Language Selection

English French German Italian Portuguese Spanish

Security

Pretty Nasty DHCP Vulnerabilty Closed in All Supported Ubuntu OSes

Filed under
Security
Ubuntu

Canonical has published details about a DHCP vulnerability that has been found and repaired in Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04.

Read more

Zero-Day FFmpeg Vulnerability Lets Anyone Steal Files from Remote Machines

Filed under
OSS
Security

A zero-day vulnerability in the FFmpeg open-source multimedia framework, which is currently used in numerous Linux kernel-based operating systems and software applications, also for the Mac OS X and Windows platforms, has been discovered recently.

Read more

Tails Call for testing: 2.0~rc1

Filed under
GNU
Linux
Security
Debian

You can help Tails! The first release candidate for the upcoming version 2.0 is out. We are very excited and cannot wait to hear what you think about it Smile

Read more

Security Leftovers

Filed under
Security

Drupal Hardens Its Security in Response to Criticism

Filed under
OSS
Drupal
Security

The open-source Drupal content-management system (CMS) is talking steps to help protect against multiple potential risks that have been publicly revealed. On Jan. 6, security research vendor IOactive first disclosed the issues, which are focused on the Drupal update process. The Drupal project's security team is aware of the concerns and is fixing all the issues, though it is also downplaying the overall risk.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • Gmail and a Can of Spam

    I am still trying to figure out the events that led to this intrusion. I’ve read almost everything there is to read on Google’s Gmail pages, without finding much. Google seems adamant about not giving-out one-on-one help, but maybe I just didn’t look long enough. On my own, I’ve evoked two step verification on my main email addresses, so that’s settled. But still…I’d like to figure out when and how this breach took place. What magic sequence of events happened to allow this?

    Did I mention I’m a security idiot? Yeah…I thought I did.

    It feels strange to again delve into antivirus and malware protection. I’ve been a smug, self-assured dummy when it comes to online threats and Linux in general. And while what happened can’t really be blamed on Linux per se, it happened in a Linux neighborhood, so I am going to arm myself against any and all malware comers

    Although I’m not above paying for good software, trying to discern what software is good and which is shiny junk can be a daunting challenge, especially in the Linuxsphere. In the tests I’ve studied over the past four days, ClamAV seems to be an online favorite, but they lack the one thing I am going to need on our Reglue kid’s computers: a friendly, useful graphical interface. I’m not going to tell an 11-year-old to drop to the command line to do anything, even if they do need to learn that the blinking prompt can make magic things happen. In time, I will teach them, but for now…. ClamAV failed the initial tests.

  • 602 Gbps! This May Have Been the Largest DDoS Attack in History

    Cyber attacks are getting evil and worst nightmare for companies day-by-day, and the Distributed Denial of Service (DDoS) attack is one of the favorite weapon for hackers to temporarily suspend services of a host connected to the Internet.

    Until now, nearly every big website had been a victim of this attack, and the most recent one was conducted against the BBC's websites and Republican presidential candidate Donald Trump's main campaign website over this past holiday weekend.

  • How to Set up a Successful Bug Bounty Program [VIDEO]

    A bug bounty program is among the most impactful additions to a software security process. With a bug bounty program, security researchers submit reports on potential vulnerabilities, typically with the promise of a reward or "bounty" for their efforts.

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • 602 Gbps DDoS Attack On BBC Proves That 2016 Isn’t Going To Be Any Different

    On New Year’s eve, the BBC website and iPlayer service went down due to a massive Distributed Denial of Service (DDoS) attack. The attack peaked up to 602 Gbps, according to the claims made by the New World Hacking group, who took the responsibility of the attack. In another recent attack, the Republican presidential candidate Donald Trump’s main campaign website was also targeted by the same group.

  • Fatally weak MD5 function torpedoes crypto protections in HTTPS and IPSEC

    If you thought MD5 was banished from HTTPS encryption, you'd be wrong. It turns out the fatally weak cryptographic hash function, along with its only slightly stronger SHA1 cousin, are still widely used in the transport layer security protocol that underpins HTTPS. Now, researchers have devised a series of attacks that exploit the weaknesses to break or degrade key protections provided not only by HTTPS but also other encryption protocols, including Internet Protocol Security and secure shell.

Ubuntu Touch to Support Encryption of User Data

Filed under
Security
Ubuntu

The Ubuntu Touch operating system is also going to provide support for encryption of user data; developers have revealed.

It wasn’t a secret that Ubuntu Touch will get encryption, but it’s also not listed as an upcoming feature. It’s buried in a wiki entry with plans for Ubuntu Touch, but it’s nice to see that it’s still being considered, even if it’s not going to arrive anytime soon.

Read more

Also: Ubuntu ‘Spyware’ Will Be Disabled In Ubuntu 16.04 LTS

Tails 1.8.2 is out

Filed under
GNU
Linux
Security
Debian

This release fixes numerous security issues. All users must upgrade as soon as possible.

Read more

Also: Debian LTS Work December 2015

Syndicate content

More in Tux Machines

Raspberry Pi: New NOOBS and Raspbian releases

The Release Notes are available, and don't indicate that there are very large changes in this release, just some nice incremental updates, bug fixes, and general cleanup. There may be some interesting internal changes; we'll have to wait for the official announcement to hear about that. Read more

Tunir 0.13 is released and one year of development

I have started Tunir on Jan 12 2015, means it got more than one year of development history. At the beginning it was just a project to help me out with Fedora Cloud image testing. But it grew to a point where it is being used as the Autocloud backend to test Fedora Cloud, and Vagrant images. We will soon start testing the Fedora AMI(s) too using the same. Within this one year, there were total 7 contributors to the project. In total we are around 1k lines of Python code. I am personally using Tunir for various other projects too. One funny thing from the code commits timings, no commit on Sundays :) Read more

Andy Rubin Unleashed Android on the World. Now Watch Him Do the Same With AI

Now that Rubin had shepherded smartphones from concept to phenomenon, they no longer held much interest. As an engineering problem, they had been solved. Sure, entrepreneurs kept launching new apps, but for someone who considered engineering an art, that was like adding a few brushstrokes atop layers of dried paint. Rubin wanted to touch canvas again—and he could see a fresh one unfurling in front of him. Read more

Building a culture of more pluggable open source

If there is one word that often percolates conversations hailing the benefits of open source, it is choice. We often celebrate many of the 800+ Linux distributions, the countless desktops, applications, frameworks, and more. Choice, it would seem, is a good thing. Interestingly, choice is also an emotive thing. Read more