Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Notice of security breach on Ubuntu Forums [Ed: this is proprietary software on top of proprietary software. Shame!]

    Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched.

  • Ubuntu Forums Hacked! Here Is What Hacker Stole?
  • ChaosKey

    The Linux Kernel, starting with version 4.1, includes source for this driver. It should be built by default in your distribution. If your using Linux + KVM to host other Linux instances, read the VirtualMachine page to see how you can configure the guests to share the host entropy source.

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Room for Application Security Improvement

    Using open source components is a common software development process; just how common, however, may come as a surprise -- even a shock -- to some. The average organization uses 229,000 open source components a year, found research by Sonatype, a provider of software development lifecycle solutions that manages a Central Repository of these components for the Java development community.

    There were 31 billion requests for downloads from the repository in 2015, up from 17 billion in 2014, according to Sonatype.

    The number "blows people's minds," said Derek Weeks, a VP and DevOps advocate at Sonatype. "The perspective of the application security professional or DevOps security professional or open source governance professional is, 'This really changes the game. If it were 100, I could control that, but if it is 200,000 the world has changed."

  • Ubuntu Forums Suffer Data breach; Credit Goes to SQL Flaw

Ubuntu Forums Cracked. Again.

Filed under
Security
Ubuntu

Security Leftovers

Filed under
Security

Canonical Patches Linux Kernel Vulnerability in All Supported Ubuntu OSes

Filed under
Security
Ubuntu

Today, July 14, 2016, Canonical published multiple security notices to inform users of the Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr) and Ubuntu 15.10 (Wily Werewolf) operating systems about the availability of a new kernel update.

Read more

Changes in Tor

Filed under
OSS
Security

Security News

Filed under
Security
  • David A. Wheeler: Working to Prevent the Next Heartbleed

    The Heartbleed bug revealed that some important open source projects were so understaffed that they were unable to properly implement best security practices. The Linux Foundation’s Core Infrastructure Initiative , formed to help open source projects have the ability to adopt these practices, uses a lot of carrot and very little stick.

  • The First iPhone Hacker Shows How Easy It Is To Hack A Computer

    Viceland is known for its extensive security-focused coverage and videos. In the latest CYBERWAR series, it’s showing us different kinds of cyber threats present in the world around us. From the same series, recently, we covered the story of an ex-NSA spy that showed us how to hack a car.

    In another spooky addition to the series, we got to see how easily the famous iPhone hacker George Hotz hacked a computer.

    George Hotz, also known as geohot, is the American hacker known for unlocking the iPhone. He developed bootrom exploit and limera1n jailbreak tool for Apple’s iOS operating system. Recently, he even built his own self-driving car in his garage.

  • Beware; Adwind RAT infecting Windows, OS X, Linux and Android Devices

    Cyber criminals always develop malware filled with unbelievable features but hardly ever you will find something that targets different operating systems simultaneously. Now, researchers have discovered a malware based on Java infecting companies in Denmark but it’s only a matter of time before it will probably hit other countries.

  • 7 Computers Fighting Against Each Other To Become “The Perfect Hacker”

    Are automated “computer hackers” better than human hackers? DARPA is answering this question in positive and looking to prove its point with the help of its Cyber Grand Challenge. The contest finale will feature seven powerful computer fighting against each other. The winner of the contest will challenge human hackers at the annual DEF CON hacking conference.

Security Leftovers

Filed under
Security
  • Security updates for Wednesday
  • Download This Security Fix Now — All Versions Of Windows Operating System Hackable

    As a part of its monthly update cycle, Microsoft has released security patches for all versions of Windows operating system. This update addresses a critical flaw that lets an attacker launch man-in-the-middle attacks on workstations. This security vulnerability arises as the print spooler service allows a user to install untrusted drivers with elevated privileges.

  • The Truth About Penetration Testing Vs. Vulnerability Assessments

    Vulnerability assessments are often confused with penetration tests. In fact, the two terms are often used interchangeably, but they are worlds apart. To strengthen an organization’s cyber risk posture, it is essential to not only test for vulnerabilities, but also assess whether vulnerabilities are actually exploitable and what risks they represent. To increase an organization’s resilience against cyber-attacks, it is essential to understand the inter-relationships between vulnerability assessment, penetration test, and a cyber risk analysis.

Untangle Announces NG Firewall Version 12.1

Filed under
GNU
Linux
Security

Untangle® Inc., a security software and appliance company, announced the release of version 12.1 of its award-winning NG Firewall software. Untangle NG Firewall version 12.1 brings new features and functionality to the popular and powerful small business firewall platform.

