Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • LinuxCon: CII Program Will Give Badges to Open Source Projects With Strong Security

    Amid this week’s LinuxCon in Seattle, SecurityWeek reported that the Core Infrastructure Initiative (CII), which funds open source projects, will give the badge to those that meet a set of standard criteria. This includes an established bug reporting process, an automated test suite, vulnerability response processes and patching processes. A self-assessment will determine whether the project owners merit the badge.

  • Why every website should switch to HTTPS

    HTTPS protects both website owners and users from interference by network operators. It provides three protections: data authentication, integrity, and confidentiality. HTTPS makes sure that the website you loaded was sent by the real owner of that website, that nothing was injected or censored on the website, and that no one else is able to read the contents of the data being transmitted. We are seeing more and more evidence of manipulation of websites to inject things that the website owners and users didn't intend. Additionally, browsers are starting to deprecate HTTP as non-secure, so in the coming years non-HTTPS websites will start throwing warnings by both Chrome and Firefox.

  • Embargoed firmware updates in LVFS

    The new embargo target allows vendors to test the automatic update functionality using a secret vendor-specific URL set in /etc/fwupd.conf without releasing it to the general public until the hardware has been announced.

  • Security updates for Friday

Security Leftovers

Filed under
Security

Linus Torvalds Talks Linux Security at LinuxCon

Filed under
Linux
Security

"The only real solution to security is to admit that bugs happen," Torvalds said, "and then mitigate them by having multiple layers, so if you have a hole in one component, the next layer will catch the issue."
Torvalds added, "Anyone that thinks that we'll be entirely secure is just not realistic; we'll always have issues."

Read more

Meet Kali Linux 2.0, a distro built to hammer your security

Filed under
Linux
Security

Kali is the successor to BackTrack, and is a Debian-based Linux distribution that includes hundreds of penetration-testing tools pre-installed and ready to go. Just boot it from a USB drive or live DVD and you’ll have a penetration-testing—or “hacking”—environment with all the tools you might want just waiting for you to fire them up.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • Security advisories for Tuesday
  • DDoS attacks on the rise as Akamai warns that 'mega attacks' are coming

    THIS IS THE DAWN of the mega denial-of-service (DoS) attack, according to security firm Akamai and its second quarter threat report.

    We wait every three months for the Akamai State of the Internet report, and we are never disappointed. Its content is pretty good too, and allows for a summary of the past quarter and a reminder about things like Shellshock and web perennials like Flash, WordPress themes and application attacks.

  • Ransomware goes open source

    Turkish security bod Utku Sen has published what seems to be the first open source ransomware that anyone can download and spread. The 'Hidden Tear' ransomware, available at GitHub, is a working version of the malware the world has come to hate. It uses AES encryption to lock down files and could display a scare warning or ransom message to get users to pay.

Ransomware goes OPEN SOURCE in the name of education

Filed under
OSS
Security

Turkish security bod Utku Sen has published what appears to be the first open source ransomware that anyone can download and spread.

The "Hidden Tear" ransomware, available to GitHub, is a functional version of the malware the world has come to hate; it uses AES encryption to lock down files and can display a scare warning or ransom message to get users to pay up.

Read more

Five free Android encryption tools for the paranoid user

Filed under
Android
Security

Do your hats tend to fall into the tinfoil range? Are you afraid there is always somebody watching you? If so, rest assured that the Android ecosystem offers plenty of apps to soothe your paranoia. But which apps are the must-haves? Here are five apps you should immediately install and put to work. They'll bring you peace in the knowledge that your mobile data is far more secure than those around you.

Read more

Open Source First Starting to Converge with Cloud First

Filed under
OSS
Security

Of course, PostgeSQL is only one instance where open source and the cloud are starting to converge. The same argument could also be applied to everything from Node.js to Docker containers. The point is that as the critical mass of open source software in the cloud continues to build, it’s only a matter of time before that same software starts showing up on premise in much greater numbers than it already has.

Read more

Mozilla defaults Tracking Protection for Firefox developer builds, but only for private browsing

Filed under
Moz/FF
Security

Pre-beta versions of Firefox will block domains known to track users by default when a private browser window is opened.

Read more

Security Leftovers

Filed under
Security
  • Friday's security advisories
  • Research Paper: Securing Linux Containers
  • Kaspersky Antivirus accused of creating fake malware for over 10 years

    It basically worked like this: Kaspersky would inject dangerous-looking code into common pieces of software. It would then anonymously submit the files to malware aggregators such as Google-owned VirusTotal. When competitors added the malware to their detection engines, they’d mistakenly flag the original files because of the similar code.

