Language Selection

English French German Italian Portuguese Spanish

Security

Fedora 24 Linux OS Gets New, Updated Lives ISOs with Latest Security Patches

Filed under
Red Hat
Security

Founder of The Fedora Unity Project and Fedora Ambassador, Ben Williams, is happy to report that updated Live ISO images of the Fedora 24 GNU/Linux operating system are now available for download.

Read more

Security News

Filed under
Security
  • Security advisories for Thursday
  • Please save GMane!
  • The End of Gmane?

    In 2002, I grew annoyed with not finding the obscure technical information I was looking for, so I started Gmane, the mailing list archive. All technical discussion took place on mailing lists those days, and archiving those were, at best, spotty and with horrible web interfaces.

    The past few weeks, the Gmane machines (and more importantly, the company I work for, who are graciously hosting the servers) have been the target of a number of distributed denial of service attacks. Our upstream have been good about helping us filter out the DDoS traffic, but it’s meant serious downtime where we’ve been completely off the Internet.

  • Pwnie Express makes IoT, Android security arsenal open source

    Pwnie Express has given the keys to software used to secure the Internet of Things (IoT) and Android software to the open-source community.

    The Internet of Things (IoT), the emergence of devices ranging from lighting to fridges and embedded systems which are connected to the web, has paved an avenue for cyberattackers to exploit.

  • The Software Supply Chain Is Bedeviled by Bad Open-Source Code [Ed: again, trace this back to FUD firms like Sonatype in this case]

    Open-source components play a key role in the software supply chain. By reducing the amount of code that development organizations need to write, open source enables companies to deliver software more efficiently — but not without significant risks, including defective and outdated components and security vulnerabilities.

  • Securing a Virtual World [Ed: paywall, undated (no year but reposted)]
  • Google tells Android's Linux kernel to toughen up and fight off those horrible hacker bullies

    In a blog post, Jeff Vander Stoep of the mobile operating system's security team said that in the next build of the OS, named Nougat, Google is going to be addressing two key areas of the Linux kernel that reside at the heart of most of the world's smartphones: memory protection and reducing areas available for attack by hackers.

Security Leftovers

Filed under
Security

Parrot Security OS – A Debian Based Distro for Penetration Testing, Hacking and Anonymity

Filed under
GNU
Linux
Security
Debian

Parrot Security operating system is a Debian-based Linux distribution built by Frozenbox Network for cloud oriented penetration testing. It is a comprehensive, portable security lab that you can use for cloud pentesting, computer forensics, reverse engineering, hacking, cryptography and privacy/anonymity.

Read more

OPNsense 16.7

Filed under
Security
BSD
  • OPNsense 16.7 released
  • pfSense/m0n0wall-Forked OPNsense 16.7 Released

    The latest major release is out of OPNsense, a BSD open-source firewall OS project derived from pfSense and m0n0wall.

    OPNsense 16.7 brings NetFlow-based reporting and export, trafic shaping support, two-factor authentication, HTTPS and ICAP support in the proxy server, and UEFI boot and installation modes.

Security News

Filed under
Security
  • Linux Security Automation at Scale in the Cloud

    Ten years ago it didn’t seem like Linux growth could increase any faster. Then, in 2006, Amazon launched Amazon Web Services (AWS). Linux growth went from linear to exponential. AWS competitors sprang up and were acquired by IBM, Microsoft, and other big players, accelerating Linux expansion even more.

    Linux became the platform of choice for the private cloud. But this movement wasn’t confined to the cloud. A rush to create Linux applications and services spilled over to traditional on premises. Linux had evolved from that obscure thing people ran web servers on to the backbone operating system of the majority of IT.

  • Don’t want to get hacked? Close your laptop.

    My friends often leave their computers open and unlocked. I tell them they should probably get in the habit of locking their computers, but they don’t listen to me. So I’ve created a simple project to hack my friends and show them the importance of computer security.

    All I need to do is wait for them to leave their computer unlocked for a few seconds, open up their terminal, and type a single, short command.

  • Citibank IT guy deliberately wiped routers, shut down 90% of firm’s networks across America

    It was just after 6pm on December 23, 2013, and Lennon Ray Brown, a computer engineer at the Citibank Regents Campus in Irving, Texas, was out for revenge.

    Earlier in the day, Brown – who was responsible for the bank’s IT systems – had attended a work performance review with his supervisor.

    It hadn’t gone well.