NG Firewall delivers a comprehensive solution for small-to-medium businesses, schools, governmental organizations and nonprofits that require enterprise-grade perimeter security with the flexibility of a convergent Unified Threat Management (UTM) device. Untangle’s industry-leading approach to network traffic visibility and policy management gives its customers deep insight into what’s happening on their network via its database-driven reporting engine and 360° dashboard.

“Version 12.1 is the next step in the evolution of the Untangle NG Firewall user interface,” said Dirk Morris, founder and chief product officer at Untangle. “Building on the base provided by the last two major releases, version 12.1 provides a fully responsive mobile management console as well as faster performing, more flexible reporting and dashboard widget capabilities.”

Read more

Security Leftovers

Filed under
Security
  • Posing as ransomware, Windows malware just deletes victim’s files

    There has been a lot of ingenuity poured into creating crypto-ransomware, the money-making malware that has become the scourge of hospitals, businesses, and home users over the past year. But none of that ingenuity applies to Ranscam, a new ransom malware reported by Cisco's Talos Security Intelligence and Research Group.

    Ranscam is a purely amateur attempt to cash in on the cryptoransomware trend that demands payment for "encrypted" files that were actually just plain deleted by a batch command. "Once it executes, it, it pops up a ransom message looking like any other ransomware," Earl Carter, security research engineer at Cisco Talos, told Ars. "But then what happens is it forces a reboot, and it just deletes all the files. It doesn't try to encrypt anything—it just deletes them all."

    Talos discovered the file on the systems of a small number of customers. In every case, the malware presented exactly the same message, including the same Bitcoin wallet address. The victim is instructed:

    "You must pay 0.2 Bitcoins to unlock your computer. Your files have been moved to a hidden partition and crypted. Essential programs in your computer have been locked and your computer will not function properly. Once your Bitcoin payment is received your computer and files will be returned to normal instantly."

  • Webpages, Word files, print servers menacing Windows PCs, and disk encryption bypasses – yup, it's Patch Tuesday

    Microsoft will fix critical holes in Internet Explorer, Edge, Office and Windows with this month's Patch Tuesday security bundle. Meanwhile, Adobe has patched dozens of exploitable vulnerabilities in its Flash player.

    Redmond's July release includes 11 sets of patches, six rated as "critical" and five classified as "important." The highlights are: a BitLocker device encryption bypass, evil print servers executing code on vulnerable machines, booby-trapped webpages and Office files injecting malware into PCs, and the usual clutch of privilege elevation flaws.

  • Ad blocking: yes, its war now

    idnes.cz: they put moving advertisment on that their web, making browsers unusable -- they eat 100% CPU and pages lag when scrolling. They put video ads inside text that appear when you scroll. They have video ads including audio... (Advertisment for olympic games is particulary nasty, Core Duo, it also raises power consumption by like 30W). Then they are surpised of adblock and complain with popup when they detect one. I guess I am either looking for better news source, or for the next step in adblock war...

Syndicate content

More in Tux Machines

today's howtos

Leftovers: Ubuntu

  • IOTA: IoT revolutionized with a Ledger
    Ever since the introduction of digital money, the world quickly came to realize how dire and expensive the consequences of centralized systems are. Not only are these systems incredibly expensive to maintain, they are also “single points of failures” which expose a large number of users to unexpected service interruptions, fraudulent activities and vulnerabilities that can be exploited by malicious hackers. Thanks to Blockchain, which was first introduced through Bitcoin in 2009, the clear benefits of a decentralized and “trustless” transactional settlement system became apparent. No longer should expensive trusted third parties be used for handling transactions, instead, the flow of money should be handled in a direct, Peer-to-Peer fashion. This concept of a Blockchain (or more broadly, a distributed ledger) has since then become a global phenomenon attracting billions of dollars in investments to further develop the concept.
  • Return Home and Unify: My Case for Unity 8
  • Can netbooks be cool again?
    Earlier this week, my colleague Chaim Gartenberg covered a laptop called the GPD Pocket, which is currently being funded on Indiegogo. As Chaim pointed out, the Pocket’s main advantage is its size — with a 7-inch screen, the thing is really, really small — and its price, a reasonable $399. But he didn’t mention that the Pocket is the resurrection of one of the most compelling, yet fatally flawed, computing trends of the ‘00s: the netbook. So after ten years, are netbooks finally cool again? That might be putting it too strongly, but I’m willing to hope.

