Language Selection

English French German Italian Portuguese Spanish

Security

Is Open Source an Open Invitation to Hack Webmail Encryption?

Filed under
OSS
Security

While the open source approach to software development has proven its value over and over again, the idea of opening up the code for security features to anyone with eyeballs still creates anxiety in some circles. Such worries are ill-founded, though.

One concern about opening up security code to anyone is that anyone will include the NSA, which has a habit of discovering vulnerabilities and sitting on them so it can exploit them at a later time. Such discoveries shouldn't be a cause of concern, argued Phil Zimmermann, creator of PGP, the encryption scheme Yahoo and Google will be using for their webmail.

Read more

Open source software: The question of security

Filed under
OSS
Security

The logic is understandable - how can a software with source code that can easily be viewed, accessed and changed have even a modicum of security?

opensource-security-question
Open source software is safer than many believe.
But with organizations around the globe deploying open source solutions in even some of the most mission-critical and security-sensitive environments, there is clearly something unaccounted for by that logic. According to a November 28 2013 Financial News article, some of the world's largest banks and exchanges, including Deutsche Bank and the New York Stock Exchange, have been active in open source projects and are operating their infrastructure on Linux, Apache and similar systems.

Read more

GNU hackers discover HACIENDA government surveillance and give us a way to fight back

Filed under
GNU
Security

GNU community members and collaborators have discovered threatening details about a five-country government surveillance program codenamed HACIENDA. The good news? Those same hackers have already worked out a free software countermeasure to thwart the program.

According to Heise newspaper, the intelligence agencies of the United States, Canada, United Kingdom, Australia, and New Zealand, have used HACIENDA to map every server in twenty-seven countries, employing a technique known as port scanning. The agencies have shared this map and use it to plan intrusions into the servers. Disturbingly, the HACIENDA system actually hijacks civilian computers to do some of its dirty work, allowing it to leach computing resources and cover its tracks.

Read more

Black Hat 2014: Open Source Could Solve Medical Device Security

Filed under
OSS
Security

On the topic of source code liability, Greer suggests that eventually software developers, including medical device development companies, will be responsible for the trouble their software causes (or fails to prevent). I think it’s fair to say that it is impossible to guarantee a totally secure system. You cannot prove a negative statement after all. Given enough time, most systems can be breached. So where does this potential liability end? What if my company has sloppy coding standards, no code reviews, or I use a third-party software library that has a vulnerability? Should hacking be considered foreseeable misuse?

Read more

Linux kernel devs made to finger their dongles before contributing code

Filed under
Development
Linux
Security

Beginning on Monday, the security of the Linux kernel source code has become a little bit tighter with the addition of two-factor authentication for the kernel's Git code repositories.

Contributing code changes to the Linux kernel sources at Kernel.org already required more than just a password, even before the change. Developers must use their own unique SSH public keys to login to the Git repositories. But not even this added security layer was truly failsafe – as the software's maintainers found out in 2011 when their servers were rooted.

Read more

We still believe in Linus’ law after Heartbleed bug, says Elie Auvray of Jahia

Filed under
Interviews
OSS
Security

Jahia was incepted in 2002 in Switzerland – the name comes from the contraction of Java (our core language) and Bahia (which means “bay” in Brazil). To support the international growth of the project, Jahia Solutions Group was later formed (in 2005) with offices throughout Europe and Jahia Inc. (the US subsidiary) was created in 2008. Jahia has now offices in Geneva, Paris, Toronto, Chicago, Washington, DC, Dusseldorf and Klagenfurt – and outsourced support centers in Australia and Nicaragua.

Read more

PiPhone interview with Dave Hunt

Filed under
Development
Linux
Interviews
Security

Turning your Raspberry Pi into a mobile phone is a lot simpler than you’d think, albeit a little chunky. Linux User talks to Dave Hunt about one of his many pet projects.

Read more

German researchers develop defense software: Potential protection against the "Hacienda" intelligence program

Filed under
GNU
Linux
Security

Grothoff and his students at TUM have developed the "TCP Stealth" defense software, which can inhibit the identification of systems through both Hacienda and similar cyberattack software and, as a result, the undirected and massive takeover of computers worldwide, as Grothoff explains. "TCP Stealth" is free software that has as its prerequisites particular system requirements and computer expertise, for example, use of the GNU/Linux operating system. In order to make broader usage possible in the future, the software will need further development.

Read more

Best Alternatives to Tor: 12 Programs to Use Since NSA, Hackers Compromised Tor Project

Filed under
GNU
Linux
Security
Debian

Tor May Have Been Compromised, Linux Based OS's Like Tails Offer The Best Supplement

Read more

Is Linux More Secure than Windows?

Filed under
GNU
Linux
Microsoft
Security

When it comes to control systems, a common question has long been: Is Linux inherently more secure than Windows? Being a fan of Linux/Unix systems, I desperately want to answer “yes” to this question. During the 1980s and 1990s, so much of the work I was involved in ran under Unix. These days I run Linux on my home computer, and once a year I boot up a Windows XP virtual machine running under Virtual Box, to run my tax software. In the office, I rant about the lousy Windows operating system (OS) and ask why the world doesn’t switch to Linux. And as much as I hate to admit it, as a system integrator I am mostly locked into dealing with Microsoft’s flavor of the month operating system because of customer standards and the tools available.

From the appearance of “Brain,” which is recognized as the first computer virus, in 1986, to Stuxnet to the Zotob worm (the virus that knocked 13 of DaimlerChrysler’s U.S. automobile manufacturing plants offline), one thing all these viruses have in common is that they were directed at Microsoft’s operating systems. However, according to Zone-H (an archive of defaced websites), in a statistics report for the period 2005-2007: “In the past the most attacked operating system was Windows, but many servers were migrated from Windows to Linux… Therefore the attacks migrated as well, as Linux is now the most attacked operating system with 1, 485,280 defacements against 815,119 in Windows systems (numbers calculated since 2000).”

Read more

Syndicate content

More in Tux Machines

Linux tutorial website

Hi guys, here you have a website that covers Linux basics: http://linux-bible.com. Most of the examples are from Ubuntu.

Today in Techrights

Edubuntu Vs UberStudent: Return To College With The Best Linux Distro

Importantly, there are a handful of programs that are on Edubuntu that UberStudent doesn’t have, such as KAlgebra, Kazium, KGeography, and Marble. Instead, UberStudent has a smaller collection of applications but it does include some useful items when it comes to writing papers that Edubuntu does not have. So ultimately, Edubuntu includes more programs that are information-heavy, while UberStudent includes more tools that can aid students in their studies but doesn’t directly give them any sort of information. Read more

Zotac Nvidia Jetson TK1 review

The Jetson TK1, Nvidia’s first development board to be marketed at the general public, has taken a circuitous route to our shores. Unveiled at the company’s Graphics Technology Conference earlier this year, the board launched in the US at a headline-grabbing price of $192 but its international release was hampered by export regulations. Zotac, already an Nvidia partner for its graphics hardware, volunteered to sort things out and has partnered with Maplin to bring the board to the UK. In doing so, however, the price has become a little muddled. $192 – a clever dollar per GPU core – has become £199.99. Compared to Maplin’s other single-board computer, the sub-£30 Raspberry Pi, it’s a high-end item that could find itself priced out of the reach of the company’s usual customers. Read more