Language Selection

English French German Italian Portuguese Spanish

Security

GHOST, a critical Linux security hole, is revealed

Filed under
Linux
Security

Researchers at cloud security company Qualys have discovered a major security hole, GHOST (CVE-2015-0235), in the Linux GNU C Library (glbibc). This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords.

Qualys alerted the major Linux distributors about the security hole quickly and most have now released patches for it. Josh Bressers, manager of the Red Hat product security team said in an interview that, "Red Hat got word of this about a week ago. Updates to fix GHOST on Red Hat Enterprise Linux (RHEL) 5, 6, and 7 are now available via the Red Hat Network."

This hole exists in any Linux system that was built with glibc-2.2, which was released on November 10, 2000. Qualys found that the bug had actually been patched with a minor bug fix released on May 21, 2013 between the releases of glibc-2.17 and glibc-2.18.

Read more

Why screen lockers on X11 cannot be secure

Filed under
KDE
Security

Today we released Plasma 5.2 and this new release comes with two fixes for security vulnerabilities in our screen locker implementation. As I found, exploited, reported and fixed these vulnerabilities I decided to put them a little bit into context.

The first vulnerability concerns our QtQuick user interface for the lock screen. Through the Look and Feel package it was possible to send the login information to a remote location. That’s pretty bad but luckily also only a theoretical problem: we have not yet implemented a way to install new Look and Feel packages from the Internet. So we found the issue before any harm was done.

Read more

Also: Plasma 5.2 for openSUSE? You bet!

IPFire Is a Powerful Firewall Distro and It Was Just Updated

Filed under
GNU
Linux
Security

IPFire 2.15 Core 86, a new version of the popular Linux-based firewall distribution, has been announced by Michael Tremer and users have been advised to upgrade their systems as soon as possible.

Read more

OpenSSL 1.0.2 Branch Release notes

Filed under
OSS
Security

The major changes and known issues for the 1.0.2 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository.

Read more

A Look at Pentoo Linux and Its Security Analysis Tools

Filed under
Linux
Security

There is no shortage of security-focused Linux distributions on the market, and among them is Pentoo Linux. While some security-focused Linux distributions concentrate on privacy, like Tails, others like Kali Linux and Pentoo focus on security research, providing tools that enable research and penetration testing. Pentoo Linux differentiates itself from other security Linux distributions in a number of ways. The primary difference is the fact that Pentoo is based on Gentoo Linux, which is a source-based Linux distribution that uses the Portage package-management system. Gentoo has capabilities known as "Hardened Gentoo," which Pentoo also inherits, providing users with additional security configuration and control for the Linux distribution itself. Pentoo 2015 RC 3.7 was released Jan. 5, providing updated tools and features. Among the new features is the integrated ability to verify that the distribution files have not been corrupted. Pentoo provides many applications for security analysis, including wireless, database, exploit, cracking and forensic tools. In this slide show, eWEEK looks at key features and tools in the Pentoo 2015 RC3.7 release.

Read more

Red Hat: Security Makes Paying for Open Source Software Worth It

Filed under
Red Hat
Security

Open source software vendors do something akin to selling air: They get people to pay for something that easily, and perfectly legally, can be had for free. But added security is becoming an increasingly important part of the value proposition, as Red Hat (RHT), maker of one of the leading Linux enterprise distributions, emphasized this week in a statement on its software subscriptions.

Read more

Disk Encryption Tests On Fedora 21

Filed under
GNU
Graphics/Benchmarks
Linux
Security

If you've been wondering about the impact of enabling full-disk encryption when doing a fresh install of Fedora 21, here's some reference benchmarks comparing the Anaconda option of this latest Fedora Linux release.

Read more

VIDEO: Interview with ESET about Windigo & Advanced Linux Server-Side Threats

Filed under
GNU
Linux
Security

iTWire interviews ESET Malware Researcher Olivier Bilodeau, on his way to be one of the speakers at the 2015 Linux.conf.au conference, presenting on advanced Linux server-side threats.

Read more

Tails 1.2.3 is out

Filed under
GNU
Linux
Security
Debian

On January 3rd, the SSL certificate of our website hosting provider, boum.org, expired. This means that if you still are running Tails 1.2.1 or older, you will not get any update notification. Please help spreading the word!

Read more

Under the hood of I2P, the Tor alternative that reloaded Silk Road

Filed under
OSS
Security

Tor is apparently no longer a safe place to run a marketplace for illegal goods and services. With the alleged operator of the original Silk Road marketplace, Ross Ulbricht, now going to trial, the arrest of his alleged successor and a number of others in a joint US-European law enforcement operation, and the seizure of dozens of servers that hosted "hidden services" on the anonymizing network, the operators of the latest iteration of Silk Road have packed their tents and moved to a new territory: the previously low-profile I2P anonymizing network.

Read more

Syndicate content

More in Tux Machines

Why the Open Source Stars Must Align

Open source projects like OpenStack, Docker, OPNFV and OpenDaylight are more supported and better funded than ever before. They mark a broader trend of large, active and well-resourced open source projects that are among the leaders in Big Data, cloud computing, operating systems and development practices. Open source has come a long way in 30 years – and its success marks a new era for the overall OSS community. But success does not come without potential pitfalls. One of the greatest obstacles to project success isn’t the proprietary competition – it’s the lack of communication between large open source projects like OpenStack and Docker. Read more

Myth Busting the Open-Source Cloud Part 1

On the contrary, open-source cloud computing products are designed from the outset with security in mind. For example, there are features such as identity management to monitor who has access to content, and data encryption to safeguard information while it’s at rest or in transit. Furthermore, open-source cloud software is peer-reviewed by community participants, leading to continuous improvements in the quality of security features and mechanisms. This community also monitors and rapidly discloses vulnerabilities and issues, and provides security updates to address them. Read more

What does an adult look like in an open source community?

You're no longer "just an adult." You're now trusted and looked to for opinions on how the community should grow. You're a community elder. You embody the history. You keep the history. You work together with other adults and elders to guide and make the community stronger. And to a certain extent, the community once again looks after you, just as it did in the first phase. Read more