Language Selection

English French German Italian Portuguese Spanish

Security

Security News

Filed under
Security
  • Endian Firewall Community 3.2.1 Adds Extended 3G Modem Support, Linux Kernel 4.1

    Today, July 31, 2016, the Endian Team proudly announced that the Endian Firewall Community 3.2 GNU/Linux distribution is out of Beta and ready to be deployed in stable, production environments.

    Endian Firewall Community 3.2.1 is now the latest stable and most advanced version of the CentOS-based GNU/Linux operating system that has been designed to be used in routers and network firewall devices. And it looks like it's also a pretty major update that introduces lots of enhancements, many new features, as well as the usual under-the-hood improvements.

  • HTTPS Bypassed On Windows, Mac, And Linux

    HTTPS encryption assured users that the addresses of the websites they visit could not be monitored or viewed by data snoopers and other such malicious users. However, a new hack has broken this encryption. This hack can be carried out on any network, most notably in Wi-Fi hotspots, where this encryption is most required.

  • Intel's Crosswalk open source dev library has serious SSL bug

    Developers using Intel's Crosswalk SSL library: it's time to patch and push out an upgrade.

    Crosswalk is a cross-platform library that supports deployment to Android, iOS and Windows Phone, but the bug is Android-specific.

    The library has a bug in how it handles SSL errors, and as a result, end users on Android could be tricked into accepting MITM certificates.

    As consultancy Nightwatch Cyber Security explains, if a user accepts one invalid or self-signed SSL certificate, Crosswalk remembers that choice and applies it to all future certificates.

Security Leftovers

Filed under
Security
  • Xen patches critical guest privilege escalation bug

    A freshly uncovered bug in the Xen virtualisation hypervisor could potentially allow guests to escalate their privileges until they have full control of the hosts they're running on.

    The Xen hypervisor is used by cloud giants Amazon Web Services, IBM and Rackspace.

    Inadequate security checks of how virtual machines access memory means a malicous, paravirtualised guest administrator can raise their system privileges to that of the host on unpatched installations, Xen said.

  • Xen Vulnerability Allows Hackers To Escape Qubes OS VM And Own the Host
  • The Security of Our Election Systems [Too much of Microsoft]

    The FBI is investigating. WikiLeaks promises there is more data to come. The political nature of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation's computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November ­ that our election systems and our voting machines could be vulnerable to a similar attack.

  • Data program accessed in cyber-attack on Democrats, says Clinton campaign [iophk: "Windows still"]

    A data program used by the campaign of the Democratic presidential candidate, Hillary Clinton, was “accessed” as a part of hack on the Democratic National Committee (DNC) that intelligence officials believe was carried out by Russia’s intelligence services, Clinton’s campaign said on Friday.

  • A Famed Hacker Is Grading Thousands of Programs — and May Revolutionize Software in the Process

    “There are applications out there that really do demonstrate good [security] hygiene … and the vast majority are somewhere else on the continuum from moderate to atrocious,” Peiter Zatko says. “But the nice thing is that now you can actually see where the software package lives on that continuum.”

    Joshua Corman, founder of I Am the Cavalry, a group aimed at improving the security of software in critical devices like cars and medical devices, and head of the Cyber Statecraft Initiative for the Atlantic Council, says the public is in sore need of data that can help people assess the security of software products.

    “Markets do well when an informed buyer can make an informed risk decision, and right now there is incredibly scant transparency in the buyer’s realm,” he says.

Security News

Filed under
Security

Fedora 24 Linux OS Gets New, Updated Lives ISOs with Latest Security Patches

Filed under
Red Hat
Security

Founder of The Fedora Unity Project and Fedora Ambassador, Ben Williams, is happy to report that updated Live ISO images of the Fedora 24 GNU/Linux operating system are now available for download.

Read more

Security News

Filed under
Security
  • Security advisories for Thursday
  • Please save GMane!
  • The End of Gmane?

    In 2002, I grew annoyed with not finding the obscure technical information I was looking for, so I started Gmane, the mailing list archive. All technical discussion took place on mailing lists those days, and archiving those were, at best, spotty and with horrible web interfaces.

    The past few weeks, the Gmane machines (and more importantly, the company I work for, who are graciously hosting the servers) have been the target of a number of distributed denial of service attacks. Our upstream have been good about helping us filter out the DDoS traffic, but it’s meant serious downtime where we’ve been completely off the Internet.

  • Pwnie Express makes IoT, Android security arsenal open source

    Pwnie Express has given the keys to software used to secure the Internet of Things (IoT) and Android software to the open-source community.

    The Internet of Things (IoT), the emergence of devices ranging from lighting to fridges and embedded systems which are connected to the web, has paved an avenue for cyberattackers to exploit.

  • The Software Supply Chain Is Bedeviled by Bad Open-Source Code [Ed: again, trace this back to FUD firms like Sonatype in this case]

    Open-source components play a key role in the software supply chain. By reducing the amount of code that development organizations need to write, open source enables companies to deliver software more efficiently — but not without significant risks, including defective and outdated components and security vulnerabilities.

