Language Selection

English French German Italian Portuguese Spanish

Security

Security News

Filed under
Security
  • OpenSSL 1.1.0 released
  • Security advisories for Friday
  • Openwall 3.1-20160824 is out

    New Openwall GNU/*/Linux ISO images and OpenVZ container templates are out.

  • Scorpene Leak Could Be Part Of 'Economic War,' Says French Maker: 10 Facts

    The leak, was first reported in The Australian newspaper. Ship maker DCNS has a nearly 38 billion dollar contract with Australia, but the leak has no mention of the 12 vessels being designed for Australia.

  • Homeland Security has 'open investigation' into Leslie Jones hacking

    The Department of Homeland Security is investigating the cyberattack against Ghostbusters actor Leslie Jones one day after her personal information and explicit images were leaked online.

    In a short statement on Thursday, a spokesperson for the US Immigration and Customs Enforcement agency said that the Homeland Security investigations unit in New York “has an open investigation into this matter”.

    “As a matter of agency policy and in order to protect the integrity of an ongoing investigation, we will not disclose any details,” the statement said.

    “As a matter of agency policy, we are unable to disclose any information related to an active investigation,” a spokeswoman said.

Security News

Filed under
Security
  • Thursday's security updates
  • Priorities in security
  • How Core Infrastructure Initiative Aims to Secure the Internet

    In the aftermath of the Heartbleed vulnerability's emergence in 2014, the Linux Foundation created the Core Infrastructure Initiative (CII)to help prevent that type of issue from recurring. Two years later, the Linux Foundation has tasked its newly minted CTO, Nicko van Someren, to help lead the effort and push it forward.

    CII has multiple efforts under way already to help improve open-source security. Those efforts include directly funding developers to work on security, a badging program that promotes security practices and an audit of code to help identify vulnerable code bases that might need help. In a video interview with eWEEKat the LinuxCon conference here, Van Someren detailed why he joined the Linux Foundation and what he hopes to achieve.

  • Certificate Authority Gave Out Certs For GitHub To Someone Who Just Had A GitHub Account

    For many years now, we've talked about the many different problems today's web security system has based on the model of security certificates issued by Certificate Authorities. All you need is a bad Certificate Authority be trusted and a lot of bad stuff can happen. And it appears we've got yet another example.

    A message on Mozilla's security policy mailing list notes that a free certificate authority named WoSign appeared to be doing some pretty bad stuff, including handing out certificates for a base domain if someone merely had control over a subdomain. This was discovered by accident, but then tested on GitHub... and it worked.

Red Hat Enterprise Linux 7.3 Beta Adds NVDIMM Support, Improves Security

Filed under
Red Hat
Security

Today, August 25, 2016, Red Hat announced that version 7.3 of its powerful Red Hat Enterprise Linux operating system is now in development, and a Beta build is available for download and testing.

Red Hat Enterprise Linux 7.3 Beta brings lots of improvements and innovations, support for new hardware devices, and improves the overall security of the Linux kernel-based operating system used by some of the biggest enterprises and organizations around the globe. Among some of the major new features implemented in the Red Hat Enterprise Linux 7.3 release, we can mention important networking improvements, and support for Non-Volatile Dual In-line Memory Modules (NVDIMMs).

Read more

Also: CentOS 6 Linux OS Receives Important Kernel Security Update from Red Hat

Release of Red Hat Virtualization 4 Offers New Functionality for Workloads

Security News

Filed under
Security
  • Jay Beale: Linux Security and Remembering Bastille Linux

    Security expert and co-creator of the Linux-hardening (and now Unix-hardening) project Bastille Linux. That’s Jay Beale. He’s been working with Linux, and specifically on security, since the late 1980s. The greatest threat to Linux these days? According to Beale, the thing you really need to watch out for is your Android phone, which your handset manufacturer and wireless carrier may or may not be good about updating with the latest security patches. Even worse? Applications you get outside of the controlled Google Play and Amazon environments, where who-knows-what malware may lurk.

    On your regular desktop or laptop Linux installation, Beale says the best security precaution you can take is encrypting your hard drive — which isn’t at all hard to do. He and I also talked a bit, toward the end, about how “the Linux community” was so tiny, once upon a time, that it wasn’t hard to know most of its major players. He also has some words of encouragement for those of you who are new to Linux and possibly a bit confused now and then. We were all new and confused once upon a time, and got less confused as we learned. Guess what? You can learn, too, and you never know where that knowledge can take you.

