Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Security advisories for Wednesday
  • Let's Encrypt free security certificate program leaves beta

    Let's Encrypt has announced that the free secure certificate program is leaving beta in its push to encrypt 100 percent of the web.

  • What happened with Badlock?

    Here's the thing though. It wasn't nearly as good as the hype claimed. It probably couldn't ever be as good as the hype claimed. This is like waiting for a new Star Wars movie. You have memories from being a child and watching the first few. They were like magic back then. Nothing that ever comes out again will be as good. Your brain has created ideas and memories that are too amazing to even describe. Nothing can ever beat the reality you built in your mind.

  • Microsoft rated 6 of 13 security updates as critical, Badlock bug fix rated important

    For April 2016 Patch Tuesday, Microsoft released 13 security bulletins, with six being rated as critical for remote code execution flaws and the patch for Badlock being among those rated only as important.

  • Open source runs the world and needs better security, claims Linux Foundation CTO

    Security is the biggest plague of open source software, and more people are needed to work together squashing bugs and plugging holes in the code on which much of the internet relies.

    That’s according to Nicko van Someren, chief technology officer at the Linux Foundation, who explained that huge swathes of the internet and companies with online business models rely on open source code, software and infrastructure.

Security Leftovers

Filed under
Linux
Security
  • Linux Foundation: The internet is crumbling

    The open source infrastructure of the internet is crumbling because of poor maintenance, the Linux Foundation warned today.

    Likening open source to the “roads and bridges of the internet”, Linux Foundation CTO Nicko van Someren said that underpaid developers are struggling to patch dangerous bugs and keep the open aspects of the web up to date.

  • Security is the biggest bug of open source, says Linux Foundation CTO

    CYBER SECURITY is the plague of open source software, and more people are needed to work together squashing bugs and plugging holes in the code on which much of the internet relies.

    That’s according to Nicko van Someren, chief technology officer at the Linux Foundation, who explained that huge swathes of the internet and companies with online business models rely on open source code, software and infrastructure.

    "Open source projects are the roads and bridges of the internet. Pretty much everything we do on the internet relies on open source," he said in a keynote speech at Cloud Expo in London.

  • Linux Computers Targeted by New Backdoor and DDoS Trojan

    After being bombarded with new malware towards the end of last year, the Linux ecosystem is rocked again by the discovery of a new trojan family, identified by security researchers as Linux.BackDoor.Xudp.

    The only detail that matters is that this new threat does not leverage automated scripts, vulnerabilities, or brute-force attacks to infect users and still relies on good ol' user stupidity in order to survive.

Security Leftovers

Filed under
Security

pfSense 2.3

Filed under
Security
BSD
  • pfSense 2.3-RELEASE Now Available!

    The most significant changes in this release are a rewrite of the webGUI utilizing Bootstrap, and the underlying system, including the base system and kernel, being converted entirely to FreeBSD pkg. The pkg conversion enables us to update pieces of the system individually going forward, rather than the monolithic updates of the past. The webGUI rewrite brings a new responsive look and feel to pfSense requiring a minimum of resizing or scrolling on a wide range of devices from desktop to mobile phones.

  • pfSense 2.3 Released With New Web UI

    BSD --
    PfSense 2.3 was released today as the newest version of this popular FreeBSD-based firewall/router OS appliance software.

    The pfSense 2.3 release has a rewritten web GUI that's now making use of Bootstrap to provide a clean and responsive experience. The pfSense 2.3 release also converts the underlying system now to completely using FreeBSD's pkg for package management, and there are various other underlying updates.

  • pfSense 2.3 BSD-Based Firewall Officially Released with Revamped webGUI, More

    Electric Sheep Fencing LLC., through Chris Buechler, today, April 12, 2016, has had the great pleasure of announcing the release of the stable pfSense 2.3 BSD-based firewall operating system.

