Language Selection

English French German Italian Portuguese Spanish

Security: Slingshot, Symantec Certification Authorities, and DDoS Defense

Filed under
Security
  • Potent malware that hid for six years spread through routers

    Slingshot—which gets its name from text found inside some of the recovered malware samples—is among the most advanced attack platforms ever discovered, which means it was likely developed on behalf of a well-resourced country, researchers with Moscow-based Kaspersky Lab reported Friday. The sophistication of the malware rivals that of Regin—the advanced backdoor that infected Belgian telecom Belgacom and other high-profile targets for years—and Project Sauron, a separate piece of malware suspected of being developed by a nation-state that also remained hidden for years.

  • Distrust of Symantec TLS Certificates

    A Certification Authority (CA) is an organization that browser vendors (like Mozilla) trust to issue certificates to websites. Last year, Mozilla published and discussed a set of issues with one of the oldest and largest CAs run by Symantec. The discussion resulted in the adoption of a consensus proposal to gradually remove trust in all Symantec TLS/SSL certificates from Firefox. The proposal includes a number of phases designed to minimize the impact of the change to Firefox users:

  • How Creative DDOS Attacks Still Slip Past Defenses

    Distributed denial of service attacks, in which hackers use a targeted hose of junk traffic to overwhelm a service or take a server offline, have been a digital menace for decades. But in just the last 18 months, the public picture of DDoS defense has evolved rapidly. In fall 2016, a rash of then-unprecedented attacks caused internet outages and other service disruptions at a series of internet infrastructure and telecom companies around the world. Those attacks walloped their victims with floods of malicious data measured up to 1.2 Tbps. And they gave the impression that massive, "volumetric" DDOS attacks can be nearly impossible to defend against.

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story Watchdog: IRS botched Linux migration Roy Schestowitz 2 13/12/2018 - 5:22pm
Story Software: Vivaldi, QEMU and Manpages Roy Schestowitz 13/12/2018 - 4:08pm
Story OSS Leftovers Roy Schestowitz 13/12/2018 - 4:06pm
Story Servers: Apache Cassandra, Kubernetes and Red Hat Roy Schestowitz 13/12/2018 - 3:59pm
Story Openwashing and FUD, Notably Microsoft Roy Schestowitz 13/12/2018 - 3:56pm
Story Linux Foundation: O-RAN, Hyperledger, Open Source Compliance and More Roy Schestowitz 13/12/2018 - 3:28pm
Story Security: Linux.org and FUD Roy Schestowitz 13/12/2018 - 3:25pm
Story iCEBreaker, The Open Source Development Board for FPGAs Roy Schestowitz 13/12/2018 - 3:14pm
Story Android Leftovers Rianne Schestowitz 13/12/2018 - 1:27pm
Story Graphics: Wayland's Weston, AMD, GitLab, NVIDIA Roy Schestowitz 13/12/2018 - 12:58pm