    Brown was now a ticking time bomb inside the organisation, waiting for his opportunity to strike. And with the insider privileges given to him by the company, he had more of an opportunity to wreak havoc than any external hacker.

  • Explo-Xen! Bunker buster bug breaks out guests from hypervisor

    A super-bug in the Xen hypervisor may allow privileged code running in guests to escape to the underlying host.

    This means, on vulnerable systems, malicious administrators within virtual machines can potentially break out of their confines and start interfering with the host server and other guests. This could be really bad news for shared environments.

    All versions of open-source Xen are affected (CVE-2016-6258, XSA-182) although it is only potentially exploitable on x86 hardware running paravirtualized (PV) guests. The bug was discovered by Jérémie Boutoille of Quarkslab, and publicly patched on Tuesday for Xen versions 4.3 to 4.7 and the latest bleeding-edge code.

  • Intel Puts Numbers on the Security Talent Shortage

    The cybersecurity shortfall in the workforce remains a critical vulnerability for companies and nations, according to an Intel Security report being issued today.

    Eighty-two percent of surveyed respondents reported a shortage of security skills, and respondents in every country said that cybersecurity education is deficient.

Antivirus Live CD 19.0-0.99.2 Released Based on 4MLinux 19.0 and ClamAV 0.99.2

Filed under
GNU
Linux
Security

Softpedia has been informed by GNU/Linux developer and creator of the 4MLinux project, Mr. Zbigniew Konojacki, about the immediate availability for download of the Antivirus Live CD 19.0-0.99.2 distrolette.

Read more

Security Leftovers

Filed under
Security

Tor: Statement

Filed under
Security

Seven weeks ago, I published a blog post saying that Jacob Appelbaum had left the Tor Project, and I invited people to contact me as the Tor Project began an investigation into allegations regarding his behavior.

Since then, a number of people have come forward with first-person accounts and other information. The Tor Project hired a professional investigator, and she interviewed many individuals to determine the facts concerning the allegations. The investigator worked closely with me and our attorneys, helping us to understand the overall factual picture as it emerged.

Read more

Security Leftovers

Filed under
Security
  • Tuesday's security updates
  • Oops: Bounty-hunter found Vine's source code in plain sight

    A bounty-hunter has gone public with a complete howler made by Vine, the six-second-video-loop app Twitter acquired in 2012.

    According to this post by @avicoder (Vjex at GitHub), Vine's source code was for a while available on what was supposed to be a private Docker registry.

    While docker.vineapp.com, hosted at Amazon, wasn't meant to be available, @avicoder found he was able to download images with a simple pull request.

  • US standards lab says SMS is no good for authentication

    America's National Institute for Standards and Technology has advised abandonment of SMS-based two-factor authentication.

    That's the gist of the latest draft of its Digital Authentication Guideline, here. Down in section 5.1.3.2, the document says out-of-band verification using SMS is deprecated and won't appear in future releases of NIST's guidance.

Syndicate content

More in Tux Machines

Distro Development: Rescatux and Bodhi

  • Rescatux 0.40 beta 9 released
    Many code in the grub side and in the windows registry side has been rewritten so that these new features could be rewritten. As a consequence it will be easier to maintain Rescapp. Finally the chntpw based options which modify the Windows registry now perform a backup of the Windows registry files in the unlikely case you want to undo some of the changes that Rescapp performs. I guess that in the future there will be a feature to be able to restore such backups from Rescapp itself, but, let’s focus on releasing an stable release. It’s been a while since the last one. UEFI feedback is still welcome. Specially if the Debian installation disks work for you but not the Rescatux ones.
  • Bodhi 4.0.0 Updates and July Donation Totals
    Late last month I posted a first alpha look at Bodhi 4.0.0. Work since then has been coming along slowly due to a few unpredictable issues and my own work schedule outside of Bodhi being hectic over the summer. Bodhi 4.0.0 will be happening, but likely not with a stable release until September. I am traveling again this weekend, but am hoping to get out a full alpha release with 32bit and non-PAE discs next week.

Devices and Android

Leftovers: BSD/LLVM

Emma A LightWeight Database Management Tool For Linux

Today who does not interact with databases and if you're a programmer then the database management is your daily task. For database management, there is a very popular tool called, MySQL Workbench. It's a tool that ships with tonnes of functionalities. But not all of us as beginner programmers use all Workbench features. So here we also have a very lightweight database manager in Linux, Emma. Read
more