Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Internet Providers to Use Private Routers as Public Hotspots

    The Juniper report highlighted the consumer benefits that the policy offers, such as free or reduced-fee access to the operator’s homespot network.
    At least one in three home routers will be used as public WiFi hotspots by 2017, and the total installed base of such dual-use routers will reach 366 million globally by the end of 2020, according to a report from Juniper Research.

  • Will you be my cryptovalentine?

    Over the last few year Free Software Foundation Europe runs a campaign called "I love Free Software Day". It's an opportunity to share your appreciation (or love) with the developers of your favorite Free Software project. So after you are done reading this post, choose your favorite project and send its developer(s) an appreciation email.

    Last year Zak Rogoff , had a great similar idea. On a post he wrote he suggested we use the Valentine's Day as an opportunity to use Free Software in order to setup secure and private communications with our significant other.

  • Pwn2Own Hacking Contest Returns as Joint HPE-Trend Micro Effort

    Over a half million dollars in prize money is up for grabs as the Zero Day Initiative browser hacking contest continues even as corporate ownership shifts.
    The annual Pwn2Own browser hacking competition that takes place at the CanSecWest conference is one of the premier security events in any given year, as security researchers attempt to demonstrate in real time zero-day exploits against modern Web browsers. This year there was initial concern that the event wouldn't happen, as the Zero Day Initiative (ZDI), which is the primary sponsor of Pwn2Own, is currently in a state of transition.

  • Kaspersky Researcher Shows How He Hacked His Hospital While Sitting In His Car

    When we visit a hospital, we put our complete trust in our doctor and the medical equipment that he/she uses. With advancement in technology, these equipment have become more complex and interconnected. Sadly, ensuring standard cybersecurity measures is not a top priority of the medical professionals. This fact was recently outlined by a Kaspersky security researcher who hacked a hospital while sitting in his car.

  • Amazon Cloud is Prepared for the Zombie Apocalypse

    There are a number of reasons why an Amazon Web Services (AWS) user might need to violate the acceptable terms of use - including the onset of a zombie apocalypse.

    Amazon updated its terms of service this week alongside its Lumberyard gaming development platform, with a new provision about acceptable use in connection with safety-critical systems.

Fysbis: The Linux Backdoor Used by Russian Hackers

Filed under
Linux
Security

Fysbis (or Linux.BackDoor.Fysbis) is a new malware family that targets Linux machines, on which it sets up a backdoor that allows the malware's author to spy on victims and carry out further attacks.

Read more

Security Leftovers

Filed under
Security
  • Security advisories for Thursday
  • These Vigilante Hackers Aim To Hack 200,000 Routers To Make Them More Secure

    Remember the white hat hackers — The White Team — responsible for creating the Linux.Wifatch malware last October? The same hackers are now planning to take over Lizard Squad’s botnet of infected IoT devices in an attempt to shut down their operations.

  • Skimmers Hijack ATM Network Cables

    If you have ever walked up to an ATM to withdraw cash only to decide against it after noticing a telephone or ethernet cord snaking from behind the machine to a jack in the wall, your paranoia may not have been misplaced: ATM maker NCR is warning about skimming attacks that involve keypad overlays, hidden cameras and skimming devices plugged into the ATM network cables to intercept customer card data.

Three nginx Vulnerabilities Closed in Ubuntu OSes

Filed under
Security

Canonical published details in a security notice regarding a few nginx vulnerabilities that have been identified in Ubuntu 15.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

The Linux Foundation’s Core Infrastructure Initiative Working with White House on Cybersecurity National Action Plan

Filed under
Linux
Security

The White House today announced its Cybersecurity National Action Plan (CNAP), which includes a series of steps and programs to enhance cybersecurity capabilities within the Federal Government and across the country. In the proposal, the White House announced collaboration with The Linux Foundation’s Core Infrastructure Initiative(CII) to better secure Internet "utilities" such as open-source software, protocols and standards.

