Language Selection

English French German Italian Portuguese Spanish


Security News

Filed under
  • Canonical Patches OpenSSL Regression in Ubuntu 16.04 LTS, 14.04 LTS & 12.04 LTS

    After announcing a few days ago that a new, important OpenSSL update is available for all supported Ubuntu Linux operating systems, Canonical's Marc Deslauriers now informs the community about another patch to address a regression.

    The new security advisory (USN-3087-2) talks about a regression that was accidentally introduced along with the previous OpenSSL update (as detailed on USN-3087-1), which addressed no less than eleven (11) security vulnerabilities discovered upstream by the OpenSSL team.

  • Patch AGAIN: OpenSSL security fixes now need their own security fixes
  • Bangladesh Bank exposed to hackers by cheap switches, no firewall: Police
  • This is the Israeli company that can hack any iPhone and Android smartphone

    If Cellebrite sounds familiar, that’s because the name of this Israeli company came up during Apple’s standoff with the FBI over breaking iPhone encryption. The agency managed to crack the San Bernardino iPhone with the help of an undisclosed company. Many people believe it was Cellebrite that came to the rescue. Meanwhile, the company revealed that it could hack just about any modern smartphone, but refused to say whether its expertise is used by the police forces of repressive regimes.

  • Reproducible Builds: week 74 in Stretch cycle
  • East-West Encryption: The Next Security Frontier?

    Microsegmentation, a method to create secure, virtual connections in software-defined data centers (SDDCs), has already emerged as one of the primary reasons to embrace network virtualization (NV). But some vendors believe that East-West encryption of traffic inside the data center could be the next stop in data-center security.

    For example, VMware says it is looking at encrypting East-West traffic inside the data center, adding another layer of security to the SDDC. Why is that important? Today, most firewalls operate on the perimeter of the data center – either guarding or encrypting data leaving the data center for the WAN. And some security products may encrypt data at rest inside the data center. But encrypting the traffic in motion between servers inside the data center – known in the business as the East-West traffic – is not something that’s typically done.

  • DHS Offers Its Unsolicited 'Help' In Securing The Internet Of Things [Ed: In the UK, GCHQ meddles in the Surveillance of Things in the name of 'security' while at the same time, with Tories' consent, cracking PCs]

    It's generally agreed that the state of security for the Internet of Things runs from "abysmal" to "compromised during unboxing." The government -- despite no one asking it to -- is offering to help out… somehow. DHS Assistant Secretary for Cyber Policy Robert Silvers spoke at the Internet of Things forum, offering up a pile of words that indicates Silvers is pretty cool with the "cyber" part of his title... but not all that strong on the "policy" part.

IPFire 2.19 Linux Firewall OS Patched Against the Latest OpenSSL Vulnerabilities

Filed under

Only three days after announcing the release of IPFire 2.19 Core Update 104, Michael Tremer informs the community about the availability of a new update, Core Update 105, which brings important OpenSSL patches.

Read more

Tor Project Releases Tor (The Onion Router) with Important Bug Fixes

Filed under

The Tor Project announced recently the release of yet another important maintenance update to the stable Tor 0.2.8.x series of the open-source and free software to protect your anonymity while surfing the Internet.

Read more

Security News

Filed under
  • Security advisories for Monday
  • OpenSSL security advisory for September 26

    This OpenSSL security advisory is notable in that it's the second one in four days; sites that updated after the first one may need to do so again.

  • Who left all this fire everywhere?

    If you're paying attention, you saw the news about Yahoo's breach. Five hundred million accounts. That's a whole lot of data if you think about it. But here's the thing. If you're a security person, are you surprised by this? If you are, you've not been paying attention.

Antivirus Live CD 20.0-0.99.2 Uses ClamAV 0.99.2 to Protect Your PC from Viruses

Filed under

Today, September 25, 2016, 4MLinux developer Zbigniew Konojacki informs Softpedia about the immediate availability for download of a new, updated version of his popular, independent, free, and open source Antivirus Live CD.

Read more

Parsix GNU/Linux 8.10 "Erik" Gets the Latest Debian Security Fixes, Update Now

Filed under

A few minutes ago, the development team behind the Debian-based Parsix GNU/Linux computer operating system announced that new security fixes are now available for the Parsix GNU/Linux 8.10 "Erik" release.

Read more

Security Leftovers

Filed under
  • Krebs Goes Down, Opera Gets a VPN & More…

    Krebs on Security in record DDOS attack: Everybody’s go-to site for news and views of security issues, has been temporarily knocked offline in a DDOS attack for the record books. We first heard about the attack on Thursday morning after Brian Krebs reported that his site was being hit by as much as 620 Gbs, more than double the previous record which was considered to be a mind-blower back in 2013 when the anti-spam site Spamhaus was brought to its knees.

    Security sites such as Krebs’ that perform investigative research into security issues are often targets of the bad guys. In this latest case, Ars Technica reported the attack came after Krebs published the identity of people connected with vDOS, Israeli black hats who launched DDOS attacks for pay and took in $600,000 in two years doing so. Akamai had been donating DDoS mitigation services to Krebs, but by 4 p.m. on the day the attack began they withdrew the service, motivated by the high cost of defending against such a massive attack. At this point, Krebs decided to shut down his site.

  • Upgrade your SSH keys!

    When generating the keypair, you're asked for a passphrase to encrypt the private key with. If you will ever lose your private key it should protect others from impersonating you because it will be encrypted with the passphrase. To actually prevent this, one should make sure to prevent easy brute-forcing of the passphrase.

    OpenSSH key generator offers two options to resistance to brute-force password cracking: using the new OpenSSH key format and increasing the amount of key derivation function rounds. It slows down the process of unlocking the key, but this is what prevents efficient brute-forcing by a malicious user too. I'd say experiment with the amount of rounds on your system. Start at about 100 rounds. On my system it takes about one second to decrypt and load the key once per day using an agent. Very much acceptable, imo.

  • Irssi 0.8.20 Released
  • What It Costs to Run Let's Encrypt

    Today we’d like to explain what it costs to run Let’s Encrypt. We’re doing this because we strive to be a transparent organization, we want people to have some context for their contributions to the project, and because it’s interesting.

    Let’s Encrypt will require about $2.9M USD to operate in 2017. We believe this is an incredible value for a secure and reliable service that is capable of issuing certificates globally, to every server on the Web free of charge.

    We’re currently working to raise the money we need to operate through the next year. Please consider donating or becoming a sponsor if you’re able to do so! In the event that we end up being able to raise more money than we need to just keep Let’s Encrypt running we can look into adding other services to improve access to a more secure and privacy-respecting Web.

  • North Korean DNS Leak reveals North Korean websites

    One of North Korea’s top level DNS servers was mis-configured today (20th September 2016) accidentally allowing global DNS zone transfers. This allowed anyone who makes a zone transfer request (AXFR) to retrieve a copy of the nation’s top level DNS data.


    This data showed there are 28 domains configured inside North Korea, here is the list:

  • Yahoo’s Three Hacks

    As a number of outlets have reported, Yahoo has announced that 500 million of its users’ accounts got hacked in 2014 by a suspected state actor.

    But that massive hack is actually one of three interesting hacks of Yahoo in recent years.

Security News

Filed under
  • Friday's security updates
  • Impending cumulative updates unnerve Windows patch experts

    Microsoft's decision to force Windows 10's patch and maintenance model on customers running the older-but-more-popular Windows 7 has patch experts nervous.

    "Bottom line, everyone is holding their breath, hoping for the best, expecting the worst," said Susan Bradley in an email. Bradley is well known in Windows circles for her expertise on Microsoft's patching processes: She writes on the topic for the Windows Secrets newsletter and moderates the mailing list, where business IT administrators discuss update tradecraft.

  • Yahoo is sued for gross negligence over huge hacking

    Yahoo Inc (YHOO.O) was sued on Friday by a user who accused it of gross negligence over a massive 2014 hacking in which information was stolen from at least 500 million accounts.

    The lawsuit was filed in the federal court in San Jose, California, one day after Yahoo disclosed the hacking, unprecedented in size, by what it believed was a "state-sponsored actor."

    Ronald Schwartz, a New York resident, sued on behalf of all Yahoo users in the United States whose personal information was compromised. The lawsuit seeks class-action status and unspecified damages.

