Language Selection

English French German Italian Portuguese Spanish

Security

Huawei Is New Official Smartphone Provider For Officials In China

Filed under
Android
Linux
Security

Huawei and their smartphone business have not exactly garnered good press in the past – especially when there were allegations of Huawei churning out spyphones for the China government, which the company vehemently denied. Subsequently, it is said that Huawei themselves decided to pull out from the U.S. market, where we then learned that the tables were turned afterwards with the NSA being accused of spying on Huawei instead. Having said that, it seems as though officials over in China will have a spanking new smartphone soon – and it will not hail from the likes of Samsung, LG, HTC or other big name players, but from Huawei themselves.

Read more

Bash specially-crafted environment variables code injection attack

Filed under
Security

Bash or the Bourne again shell, is a UNIX like shell, which is perhaps one of the most installed utilities on any Linux system. From its creation in 1980, bash has evolved from a simple terminal based command interpreter to many other fancy uses.

In Linux, environment variables provide a way to influence the behavior of software on the system. They typically consists of a name which has a value assigned to it. The same is true of the bash shell. It is common for a lot of programs to run bash shell in the background. It is often used to provide a shell to a remote user (via ssh, telnet, for example), provide a parser for CGI scripts (Apache, etc) or even provide limited command execution support (git, etc)

Read more

Mozilla: Phasing Out Certificates with SHA-1 based Signature Algorithms

Filed under
Moz/FF
Security

We plan to add a security warning to the Web Console to remind developers that they should not be using a SHA-1 based certificate. We will display an additional, more prominent warning if the certificate will be valid after January 1, 2017, since we will reject that certificate after that date. We plan to implement these warnings in the next few weeks, so they should be appearing in released versions of Firefox in early 2015. We may implement additional UI indicators later. For instance, after January 1, 2016, we plan to show the “Untrusted Connection” error whenever a newly issued SHA-1 certificate is encountered in Firefox. After January 1, 2017, we plan to show the “Untrusted Connection” error whenever a SHA-1 certificate is encountered in Firefox.

Read more

My free software will respect users or it will be bullshit

Filed under
Security

The four freedoms are only meaningful if they result in real-world benefits to the entire population, not a privileged minority. If your approach to releasing free software is merely to ensure that it has an approved license and throw it over the wall, you're doing it wrong. We need to design software from the ground up in such a way that those freedoms provide immediate and real benefits to our users. Anything else is a failure.

Read more

Tor Challenge hits it out of the park

Filed under
OSS
Security

If you need to be anonymous online, or evade digital censorship and surveillance, the Tor network has your back. And it's more than a little bit stronger now than it was this spring, thanks to the Tor Challenge.

Tor is a publicly accessible, free software-based system for anonymizing Internet traffic. It relies on thousands of computers around the world called relays, which route traffic in tricky ways to dodge spying. The more relays, the stronger and faster the network.

We'd like to warmly thank our allies at the Electronic Frontier Foundation for organizing the Tor Challenge and inviting us to join them in promoting it. And most of all, thanks to the 1,635 of you who started a relay! (The FSF would have started one too, but we've already been running ours for a while.)

Read more

Performance and security in Red Hat Enterprise Linux 7

Filed under
Red Hat
Server
Security

Modern datacenters and next-generation IT requirements depend on capable platforms, with open source solutions offering a strong foundation for open hybrid cloud and enterprise workloads. A powerful, unified platform enables enterprises to use a solid foundation to balance demand while utilizing new trends and technologies such as virtual machines and the open hybrid cloud.

Read more

Snowden: New Zealand Is Spying, Too

Filed under
Security

Former National Security Agency contractor Edward Snowden warned New Zealanders in a media blitz on Monday that all of their private emails, phone calls and text messages are being spied on despite government denials.

"If you live in New Zealand, you are being watched," Snowden said in a commentary published by the Intercept, an online news site co-founded by Guardian columnist Glenn Greenwald, Snowden's main conduit for disclosing classified information he absconded with when he fled his NSA job last year.

Read more

CipherShed: A replacement for TrueCrypt

Filed under
OSS
Security

While the Open Crypt Audit Project, headed by cryptographer Matthew Green and Kenneth White, Principal Scientist at Social & Scientific Systems, has been considering whether to take over the development of TrueCrypt and is working on the second phase of the audit process (a thorough analysis of the code responsable for the actual encryption process), one of TrueCrypt's developers has expressed his disapproval of a project that would fork the software.

Read more

Open source is not dead

Filed under
Red Hat
Interviews
OSS
Security

I don’t think you can compare Red Hat to other Linux distributions because we are not a distribution company. We have a business model on Enterprise Linux. But I would compare the other distributions to Fedora because it’s a community-driven distribution. The commercially-driven distribution for Red Hat which is Enterprise Linux has paid staff behind it and unlike Microsoft we have a Security Response Team. So for example, even if we have the smallest security issue, we have a guaranteed resolution pattern which nobody else can give because everybody has volunteers, which is fine. I am not saying that the volunteers are not good people, they are often the best people in the industry but they have no hard commitments to fixing certain things within certain timeframes. They will fix it when they can. Most of those people are committed and will immediately get onto it. But as a company that uses open source you have no guarantee about the resolution time. So in terms of this, it is much better using Red Hat in that sense. It’s really what our business model is designed around; to give securities and certainties to the customers who want to use open source.

Read more

Google is making encryption standard in the next version of Android

Filed under
Android
Security

Less than a day after Apple detailed new efforts in user privacy for its products, Google now says it plans to encrypt user data on all Android devices. Speaking to The Washington Post, Google says data encryption will now be a part of the activation process instead of an optional feature. The end result is that whatever data is stored on that device, be it a phone or tablet, will be inaccessible unless the person has the correct password.

Read more

Syndicate content

More in Tux Machines

This is the world’s most stunning new Android phone – and it’ll only cost you $5,000

While there’s no question that the iPhone 6 and iPhone 6 Plus are beautiful smartphones, some might argue that Apple’s 2012 iPhone 5 and last year’s iPhone 5s feature an overall look that is more sleek and sophisticated. Now, imagine that sophisticated design was given harder lines, darker tones and a 5-inch full HD display, and it was built out of titanium and 18k gold instead of aluminum. Read more

Ubuntu GNOME 15.04 Alpha 1 Prepares for GNOME 3.14, Go Forth and Test

The Ubuntu GNOME developers have released the first version of the 15.04 branch for their Linux distribution and it looks like this operating system is also going through some interesting changes, just like Ubuntu, although not on the same scale. Read more

FSF's High Priority Project List Now Has A Committee

The Free Software Foundation has now built up a committee to review their "High Priority Projects" list and they're looking for more feedback from the community. Nearly ten years ago is when the Free Software Foundation began listing what they viewed as the High Priority Free Software Projects in a list. This list has over time contained some definite high-priority projects related to freeing Java and Adobe PDF support and open graphics drivers to some more obscure projects of high priority like a free version of Oracle Forms, a replacement to OpenDWG libraries for CAD files, automatic transcription software, etc. I've personally called out many of the FSF HPP for what they're worth with my thoughts over the years. Read more

Latest Calibre eBook Reader and Converter Now Support Latest Kobo Firmware

The Calibre eBook reader, editor, and library management software has just reached version 2.13 and the developer has added an important driver and made quite a few fixes and improvements. Read more