Language Selection

English French German Italian Portuguese Spanish

Security

Is Linux A More Secure Option Than Windows For Businesses?

Filed under
GNU
Linux
Microsoft
Security

There are many factors to consider when choosing an OS, security being among one of the most critical. The general consensus among experts is that Linux is the most secure OS by design - an impressive feat that can be attributed to a variety of characteristics including its transparent open-source code, strict user privilege model, diversity, built-in kernel security defenses and the security of the applications that run on it.

The high level of security, customization, compatibility and cost-efficiency that Linux offers make it a popular choice among businesses and organizations looking to secure high-value data. Linux has already been adopted by governments and tech giants around the world including IBM, Google and Amazon, and currently powers 97% of the top one million domains in the world. All of today’s most popular programming languages were first developed on Linux and can now run on any OS. In this sense, we’re all using Linux - whether we know it or not!

This article will examine why Linux is arguably the best choice for businesses looking for a flexible, cost-efficient, exceptionally secure OS. To help you weigh your options, we’ll explore how Linux compares to Windows in the level of privacy and protection against vulnerabilities and attacks it is able to offer all businesses and organizations.

Read more

Proprietary Software and Security

Filed under
Security
  • Google’s Project Zero Finds a Nation-State Zero-Day Operation

    Google’s Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: [...]

  • What if We Made Paying Ransoms Illegal?

    A lot of what I reacted to was the notion that this would be easy. “Disappear in a month”, he said. That’s hyperbole but I should have ignored it and focused on the argument.

    The part that most people latched on to, including me, was the notion that making something illegal can stop it from happening. As many pointed out, history has taught us that this doesn’t work many times. The war on drugs. Alcohol prohibition. The list goes on.

  • Setting up Starlink, SpaceX's Satellite Internet

    So I thought, why not let a cousin who lives out in a rural area try it out while I figure out what to do about mounting 'Dishy' (a common nickname for the Starlink satellite dish) on my own house?

    After all, my cousin Annie, who lives in Jonesburg, MO, currently pays for the maximum available DSL plan to her farm (Haarmann Farms), and gets a measly 5 Mbps down, and 0.46 Mbps up—on a good day: [...]

  • Facebook ‘knew about phone number data leak vulnerability two years before issue was fixed’, claims security researcher

    As Facebook defends its actions over a massive data leak, one researcher says he notified the company of the issue a full two years before the problem was fixed.

    Last week, Business Insider revealed that the personal data of more than 500 million Facebook users had been posted in a low-level hacking forum where phone numbers were being offered for sale.

    Facebook has defended itself in a lengthy blog post, pointing out that the data was obtained by scraping, rather than [cracking].

  • Facebook says [crackers] 'scraped' data of 533 million users in 2019 leak

    The data included phone numbers, birth dates, and email addresses, and some of the data appeared to be current, according to US media reports.

    The stolen [sic] data did not include passwords or financial data, according to Facebook.

    Scraping is a tactic that involves using automated software to gather up information shared publicly online.

Audiocasts/Shows: GNU World Order, Free Software Security Podcast, Linux Action News, Full Circle Weekly News

Filed under
GNU
Linux
Security

GnuPG 2.3.0 Is Released With New Default Public Key Algorithms, A New Key Daemon And More

Filed under
Software
Security

GnuPG is the de-facto standard for encrypted e-mail, and to some degree encrypted instant messages, within the free software world. Most FOSS e-mail software has built-in support or plugins for it. It is also used to sign software releases, ISO images for GNU/Linux distributions and a whole lot more. Nobody outside the FOSS community uses it or cares about it, which is a bit sad.

GnuPG 2.3.0 has quite a few improvements over previous versions. It now comes with a still experimental key database daemon that uses a SQLite database to store the keys. It can be enabled by adding use-keyboxd to $HOME/.gnupg/gpg.conf. There is a new separate configuration file for it called $HOME/.gnupg/gpgsm.conf. This daemon makes key look-ups much faster.