Read more

Security Leftovers

Filed under
Security
  • Docker Engine Hardened with Secure Computing Nodes and User Namespaces

    Enterprise systems need enterprise-grade security. With this in mind, Docker Inc. has updated its core container engine with some potentially powerful security measures.

    Docker Inc. has described this release as “huge leap forward for container security.” The company also added a plethora of networking enhancements to Docker 1.10, released Thursday.

  • USENIX Enigma 2016 - Defending, Detecting, and Responding to Hardware and Firmware Attacks
  • Vulnerabilities in Font Processing Library Impact Firefox, Linux: Report

    Security researchers have found vulnerabilities in Graphite, also known as Libgraphite font processing library, that affects a number of systems. The vulnerabilities, if exploited, allow an attacker to seed malicious fonts to a machine. The Libgraphite library is utilised by Linux, Thunderbird, WordPad, Firefox, OpenOffice, as well as several other major platforms and applications.

    Security researchers from Cisco have posted an advisory to outline four vulnerabilities in the Libgraphite font processing library. One of the vulnerabilities allows the attackers to execute arbitrary code on the machine, and among other things, crash the system.

Tails 2.0

Filed under
Reviews
Security
Debian

The newest 2.0 release of Tails brings many enhancements to the distribution. Tails is now based on Debian 8 (Jessie), so packages from the 1.x releases of Tails have been updated to much newer versions. The desktop environment is now GNOME 3.14 running in Classic mode, which is a major advancement over the GNOME 3.4. desktop used in Tails 1.x. However, there is one drawback to this update -- Tails' optional Windows 8 look-alike theme is no longer available. While I normally do not like look-alike themes, having the desktop look like Windows 8 was an understandable and helpful feature in Tails. GNOME 3's Classic mode is a nice, clean environment, but it does not look like Windows or Mac OS X, so using Tails in public is bound to attract some attention.

Read more

Security Leftovers

Filed under
Security
  • ‘White hat’ then, Red Hat now

    “From white hat to Red Hat,” was the joke a senior executive of Red Hat quipped to Alessandro Perilli, after hearing excerpts from The Manila Times interview with him, to which Perilli answered back with a wink, and a seemingly knowing smile. In the vast world of technology, a “white hat” is an internet slang, which refers to an ethical computer hacker or a computer security expert who hacks with the intention of improving security systems.

    Perilli is currently the general manager for Cloud Management Strategy for Red Hat, the world’s leading provider of open source solutions. The technology company recently hosted a full-house Red Hat Forum Asia Pacific in Manila, where key senior executives were in attendance.

  • Vulnerability in Font Processing Library Affects Linux, OpenOffice, Firefox

    Four vulnerabilities in the Graphite (or libgraphite) font processing library allow attackers to compromise machines by supplying them with malicious fonts.

  • Air Force to develop cyber-squadrons, Gen. Hyten says at Broadmoor symposium

    The Air Force plans to revolutionize how it handles computer warfare by beefing up its force of cyberspace experts while contracting out easier jobs, like running the service's network.