  • Automotive security: How safe is a next-generation car?

    The vehicles we drive are becoming increasingly connected through a variety of technologies. Features such as keyless entry and self-diagnostics are becoming commonplace. Unfortunately, they can also introduce IT security issues.

  • Let's Encrypt: Every Server on the Internet Should Have a Certificate

    The web is not secure. As of August 2016, only 45.5 percent of Firefox page loads are HTTPS, according to Josh Aas, co-founder and executive director of Internet Security Research Group. This number should be 100 percent, he said in his talk called “Let’s Encrypt: A Free, Automated, and Open Certificate Authority” at LinuxCon North America.

    Why is HTTPS so important? Because without security, users are not in control of their data and unencrypted traffic can be modified. The web is wonderfully complex and, Aas said, it’s a fool’s errand to try to protect this certain thing or that. Instead, we need to protect everything. That’s why, in the summer of 2012, Aas and his friend and co-worker Eric Rescorla decided to address the problem and began working on what would become the Let’s Encrypt project.

  • OpenSSL 1.1 Released With Many Changes

    OpenSSL 1.1.0 was released today as a major update to this free software cryptography and SSL/TLS toolkit.

    In addition to OpenSSL 1.1 rolling out a new build system and new security levels and support for pipelining and a new threading API, security additions to OpenSSL 1.1 include adding the AFALG engine, support for ChaChao20 in libcrypto/libssl, scrypto algorithm support, and support for X25519, among many other additions.

  • Is Windows ​10’s ‘Hidden Administrator Account’ a security risk? [Ed: Damage control from Microsoft Jack (Jack Schofield) because Microsoft Windows is vulnerable by design]

Security News

Filed under
Security
  • Wednesday's security updates
  • This Android botnet relies on Twitter for its commands
  • Android Security Flaw Exposes 1.4B Devices [Ed: Alternative headline is, "Android is very popular, it has billions of users. And yes, security ain’t perfect." When did the press ever publish a headline like, "Windows flaw leaves 2 billion PCs susceptible for remote takeover?" (happens a lot)]
  • Wildfire ransomware code cracked: Victims can now unlock encrypted files for free

    Victims of the Wildfire ransomware can get their encrypted files back without paying hackers for the privilege, after the No More Ransom initiative released a free decryption tool.

    No More Ransom runs a web portal that provides keys for unlocking files encrypted by various strains of ransomware, including Shade, Coinvault, Rannoh, Rakhn and, most recently, Wildfire.

    Aimed at helping ransomware victims retrieve their data, No More Ransom is a collaborative project between Europol, the Dutch National Police, Intel Security, and Kaspersky Lab.

    Wildfire victims are served with a ransom note demanding payment of 1.5 Bitcoins -- the cryptocurrency favored by cybercriminals -- in exchange for unlocking the encrypted files. However, cybersecurity researchers from McAfee Labs, part of Intel Security, point out that the hackers behind Wildfire are open to negotiation, often accepting 0.5 Bitcoins as a payment.

    Most victims of the ransomware are located in the Netherlands and Belgium, with the malicious software spread through phishing emails aimed at Dutch speakers. The email claims to be from a transport company and suggests that the target has missed a parcel delivery -- encouraging them to fill in a form to rearrange delivery for another date. It's this form which drops Wildfire ransomware onto the victim's system and locks it down.

Security Leftovers

Filed under
Security

Security News

Filed under
Security

Canonical Releases Massive Mir 0.24.0 Display Server Update for Ubuntu Linux OS

Filed under
Security
Ubuntu

Canonical has pushed a new massive update (version 0.24.0) of the Mir display server used to power the Unity 8 user interface of the next-generation Ubuntu Linux operating system.

Read more

Security Leftovers

Filed under
Security

Security News

Filed under
Security
Syndicate content

More in Tux Machines

Bodhi Updates, KaOS & Antergos Reviews, Another 25?