There's also a new tpm2d daemon for physically binding keys to a machine. You can read more about it in a blog post on gnupg.org titled Using a TPM with GnuPG 2.3. Most newer laptops in the upper price range come with a TPM module. Desktop computers tend to come with a empty motherboard header where one can be installed, so this is mostly useful if you have a fairly new high-end laptop or you are willing to buy a TPM module.

New GnuPG keys are now, by default, created with the ed25519/cv25519 public key algorithms. Similarly, AES is now the new last resort cipher preference instead of 3DES.

Read more

Security Leftovers

Filed under
Security
  • ClamAV 0.103.2 Is Released With Security Fixes For Four Vulnerabilities

    The free software anti-virus scanner ClamAV has, ironically, made a security release fixing four vulnerabilities. Two of them could cause it to crash, one could cause it to enter a endless loop and a Windows-specific vulnerability could lead to privilege escalation. ClamAV has 8,532,858 virus signatures it can scan for in its database.

  • Why the U.S. Shouldn’t Play Games With Cyberwarfare as Its Power Declines

    In the SolarWinds hack, a backdoor in one of the components was downloaded to the systems of 18,000 organizations, including the U.S. Treasury and Commerce departments, the Department of Homeland Security and the State Department.

    In the Microsoft Exchange Server hack, an estimated 250,000 machinesworldwide might have been affected by a vulnerability that allowed hackers to control the machines and even infect other systems in the internal network of the targeted companies. Four major vulnerabilities in Microsoft Exchange Server were reported to Microsoft in early January. Unfortunately, it wasn’t until early March that Microsoft released patches, according to ZDNet. These vulnerabilities were used by the hackers during the period that Microsoft had either not released the patches, or companies had not upgraded their systems and installed the patches.

  •  

  • LinkedIn denies data leak after two-thirds user base is compromised

                     

                       

    Personal data of 500 million LinkedIn users, two thirds of its user base, has been scraped and is for sale online, according to a report from Cyber News.

                       

    The data up for sale on a popular hacker platform includes account IDs, full names, email addresses, workplace information and links to social media accounts of users hosted on the platform.

  •                    

  • Linkedin data leak: Major breach exposes 500 million users on Microsoft platform [details]

                         

                           

    While people are yet to digest the huge Facebook data leak of 533 million users (including 6.1 million Indians), Microsoft-owned professional networking platform LinkedIn is now facing a massive data leak of 500 million users that is allegedly being sold online.

                           

    An archive with data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular [cracker] forum, with another 2 million records leaked as a proof-of-concept sample by people behind the [crack].

DRM and Security Leftovers

Filed under
Security

         

  • Game Publishers: If Your DRM, Anti-Cheat Software Does Creepy Installs, Warn Your Customers First

           

             

    Any cursory review of our stories involving DRM will leave a sane reader with only one impression: the spectrum of customer viewpoints on video game DRM ranges from total and complete disgust and hatred to tolerance of DRM as an annoyance. In other words, there is no positive side of this spectrum. There are no gamers that are pro-DRM, only those that put up with it. On the flip side, there are many folks who not only hate DRM in video games, but also many who are quite wary of what that DRM is and is doing on or to their machines. There are historical reasons for this, from DRM support falling off and bricking previously bought games to DRM practices that appear to install shady shit on gamers' PCs.

  • Security updates for Friday

    Security updates have been issued by Debian (lib3mf, php-pear, and python-django), Fedora (perl-Net-Netmask), openSUSE (flatpak, libostree, xdg-desktop-portal,, fwupd, fwupdate, and hostapd), Oracle (kernel, libldb, nettle, and squid), Red Hat (nettle), and SUSE (fwupdate, tpm2-tss-engine, and umoci).

  • Windows and Linux devices are under attack by a new cryptomining worm [Ed: Microsoft-funded Ars says nothing or not much about how such malware gets onto systems in the first place. Windows has NSA back doors and as far as we know GNU/Linux hasn't.]

    The Sysrv binary is a 64-bit Go binary that’s packed with the open source UPX executable packer. There are versions for both Windows and Linux. Two Windows binaries chosen at random were detected by 33 and 48 of the top 70 malware protection services, according to VirusTotal. Two randomly picked Linux binaries had six and nine.