    A Yahoo spokeswoman said the Sunnyvale, California-based company does not discuss pending litigation.

  • Yahoo faces questions after hack of half a billion accounts

    Yahoo’s admission that the personal data of half a billion users has been stolen by “state-sponsored” hackers leaves pressing questions unanswered, according to security researchers.

    Details, including names, email addresses, phone numbers and security questions were taken from the company’s network in late 2014. Passwords were also taken, but in a “hashed” form, which prevents them from being immediately re-used, and the company believes that financial information held with it remains safe.

IPFire 2.19 - Core Update 105 released

Filed under

This is the official release announcement for IPFire 2.19 – Core Update 105 which patches a number of security issues in two cryptographic libaries: openssl and libgcrypt. We recommend installing this update as soon as possible and reboot the IPFire system to complete the update.

Read more

Security News

Filed under
  • A pile of security updates for Thursday
  • What this Yahoo data breach means for you

    On Thursday afternoon Yahoo confirmed a massive data leak of at least 500 million user accounts, which is a very big deal.

    Though the data breach obviously spells trouble for those with YahooMail accounts, users with hacked accounts need to keep in mind that the breach goes so much further.

    Yahoo owns a bunch of other major sites like Flickr, Tumblr and fantasy football site, which means the 500 million users affected by the data breach also have to worry about their personal information associated with all additional Yahoo services.

  • Hackers now have a treasure trove of user data with the Yahoo breach
  • Half! a! billion! Yahoo! email! accounts! raided! by! 'state! hackers!'

    Hackers strongly believed to be state-sponsored swiped account records for 500 million Yahoo! webmail users. And who knew there were that many people using its email?

    The troubled online giant said on Thursday that the break-in occurred in late 2014, and that names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers, were lifted.

    This comes after a miscreant calling themselves Peace was touting copies of the Yahoo! account database on the dark web. At the time, in early August, Yahoo! said it was aware of claims that sensitive information was being sold online – and then today, nearly two months later, it alerted the world to the embarrassing security breach.

  • Brian Krebs' blog banged in bloody massive DDoS

    YOU KNOW that Brian Krebs guy? Well, his website has been hit with a huge denial-of-service (DDoS) attack that he couldn't handle on his own.

    Krebs is that security guy. He is bound to have some enemies out there, so we expect that sooner or later someone will take the credit for ruining the pathway to his pages.

    For now we have Krebs to explain what happened and who helped him deal with it. The short version is that there was great big whack of an attack on him, and that he needed assistance from security firm Akamai.