  • Securing a Virtual World [Ed: paywall, undated (no year but reposted)]
  • Google tells Android's Linux kernel to toughen up and fight off those horrible hacker bullies

    In a blog post, Jeff Vander Stoep of the mobile operating system's security team said that in the next build of the OS, named Nougat, Google is going to be addressing two key areas of the Linux kernel that reside at the heart of most of the world's smartphones: memory protection and reducing areas available for attack by hackers.

Security Leftovers

Filed under
Security

Parrot Security OS – A Debian Based Distro for Penetration Testing, Hacking and Anonymity

Filed under
GNU
Linux
Security
Debian

Parrot Security operating system is a Debian-based Linux distribution built by Frozenbox Network for cloud oriented penetration testing. It is a comprehensive, portable security lab that you can use for cloud pentesting, computer forensics, reverse engineering, hacking, cryptography and privacy/anonymity.

Read more

OPNsense 16.7

Filed under
Security
BSD
  • OPNsense 16.7 released
  • pfSense/m0n0wall-Forked OPNsense 16.7 Released

    The latest major release is out of OPNsense, a BSD open-source firewall OS project derived from pfSense and m0n0wall.

    OPNsense 16.7 brings NetFlow-based reporting and export, trafic shaping support, two-factor authentication, HTTPS and ICAP support in the proxy server, and UEFI boot and installation modes.

Security News

Filed under
Security
  • Linux Security Automation at Scale in the Cloud

    Ten years ago it didn’t seem like Linux growth could increase any faster. Then, in 2006, Amazon launched Amazon Web Services (AWS). Linux growth went from linear to exponential. AWS competitors sprang up and were acquired by IBM, Microsoft, and other big players, accelerating Linux expansion even more.

    Linux became the platform of choice for the private cloud. But this movement wasn’t confined to the cloud. A rush to create Linux applications and services spilled over to traditional on premises. Linux had evolved from that obscure thing people ran web servers on to the backbone operating system of the majority of IT.

  • Don’t want to get hacked? Close your laptop.

    My friends often leave their computers open and unlocked. I tell them they should probably get in the habit of locking their computers, but they don’t listen to me. So I’ve created a simple project to hack my friends and show them the importance of computer security.

    All I need to do is wait for them to leave their computer unlocked for a few seconds, open up their terminal, and type a single, short command.

  • Citibank IT guy deliberately wiped routers, shut down 90% of firm’s networks across America

    It was just after 6pm on December 23, 2013, and Lennon Ray Brown, a computer engineer at the Citibank Regents Campus in Irving, Texas, was out for revenge.

    Earlier in the day, Brown – who was responsible for the bank’s IT systems – had attended a work performance review with his supervisor.

    It hadn’t gone well.

    Brown was now a ticking time bomb inside the organisation, waiting for his opportunity to strike. And with the insider privileges given to him by the company, he had more of an opportunity to wreak havoc than any external hacker.

  • Explo-Xen! Bunker buster bug breaks out guests from hypervisor

    A super-bug in the Xen hypervisor may allow privileged code running in guests to escape to the underlying host.

    This means, on vulnerable systems, malicious administrators within virtual machines can potentially break out of their confines and start interfering with the host server and other guests. This could be really bad news for shared environments.

    All versions of open-source Xen are affected (CVE-2016-6258, XSA-182) although it is only potentially exploitable on x86 hardware running paravirtualized (PV) guests. The bug was discovered by Jérémie Boutoille of Quarkslab, and publicly patched on Tuesday for Xen versions 4.3 to 4.7 and the latest bleeding-edge code.

  • Intel Puts Numbers on the Security Talent Shortage

    The cybersecurity shortfall in the workforce remains a critical vulnerability for companies and nations, according to an Intel Security report being issued today.

    Eighty-two percent of surveyed respondents reported a shortage of security skills, and respondents in every country said that cybersecurity education is deficient.

Syndicate content

More in Tux Machines

Android/Google Leftovers

3 open source alternatives to Office 365

It can be hard to get away from working and collaborating on the web. Doing that is incredibly convenient: as long as you have an internet connection, you can easily work and share from just about anywhere, on just about any device. The main problem with most web-based office suites—like Google Drive, Zoho Office, and Office365—is that they're closed source. Your data also exists at the whim of large corporations. I'm sure you've heard numerous stories of, say, Google locking or removing accounts without warning. If that happens to you, you lose what's yours. So what's an open source advocate who wants to work with web applications to do? You turn to an open source alternative, of course. Let's take a look at three of them. Read more

Hackable voice-controlled speaker and IoT controller hits KS

SeedStudio’s hackable, $49 and up “ReSpeaker” speaker system runs OpenWrt on a Mediatek MT7688 and offers voice control over home appliances. The ReSpeaker went live on Kickstarter today and has already reached 95 percent of its $40,000 funding goal with 29 days remaining. The device is billed by SeedStudio as an “open source, modular voice interface that allows us to hack things around us, just using our voices.” While it can be used as an Internet media player or a voice-activated IoT hub — especially when integrated with Seeed’s Wio Link IoT board — it’s designed to be paired with individual devices. For example, the campaign’s video shows the ReSpeaker being tucked inside a teddy bear or toy robot, or attached to plant, enabling voice control and voice synthesis. Yes, the plant actually asks to be watered. Read more

Security News