  • USENIX Enigma 2016 - Usable Security–The Source Awakens
Syndicate content

More in Tux Machines

Kernel Space: Linux, Graphics

  • Linux kernel bug delivers corrupt TCP/IP data to Mesos, Kubernetes, Docker containers
    The Linux Kernel has a bug that causes containers that use veth devices for network routing (such as Docker on IPv6, Kubernetes, Google Container Engine, and Mesos) to not check TCP checksums. This results in applications incorrectly receiving corrupt data in a number of situations, such as with bad networking hardware. The bug dates back at least three years and is present in kernels as far back as we’ve tested. Our patch has been reviewed and accepted into the kernel, and is currently being backported to -stable releases back to 3.14 in different distributions (such as Suse, and Canonical). If you use containers in your setup, I recommend you apply this patch or deploy a kernel with this patch when it becomes available. Note: Docker’s default NAT networking is not affected and, in practice, Google Container Engine is likely protected from hardware errors by its virtualized network.
  • Performance problems
    Just over a year ago I implemented an optimization to the SPI core code in Linux that avoids some needless context switches to a worker thread in the main data path that most clients use. This was really nice, it was simple to do but saved a bunch of work for most drivers using SPI and made things noticeably faster. The code got merged in v4.0 and that was that, I kept on kicking a few more ideas for optimizations in this area around but that was that until the past month.
  • Compute Shader Code Begins Landing For Gallium3D
    Samuel Pitoiset began pushing his Gallium3D Mesa state tracker changes this morning for supporting compute shaders via the GL_ARB_compute_shader extension. Before getting too excited, the hardware drivers haven't yet implemented the support. It was back in December that core Mesa received its treatment for compute shader support and came with Intel's i965 driver implementing CS.
  • Libav Finally Lands VDPAU Support For Accelerated HEVC Decoding
    While FFmpeg has offered hardware-accelerated HEVC decoding using NVIDIA's VDPAU API since last summer, this support for the FFmpeg-forked libav landed just today. In June was when FFmpeg added support to its libavcodec for handling HEVC/H.265 video decoding via NVIDIA's Video Decode and Presentation API for Unix interface. Around that same time, developer Philip Langdale who had done the FFmpeg patch, also submitted the patch for Libav for decoding HEVC content through VDPAU where supported.

Unixstickers, Linux goes to Washington, Why Linux?

  • Unixstickers sent me a package!
    There's an old, popular saying, beware geeks bearing gifts. But in this case, I was pleased to see an email in my inbox, from unixstickers.com, asking me if I was interested in reviewing their products. I said ye, and a quick few days later, there was a surprise courier-delivered envelope waiting for me in the post. Coincidentally - or not - the whole thing happened close enough to the 2015 end-of-the-year holidays to classify as poetic justice. On a slightly more serious note, Unixstickers is a company shipping T-shirts, hoodies, mugs, posters, pins, and stickers to UNIX and Linux aficionados worldwide. Having been identified one and acquired on the company's PR radar, I am now doing a first-of-a-kind Dedoimedo non-technical technical review of merchandise related to our favorite software. So not sure how it's gonna work out, but let's see.
  • Linux goes to Washington: How the White House/Linux Foundation collaboration will work
    No doubt by now you've heard about the Obama Administration's newly announced Cybersecurity National Action Plan (CNAP). You can read more about it on CIO.com here and here. But what you may not know is that the White House is actively working with the Linux and open source community for CNAP. In a blog post Jim Zemlin, the executive director of the Linux Foundation said, “In the proposal, the White House announced collaboration with The Linux Foundation’s Core Infrastructure Initiative (CII) to better secure Internet 'utilities' such as open-source software, protocols and standards.”
  • Why Linux?
    Linux may inspire you to think of coders hunched over their desks (that are littered with Mountain Dew cans) while looking at lines of codes, faintly lit by the yellow glow of old CRT monitors. Maybe Linux sounds like some kind of a wild cat and you have never heard the term before. Maybe you have use it every day. It is an operating system loved by a few and misrepresented to many.

RebeccaBlackOS 2016-02-08 Review. Why? Because it’s Friday.

These are the types of problems found in an independent distro build from scratch. I cannot understand how a system built on Debian could be this buggy and apparently have zero VM support which Debian comes with by default. I can take some solace in the fact that it was built by one person and that one person is a Rebecca Black fan but as far as a Linux Distribution is concerned there is not much here. Some could say “Well its not supposed to be taken as a serious Distribution.” True except it is listed and kept up with on DistroWatch therefor it should be held as a system ready distribution especially when it was not released as a beta or an RC. If this distribution is ever going to be considered a real platform it has a long way to go. I give it about as many thumbs down as the Rebecca Black Friday video. Read more

Android More Leftovers