Linux Devices

  • Compact, rugged module runs Linux or Android on Apollo Lake
    Ubiqcomm’s 95 x 95mm, Apollo Lake-based “COM-AL6C” COM offers 4K video along with multiple SATA, USB, GbE, and PCIe interfaces, plus -40 to 85°C operation. Ubiqconn Technology Inc. has announced a “COM-AL6C” COM Express Type 6 Compact form factor computer-on-module built around Intel’s Apollo Lake processors and designed to withstand the rigors of both fixed and mobile industrial applications. The module offers a choice among three Intel Apollo Lake processors: the quad-core Atom x5-E3930, quad-core x5-E3940, and dual-core x7-E3950, which are clocked at up to 2.0GHz burst and offer TDPs from 6.5 to 12 Watts.
  • Internet-enable your microcontroller projects for under $6 with ESP8266
    To get started with IoT (the Internet of Things), your device needs, well, an Internet connection. Base Arduino microcontrollers don't have Internet connectivity by default, so you either need to add Ethernet, Wi-Fi shields, or adapters to them, or buy an Arduino that has built-in Internet connectivity. In addition to complexity, both approaches add cost and consume the already-precious Arduino flash RAM for program space, which limits what you can do. Another approach is to use a Raspberry Pi or similar single-board computer that runs a full-blown operating system like Linux. The Raspberry Pi is a solid choice in many IoT use cases, but it is often overkill when all you really want to do is read a sensor and send the reading up to a server in the cloud. Not only does the Raspberry Pi potentially drive up the costs, complexity, and power consumption of your project, but it is running a full operating system that needs to be patched, and it has a much larger attack surface than a simple microcontroller. When it comes to IoT devices and security, simpler is better, so you can spend more time making and less time patching what you already made.
  • Blinkenlights!
  • Blinkenlights, part 2
  • Blinkenlights, part 3
  • [Older] Shmoocon 2017: The Ins And Outs Of Manufacturing And Selling Hardware
    Every day, we see people building things. Sometimes, useful things. Very rarely, this thing becomes a product, but even then we don’t hear much about the ins and outs of manufacturing a bunch of these things or the economics of actually selling them. This past weekend at Shmoocon, [Conor Patrick] gave the crowd the inside scoop on selling a few hundred two factor authentication tokens. What started as a hobby is now a legitimate business, thanks to good engineering and abusing Amazon’s distribution program.
  • 1.8 Billion Mobile Internet Users NEVER use a PC, 200 Million PC Internet Users never use a mobile phone. Understanding the 3.5 Billion Internet Total Audience
    As I am working to finish the 2017 Edition of the TomiAhonen Almanac (last days now) I always get into various updates of numbers, that remind me 'I gotta tell this story'.. For example the internet user numbers. We have the December count by the ITU for year 2016, that says the world has now 3.5 Billion internet users in total (up from 3.2 Billion at the end of year 2015). So its no 'drama' to know what is 'that' number. The number of current internet total users is yes, 3.5 Billion, almost half of the planet's total population (47%).