Syndicate content

More in Tux Machines

today's leftovers

  • Acer updates Chromebook 15 with 12-hour battery life -- $199 exclusively at Walmart
    Chromebooks are not for everyone, but for many home users, it is absolute perfection. If you live in the web browser -- as many people do nowadays -- laptops running Google's Linux-based Chrome OS are a godsend because they are maintenance free. No need for confusing OS upgrades or anti-virus software. It just works, and it works well. Since they can now run Android apps too, they could become a serious threat to Microsoft and Windows 10. One of the most attractive aspects of Chromebooks is price -- they are often quite affordable. Today, Acer refreshes its 15.6 inch Chromebook 15 with a mind-boggling 12 hours of battery life. Best of all? It starts at $199. Yes, this model will get Android app support in a future update too.
  • Of Life, Linux and Karma Angels
    Angel filed appeal after appeal only to be denied on every attempt. Texas is an "at will" employment state so being terminated for cause can mean anything. Over the next few weeks, Angel became more and more fearful of losing her house, as she had just purchased it a year before. On top of that, her HP desktop had taken a nose dive into severe brokeness and that made it extra difficult for her to look for work. I put together a decent desktop for her and installed it that day, and was a Linux computer. Angel didn't have even the slightest problem with the new machine, and she wasn't particularly good at using one. So, let's put another slash in the falsehood that Linux is too hard for the everyday user. Most of them anyway. YMMV. To her glee, the OS picked up and configured her Epson all in one without her lifting a finger to do so. She almost clapped for happiness, stating that in Windows, installing that printer had been a nightmare, even with the included driver CD. And just to pinpoint the time frame for you, it was the summer of 2006.
  • Deus Ex: Mankind Divided to launch on Linux in November, Mac version delayed
    Feral Entertainment has announced that Deus Ex: Mankind Divided will be launching on Linux in November. Feral Interactive is currently working on the Linux port of the game. In September the game development studio announced that Deus Ex: Mankind Divided would make its way to two additional platforms: Linux and Mac. The Linux version of the game will most likely make use of OpenGL or Vulkan to power its graphics engine.
  • Mad Max: It Came From The Desert to Linux
    First of all, let me get one thing straight out of the way, so you know where I come from. I did not like the recent Mad Max movie. Like, not at all. Not that I mind the post apocalyptic theme. I used to like the older Mad Max’s just fine (probably the first one the best). The new one…meh. The Max character had virtually no back story (as thin as a sheet of paper) and he was just acting like a crazy person from beginning to end. The story’s premise was boring and just an excuse for endless and not so impressive action scenes. So there was nothing redeeming it. I know this is not the mainstream opinion of the movie (everyone apparently thought it was the best thing ever since sliced bread) so I can only attribute this phenomenon to either mass hysteria or simply a clear decrease in movie expectations. The Force Awakens‘ success, despite being a mediocre movie and certainly underwhelming compared to the original trilogy, certainly echoes the same trend. I guess you cannot beat nostalgia. Just tag a Millennium Falcon on and you get a free ride no matter how incoherent the story or the characters are.
  • Budgie Remix 16.10 Overview
  • I Switched To OpenSuse Tumbleweed :)
  • 50-day Moving Average Of Red Hat, Inc. (NYSE:RHT) At $76.67
  • Red Hat, Inc. (NYSE: RHT) – Is this large market cap stock undervalued?
  • Fedora 25 new features, Perl removed from Build Root
    Fedora is the fast-paced bleeding-edge distribution of Red Hat. Fedora 25 is the second release of 2016 the other being Fedora 24. Let’s discover what lies in the future of this popular Linux distribution especially among developers.
  • "dnf update" considered harmful
    Updating a Linux distribution has historically been done from the command line (using tools like Debian's apt-get, openSUSE's zypper, or Fedora's yum—or its successor dnf). A series of crashes during system updates on Fedora 24 led Adam Williamson to post a note to fedora-devel and other mailing lists warning people away from running "dnf update" within desktop environments. It turns out that doing so has never truly been supported—though it works the vast majority of the time. The discussion around Williamson's note, however, makes it clear that the command is commonly run that way and that at least some users are quite surprised (and unhappy) that it isn't a supported option.
  • Supporting UEFI secure boot in Debian
    The Debian project can be accused of many things, but jumping too quickly on leading-edge technology is not one of them. That can be seen in, among other things, the fact that there is still not a version of the distribution that supports the UEFI secure boot mechanism. But, as Ben Hutchings explained during his 2016 Kernel Recipes talk, such support is in the works, and it will be implemented in a uniquely Debian-like manner.
  • The Lenovo Yoga Book Is the Future of Laptops, But It's Missing an Operating System
    For this review I spent a week with the Android version of Lenovo’s slick new backflipping laptop. Guts-wise it’s identical to the Windows 10 variant. They both feature Intel Atom x5-Z8550 processors, 4GB of RAM, 64GB of on-device storage, and 1920 x 1200 resolution displays. The Android version starts at $500 and the Windows version starts at $550.
  • Another Broken Nexus 5
    In late 2013 I bought a Nexus 5 for my wife [1]. It’s a good phone and I generally have no complaints about the way it works. In the middle of 2016 I had to make a warranty claim when the original Nexus 5 stopped working [2]. Google’s warranty support was ok, the call-back was good but unfortunately there was some confusion which delayed replacement. Once the confusion about the IMEI was resolved the warranty replacement method was to bill my credit card for a replacement phone and reverse the charge if/when they got the original phone back and found it to have a defect covered by warranty. This policy meant that I got a new phone sooner as they didn’t need to get the old phone first. This is a huge benefit for defects that don’t make the phone unusable as you will never be without a phone. Also if the user determines that the breakage was their fault they can just refrain from sending in the old phone.

