important stability improvements, and bug fixes. New features in Nmap 7.31 include Npcap 0.10r9, which has been upgraded from version 0.10r2 bundled in Nmap 7.30 to add raw 802.11 Wi-Fi capture support, updated Zenmap graphical interface to indicate that better display of hostname is attached to Topology page's address, and IPv6 fingerprint submission improvements. "To increase the number of IPv6 fingerprint submissions, a prompt for submission will be shown with some random chance for successful matches of OS classes that are based on only a few submissions. Previously, only unsuccessful matches produced such a prompt," read the release notes for Nmap 7.31.
  • Shotwell 0.25.0 Image Viewer Supports ACDSee Tags, Improves Piwigo Support
    A new stable release of the popular Shotwell open-source image viewer and organizer arrived for users of Linux-based operating systems, version 0.25.0, bringing lots of important changes. As usual, we've managed to get our hands on the internal changelog, which we've also attached at the end of the story for your reading pleasure, and we'd like to tell you that Shotwell 0.25.0 now supports the tags written by the commercial ACDSee photo manipulation software. The application now makes use of Unicode characters, supports recent Vala compiler releases, improves the Piwigo upload support by implementing an option to override the SSL (Secure Sockets Layer) certificate handling, and another one to display the SSL certificate, along with better creation of new albums.
  • xfce4-panel 4.12.1 Released, Xfce 4.14 Still A Long Ways Out
    Xfce4-panel 4.12.1 has been released as a "long overdue maintenance release" while Xfce 4.14 is still in its infancy. Xfce4-panel 4.12.1 has translation updates, support for xfpanel-switch in the preferences, and just some basic fixes. This comes a few weeks after the quiet bug-fix releases of xfce4-settings 4.12.1 and also joined by the xfconf 4.12.1 release this week.
  • Video Call Improvements Land in Skype for Linux Alpha 1.11
  • Dual-GPU integration in GNOME
    Thanks to the work of Hans de Goede and many others, dual-GPU (aka NVidia Optimus or AMD Hybrid Graphics) support works better than ever in Fedora 25. On my side, I picked up some work I originally did for Fedora 24, but ended up being blocked by hardware support. This brings better integration into GNOME.
  • ‘GNOME To Do’ App Picks Up New Features
    GNOME To Do is one of those apps you’ve probably heard of, but do not use. And with a bunch of rivals task managers and to-do list apps available on Linux — from Simplenote to Remember the Milk — and online, the little app that might has its work cutout.

today's howtos

More Games for GNU/Linux

  • Humble Gems Bundle Goes Live, Offers Chroma Squad For Peanuts
    Wallets at the ready as Humble Gems Bundle is now live, a pay-what-you-can-be-bothered-to-palooza offering a selection of hitherto undiscovered indie gaming marvels. Alright, they’re all games that you’ve probably heard of before, certainly if you’re an active fan of the indie gaming scene.
  • Civilization 6 Linux Release Teased By Aspyr?
    Recently, Aspyr Media confirmed that they’ll be doing a Civilization 6 Linux release soon. Currently, Civilization 6 is live on both PC and Mac. Will Aspyr Media release concrete details about the Civilization 6 Linux release in the next few days?
  • Playstation 4 Linux Hack May Show 4.01 Vulnerability
    A new video about a Playstation 4 Linux hack may have shown a vulnerability in the 4.01 firmware update that came out for the Playstation 4 a few weeks ago. The hacking news came from a video at the GeekPwn 2016 convention in Shanghai, China, where the hacking was shown via a live demo. In this demo, a pair of Chinese computer users use a Linux computer and the Webkit browser, which is used to inject a certain exploit into the Playstation 4. One cut later, and a command line prompt appears that is then used to play Super Mario Bros. While the first use for it in the live demo is innocuous, the fact that this is even possible points once again to possible holes in the Playstation’s security.
  • PlayStation 4 hack enables Linux on recent Sony firmware
    A showcase event at this week’s GeekPwn conference in Shanghai suggests that Sony’s PlayStation 4 has been hacked, as a recently released video shows the console running an unsanctioned Linux build courtesy of a web browser exploit. While details regarding the hack are not yet known, a browser-based security issue in PS4 firmware version 4.01 could potentially allow users to root the upcoming PlayStation 4 Pro console in order to run unlicensed applications and games.

Red Hat News