Security Leftovers

Filed under
Security
  • Tuesday's security updates
  • Leaving Beta, New Sponsors

    Let’s Encrypt is leaving beta today. We’re also excited to announce that founding sponsors Cisco and Akamai have renewed their Platinum sponsorships with 3-year commitments, Gemalto is joining as our newest Gold sponsor, and HP Enterprise, Fastly, Duda and ReliableSite.net are our newest Silver sponsors.

  • Mozilla-supported Let’s Encrypt goes out of Beta

    In 2014, Mozilla teamed up with Akamai, Cisco, the Electronic Frontier Foundation, Identrust, and the University of Michigan to found Let’s Encrypt in order to move the Web towards universal encryption. Today, Let’s Encrypt is leaving beta. We here at Mozilla are very proud of Let’s Encrypt reaching this stage of maturity

    Let’s Encrypt is a free, automated and open Web certificate authority that helps make it easy for any Web site to turn on encryption. Let’s Encrypt uses an open protocol called ACME which is being standardized in the IETF. There are already over 40 independent implementations of ACME. Several web hosting services such as Dreamhost and Automattic, who runs WordPress.com, also use ACME to integrate with Let’s Encrypt and provide security that is on by default.

  • Experts crack nasty ransomware that took crypto-extortion to new heights

    A nasty piece of ransomware that took crypto-extortion to new heights contains a fatal weakness that allows victims to decrypt their data without paying the hefty ransom.

    When it came to light two weeks ago, Petya was notable because it targeted a victim's entire startup drive by rendering its master boot record inoperable. It accomplished this by encrypting the master boot file and displaying a ransom note. As a result, without the decryption password, the infected computer wouldn't boot up, and all files on the startup disk were inaccessible. A master boot record is a special type of boot sector at the very beginning of partitioned hard drive, while a master boot file is a file on NTFS volumes that contains the name, size and location of all other files.

  • Open source code is rarely patched when vulnerabilities are found [Ed: propaganda from Microsoft proxies makes it through to other sites]

    Open source code is a convenient and cost-effective way for developers to build apps. However, as CIO noted in a recent article, once that code makes its way into an app, it's rarely ever updated to fix vulnerabilities that are found later. CIO offered up some tips on how to keep open source products secure.

Isolating processes with Qubes OS 3.1

Filed under
GNU
Linux
Security

There are several approaches to computer security. One method is to try to make every component work as correctly and error-free as possible. This is called security through correctness. Another approach is called security by obscurity and it involves hiding secrets or flaws. A third approach to security is isolation, which is sometimes called security by compartmentalization. This third method keeps important pieces separate so if one component is compromised, the other components can continue to work, unaffected.

These different styles of security might make more sense if we look at an example from the non-digital world. Imagine we have some valuables we want to keep locked away and we decide to buy a safe to store our precious documents, jewels and money. If we buy a high quality safe that is hard to force open, that is security through correctness. If we hide our safe behind a picture or in a secret room, that is security through obscurity. Buying two safes and placing half of our valuables in each so if one is robbed then we still have half of our items is an example of security by compartmentalization.

Read more

The linux-stable security tree project

Filed under
Linux
Security

Hi all,

I'd like to announce the linux-stable security tree project. The purpose
is to create a derivative tree from the regular stable tree that would
contain only commits that fix security vulnerabilities.

Read more

Hardware Modding/Hacking/Security

Filed under
Hardware
Security
  • Libreboot on my X60s
  • Nexenta to Showcase Market Leading Open Source-Driven Software-Defined Storage Solutions at Cloud Expo Europe, London
  • Cybersecurity education isn't good, nobody is shocked

    There was a news story published last week about the almost total lack of cybersecurity attention in undergraduate education. Most people in the security industry won't be surprised by this. In the majority of cases when the security folks have to talk to developers, there is a clear lack of understanding about security.

  • Making it easier to deploy TPMTOTP on non-EFI systems

    On EFI systems you can handle this by sticking the secret in an EFI variable (there's some special-casing in the code to deal with the additional metadata on the front of things you read out of efivarfs). But that's not terribly useful if you're not on an EFI system. Thankfully, there's a way around this. TPMs have a small quantity of nvram built into them, so we can stick the secret there. If you pass the -n argument to sealdata, that'll happen. The unseal apps will attempt to pull the secret out of nvram before falling back to looking for a file, so things should just magically work.