  • PHP Maintainers Shared Update On PHP Source Code Compromise [Ed: Microsoft's GitHub is even worse when it comes to security because nobody is accountable and it's in the NSA's bag]

    PHP maintainer Nikita Popov have released a report after an unknown actor pushed backdoored code onto the official PHP Git repository.

    The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository.

Security, Privacy, and DRM

Filed under
Security
  • Uninformed Legislators Shoot Down Right To Repair Legislation In Colorado

    As we've noted a few times, 2021 is seeing record interest in new right to repair laws. Driven by grass roots activism, such laws are being pushed in more than fourteen states. Most variations not only protect your right to repair hardware you own, they open the door to more independent repair shops, and fewer corporate giants attempting to monopolize repair (Apple, John Deere, Microsoft, Sony, many more).

  • Another day, another data breach. Here’s how to see if you’ve been exposed

    In early April, security experts made public the details of yet another Facebook data breach, this one affecting over half a billion users. As originally reported by Business Insider, personal information on 533 million Facebook users spanning 106 countries surfaced in a hacking forum, with records including email addresses, phone numbers, full names, locations, birthdays, and relationship statuses. This data traces back to a vulnerability fixed by Facebook in 2019, which allowed the scraping of profiles.

  • Got your covid shots? You might have to prove it. [Ed: Linux Foundation pushing mass surveillance again, using COVID]

    “It’s a jumble,” says Jenny Wanger, who oversees covid-related initiatives for Linux Foundation Public Health. “This is all just a sign of how massively underfunded our public health infrastructure has been for so many years.”

  • Corona pass can be doctored, warns IT security expert

    Peter Kruse, the founder of IT security company CSIS, points out to DR that it “does not take a genius” to reuse the result of an old test to make it look like it is one carried out within the last 72 hours.

    “It is virtually impossible for a teacher or a hairdresser to check whether a test result is legitimate when the results are issued as they do,” he lamented.

    All it takes is two clicks on an [Internet] browser, he added.

  • “Vaccine Passports”: ACLU Warns of Privacy Nightmare That Could Create “Two-Tiered Society”

    As people try to find a safe way to gather and travel during the pandemic, there is growing interest in documenting who has been vaccinated or tested negative for COVID-19. The World Health Organization has warned so-called vaccine passports may not be an effective way to reopen, and healthcare professionals argue vaccine certificates may further exacerbate vaccine inequality. New York is already testing a digital vaccine passport app made by IBM called the Excelsior Pass, while countries including the U.K. and Israel have issued their own versions of electronic vaccine certificates. The U.S. government has ruled out the introduction of mandatory vaccine passports at the federal level, but many private companies are now developing COVID-19 tracking systems. ACLU policy analyst Jay Stanley says smartphone-based vaccine passport apps “raise a lot of questions” around privacy, access and discrimination. “We have systems in place already for proving you’ve been vaccinated,” he says. “Is that system so broken that we need to construct an entirely new electronic system?”

  • Fallback Directories - Upcoming Change

    This is to announce that the Tor Project network team will soon change how fallback directories are selected as we are about to update that list.

Fake Security of Proprietary Software

Filed under
Security

Security Leftovers

Filed under
Security

GnuPG 2.3 Released With New Experimental Key Database Daemon, TPM 2.0 Daemon

Filed under
Development
GNU
Security

Werner Koch announced the availability today of GnuPG 2.3 as the start of the (fairly stable, effectively production ready) test releases leading up to the GnuPG 2.4 stable update.

GnuPG 2.3 introduces a new experimental key database where the keys are stored in an SQLite database and allow for much faster key look-ups. This experimental key database can be enabled with the "use-keyboxd" option.

Also significant with GnuPG 2.3 is the new "tpm2d" daemon to allow physically binding keys to the local machine using Trusted Platform Module 2.0 (TPM2) hardware. This new GnuPG 2.3 functionality allows leveraging of TPM 2.0 hardware for protecting private keys as a nice security improvement that can be enjoyed with most modern systems.