  • Investigating the Computer Security Practices and Needs of Journalists

    Though journalists are often cited as potential users of computer security technologies, their practices and mental models have not been deeply studied by the academic computer security community. Such an understanding, however, is critical to developing technical solutions that can address the real needs of journalists and integrate into their existing practices. We seek to provide that insight in this paper, by investigating the general and computer security practices of 15 journalists in the U.S. and France via in-depth, semi-structured interviews. Among our findings is evidence that existing security tools fail not only due to usability issues but when they actively interfere with other aspects of the journalistic process; that communication methods are typically driven by sources rather than journalists; and that journalists’ organizations play an important role in influencing journalists’ behaviors. Based on these and other findings, we make recommendations to the computer security community for improvements to existing tools and future lines of research.

  • Ten scary hacks I saw at Black Hat and DEF CON

    The highlight of this year’s Black Hat conference was a remote hack of the Jeep Cherokee and other Fiat Chrysler vehicles, demonstrated by security researches Charlie Miller and Chris Valasek.

    The attack was the culmination of a year of painstaking work that involved reverse-engineering car firmware and communications protocols. It eventually allowed the two researchers to hack into the car infotainment systems over mobile data connections and take over brake, steering and other critical systems. The research forced Chrysler to recall 1.4 million automobiles so they could be patched and prompted a car cybersafety legislative proposal from the U.S. Congress.

  • How to hack a Corvette with a text message

    Researchers have demonstrated how a simple text message can be used to control a vehicle.

  • Facebook issues Internet Defense Prize for vulnerability discovery tool

    Facebook has awarded $100,000 to a pair of Ph.D students for their work in the security of C++ programs which resulted in the detection and patching of zero-day vulnerabilities.

Syndicate content

More in Tux Machines

NVIDIA vs. AMD OpenGL & Vulkan Benchmarks With Valve's Dota 2

Yesterday marked the public availability of Dota 2 with a Vulkan renderer after Valve had been showing it off for months. This is the second commercial Linux game (after The Talos Principle) to sport a Vulkan renderer and thus we were quite excited to see how this Dota 2 Vulkan DLC is performing for both NVIDIA GeForce and AMD Radeon graphics cards. Here are our initial Dota 2 benchmarks with Vulkan as well as OpenGL for reference when using the latest Linux graphics drivers on Ubuntu. Read more

Why Hyperledger wants to be the ‘Linux of blockchain’

Blockchain technology offers many different benefits to enterprise developers — but there’s no cross-industry open standard for how to develop it. That makes it difficult for vendors and CIO customers to place their bets and begin building it into their technology architecture. Hyperledger, a Linux Foundation project to produce a standard open-source blockchain, wants to solve that problem, and it just got an executive director, Brian Behlendorf, to help it on its way. He founded the Apache Software Foundation, was previously on the board of the Mozilla Foundation and the Electronic Frontier Foundation, and managed tech VC firm Mithril Capital Management. Read more

Google Nexus 6P Review: This is the Android Flagship You’re Looking For

This is the flagship Android handset you’re looking for, and best of all it’s reasonably priced. It is unlocked and offers universal wireless carrier support (yes, including Verizon), and it starts at just $500. At that price, you have a choice of silver, graphite, frost, and matte gold finishes and 32 GB of storage. If you want to step up to 64 GB, which I recommend, the price jumps just $50 to $550. (Take that, Apple: A similarly configured iPhone 6S Plus costs $850, or $300 more than the Nexus 6P.) A 128 GB version will set you back an also-reasonable $650. These are fantastic prices for a fantastic flagship device. And that, folks, is called the sweet spot. The Nexus 6P hits it, and while there are still some platform niceties that make me personally prefer the iPhone, the gap is now smaller than ever. The Nexus 6P is highly recommended. Read more

Rebellin Linux Offers Best of Both Gnome Worlds

Both versions generally performed well. The Rebellin distro is impressive considering its small development team. Rebellin is not without a few glitches, however. One major problem I had with several of my computers testing the distro was with the audio playback in both the GNOME and the Mate editions. It did not play back. I double checked all the settings, even making sure that the mute option was not checked. Another issue affected just the Mate edition. The touchpad settings are not available, and the Touchpad tab itself is missing. The Synaptics Touchpad Driver is not being loaded in Rebellin Mate, according to Rebellin's developer. He posted a workaround that may temporarily resolve the problem. It is a multistep process that is not very straightforward. Read more