Language Selection

English French German Italian Portuguese Spanish

Red Hat Risk Reflex (The Linux Security Flaw That Isn't)

Filed under
Red Hat
Security

News headlines screaming that yet another Microsoft Windows vulnerability has been discovered, is in the wild or has just been patched are two a penny. Such has it ever been. News headlines declaring that a 'major security problem' has been found with Linux are a different kettle of fish. So when reports of an attack that could circumvent verification of X.509 security certificates, and by so doing bypass both secure sockets layer (SSL) and Transport Layer Security (TLS) website protection, people sat up and took notice. Warnings have appeared that recount how the vulnerability can impact upon Debian, Red Hat and Ubuntu distributions. Red Hat itself issued an advisory warning that "GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification... An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid." In all, at least 200 operating systems actually use GnuTLS when it comes to implementing SSL and TLS and the knock-on effect could mean that web applications and email alike are vulnerable to attack. And it's all Linux's fault. Or is it?

Read more ►

More in Tux Machines

Android Leftovers

Availability of Qt Free Edition

In my last blog posts, I explained the KDE Free Qt Foundation, which guarantees the free availability of the Qt Toolkit. Today, The Qt Company introduced a new Qt online installer that requires users to accept additional license terms. Many people have contacted me with concerns about this change. I share this concern. Even before this, I have already been concerned about the structure of the qt.io download page, since it blurs the lines between the Qt Toolkit itself and additional, proprietary products. Read more

Valve's Mods Blunder Prompts Reddit Community to Create Open Source Steam Replacement

Valve has recently gone through a major PR debacle after the company announced that it's implementing paid mods for games and Skyrim in particular. Their decision was short-lived, and it was retracted, but they have managed to incur the rage of the community. Independent developers are now working on a new game launcher that will make Steam obsolete. Read more

Biicode goes open source early after outpouring of community support

After the announcement, our community growth skyrocketed. Our investors were so impressed by the welcoming of our open source announcement that they let us go ahead with open sourcing biicode early. We worked hard to release most of it in biicode 3.0. Read more