Language Selection

English French German Italian Portuguese Spanish

Security

GNU hackers discover HACIENDA government surveillance and give us a way to fight back

Filed under
GNU
Security

GNU community members and collaborators have discovered threatening details about a five-country government surveillance program codenamed HACIENDA. The good news? Those same hackers have already worked out a free software countermeasure to thwart the program.

According to Heise newspaper, the intelligence agencies of the United States, Canada, United Kingdom, Australia, and New Zealand, have used HACIENDA to map every server in twenty-seven countries, employing a technique known as port scanning. The agencies have shared this map and use it to plan intrusions into the servers. Disturbingly, the HACIENDA system actually hijacks civilian computers to do some of its dirty work, allowing it to leach computing resources and cover its tracks.

Read more

Black Hat 2014: Open Source Could Solve Medical Device Security

Filed under
OSS
Security

On the topic of source code liability, Greer suggests that eventually software developers, including medical device development companies, will be responsible for the trouble their software causes (or fails to prevent). I think it’s fair to say that it is impossible to guarantee a totally secure system. You cannot prove a negative statement after all. Given enough time, most systems can be breached. So where does this potential liability end? What if my company has sloppy coding standards, no code reviews, or I use a third-party software library that has a vulnerability? Should hacking be considered foreseeable misuse?

Read more

Linux kernel devs made to finger their dongles before contributing code

Filed under
Development
Linux
Security

Beginning on Monday, the security of the Linux kernel source code has become a little bit tighter with the addition of two-factor authentication for the kernel's Git code repositories.

Contributing code changes to the Linux kernel sources at Kernel.org already required more than just a password, even before the change. Developers must use their own unique SSH public keys to login to the Git repositories. But not even this added security layer was truly failsafe – as the software's maintainers found out in 2011 when their servers were rooted.

Read more

We still believe in Linus’ law after Heartbleed bug, says Elie Auvray of Jahia

Filed under
Interviews
OSS
Security

Jahia was incepted in 2002 in Switzerland – the name comes from the contraction of Java (our core language) and Bahia (which means “bay” in Brazil). To support the international growth of the project, Jahia Solutions Group was later formed (in 2005) with offices throughout Europe and Jahia Inc. (the US subsidiary) was created in 2008. Jahia has now offices in Geneva, Paris, Toronto, Chicago, Washington, DC, Dusseldorf and Klagenfurt – and outsourced support centers in Australia and Nicaragua.

Read more

PiPhone interview with Dave Hunt

Filed under
Development
Linux
Interviews
Security

Turning your Raspberry Pi into a mobile phone is a lot simpler than you’d think, albeit a little chunky. Linux User talks to Dave Hunt about one of his many pet projects.

Read more

German researchers develop defense software: Potential protection against the "Hacienda" intelligence program

Filed under
GNU
Linux
Security

Grothoff and his students at TUM have developed the "TCP Stealth" defense software, which can inhibit the identification of systems through both Hacienda and similar cyberattack software and, as a result, the undirected and massive takeover of computers worldwide, as Grothoff explains. "TCP Stealth" is free software that has as its prerequisites particular system requirements and computer expertise, for example, use of the GNU/Linux operating system. In order to make broader usage possible in the future, the software will need further development.

Read more

Best Alternatives to Tor: 12 Programs to Use Since NSA, Hackers Compromised Tor Project

Filed under
GNU
Linux
Security
Debian

Tor May Have Been Compromised, Linux Based OS's Like Tails Offer The Best Supplement

Read more

Is Linux More Secure than Windows?

Filed under
GNU
Linux
Microsoft
Security

When it comes to control systems, a common question has long been: Is Linux inherently more secure than Windows? Being a fan of Linux/Unix systems, I desperately want to answer “yes” to this question. During the 1980s and 1990s, so much of the work I was involved in ran under Unix. These days I run Linux on my home computer, and once a year I boot up a Windows XP virtual machine running under Virtual Box, to run my tax software. In the office, I rant about the lousy Windows operating system (OS) and ask why the world doesn’t switch to Linux. And as much as I hate to admit it, as a system integrator I am mostly locked into dealing with Microsoft’s flavor of the month operating system because of customer standards and the tools available.

