Language Selection

English French German Italian Portuguese Spanish

Security

Free security service scans open source Linux IoT binaries

Filed under
Linux
OSS
Security

Insignary unveiled TruthIsIntheBinary, a free, cloud-based version of its Clarity binary code scanning software aimed at open source Linux IoT code.

Normally, we board-heads shy away from security software, but Insignary’s latest offering pushed all our buttons: Linux, free, open source, and “IoT security ticking time-bomb.” We were also slapped silly by the oracular sounding name.

Read more

Security: DNA, Marcus Hutchins, and Microsoft Windows in Hotels

Filed under
Security

Slackware Security and Windows Insecurity

Filed under
Microsoft
Security
Slack
  • OpenJDK7 and Flash Player security updates (Aug ’17)

    On the blog of IcedTea release manager Andrew Hughes (aka GNU/Andrew) you can find the announcement for IcedTea 2.6.11 which builds OpenJDK 7u151_b01. This release includes the official July 2017 security fixes for Java 7. Note that the security updates for Java 8 were already pushed to my repository some time ago.

  • Kremlin's hackers 'wield stolen NSA exploit to spy on hotel guests in Europe, Mid East'

    Miscreants are using various techniques, including the leaked NSA EternalBlue exploit also wielded by the WannaCry malware, to hack into laptops and other devices used by government and business travelers, FireEye researchers declared on Friday.

Security: Canonical, CVE-2017-12836, GDPR, CIS, Fancy Bear and More

Filed under
Security

Change Control Security Fixes

Filed under
Development
Security

Ubuntu Received 29 Security Patches for 15 Supported Packages in the Last Week

Filed under
Security

Canonical's James Donner published the August 10, 2017, weekly update of Ubuntu Security team's activities, which managed to triage 242 security vulnerability reports and post 13 USNs (Ubuntu Security Notices).

Read more

Security: AI Apocalypse and Microsoft Windows Apocalypse

Filed under
Security

Security: Updates, Password Advice, Salesforce, Pacer and More

Filed under
Security
  • Security updates for Thursday
  • Password guru regrets past advice

    Bill Burr had advised users to change their password every 90 days and to muddle up words by adding capital letters, numbers and symbols - so, for example, "protected" might become "pr0t3cT3d4!".

    The problem, he believes, is that the theory came unstuck in practice.

    Mr Burr now acknowledges that his 2003 manual was "barking up the wrong tree".

  • Salesforce “red team” members present tool at Defcon, get fired

    At Defcon in Las Vegas last month, word rapidly spread that two speakers—members of Salesforce's internal "red team"—had been fired by a senior executive from Salesforce "as they left the stage." Those two speakers, who presented under their Twitter handles, were Josh "FuzzyNop" Schwartz, Salesforce's director of offensive security, and John Cramb, a senior offensive security engineer.

  • “Pretty egregious” security flaw raises questions about Pacer

    The Pacer court document service used by more than a million journalists and lawyers has raked in more than $1 billion since it was established in 1995, but a new report questions whether its administrators have put enough of that windfall into securing the system. Hanging in the balance is the reliability of a service that's crucial for the smooth functioning of the entire US federal court system.

    Until Wednesday, Pacer suffered from a vulnerability that made it possible for hackers to charge download and search-query fees to other users, as long as those users visited a booby-trapped webpage while logged in to a Pacer website. Officials with the non-profit known as the Free Law Project also speculate that the same flaw—known as a cross-site request forgery—may also have allowed hackers to file court documents on behalf of unsuspecting attorneys who happened to be logged in to Pacer. If the speculation is correct, the flaw had the potential to severely disrupt or complicate ongoing court cases. Pacer administrators, however, have told Free Law the fraudulent filing hack wasn't possible.

    Even if the hypothesis is wrong, the flaw still made it possible for hackers to cause Pacer users to be billed for services they never requested. The users would have a hard time figuring out why they were being charged for downloads and searches they never made. Even when the users changed passwords, their accounts could still rack up fraudulent charges whenever they were simultaneously logged in to the hacked or malicious site and one of the Pacer sites.

  • How cloud-native security can prevent modern attacks

    When I first set out to start my company, I received some backlash from a former colleague that cybersecurity was not “interesting anymore.” I disagreed, which I’m sure most people now do. As technology evolves, there will always be new ways  (and new groups) to hack into systems, whether it’s for fun, profit or for national security reasons. That’s why it’s no surprise that within the past few years, cybersecurity has been a top concern for businesses. According to a recent report, cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion just a year ago, proving that enterprises literally cannot afford to forgo strong cybersecurity measures.

  • We can stop hacking {sic} and trolls, but it would ruin the internet

     

    A new way to run the internet would scupper ransomware and hacking, but its authoritarian backers could control everything we do online

  • Mingis on Tech: Android vs iOS – Which is more secure?

Red Hat and Servers

Filed under
Red Hat
Security

Security: Updates, Mastering matplotlib, Carbon Black, DDOS Arrests, and HashiCorp

Filed under
Security
  • Security updates for Wednesday
  • Mastering matplotlib: Acknowledgments
  • More Details on the PACER Vulnerability We Shared with the Administrative Office of the Courts

    PACER/ECF is a system of 204 websites that is run by the Administrative Office of the Courts (AO) for the management of federal court documents. The main function of PACER/ECF is for lawyers and the public to upload and download court documents such as briefs, memos, orders, and opinions.