Today in Linux news, Jeff Hoogland posted a short update on the progress of Bodhi Linux 4.0 and reported on the updates to the project's donations page. In other news, An Everyday Linux User reviewed Arch-based Antergos Linux saying it was "decent" and Ubuntu-fan Jack Wallen reviewed "beautiful" KDE-centric KaOS. makeuseof.com has five reasons to switch to the Ubuntu phone and Brian Fagioli asked if Linux can survive another 25 years. Read more

Rise of the Forks: Nextcloud and LibreOffice

  • ownCloud-Forked Nextcloud 10 Now Available
  • Secure, Monitor and Control your data with Nextcloud 10 – get it now!
    Nextcloud 10 is now available with many new features for system administrators to control and direct the flow of data between users on a Nextcloud server. Rule based file tagging and responding to these tags as well as other triggers like physical location, user group, file properties and request type enables administrators to specifically deny access to, convert, delete or retain data following business or legal requirements. Monitoring, security, performance and usability improvements complement this release, enabling larger and more efficient Nextcloud installations. You can get it on our install page or read on for details.
  • What makes a great Open Source project?
    Recently the Document Foundation has published its annual report for the year 2015. You can download it as a pdf by following this link, and you can now even purchase a paper copy of the report. This publication gives me the opportunity to talk a bit about what I think makes a great FOSS project and what I understand may be a great community. If it is possible to see this topic as something many people already went over and over again, think again: Free & Open Source Software is seen as having kept and even increased its momentum these past few years, with many innovative companies developing and distributing software licensed under a Free & Open Source license from the very beginning. This trend indicates two important points: FOSS is no longer something you can automagically use as a nice tag slapped on a commodity software; and FOSS projects cannot really be treated as afterthoughts or “nice-to-haves”. Gone are the days where many vendors could claim to be sympathetic and even supportive to FOSS but only insofar as their double-digits forecasted new software solution would not be affected by a cumbersome “community of developers”. Innovation relies on, starts with, runs thanks to FOSS technologies and practices. One question is to wonder what comes next. Another one is to wonder why Open Source is still seen as a complex maze of concepts and practices by so many in the IT industry. This post will try to address one major difficulty of FOSS: why do some projects fail while others succeed.

Red Hat News

  • Red Hat Virtualisation 4 woos VMware faithful
    It is easy for a virtual machine user to feel left out these days, what with containers dominating the discussion of how to run applications at scale. But take heart, VM fans: Red Hat hasn’t forgotten about you. Red Hat Virtualisation (RHV) 4.0 refreshes Red Hat’s open source virtualisation platform with new technologies from the rest of Red Hat’s product line. It is a twofold strategy to consolidate Red Hat’s virtualisation efforts across its various products and to ramp up the company’s intention to woo VMware customers.
  • Forbes Names Red Hat One of the World's Most Innovative Companies
    Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced it has been named to Forbes' “World’s Most Innovative Companies” list. Red Hat was ranked as the 25th most innovative company in the world, marking the company's fourth appearance on the list (2012, 2014, 2015, 2016). Red Hat was named to Forbes' "World's Most Innovative Growth Companies" list in 2011.
  • Is this Large Market Cap Stock target price reasonable for Red Hat, Inc. (NYSE:RHT)?

GNU/Linux Leftovers

  • World Wide Web became what it is thanks to Linux
    Linux is used to power the largest websites on the Internet, including Google, Facebook, Amazon, eBay, and Wikipedia.
  • SFC's Kuhn in firing line as Linus Torvalds takes aim
    A few days after he mused that there had been no reason for him to blow his stack recently, Linux creator Linus Torvalds has directed a blast at the Software Freedom Conservancy and its distinguished technologist Bradley Kuhn over the question of enforcing compliance of the GNU General Public Licence. Torvalds' rant came on Friday, as usual on a mailing list and on a thread which was started by Software Freedom Conservancy head Karen Sandler on Wednesday last week. She suggested that Linuxcon in Toronto, held from Monday to Thursday, also include a session on GPL enforcement.
  • Linux at 25: A pictorial history
    Aug. 25 marks the 25th anniversary of Linux, the free and open source operating system that's used around the globe in smarphones, tablets, desktop PCs, servers, supercomputers, and more. Though its beginnings were humble, Linux has become the world’s largest and most pervasive open source software project in history. How did it get here? Read on for a look at some of the notable events along the way.