Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

  • Security updates for Thursday
  • Dormant Linux kernel vulnerability finally slayed

    A recently resolved vulnerability in the Linux kernel that had the potential to allow an attacker to gain privilege escalation or cause denial of service went undiscovered for seven years.

    Positive Technologies expert, Alexander Popov, found a race condition in the n_hdlc driver that leads to double-freeing of kernel memory. This Linux kernel flaw might be exploited for privilege escalation in the operating system. The (CVE-2017-2636) bug was evaluated as dangerous with a CVSS v3 score of 7.8, towards the higher end of the scale which runs from 1-10.

  • Another Years-Old Flaw Fixed in the Linux Kernel

    The Linux team has patched a "dangerous" vulnerability in the Linux kernel that allowed attackers to elevate their access rights and crash affected systems.

    The security issue, tracked as CVE-2017-2636, existed in the Linux kernel for the past seven years, after being introduced in the code in 2009.

How to Choose the Best Linux Distro for SysAdmin Workstation Security

Filed under
GNU
Linux
Security

If you’re a systems administrator choosing a Linux distribution for your workstation, chances are you’ll stick with a fairly widely used distro such as Fedora, Ubuntu, Arch, Debian, or one of their close spin-offs. Still, there are several security considerations you should weigh when picking which distribution is best for your needs.

Read more

Also: Linux Sucks — The Latest And Last From Bryan Lunduke

Security News

Filed under
Security

Security News

Filed under
Security

Security News

Filed under
Security

Security Leftovers

Filed under
Security

Parrot Security OS 3.5 Improves Linux Security Tools Distribution

Filed under
OS
Linux
Security

There seems to be no shortage of Linux distributions specifically designed and built for security researchers. That list includes the Parrot Security OS Linux distribution, which was updated to version 3.5 on March 8. The Parrot Security OS platform is based on the Debian Linux distribution, with the open-source MATE desktop the default choice for new users. As a platform for security researchers, Parrot Security OS provides a wide array of tools that fit into different categories, including information gathering, vulnerability analysis, database assessment, exploitation tools, password attacks, wireless testing, digital forensics, reverse engineering and reporting tools. One of its more interesting tools is the open-source Kayak car hacking tool that can be used to diagnose a car's CAN (Controller Area Network) bus. In addition, version 3.5 includes the CryptKeeper encrypted folder manager tool, as well as the Metasploit penetration testing framework, which is packed full with 1,627 exploits. For users who want to stay somewhat anonymous while using the system, anonymous web surfing tools are also included in the Linux distribution. In this slide show, eWEEK takes a look at some of the highlights of the Parrot Security OS 3.5 release.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • How Android and iOS devices really get hacked
  • Security Expert Bruce Schneier on Regulating IoT

    With the Internet of Things already flexing its muscle and showing its potential to be a security nightmare, has the time come for governments to step into the fray and begin regulating the Internet? Security guru Bruce Schneier thinks that may be an inevitability, and says the development community might want to go ahead and start leading the way to assure that regulations aren't put in place by people who don't understand tech.

    "As everything turns into a computer, computer security becomes 'everything security,'" he explained, "and there are two very important ramifications of that. The first is that everything we know about computer security becomes applicable to everything. The second is the restrictions and regulations that the real world puts on itself are going to come into our world, and I think that has profound implications for us in software and especially in open source."

  • Ioquake3 Pushes Out Important Security Update

    All of those running ioquake3-powered games are encouraged to update their engine installation as soon as possible.

    The developers behind this popular fork of the open-source id Tech 3 engine code have pushed a "large security fix" and all users are encouraged to upgrade prior to connecting to any online servers. Unfortunately, ioquake3 currently doesn't have any auto-update system to make it easy to roll out game engine updates.