  • 6 steps to calculate ROI for an open hardware project

    Free and open source software advocates have courageously blazed a trail that is now being followed by those interested in open source for physical objects. It's called free and open source hardware (FOSH), and we're seeing an exponential rise in the number of free designs for hardware released under opensource licenses, Creative Commons licenses,or placed in the public domain.

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

today's leftovers

today's howtos

Red Hat and Fedora

Leftovers: OSS

  • Why Open-Source Pros Are in Great Demand
    The majority of hiring managers predict that the demand for open-source IT professionals will rise more than other recruitment-based areas of interest over the next six months, according to a recent survey from the Linux Foundation and Dice. The resulting report, "Moving Toward Professionalization: Rising Need for Open-Source Skills in 2016," indicates that these managers struggle to fill open-source positions, especially when trying to find candidates with needed cloud, networking and/or security experience. Meanwhile, when considering an offer, open-source professionals said they're most interested in working on appealing projects with cutting-edge technology challenges. Money and perks are of secondary interest, even though, given the hot market, many open-source specialists are able to negotiate a great compensation package. According to the report, "In the last decade, open-source development has experienced a massive shift: Once a mostly community and volunteer-based concern, the model has since become a mainstay of the IT industry. Flexibility in accommodating new technologies and speed at adapting to a changing market have made open source vital to modern companies, which are now investing zealously in open source and open-source talent. More and better code is the way forward, and the skilled professionals who can make it happen are highly in demand." More than 400 hiring managers and 4,500 open-source professionals took part in the research.
  • Open Source Realm Mobile Database Hits Version 1.0
    Citing advantages over the SQLite and Core Data databases commonly used in iOS and Android apps, Realm today launched version 1.0 of its namesake "mobile-first database."
  • Realm has hit the version 1.0 milestone, and now reaches over 1 billion users
    As mobile databases go, Realm was already a fan favorite. Now we get an idea of just how popular it really is, as the company notes it now reaches one billion iOS and Android users via 100,000 active developers.
  • Rackspace Adopts OX's Dovecot Pro Open Source IMAP Email Platform
    Dovecot, the open source email platform from Open-Xchange, received a significant endorsement this week from Rackspace, which announced that it will use the company's Dovecot Pro product for email hosting.
  • An Apparent Exodus Continues At OwnCloud
    This week we've now seen the announcements by Jos Poortvliet, Lukas Reschke, Björn Schießle, and Arthur Schiwon are among those leaving ownCloud Inc. Each of their blog posts confirm they are leaving but don't shed much light on the underlying situation at the company.
  • Upcoming governance workshop for the European Catalogue of ICT Standards for Public Procurement
    On the 15th June, 2016, DG Connect and DG Growth wil be co-hosting an interactive workshop for the European Catalogue of ICT Standards for Public Procurement. This catalogue of standards is being developed to assist public procurers implement interoperable ICT solutions across Member States, as well as reducing incidence of vender lock-in, and ultimately to assist in the continued development of the Digital Single Market.
  • American schools are teaching our kids how to code all wrong
    To truly impact an children’s cognitive development, and prepare them for future computing jobs that may not even exist yet, we must move beyond pop computing. I strongly believe that learning computing should become mandatory in all schools, and should be viewed in the same context as reading and writing. Students must be challenged and encouraged to think differently in each grade level, subject matter, and read/write various computing projects every day in their academic life. With this mindset and approach we’ll help this generation of students fill those one million jobs, all of which require so much more than dragging and clicking.
  • Google Inbox Notifications
    I made a Firefox addon that brings that functionality to Google Inbox. It gives you a notification when new mail arrives and updates the pages title with the unread mail count. You can get it here!
  • Upcoming Webinar on Getting Linux Certified - Tips, Tactics, and Practical Advice