Language Selection

English French German Italian Portuguese Spanish

Security: Slingshot, Symantec Certification Authorities, and DDoS Defense

Filed under
Security
  • Potent malware that hid for six years spread through routers

    Slingshot—which gets its name from text found inside some of the recovered malware samples—is among the most advanced attack platforms ever discovered, which means it was likely developed on behalf of a well-resourced country, researchers with Moscow-based Kaspersky Lab reported Friday. The sophistication of the malware rivals that of Regin—the advanced backdoor that infected Belgian telecom Belgacom and other high-profile targets for years—and Project Sauron, a separate piece of malware suspected of being developed by a nation-state that also remained hidden for years.

  • Distrust of Symantec TLS Certificates

    A Certification Authority (CA) is an organization that browser vendors (like Mozilla) trust to issue certificates to websites. Last year, Mozilla published and discussed a set of issues with one of the oldest and largest CAs run by Symantec. The discussion resulted in the adoption of a consensus proposal to gradually remove trust in all Symantec TLS/SSL certificates from Firefox. The proposal includes a number of phases designed to minimize the impact of the change to Firefox users:

  • How Creative DDOS Attacks Still Slip Past Defenses

    Distributed denial of service attacks, in which hackers use a targeted hose of junk traffic to overwhelm a service or take a server offline, have been a digital menace for decades. But in just the last 18 months, the public picture of DDoS defense has evolved rapidly. In fall 2016, a rash of then-unprecedented attacks caused internet outages and other service disruptions at a series of internet infrastructure and telecom companies around the world. Those attacks walloped their victims with floods of malicious data measured up to 1.2 Tbps. And they gave the impression that massive, "volumetric" DDOS attacks can be nearly impossible to defend against.

More in Tux Machines

How did you get started with Linux?

The Linux mascot is a penguin named Tux, so we thought it appropriate to celebrate Penguin Awareness Day for the conservation of penguin habitats and talk a little bit (more) about Linux. A few fun penguin facts: These furry creatures are flightless yet part of the bird family. Some are large, like the Emperor penguin, and some are small, like those found in New Zealand. And, the Gentoo penguin is known to swim up to a speed of 21 miles per hour! Now, for the Linux bit. I asked our writer community to describe the moment they learned about Linux or the moment they got it up on running on their machine. Here's what they shared. Read more

IPFire 2.21 - Core Update 127 is available for testing

New year, new update ready for testing! We have been busy over the holidays and are bringing you an update that is packed with new features and many many performance improvements. This is quite a long change log, but please read through it. It is worth it! Read more

Wine 4.0 To Be Released In The Next Few Days

With yesterday's release of Wine 4.0-RC7, the regression/bug count is low enough and the situation looking good that the stable Wine 4.0.0 release should be tagged in the next few days. Wine 4.0-RC7 should be the final release candidate and the stable 4.0 release tagged and issued in a short period of time. Wine founder Alexandre Julliard who manages the releases commented today, "Things are looking good for 4.0, we've made quite a bit of progress on the regressions, thank you to everybody who helped! rc7 should be the last release candidate, please give it a good last check. If no last minute issues are found, I'll release final 4.0 in a couple of days, and lift code freeze :-)" Read more

Android Leftovers