Key financial blockchain technology is open sourced

Kernel Space/Linux

  • Linux 4.9's Efficient BPF-based Profiler
    Linux 4.9 skips needing the file entirely, and its associated overheads. I wrote about this as a missing BPF feature in March. It is now done.
  • UBIFS Working On File Encryption Support
    Following EXT4 file-system encryption and F2FS per-file encryption support, the UBIFS file-system is also bringing in encryption support built off this fscrypto framework used by EXT4/F2FS. In making use of fscrypto, the UBIFS file-system encryption support is similar to the EXT4/F2FS implementations and supports not only encrypting the file contents but also the file name. In making use of this framework, it only took around one thousand lines of new code to make it happen from the kernel-side while the user-space changes for supporting UBIFS encryption are still baking. UBIFS for those out of the look is the Unsorted Block Image File-System that's built atop UBI and designed for raw flash memory media.
  • An important set of stable kernel updates
  • Linux Kernels 3.16.38, 3.12.66, 3.10.104, and 3.2.83 Patched Against "Dirty COW"
    We reported the other day that an ancient bug, which existed in the Linux kernel since 2005, was patched in several recent updates, namely Linux kernel 4.8.3, Linux kernel 4.7.9, and Linux kernel 4.4.26 LTS. One day later, the maintainers of other supported Linux kernel branches patched the bug, which is dubbed by researchers as "Dirty COW" and documented as CVE-2016-5195. As such, today we'd like to inform those of running GNU/Linux distributions powered by kernels from the Linux 3.16, 3.12, 3.10, and 3.2 series that new updates are available for their systems.
  • Linux users warned over serious vulnerability affecting many versions
  • MuQSS - The Multiple Queue Skiplist Scheduler v0.112
    It's getting close now to the point where it can replace BFS in -ck releases. Thanks to the many people testing and reporting back, some other misbehaviours were discovered and their associated fixes have been committed.
  • Linux Raid mdadm md0
    Linux Raid is the de-facto way for decades in the linux-world on how to create and use a software raid. RAID stands for: Redundant Array of Independent Disks. Some people use the I for inexpensive disks, I guess that works too!
  • On Linux kernel maintainer scalability
    LWN's traditional development statistics article for the 4.6 development cycle ended with a statement that the process was running smoothly and that there were no process scalability issues in sight. Wolfram Sang started his 2016 LinuxCon Europe talk by taking issue with that claim. He thinks that there are indeed scalability problems in the kernel's development process. A look at his argument is of interest, especially when contrasted with another recent talk on maintainer scalability.
  • First comparison of Vulkan API vs OpenGL ES API on ARM
  • Prime Indicator Plus Makes It Easy To Switch Between Nvidia And Intel Graphics (Nvidia Optimus)
    The original Prime Indicator hasn't been updated since February, 2015. André Brait forked the indicator (while also using code from the Linux Mint version), improving it with both new functionality and bug fixes, and the new app is called Prime Indicator Plus. Using the nvidia-prime package, Ubuntu users can switch between Intel and Nvidia graphics by using Nvidia Settings (under PRIME Profiles), which then requires restarting the session (logout/login) to apply the changes. Prime Indicator makes this easier, by allowing you to switch graphics from the indicator menu, including triggering the logout.
  • Features You Will Not Find In The Mesa 13.0 Release
    While Mesa 13.0 is coming along for release next month with exciting features like OpenGL 4.5 for Intel, unofficial GL 4.4/4.5 for RadeonSI/NVC0, and the addition of the RADV Radeon Vulkan driver, there is some functionality that sadly won't be found in this release. Below are some features/functionality not currently found in Mesa 13.0. Some of the mentioned items have patches floating on the mailing list that weren't merged in time while other items are more along the lines of pipe-dreams that would have been fun to see in Mesa for 2016.
  • Crucial MX300: Good Linux Performance, 525GB SSD For Only $120 USD