Leftovers: OSS and Sharing

  • Rewriting the history of free software and computer graphics
    Do you remember those days in the early nineties when most screensavers were showing flying 3D metallic logotypes? Did you have one? In this article, I want to go back in time and briefly revise the period in the history of computer graphics (CG) development when it transitioned from research labs to everyone's home computer. The early and mid-1990s was the time when Aldus (before Adobe bought the company) was developing PageMaker for desktop publishing, when Pixar created ToyStory, and soon after 3D modeling and animation software Maya by Alias|Wavefront (acquired by Autodesk). It was also a moment when we got two very different models of CG development, one practiced by the Hollywood entertainment industry and one practiced by corporations like Adobe and Autodesk. By recalling this history, I hope to be able to shed new light on the value of free software for CG, such as Blender or Synfig. Maybe we can even re-discover the significance of one implicit freedom in free software: a way for digital artists to establish relations with developers. [...] The significance of free software for CG On the backdrop of this history, free software like Blender, Synfig, Krita, and other projects for CG gain significance for several reasons that stretch beyond the four freedoms that free software gives. First, free software allows the mimicking of the Hollywood industry's models of work while making it accessible for more individuals. It encourages practice-based CG development that can fit individual workflows and handle unexpected circumstances that emerge in the course of work, rather than aiming at a mass product for all situations and users. Catering to an individual's needs and adaptations of the software brings users work closer to craft and makes technology more human. Tools and individual skill can be continuously polished, shaped, and improved based on individual needs, rather than shaped by decisions "from above."
  • ONF unveils Open Innovation Pipeline to counter open source proprietary solutions
    ONF and ON.Lab claim the OIP initiative to bolster open source SDN, NFV and cloud efforts being hampered by open source-based proprietary work. Tapping into an ongoing merger arrangement with Open Networking Lab, the Open Networking Foundation recently unveiled its Open Innovation Pipeline targeted at counteracting the move by vendors using open source platforms to build proprietary solutions.
  • [FreeDOS] The readability of DOS applications
    Web pages are mostly black-on-white or dark-gray-on-white, but anyone who has used DOS will remember that most DOS applications were white-on-blue. Sure, the DOS command line was white-on-black, but almost every popular DOS application used white-on-blue. (It wasn't really "white" but we'll get there.) Do an image search for any DOS application from the 1980s and early 1990s, and you're almost guaranteed to yield a forest of white-on-blue images like these:
  • More about DOS colors
    In a followup to my discussion about the readability of DOS applications, I wrote an explanation on the FreeDOS blog about why DOS has sixteen colors. That discussion seemed too detailed to include on my Open Source Software & Usability blog, but it was a good fit for the FreeDOS blog.
  • Building a $4 billion company around open source software: The Cloudera story
    Dr Amr Awadallah is the Chief Technology Officer of Cloudera, a data management and analytics platform based on Apache Hadoop. Before co-founding Cloudera in 2008, Awadallah served as Vice President of Product Intelligence Engineering at Yahoo!, running one of the very first organizations to use Hadoop for data analysis and business intelligence. Awadallah joined Yahoo! after the company acquired his first startup, VivaSmart, in July 2000. With the fourth industrial revolution upon us—where the lines between the physical, digital and biological spheres are blurred by the world of big data and the fusion of technologies—Cloudera finds itself among the band of companies that are leading this change. In this interview with Enterprise Innovation, the Cloudera co-founder shares his insights on the opportunities and challenges in the digital revolution and its implications for businesses today; how organizations can derive maximum value from their data while ensuring their protection against risks; potential pitfalls and mistakes companies make when using big data for business advantage; and what lies beyond big data analytics.
  • What we (think we) know about meritocracies
    "Meritocracy," writes Christopher Hayes in his 2012 book Twilight of the Elites, "represents a rare point of consensus in our increasingly polarized politics. It undergirds our debates, but is never itself the subject of them, because belief in it is so widely shared." Meritocratic thinking, in other words, is prevalent today; thinking rigorously about meritocracy, however, is much more rare.
  • A new perspective on meritocracy
    Meritocracy is a common element of open organizations: They prosper by fostering a less-hierarchical culture where "the best ideas win." But what does meritocracy really mean for open organizations, and why does it matter? And how do open organizations make meritocracy work in practice? Some research and thinking I've done over the last six months have convinced me such questions are less simple—and perhaps more important—than may first meet the eye.
  • OpenStack Summit Boston: Vote for Presentations
    The next OpenStack Summit takes place in Boston, MA (USA) in May (8.-11.05.2017). The "Vote for Presentations" period started already. All proposals are now again up for community votes. The period will end February 21th at 11:59pm PST (February 22th at 8:59am CEST).
  • [FOSDEM] Libreboot
    Libreboot is free/opensource boot firmware for laptops, desktops and servers, on multiple platforms and architectures. It replaces the proprietary BIOS/UEFI firmware commonly found in computers.
  • Three new FOSS umbrella organisations in Europe
    So far, the options available to a project are either to establish its own organisation or to join an existing organisation, neither of which may fit well for the project. The existing organisations are either specialised in a specific technology or one of the few technology-neutral umbrella organisations in the US, such as Software in the Public Interest, the Apache Software Foundation, or the Software Freedom Conservancy (SFC). If there is already a technology-specific organisation (e.g. GNOME Foundation, KDE e.V., Plone Foundation) that fits a project’s needs, that may well make a good match.
  • ESA affirms Open Access policy for images, videos and data / Digital Agenda
    ESA today announced it has adopted an Open Access policy for its content such as still images, videos and selected sets of data. For more than two decades, ESA has been sharing vast amounts of information, imagery and data with scientists, industry, media and the public at large via digital platforms such as the web and social media. ESA’s evolving information management policy increases these opportunities. In particular, a new Open Access policy for ESA’s information and data will now facilitate broadest use and reuse of the material for the general public, media, the educational sector, partners and anybody else seeking to utilise and build upon it.
  • Key Traits of the Coming Delphi For Linux Compiler
    Embarcadero is about to release a new Delphi compiler for the Linux platform. Here are some of the key technical elements of this compiler, and the few differences compared to Delphi compilers for other platforms.