Language Selection

English French German Italian Portuguese Spanish

Security: Slingshot, Symantec Certification Authorities, and DDoS Defense

Filed under
Security
  • Potent malware that hid for six years spread through routers

    Slingshot—which gets its name from text found inside some of the recovered malware samples—is among the most advanced attack platforms ever discovered, which means it was likely developed on behalf of a well-resourced country, researchers with Moscow-based Kaspersky Lab reported Friday. The sophistication of the malware rivals that of Regin—the advanced backdoor that infected Belgian telecom Belgacom and other high-profile targets for years—and Project Sauron, a separate piece of malware suspected of being developed by a nation-state that also remained hidden for years.

  • Distrust of Symantec TLS Certificates

    A Certification Authority (CA) is an organization that browser vendors (like Mozilla) trust to issue certificates to websites. Last year, Mozilla published and discussed a set of issues with one of the oldest and largest CAs run by Symantec. The discussion resulted in the adoption of a consensus proposal to gradually remove trust in all Symantec TLS/SSL certificates from Firefox. The proposal includes a number of phases designed to minimize the impact of the change to Firefox users:

  • How Creative DDOS Attacks Still Slip Past Defenses

    Distributed denial of service attacks, in which hackers use a targeted hose of junk traffic to overwhelm a service or take a server offline, have been a digital menace for decades. But in just the last 18 months, the public picture of DDoS defense has evolved rapidly. In fall 2016, a rash of then-unprecedented attacks caused internet outages and other service disruptions at a series of internet infrastructure and telecom companies around the world. Those attacks walloped their victims with floods of malicious data measured up to 1.2 Tbps. And they gave the impression that massive, "volumetric" DDOS attacks can be nearly impossible to defend against.

More in Tux Machines

Openwashing and FUD, Notably Microsoft

Linux Foundation: O-RAN, Hyperledger, Open Source Compliance and More

  • Verizon joins O-RAN Alliance board
    After announcing earlier this year that the xRAN Forum and C-RAN Alliance were merging, the O-RAN Alliance announced new board members—including Verizon—and a collaboration with the Linux Foundation on open source software. Verizon’s participation in the O-RAN Alliance isn’t a surprise given its work on Open RAN initiatives and its earlier involvement in the xRAN Forum—it was a contributor to the xRAN fronthaul specification that was released in April. That specification defines open interfaces between the remote radio unit/head (RRU/RRH) and the baseband unit (BBU) to simplify interoperability between suppliers. [...] O-RAN also said it has started collaboration arrangements with The Linux Foundation to establish an open source software community for the creation of open source RAN software. Collaboration with The Linux Foundation will enable the creation of open source software supporting the O-RAN architecture and interfaces.
  • O-RAN Alliance and Linux to create an open source software community
    The O-RAN Alliance announced that Reliance Jio, TIM, and Verizon have joined the O-RAN board. AT&T CTO Andre Fuetsch says, “It’s encouraging to see the O-RAN Alliance off to such a strong start and gaining momentum as we welcome three new board members. “It’s important that the wireless industry continues to come together to drive forward O-RAN’s goals for open networking, software, and virtualisation in global wireless networks especially as 5G is closer than ever.”
  • Hyperledger Onboards 12 New Members Including Alibaba Cloud, Deutsche Telekom and Citi
    Hyperledger has onboarded 12 new members, including such major firms as Alibaba Cloud, Citi, and Deutsche Telekom, according to an announcement published on Dec. 11. Launched in 2016, Hyperledger is an open source project created by the Linux Foundation and created to support the development of blockchain-based distributed ledgers. The new members were announced at the Hyperledger Global Forum in Basel, Switzerland. The latest general members that joined the initiative include Alibaba Cloud, a subsidiary of the e-commerce giant; financial services firm Citigroup, Deutsche Telekom, one of the largest telecoms providers in Europe; and European blockchain trading platform we.trade, among others.
  • Open Source Compliance in the Enterprise
    Open Source Compliance in the Enterprise, 2nd edition, by Ibrahim Haddad outlines best practices for organizations to adopt and use open source code in products and services, as well as participate in open source communities in a legal and responsible way.
  • Linux Foundation Brings the Year to a Close with 21 New Members Making the Commitment to Open Source
    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the addition of 18 Silver members and 3 Associate members. Linux Foundation members help support development of shared technology resources, while accelerating their own innovation through open source leadership and participation in some of the world’s most successful open source projects including Hyperledger, Kubernetes, Linux, Node.js and ONAP. Linux Foundation member contributions help provide the infrastructure and resources that enable the world’s largest open collaboration communities. Since the start of 2018, on average a new organization has joined The Linux Foundation every day.

Security: Linux.org and FUD

iCEBreaker, The Open Source Development Board for FPGAs

The Hackaday Superconference is over, which is a shame, but one of the great things about our conference is the people who manage to trek out to Pasadena every year to show us all the cool stuff they’re working on. One of those people was [Piotr Esden-Tempski], founder of 1 Bit Squared, and he brought some goodies that would soon be launched on a few crowdfunding platforms. The coolest of these was the iCEBreaker, an FPGA development kit that makes it easy to learn FPGAs with an Open Source toolchain. Read more