Syndicate content

More in Tux Machines

Google in Devices

  • Glow LEDs with Google Home
    For the part one, the custom commands were possible thanks to Google Actions Apis. I used API.AI for my purpose since they had good documentation. I wont go into detail explaining the form fields in Api.ai, they have done a good job with documentation and explaining part, I will just share my configurations screenshot for your quick reference and understanding. In Api.ai the conversations are broken into intents. I used one intent (Default Welcome Intent) and a followup intent (Default Welcome Intent – custom) for my application.
  • Google Assistant SDK preview brings voice agent to the Raspberry Pi
    Google has released a Python-based Google Assistant SDK that’s designed for prototyping voice agent technology on the Raspberry Pi 3. Google’s developer preview aims to bring Google Assistant voice agent applications to Linux developers. The Google Assistant SDK is initially designed for prototyping voice agent technology on the Raspberry Pi 3 using Python and Raspbian Linux, but it works with most Linux distributions. The SDK lets developers add voice control, natural language understanding, and Google AI services to a variety of devices.
  • Huawei, Google create a high-powered single board computer for Android
    The Raspberry Pi is very popular with DIY enthusiasts because of the seemingly endless possibilities of how you can design devices with it. Huawei and Google have created their own single board computer (SBC), but this will probably benefit Android developers more than DIY enthusiasts. The HiKey 960 is a very robust SBC aimed at creating an Android PC or a testing tool for Android apps.
  • Huawei’s $239 HiKey 960 wants to be a high-end alternative to Raspberry Pi
    12.5 million sales in five years – Linaro and Huawei have unveiled a high-end (read: expensive) rival.

Mobile, Tizen, and Android

Leftovers: OSS

  • Is The Open Source Software Movement A Technological Religion?
  • Experts weigh in on open source platforms, market
    In this Advisory Board, our experts discuss the pros and cons of open source virtualization and which platforms are giving proprietary vendors a run for their money.
  • Light a fire under Cassandra with Apache Ignite
    Apache Cassandra is a popular database for several reasons. The open source, distributed, NoSQL database has no single point of failure, so it’s well suited for high-availability applications. It supports multi-datacenter replication, allowing organizations to achieve greater resiliency by, for example, storing data across multiple Amazon Web Services availability zones. It also offers massive and linear scalability, so any number of nodes can easily be added to any Cassandra cluster in any datacenter. For these reasons, companies such as Netflix, eBay, Expedia, and several others have been using Cassandra for key parts of their businesses for many years.
  • Proprietary Election Systems: Summarily Disqualified
    Hello Open Source Software Community & U.S. Voters, I and the California Association of Voting Officials, represent a group of renowned computer scientists that have pioneered open source election systems, including, "one4all," New Hampshire’s Open Source Accessible Voting System (see attached). Today government organizations like NASA, the Department of Defense, and the U.S. Air Force rely on open source software for mission critical operations. I and CAVO believe voting and elections are indeed mission-critical to protect democracy and fulfill the promise of the United States of America as a representative republic. Since 2004, the open source community has advocated for transparent and secure—publicly owned—election systems to replace the insecure, proprietary systems most often deployed within communities. Open source options for elections systems can reduce the costs to taxpayers by as much as 50% compared to traditional proprietary options, which also eliminates vendor lock-in, or the inability of an elections office to migrate away from a solution as costs rise or quality decreases.
  • Microsoft SQL Server on Linux – YES, Linux! [Ed: Marketing and PR from IDG's "Microsoft Subnet"; This headline is a lie from Microsoft; something running on DrawBridge (proprietary Wine-like Windows layer) is not GNU/Linux]

Creative Commons News

  • Creative Commons Is Resurrecting Palmyra
    Creative Commons launched its 2017 Global Summit today with a rather moving surprise: a seven-foot-tall 3D printed replica of the Tetrapylon from Palmyra, Syria. For those who don't know the tragic situation, Palmyra is one of the most historic cities in the world — but it is being steadily destroyed by ISIS, robbing the world of countless irreplaceable artifacts and murdering those who have tried to protect them (the folks at Extra History have a pair of good summary videos discussing the history and the current situation in the city). Among ISIS's human targets was Bassel Khartabil, who launched Syria's CC community several years ago and began a project to take 3D scans of the city, which CC has been gathering and releasing under a CC0 Public Domain license. He was captured and imprisoned, and for the past five years his whereabouts and status have been unknown. As the #FreeBassel campaign continues, Creative Commons is now working to bring his invaluable scans to life in the form of 3D-printed replicas, starting with today's unveiling of the Tetrapylon — which was destroyed in January along with part of a Roman theatre after ISIS captured the city for a second time.
  • Creative Commons: 1.2 billion strong and growing
    "The state of the commons is strong." The 2016 State of the Commons report, issued by Creative Commons this morning, does not begin with those words, but it could. The report shows an increase in adoption for the suite of licenses, but that is not the whole story.