Language Selection

English French German Italian Portuguese Spanish

Security

Debian 8 Gets New Kernel Update, Five Vulnerabilities and a Regression Patched

Filed under
Security
Debian

Exactly one week after the release of the major kernel update for the Debian GNU/Linux 8 "Jessie" operating system on June 28, the Debian Project, through Salvatore Bonaccorso, has released a new Linux kernel security update.

Read more

Parsix GNU/Linux 8.10 and 8.5 Get the Latest Debian Security Fixes, Update Now

Filed under
GNU
Linux
Security
Debian

A few hours ago, the development team behind Parsix GNU/Linux, a Debian-based computer operating system sporting the modern GNOME 3 desktop environment, has announced that new security fixes are available for the stable Parsix GNU/Linux 8.5 "Atticus" distribution, and upcoming Parsix GNU/Linux 8.10 "Erik" release.

Read more

Security Leftovers

Filed under
Security

Network Security Toolkit (NST) Linux OS Released Based on Fedora 24, Linux 4.6

Filed under
Red Hat
Security

Today, July 4, 2016, Ronald Henderson has announced the release of a new version of the Fedora-based Network Security Toolkit (NST) Linux distribution for network security analysis and monitoring.

Read more

Security Leftovers

Filed under
Security
  • Progress Towards 100% HTTPS, June 2016
  • Exploiting Recursion in the Linux Kernel
  • Home Computers Connected to the Internet Aren't Private, Court Rules [iophk: "MS Windows == insecure, therefore all computer are game"]

    A judge in Virginia rules that people should have no expectation of privacy on their home PCs because no connected computer "is immune from invasion."
    A federal judge for the Eastern District of Virginia has ruled that the user of any computer that connects to the Internet should not have an expectation of privacy because computer security is ineffectual at stopping hackers.

    The June 23 ruling came in one of the many cases resulting from the FBI's infiltration of PlayPen, a hidden service on the Tor network that acted as a hub for child exploitation, and the subsequent prosecution of hundreds of individuals. To identify suspects, the FBI took control of PlayPen for two weeks and used, what it calls, a "network investigative technique," or NIT—a program that runs on a visitor's computer and identifies their Internet address.

Security Leftovers

Filed under
Security
  • 11 essential data security tips for travelers [iophk: "unfortunately VPNs have dated crypto"]

    I travel all over the world for my job, and for my hobbies. Although there are still plenty of places I haven't been, I've visited enough foreign countries that I don't deny it when someone calls me a world traveler. Over the years, I've experienced my fair share of foreign spying. I know what it's like to be snooped on.

    I'm no longer surprised when I suddenly get gobs of spam from a country I've visited. My best guess is that someone in the country intercepted my email and recorded my email address. I still get porn spam in Arabic and ads for weight loss products in Mandarin. I've had my laptop and USB keys searched at countless borders.

  • Yet another letsencrypt (ACME) client

    Well, I apparently joined the hordes of people writing ACME (the Protocol behind Let’s Encrypt) clients.

    Like the fairy tale Goldilocks, I couldn’t find a client in the right spot between minimalistic and full-featured for my needs: acme-tiny was too bare-bones; the official letsencrypt client (now called certbot) too huge; and simp_le came very close, but it’s support for pluggable certificate formats made it just a bit too big for me.

  • Keynote - Complexity: The Enemy of Security
  • Security Holes Found in Widely-Used File Compression Library, Leaving Other Products Dangerously Exposed
  • StartEncrypt considered harmful today

    Recently, one of our hackers (Thijs Alkemade) found a critical vulnerability in StartCom’s new StartEncrypt tool, that allows an attacker to gain valid SSL certificates for domains he does not control. While there are some restrictions on what domains the attack can be applied to, domains where the attack will work include google.com, facebook.com, live.com, dropbox.com and others.

  • Unikernels Will Create More Security Problems Than They Solve

    Unikernels, the most recent overhyped technology in search of a problem to solve, have a number of claimed attributes that make them a “better choice.” One most often claimed is that they are “more secure.” This is the first in a series of articles bringing some light to the reality of unikernels so that you can think about them properly, employ them for what they are good for, and avoid the hype.

  • The Python security response team

    As the final presentation of the 2016 Python Language Summit—though it was followed by a few lightning talks that we are not covering—Christian Heimes led a discussion on the Python security response team. There have been some problems along the way that generally boil down to a need for more people working on the team.

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

Red Hat and Fedora

FOSS Events: LCA and systemd.conf

  • 5 great linux.conf.au talks (that aren't about Linux)
    linux.conf.au, otherwise known as LCA, is one of the world's longest-running open source events. LCA has been held in a different city around Australia and New Zealand almost every year since 1999. Despite the name, linux.conf.au is a generalist open source conference. LCA hasn't been just about Linux for a long time. Rather, the conference focuses on everything to do with open source: the software, hardware, and network protocols that underly it. LCA also has a strong track on free and open culture, exploring how open source interacts with science, government, and the law.
  • FINAL REMINDER! systemd.conf 2016 CfP Ends on Monday!
    Please note that the systemd.conf 2016 Call for Participation ends on Monday, on Aug. 1st! Please send in your talk proposal by then! We’ve already got a good number of excellent submissions, but we are very interested in yours, too!

OSS Leftovers

Programming