Leftovers: Software

  • i2pd 2.10 released
    i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client. I2P (Invisible Internet Protocol) is a universal anonymous network layer. All communications over I2P are anonymous and end-to-end encrypted, participants don't reveal their real IP addresses. I2P client is a software used for building and using anonymous I2P networks. Such networks are commonly used for anonymous peer-to-peer applications (filesharing, cryptocurrencies) and anonymous client-server applications (websites, instant messengers, chat-servers). I2P allows people from all around the world to communicate and share information without restrictions.
  • Pixeluvo Review | Photo Editor for Linux & Windows
    A review of Pixeluvo, a great photo editor available on Linux and Windows. Pixeluvo is not free or open source.
  • Blit, A Retrospective On My Largest Project Ever
    I’ve always been someone who’s liked art and programming. Especially combining the two. One of my favorite genres is pixel art, or sprites as they are also known. I’ve dabbled in making a few other art programs before, but nothing like this. Originally Blit supposed to be only a sprite animation tool that had a modern look and feel, but my ideas for it grew greater (*sigh* feature creep). There are many other sprinting tools out there like GrafX2, Aseprite, (and other 2D animation programs like TVPaint). I’m not saying that it’s wrong that they make their own GUI toolkit, but it feels kind of odd. I really wanted to bring these types of programs out of the days of the Amiga. After doing some initial research, I settled on using Qt.
  • An alert on the upcoming 7.51.0 release
    In two weeks time, on Wednesday November 2nd, we will release curl and libcurl 7.51.0 unless something earth shattering happens.
  • Desktop Gmail Client `WMail` 2.0.0 Stable Released
    WMail is a free, open source desktop client for Gmail and Google Inbox, available for Linux, Windows, and Mac.
  • SpaceView: Ubuntu File System Usage Indicator
  • FunYahoo++: New Yahoo Messenger Plugin For Pidgin / libpurple [PPA]
    Yahoo retired its old Messenger protocol in favor of a new one, breaking compatibility with third-party applications, such as Pidgin, Empathy, and so on. Eion Robb, the SkypeWeb and Hangouts developer, has created a replacement Yahoo prpl plugin, called FunYahoo++, that works with the new Yahoo Messenger protocol. Note that I tested the plugin with Pidgin, but it should work with other instant messaging applications that support libpurple, like BitlBee or Empathy.
  • GCC Lands Loop Splitting Optimization
    The latest GCC 7 development code has an optimization pass now for loop splitting.
  • GCC 7 To End Feature Development Next Month
    Friday's GCC 7 status report indicates the feature freeze is coming up in just a few weeks. Red Hat developer Jakub Jelinek wrote in the latest status report, "Trunk which will eventually become GCC 7 is still in Stage 1 but its end is near and we are planning to transition into Stage 3 starting Nov 13th end of day time zone of your choice. This means it is time to get things you want to have in GCC 7 finalized and reviewed. As usual there may be exceptions to late reviewed features but don't count on that. Likewise target specific features can sneak in during Stage 3 if maintainers ok them."
  • GNU Parallel 20161022 ('Matthew') released [stable]
    GNU Parallel 20161022 ('Matthew') [stable] has been released. It is available for download at: No new functionality was introduced so this is a good candidate for a stable release.
  • GNU Health 3.0.4 patchset released
    GNU Health 3.0.4 patchset has been released !
  • guile-ncurses 2.0 released
    I am pleased to announce the release of guile-ncurses 2.0 guile-ncurses is a library for the creation of text user interfaces in the GNU Guile dialect of the Scheme programming language. It is a wrapper to the ncurses TUI library. It contains some basic text display and keyboard and mouse input functionality, as well as a menu widget and a form widget. It also has lower level terminfo and termios functionality.
  • Unifont 9.0.03 Released
    Unifont 9.0.03 is released. The main changes are the addition of the Pikto and Tonal ConScript Unicode Registry scripts.
  • PATHspider 1.0.0 released!
    In today’s Internet we see an increasing deployment of middleboxes. While middleboxes provide in-network functionality that is necessary to keep networks manageable and economically viable, any packet mangling — whether essential for the needed functionality or accidental as an unwanted side effect — makes it more and more difficult to deploy new protocols or extensions of existing protocols. For the evolution of the protocol stack, it is important to know which network impairments exist and potentially need to be worked around. While classical network measurement tools are often focused on absolute performance values, PATHspider performs A/B testing between two different protocols or different protocol extensions to perform controlled experiments of protocol-dependent connectivity problems as well as differential treatment.
  • The Domain Name System