    In February we reported that we disclosed a major vulnerability in PACER/ECF to the AO. The proof of concept and disclosure/resolution timeline are available here.

  • Endpoint security firm leaking terabytes of data

     

    Endpoint security software vendor Carbon Black has been found to be exfiltrating data from several Fortune 1000 companies due to the architecture of its Cb Response software, the information security services and managed services provider DirectDefense claims.  

  • Teenagers charged over allegedly running huge DDoS operation

     

    Two Israeli teenagers, who have been alleged to have co-founded and run a company used for launching distributed denial of service attacks, have been arrested and indicted on conspiracy and hacking charges.  

  • HashiCorp Vault Brings Disaster Recovery to Secrets Management

    HashiCorp has released new versions of both its open-source and enterprise editions of its Vault secrets management platform, providing new scalability and security operations capabilities.

    Vault helps organizations securely store and access application tokens, passwords and authentication credentials, which collectively are commonly referred to as "secrets" in an information security context.

Syndicate content

More in Tux Machines

AndEX Puts Android Marshmallow 6.0.1 64-Bit on Your PC with GAPPS and Netflix

GNU/Linux developer Arne Exton has released a new build of his Android-x86 fork AndEX that leverages Google's Android Marshmallow 6.0.1 mobile operating system for 64-bit PCs with various updates and improvements. Read more

today's leftovers

  • Future Proof Your SysAdmin Career: Advancing with Open Source
    For today’s system administrators, the future holds tremendous promise. In this ebook, we have covered many technical skills that can be big differentiators for sysadmins looking to advance their careers. But, increasingly, open source skillsets can also open new doors. A decade ago, Red Hat CEO Jim Whitehurst predicted that open source tools and platforms would become pervasive in IT. Today, that prediction has come true, with profound implications for the employment market. Participating in open source projects -- through developing code, submitting a bug report, or contributing to documentation -- is an important way to demonstrate open source skills to hiring managers.
  • FreeType Improvements For The Adobe Engine
    With FreeType 2.8.1 having been released last week, a lot of new code landed in the early hours of today to its Git repository. The code landed includes the work done this summer by Ewald Hew for Google Summer of Code (GSoC 17) adding support for Type 1 fonts to the Adobe CFF engine. Type 1 is an older, less maintained font format.
  • Are You Fond Of HDR Photography? Try Luminance HDR Application In Ubuntu/Linux Mint
    Luminance HDR is an graphical user interface that is used for manipulation and creation of High Dynamic Range(HDR) images. It is based on Qt5 toolkit, it is cross-platform available for Linux, Windows and Mac, and released under the GNU GPL license. It provides a complete workflow for High Dynamic Range(HDR) as well as Low Dynamic Range (LDR) file formats. Prerequisite of HDR photography are several narrow-range digital images with different exposures. Luminance HDR combines these images and calculates a high-contrast image. In order to view this image on a regular computer monitor, Luminance HDR can convert it into a displayable LDR image format using a variety of methods, such as tone mapping.
  • Opera Web Browser Now Has Built-in WhatsApp and FB Messenger, Install in Ubuntu/Linux Mint
  • Enterprise open source comes of age
    In the age of digitalisation and data centre modernisation, open source has come of age. This is demonstrated by the growth that enterprise open source software provider SUSE has enjoyed over the last months. “SUSE is in good shape,” says Nils Brauckmann, CEO of SUSE. “In the last year, revenue grew at 21%, and it was profitable growth.” Business is positive going forward, he adds, with SUSE now part of the larger mothership Micro Focus group following the completion this month of the HPE Software spin merger. “Micro focus is now the seventh-largest pure-play software vendor in the world, with revenues approaching $4,5-billion,” Brauckmann points out.
  • Red Hat, Microsoft Extend Alliance to SQL Server
  • UbuCon Europe 2017
    I’ve been to many Ubuntu related events before, but what surprises me every time about UbuCons is the outstanding work by the community organising these events. Earlier this month, I was in Paris for UbuCon Europe 2017. I had quite high expectations about the event/location and the talks, especially because the French Ubuntu community is known for hosting awesome events several times a year like Ubuntu Party and Ubuntu install parties.
  •  

today's howtos

Korora 26

  • Korora 26 is Here!
  • Linux Releases: “Lightweight” Tiny Core 8.2 And “Heavyweight” Korora 26 Distros Are Here
    Korora Linux distro is a derivative of popular Fedora operating system. It ships with lots of additional packages that are provided by Fedora community and helps the users to get a complete out-of-the-box experience. The developers of Korora Linux distro have just shipped Korora 26 “Bloat.” Bloat codename has been derived from the characters of the movie “Finding Nemo.”
  • Based on Fedora 26, Korora 26 Linux Debuts with GNOME 3.24, Drops 32-Bit Support
    Korora developer Jim Dean announced the release and general availability of the Korora Linux 26 operating system for personal computers, a release based on the latest Fedora Linux version and packed full of goodies. Dubbed "Bloat," Korora Linux 26 comes more than nine months after the release of Korora 25, it's based on Red Hat's Fedora 26 Linux operating system and ships with the latest versions of popular desktop environments, including GNOME 3.24. Also included are the KDE Plasma 5.10, Xfce 4.12, Cinnamon 3.4, and MATE 1.18 desktop environments, all of them shipping pre-loaded with a brand-new backup tool designed to keep your most important files safe and secure from hackers or government agencies.