Read more

Original: GnuPG 2.3.0 released

Syndicate content

More in Tux Machines

Programming Leftovers

  • Create Beautiful Websites Using Emacs Org Mode

    In my never-ending quest to find the perfect way to create beautiful (yet minimal) websites, I had to try out Org Export in Emacs. Since I tend to write everything in Org Mode these days, it would be amazing to simply be able to convert my Org docs into HTML, and maybe add a little CSS to spice things up.

  • Qt Creator 4.15: New CMake Features

    Qt Creator 4.15 comes with a bunch of features and bug fixes for the CMake Project Manager. Below, you have a list of what’s new and a few tips and tricks which would hopefully improve your CMake experience in Qt Creator.

  • 7 Popular Open Source CI/CD Tools

    DevOps is a software development strategy that incorporates agile practices for fast, efficient product creation and release. It focuses on integration of development and operations teams, continuous integration/continuous delivery (CI/CD) and automation of tasks and processes. Typically, DevOps teams use pipelines to streamline and standardize processes. DevOps pipelines are toolchains that teams can use to automate tasks and provide visibility into the software development life cycle. In this article, we’ll cover seven popular open source CI/CD tools.

  • Community Member Monday: Gökçe Kuler

    I’m from Aydın, Turkey. Currently I’m studying in my final years at the Computer Engineering department of Çanakkale Onsekiz Mart University. I’m interested in free software – and enjoy working with free software projects and learning new things aboutthemit. I met free software when I started university via my advisor Necdet Yücel. I like playing the guitar and the kalimba. Also, I recently started painting with acrylic paints. I’m vegetarian, and actively participate in animal protection and gender equality projects.

  • App Showcase: Drawing

    Drawing is a simple app in the PureOS store to doodle on a digital canvas.

today's howtos

  • How to Use tcpdump and 6 Examples

    Are you trying to capture data packets in order to analyze traffic on your network? Maybe you are a server administrator who has bumped into an issue and wants to monitor transmitted data on the network. Whatever the situation be, the tcpdump Linux utility is what you need. In this article, we will discuss the tcpdump command in detail, along with some guides on how to install and use tcpdump on your Linux system.

  • How to play The Forest on Linux

    The Forest works on Linux, but only with Proton’s help, which is a built-in feature of the Linux release of Steam. So, before we can go over how to configure the game, we must demonstrate how to install Steam on Linux.

  • How to Install CopyQ Clipboard Manager 4.0.0 in Ubuntu 20.04 | UbuntuHandbook

    The CopyQ clipboard manager released version 4.0.0 a day ago. Here’s how to install it in Ubuntu 20.04, Ubuntu 21.04, Ubuntu 18.04 via PPA. CopyQ is a free and open-source clipboard manager with editing and scripting features. The new 4.0.0 release features new script engine with some new functions, better ECMAScript support, improved performance.

  • These 10 Sed Examples Will Make You a Linux Power User

    Editing text files and terminal output is an everyday job for those who administer Linux machines. Command-line utilities like sed allow a user to modify and change the content of a text file right from the terminal window. In this article, we will discuss the sed command in detail, along with some essential examples that demonstrate the power of the sed utility in Linux.

Today in Techrights

Is Linux A More Secure Option Than Windows For Businesses?

There are many factors to consider when choosing an OS, security being among one of the most critical. The general consensus among experts is that Linux is the most secure OS by design - an impressive feat that can be attributed to a variety of characteristics including its transparent open-source code, strict user privilege model, diversity, built-in kernel security defenses and the security of the applications that run on it. The high level of security, customization, compatibility and cost-efficiency that Linux offers make it a popular choice among businesses and organizations looking to secure high-value data. Linux has already been adopted by governments and tech giants around the world including IBM, Google and Amazon, and currently powers 97% of the top one million domains in the world. All of today’s most popular programming languages were first developed on Linux and can now run on any OS. In this sense, we’re all using Linux - whether we know it or not! This article will examine why Linux is arguably the best choice for businesses looking for a flexible, cost-efficient, exceptionally secure OS. To help you weigh your options, we’ll explore how Linux compares to Windows in the level of privacy and protection against vulnerabilities and attacks it is able to offer all businesses and organizations. Read more