Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • A Step Forward for Security [iophk: "end point compromise negates many theoretical advantages"]

    While we are all mesmerized by the presidential crises, a small, but quite significant change occurred in Congress: the Senate Sergeant at Arms approved the use of Signal by Senate staff. Signal, a product of Open Whisper Systems, provides end-to-end encryption for Apple and Android phones.

  • Why Europe’s dependency on Microsoft is a huge security risk

    On May 12, hackers hit more than a hundred countries, exploiting a stolen N.S.A. tool that targeted vulnerabilities of Microsoft software. The attacks infected only machines running on Windows operative system. Among the victims are public administrative bodies such as NHS hospitals in the UK. Investigate Europe spent months to investigate the dire dependency of European countries on Microsoft – and the security risks this entails

  • NSA told Microsoft about stolen exploits: officials

    Current and former NSA officials say the agency informed Microsoft about the theft of the exploit named EternalBlue after learning of it, making it possible for the Redmond software giant to issue a patch for it in March. The exploit was used in the WannaCry ransomware attacks over last weekend.

  • Shadow Brokers claims Microsoft hand-in-glove with NSA

    The group that released NSA exploits for Windows, which were used in massive ransomware attacks last weekend, has accused Microsoft of being hand-in-glove with The Equation Group, a group that is believed to be a front for the NSA.

  • NSA officials worried about the day its potent hacking tool would get loose. Then it did.

    But for more than five years, the NSA kept using it — through a time period that has seen several serious security breaches — and now the officials' worst fears have been realized. The malicious code at the heart of the WannaCry virus that hit computer systems globally late last week was apparently stolen from the NSA, repackaged by cybercriminals and unleashed on the world for a cyberattack that now ranks as among the most disruptive in history.

  • Shadow Brokers threaten to unleash more hacking tools

    The so-called Shadow Brokers, who claimed responsibility for releasing NSA tools that were used to spread the WannaCry ransomware through the NHS and across the world, said they have a new suite of tools and vulnerabilities in newer software. The possible targets include Microsoft's Windows 10, which was unaffected by the initial attack and is on at least 500m devices around the world.

More in Tux Machines

How To Encrypt DNS Traffic In Linux Using DNSCrypt

​Dnscrypt is a protocol that is used to improve DNS security by authenticating communications between a DNS client and a DNS resolver. DNSCrypt prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with. DNSCrypt is available for multi-platforms including Windows, MacOS, Unix, Android, iOS, Linux and even routers. Read
more

Debian-Based Untangle 13.0 Linux Firewall Tackles Bufferbloat, Adds New Features

Untangle NG Firewall, the open-source and powerful Debian-based network security platform featuring pluggable modules for network apps, has been updated to version 13.0, a major release adding new features and numerous improvements. The biggest improvement brought by the Untangle NG Firewall 13.0 release is to the poor latency generated by excess buffering in networking equipment, called bufferbloat, by supporting a queueing algorithm designed to optimize QoS and bandwidth to enforce a controlled delay. Read more

Kernel Space: HMM, Cloud Native, Linux 4.12, TFS, Linux 4.11.2, and 4.10 EoL

  • Faster machine learning is coming to the Linux kernel
    Heterogenous memory management (HMM) allows a device’s driver to mirror the address space for a process under its own memory management. As Red Hat developer Jérôme Glisse explains, this makes it easier for hardware devices like GPUs to directly access the memory of a process without the extra overhead of copying anything. It also doesn't violate the memory protection features afforded by modern OSes.
  • Product Development in the Age of Cloud Native
    Ever since the mass adoption of Agile development techniques and devops philosophies that attempt to eradication organizational silos, there’s been a welcome discussion on how to optimize development for continuous delivery on a massive scale. Some of the better known adages that have taken root as a result of this shift include “deploy in production after checking in code” (feasible due to the rigorous upfront testing required in this model), “infrastructure as code”, and a host of others that, taken out of context, would lead one down the path of chaos and mayhem. Indeed, the shift towards devops and agile methodologies and away from “waterfall” has led to a much needed evaluation of all processes around product and service delivery that were taken as a given in the very recent past.
  • Running Intel Kabylake Graphics On Linux 4.12
  • TFS File-System Still Aiming To Compete With ZFS, Written In Rust
    The developers behind the Rust-based Redox operating system continue working on the "TFS" file-system that they hope will compete with the long-standing ZFS file-system, but TFS isn't being tied to just Redox OS.
  • Linux Kernel 4.10 Reached End of Life, Users Urged to Move to Linux 4.11 Series
    Greg Kroah-Hartman informed the Linux community about the release and immediate availability of the seventeenth maintenance update to the Linux 4.10 kernel series, which also marked the end of life.
  • Linux Kernel 4.11.2 Has Many F2FS and CIFS Improvements, Lots of Updated Drivers

ROSA Fresh R9

ROSA is a desktop distribution that was originally forked from Mandriva Linux, but now is independently developed. While the company which produces ROSA is based in Russia, the distribution includes complete translations for multiple languages. The ROSA desktop distribution is designed to be easy to use and includes a range of popular applications and multimedia support. ROSA R9 is available in two editions, one featuring the KDE 4 desktop and the second featuring the KDE Plasma 5 desktop. These editions are scheduled to receive four years of support and security updates. I decided to download the Plasma edition of ROSA R9 and found the installation media to be approximately 2GB in size. Booting from the ROSA disc brings up a menu asking if we would like to load the distribution's live desktop environment or begin the installation process. Taking the live option brings up a graphical wizard that asks us a few questions. We are asked to select our preferred language from a list and accept the project's warranty and license. We are then asked to select our time zone and keyboard layout from lists. With these steps completed, the wizard disappears and the Plasma 5.9 desktop loads. Read more