From the appearance of “Brain,” which is recognized as the first computer virus, in 1986, to Stuxnet to the Zotob worm (the virus that knocked 13 of DaimlerChrysler’s U.S. automobile manufacturing plants offline), one thing all these viruses have in common is that they were directed at Microsoft’s operating systems. However, according to Zone-H (an archive of defaced websites), in a statistics report for the period 2005-2007: “In the past the most attacked operating system was Windows, but many servers were migrated from Windows to Linux… Therefore the attacks migrated as well, as Linux is now the most attacked operating system with 1, 485,280 defacements against 815,119 in Windows systems (numbers calculated since 2000).”

Read more

Free Linux Firewall OS IPFire 2.15 Core 81 Features Gets Multiple Fixes

Filed under
OS
GNU
Linux
Security

Michael Tremer, a developer for the ipfire.org team, has announced that IPFire 2.13 Core 81, a new stable build of the popular Linux-based firewall distribution, bringing quite a few security fixes.

Read more

Linux Security Threats on the Rise

Filed under
GNU
Linux
Security

Every year, heck...every month, Linux is adopted by more companies and organizations as an important if not primary component of their enterprise platform. And the more serious the hardware platform, the more likely it is to be running Linux. 60% of servers, 70% of Web servers and 95% of all supercomputers are Linux-based!

Even if they're not "Linux shops", companies realize certain benefits from bringing Linux in for specific purposes. Its reliability, flexibility, scalability and cost of ownership offer huge advantages over other OSes...but I don't have to tell you that, do I? You probably earn your keep because of these statistics!

Read more

Syndicate content

More in Tux Machines

Munich Reversal Turnaround, Linus on the Desktop, and Red Hat Time Protocol

Monday we reported that Munich was throwing in the Linux towel, but today we find that may not be exactly the case. In other news, Linus Torvalds today said he still wants the desktop. There are lots of other LinuxCon links and a few gaming posts to highlight. And finally today, Red Hat's Eric Dube explains RHEL 7's new time protocol. Read more

NHS open-source Spine 2 platform to go live next week

Last year, the NHS said open source would be a key feature of the new approach to healthcare IT. It hopes embracing open source will both cut the upfront costs of implementing new IT systems and take advantage of using the best brains from different areas of healthcare to develop collaborative solutions. Meyer said the Spine switchover team has “picked up the gauntlet around open-source software”. The HSCIC and BJSS have collaborated to build the core services of Spine 2, such as electronic prescriptions and care records, “in a series of iterative developments”. Read more

What the Linux Foundation Does for Linux

Jim Zemlin, the executive director of the Linux Foundation, talks about Linux a lot. During his keynote at the LinuxCon USA event here, Zemlin noted that it's often difficult for him to come up with new material for talking about the state of Linux at this point. Every year at LinuxCon, Zemlin delivers his State of Linux address, but this time he took a different approach. Zemlin detailed what he actually does and how the Linux Foundation works to advance the state of Linux. Fundamentally it's all about enabling the open source collaboration model for software development. "We are seeing a shift now where the majority of code in any product or service is going to be open source," Zemlin said. Zemlin added that open source is the new Pareto Principle for software development, where 80 percent of software code is open source. The nature of collaborative development itself has changed in recent years. For years the software collaboration was achieved mostly through standards organizations. Read more

Arch-based Linux distro KaOS 2014.08 is here with KDE 4.14.0

The Linux desktop community has reached a sad state. Ubuntu 14.04 was a disappointing release and Fedora is taking way too long between releases. Hell, OpenSUSE is an overall disaster. It is hard to recommend any Linux-based operating system beyond Mint. Even the popular KDE plasma environment and its associated programs are in a transition phase, moving from 4.x to 5.x. As exciting as KDE 5 may be, it is still not ready for prime-time; it is recommended to stay with 4 for now. Read more