Language Selection

English French German Italian Portuguese Spanish

Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

Filed under
GNU
Linux

The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn't be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.

Read more ►

More in Tux Machines

MediaTek launches developer portal, debuts Android SDK

MediaTek announced a Mediatek Labs hacker site, plus a MediaTek SDK for Android and a “LinkIt” RTOS that runs on an ARM-based, IoT-oriented “Aster” SoC. For years, Taiwan-based MediaTek has offered ARM-based system-on-chips for Android, starting with the budget market, but more recently offering powerful SoCs such as the MediaTek MT6595, an octa-core SoC with four 2.5GHz Cortex-A17 cores. Now, the company is extending its development support by launching a MediaTek Labs portal division based in Silicon Valley. The first offerings include a preview release of MediaTek SDK for Android, which provides a set of extensions that build on Google’s Android SDK. Read more

The skinny on thin Linux

Much commotion has surrounded this column in the past few weeks. Not even counting the systemd discussion, my call for a server-only Linux distribution that does not support any desktop applications or frameworks caused a tizzy, mostly from folks who couldn't quite grasp that I wasn't only talking about not selecting desktop packages during installation. Read more

CipherShed: A replacement for TrueCrypt

While the Open Crypt Audit Project, headed by cryptographer Matthew Green and Kenneth White, Principal Scientist at Social & Scientific Systems, has been considering whether to take over the development of TrueCrypt and is working on the second phase of the audit process (a thorough analysis of the code responsable for the actual encryption process), one of TrueCrypt's developers has expressed his disapproval of a project that would fork the software. Read more

Red Hat CEO announces a shift from client-server to cloud computing

Red Hat is in the midst of changing its image from a top Linux company to the future king of cloud computing. CEO Jim Whitehurst told me in 2011 that the Platform-as-a-Service (PaaS) cloud would be Red Hat's future. Today in a blog posting, Whitehurst underlined this shift from Linux to OpenStack. Read more