Security News
-
Virus and malware protection not quite a nonissue for Linux [Ed: Bill Gates-funded newspaper]
The Linux operating system is seldom targeted, but it can happen, and whether to play it safe by using anti-virus and anti-malware software is a judgment call, Patrick Marshall writes. He also answers questions about emails that fail to arrive and Windows 10 installation.
-
LastPass 0Day — Why Using cleartext tokens in the URL is bad practice.
This is yet another reason why sanitizing OpenAuth or other token urls to the minimal allowed to resolve (the hostname) is good practice.
So exactly what is the issue at hand?
Well LastPass as with most password managers that in some way connect to a sync or cloud mechanism, uses a cookie of sorts on all sites you setup with autofill ( no typing needed, great defense against keyloggers), however the issue is that the parser to determine if such a site is accessed / logged in leaves cleartext tokens in the url and takes a malformed url as username:password @ foo.tld i.e. johndoe/mypassword@facebook.com which allows an attacker on a machine that is logged in (without 2fa –more on this later) to spill the beans about all passwords in 2 ways.
-
Huge Changes From Google That Will Impact Your Security
-
Google beefs Linux up kernel defenses in Android
-
Google strengthens Android security by toughening its Linux core
-
Malware Used in DNC Hack Has Roots in Chinese Open-Source Tool [Ed: Catalin Cimpanu helps DNC blame-shifting and FOSS-blaming propaganda by citing the Microsoft-connected CrowdStrike]
- Login or register to post comments
- Printer-friendly version
- 1303 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago