Security
Is Linux A More Secure Option Than Windows For Businesses?
Submitted by Roy Schestowitz on Monday 12th of April 2021 09:08:28 PM Filed under



There are many factors to consider when choosing an OS, security being among one of the most critical. The general consensus among experts is that Linux is the most secure OS by design - an impressive feat that can be attributed to a variety of characteristics including its transparent open-source code, strict user privilege model, diversity, built-in kernel security defenses and the security of the applications that run on it.
The high level of security, customization, compatibility and cost-efficiency that Linux offers make it a popular choice among businesses and organizations looking to secure high-value data. Linux has already been adopted by governments and tech giants around the world including IBM, Google and Amazon, and currently powers 97% of the top one million domains in the world. All of today’s most popular programming languages were first developed on Linux and can now run on any OS. In this sense, we’re all using Linux - whether we know it or not!
This article will examine why Linux is arguably the best choice for businesses looking for a flexible, cost-efficient, exceptionally secure OS. To help you weigh your options, we’ll explore how Linux compares to Windows in the level of privacy and protection against vulnerabilities and attacks it is able to offer all businesses and organizations.
- Login or register to post comments
Printer-friendly version
- Read more
- 1032 reads
PDF version
Proprietary Software and Security
Submitted by Roy Schestowitz on Monday 12th of April 2021 10:29:43 AM Filed under
-
Google’s Project Zero Finds a Nation-State Zero-Day Operation
Google’s Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: [...]
-
What if We Made Paying Ransoms Illegal?
A lot of what I reacted to was the notion that this would be easy. “Disappear in a month”, he said. That’s hyperbole but I should have ignored it and focused on the argument.
The part that most people latched on to, including me, was the notion that making something illegal can stop it from happening. As many pointed out, history has taught us that this doesn’t work many times. The war on drugs. Alcohol prohibition. The list goes on.
-
Setting up Starlink, SpaceX's Satellite Internet
So I thought, why not let a cousin who lives out in a rural area try it out while I figure out what to do about mounting 'Dishy' (a common nickname for the Starlink satellite dish) on my own house?
After all, my cousin Annie, who lives in Jonesburg, MO, currently pays for the maximum available DSL plan to her farm (Haarmann Farms), and gets a measly 5 Mbps down, and 0.46 Mbps up—on a good day: [...]
-
Facebook ‘knew about phone number data leak vulnerability two years before issue was fixed’, claims security researcher
As Facebook defends its actions over a massive data leak, one researcher says he notified the company of the issue a full two years before the problem was fixed.
Last week, Business Insider revealed that the personal data of more than 500 million Facebook users had been posted in a low-level hacking forum where phone numbers were being offered for sale.
Facebook has defended itself in a lengthy blog post, pointing out that the data was obtained by scraping, rather than [cracking].
-
Facebook says [crackers] 'scraped' data of 533 million users in 2019 leak
The data included phone numbers, birth dates, and email addresses, and some of the data appeared to be current, according to US media reports.
The stolen [sic] data did not include passwords or financial data, according to Facebook.
Scraping is a tactic that involves using automated software to gather up information shared publicly online.
- Login or register to post comments
Printer-friendly version
- Read more
- 670 reads
PDF version
Audiocasts/Shows: GNU World Order, Free Software Security Podcast, Linux Action News, Full Circle Weekly News
Submitted by Roy Schestowitz on Monday 12th of April 2021 07:32:01 AM Filed under


-
GNU World Order 401
Thoughts on the changing face of free and open source software.
-
Free Software Security Podcast/Josh Bressers: Episode 266 – The future of security scanning with Debricked
Josh and Kurt talk to Emil Wåreus from Debricked about the future of security scanners. Debricked is doing some incredibly cool things to avoid relying on humans for vulnerability identification and cataloging. Learn what the future of security scanning is going to look like.
-
Linux Action News 184
Don't buy that M1-powered Apple machine just yet, solving Wayland-driven fragmentation, and why Firefox is about to get an upgrade on Linux.
Plus the imminent problem KDE solved this week, and more.
-
Full Circle Weekly News #205
- Login or register to post comments
Printer-friendly version
- Read more
- 864 reads
PDF version
GnuPG 2.3.0 Is Released With New Default Public Key Algorithms, A New Key Daemon And More
Submitted by Roy Schestowitz on Sunday 11th of April 2021 03:38:16 PM Filed under

GnuPG is the de-facto standard for encrypted e-mail, and to some degree encrypted instant messages, within the free software world. Most FOSS e-mail software has built-in support or plugins for it. It is also used to sign software releases, ISO images for GNU/Linux distributions and a whole lot more. Nobody outside the FOSS community uses it or cares about it, which is a bit sad.
GnuPG 2.3.0 has quite a few improvements over previous versions. It now comes with a still experimental key database daemon that uses a SQLite database to store the keys. It can be enabled by adding use-keyboxd to $HOME/.gnupg/gpg.conf. There is a new separate configuration file for it called $HOME/.gnupg/gpgsm.conf. This daemon makes key look-ups much faster.
There's also a new tpm2d daemon for physically binding keys to a machine. You can read more about it in a blog post on gnupg.org titled Using a TPM with GnuPG 2.3. Most newer laptops in the upper price range come with a TPM module. Desktop computers tend to come with a empty motherboard header where one can be installed, so this is mostly useful if you have a fairly new high-end laptop or you are willing to buy a TPM module.
New GnuPG keys are now, by default, created with the ed25519/cv25519 public key algorithms. Similarly, AES is now the new last resort cipher preference instead of 3DES.
- Login or register to post comments
Printer-friendly version
- Read more
- 1465 reads
PDF version
Security Leftovers
Submitted by Roy Schestowitz on Saturday 10th of April 2021 11:44:05 AM Filed under
-
ClamAV 0.103.2 Is Released With Security Fixes For Four Vulnerabilities
The free software anti-virus scanner ClamAV has, ironically, made a security release fixing four vulnerabilities. Two of them could cause it to crash, one could cause it to enter a endless loop and a Windows-specific vulnerability could lead to privilege escalation. ClamAV has 8,532,858 virus signatures it can scan for in its database.
-
Why the U.S. Shouldn’t Play Games With Cyberwarfare as Its Power Declines
In the SolarWinds hack, a backdoor in one of the components was downloaded to the systems of 18,000 organizations, including the U.S. Treasury and Commerce departments, the Department of Homeland Security and the State Department.
In the Microsoft Exchange Server hack, an estimated 250,000 machinesworldwide might have been affected by a vulnerability that allowed hackers to control the machines and even infect other systems in the internal network of the targeted companies. Four major vulnerabilities in Microsoft Exchange Server were reported to Microsoft in early January. Unfortunately, it wasn’t until early March that Microsoft released patches, according to ZDNet. These vulnerabilities were used by the hackers during the period that Microsoft had either not released the patches, or companies had not upgraded their systems and installed the patches.
-
LinkedIn denies data leak after two-thirds user base is compromised
Personal data of 500 million LinkedIn users, two thirds of its user base, has been scraped and is for sale online, according to a report from Cyber News.
The data up for sale on a popular hacker platform includes account IDs, full names, email addresses, workplace information and links to social media accounts of users hosted on the platform.
-
Linkedin data leak: Major breach exposes 500 million users on Microsoft platform [details]
While people are yet to digest the huge Facebook data leak of 533 million users (including 6.1 million Indians), Microsoft-owned professional networking platform LinkedIn is now facing a massive data leak of 500 million users that is allegedly being sold online.
An archive with data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular [cracker] forum, with another 2 million records leaked as a proof-of-concept sample by people behind the [crack].
- Login or register to post comments
Printer-friendly version
- Read more
- 1574 reads
PDF version
DRM and Security Leftovers
Submitted by Roy Schestowitz on Friday 9th of April 2021 05:25:08 PM Filed under
-
Game Publishers: If Your DRM, Anti-Cheat Software Does Creepy Installs, Warn Your Customers First
Any cursory review of our stories involving DRM will leave a sane reader with only one impression: the spectrum of customer viewpoints on video game DRM ranges from total and complete disgust and hatred to tolerance of DRM as an annoyance. In other words, there is no positive side of this spectrum. There are no gamers that are pro-DRM, only those that put up with it. On the flip side, there are many folks who not only hate DRM in video games, but also many who are quite wary of what that DRM is and is doing on or to their machines. There are historical reasons for this, from DRM support falling off and bricking previously bought games to DRM practices that appear to install shady shit on gamers' PCs.
-
Security updates for Friday
Security updates have been issued by Debian (lib3mf, php-pear, and python-django), Fedora (perl-Net-Netmask), openSUSE (flatpak, libostree, xdg-desktop-portal,, fwupd, fwupdate, and hostapd), Oracle (kernel, libldb, nettle, and squid), Red Hat (nettle), and SUSE (fwupdate, tpm2-tss-engine, and umoci).
-
Windows and Linux devices are under attack by a new cryptomining worm [Ed: Microsoft-funded Ars says nothing or not much about how such malware gets onto systems in the first place. Windows has NSA back doors and as far as we know GNU/Linux hasn't.]
The Sysrv binary is a 64-bit Go binary that’s packed with the open source UPX executable packer. There are versions for both Windows and Linux. Two Windows binaries chosen at random were detected by 33 and 48 of the top 70 malware protection services, according to VirusTotal. Two randomly picked Linux binaries had six and nine.
-
PHP Maintainers Shared Update On PHP Source Code Compromise [Ed: Microsoft's GitHub is even worse when it comes to security because nobody is accountable and it's in the NSA's bag]
PHP maintainer Nikita Popov have released a report after an unknown actor pushed backdoored code onto the official PHP Git repository.
The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository.
- Login or register to post comments
Printer-friendly version
- Read more
- 2058 reads
PDF version
Security, Privacy, and DRM
Submitted by Roy Schestowitz on Friday 9th of April 2021 12:11:11 PM Filed under
-
Uninformed Legislators Shoot Down Right To Repair Legislation In Colorado
As we've noted a few times, 2021 is seeing record interest in new right to repair laws. Driven by grass roots activism, such laws are being pushed in more than fourteen states. Most variations not only protect your right to repair hardware you own, they open the door to more independent repair shops, and fewer corporate giants attempting to monopolize repair (Apple, John Deere, Microsoft, Sony, many more).
-
Another day, another data breach. Here’s how to see if you’ve been exposed
In early April, security experts made public the details of yet another Facebook data breach, this one affecting over half a billion users. As originally reported by Business Insider, personal information on 533 million Facebook users spanning 106 countries surfaced in a hacking forum, with records including email addresses, phone numbers, full names, locations, birthdays, and relationship statuses. This data traces back to a vulnerability fixed by Facebook in 2019, which allowed the scraping of profiles.
-
Got your covid shots? You might have to prove it. [Ed: Linux Foundation pushing mass surveillance again, using COVID]
“It’s a jumble,” says Jenny Wanger, who oversees covid-related initiatives for Linux Foundation Public Health. “This is all just a sign of how massively underfunded our public health infrastructure has been for so many years.”
-
Corona pass can be doctored, warns IT security expert
Peter Kruse, the founder of IT security company CSIS, points out to DR that it “does not take a genius” to reuse the result of an old test to make it look like it is one carried out within the last 72 hours.
“It is virtually impossible for a teacher or a hairdresser to check whether a test result is legitimate when the results are issued as they do,” he lamented.
All it takes is two clicks on an [Internet] browser, he added.
-
“Vaccine Passports”: ACLU Warns of Privacy Nightmare That Could Create “Two-Tiered Society”
As people try to find a safe way to gather and travel during the pandemic, there is growing interest in documenting who has been vaccinated or tested negative for COVID-19. The World Health Organization has warned so-called vaccine passports may not be an effective way to reopen, and healthcare professionals argue vaccine certificates may further exacerbate vaccine inequality. New York is already testing a digital vaccine passport app made by IBM called the Excelsior Pass, while countries including the U.K. and Israel have issued their own versions of electronic vaccine certificates. The U.S. government has ruled out the introduction of mandatory vaccine passports at the federal level, but many private companies are now developing COVID-19 tracking systems. ACLU policy analyst Jay Stanley says smartphone-based vaccine passport apps “raise a lot of questions” around privacy, access and discrimination. “We have systems in place already for proving you’ve been vaccinated,” he says. “Is that system so broken that we need to construct an entirely new electronic system?”
-
Fallback Directories - Upcoming Change
This is to announce that the Tor Project network team will soon change how fallback directories are selected as we are about to update that list.
- Login or register to post comments
Printer-friendly version
- Read more
- 2051 reads
PDF version
Fake Security of Proprietary Software
Submitted by Roy Schestowitz on Thursday 8th of April 2021 11:57:17 PM Filed under
-
Encryption is either secure or it’s not – there is no middle ground
The principle of end-to-end encryption underpins a system of communication where only the communicating users can read the messages. To this end, it exists to prevent any potential eavesdroppers (telecom providers, internet providers, law enforcement agencies) from being able to access the cryptographic keys needed to decrypt the conversation.
-
Microsoft Teams And Zoom Hacked In $1 Million Competition
-
Pwn2Own 2021 – Security researchers hack Exchange, Teams, Zoom, Safari, Chrome, Edge, Parallels, Windows, Ubuntu
- Login or register to post comments
Printer-friendly version
- Read more
- 1819 reads
PDF version
Security Leftovers
Submitted by Roy Schestowitz on Thursday 8th of April 2021 04:39:31 PM Filed under
-
Security updates for Thursday
Security updates have been issued by Fedora (chromium, libldb, rpm, samba, and seamonkey), openSUSE (isync), Oracle (kernel), Red Hat (openssl and squid), SUSE (ceph, flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk, fwupd, fwupdate, and openexr), and Ubuntu (curl, linux-lts-trusty, and lxml).
-
Microsoft's Windows 10, Exchange, and Teams hacked at Pwn2Own
-
Windows 10 hacked again at Pwn2Own, Chrome and Zoom also fall
-
eBook: Six best practices for effective Linux security management
Securing endpoints can an overwhelming routine for system administrators, especially when they're remote. Considering much of the world is now working remotely and may continue to do so in the future, the demand for security has increased exponentially.
Though Windows and Mac devices are popular targets for cyber criminals, Linux devices can fall victim as well; Linux-targeted malware can easily affect your critical devices. In some instances, Linux systems have been compromised and configured to distribute malware.
- 1 comment
Printer-friendly version
- Read more
- 1858 reads
PDF version
GnuPG 2.3 Released With New Experimental Key Database Daemon, TPM 2.0 Daemon
Submitted by Roy Schestowitz on Thursday 8th of April 2021 03:13:41 PM Filed under


Werner Koch announced the availability today of GnuPG 2.3 as the start of the (fairly stable, effectively production ready) test releases leading up to the GnuPG 2.4 stable update.
GnuPG 2.3 introduces a new experimental key database where the keys are stored in an SQLite database and allow for much faster key look-ups. This experimental key database can be enabled with the "use-keyboxd" option.
Also significant with GnuPG 2.3 is the new "tpm2d" daemon to allow physically binding keys to the local machine using Trusted Platform Module 2.0 (TPM2) hardware. This new GnuPG 2.3 functionality allows leveraging of TPM 2.0 hardware for protecting private keys as a nice security improvement that can be enjoyed with most modern systems.
Original: GnuPG 2.3.0 released
- Login or register to post comments
Printer-friendly version
- Read more
- 1943 reads
PDF version

More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Programming Leftovers
| today's howtos
|
Today in Techrights
| Is Linux A More Secure Option Than Windows For Businesses?
There are many factors to consider when choosing an OS, security being among one of the most critical. The general consensus among experts is that Linux is the most secure OS by design - an impressive feat that can be attributed to a variety of characteristics including its transparent open-source code, strict user privilege model, diversity, built-in kernel security defenses and the security of the applications that run on it.
The high level of security, customization, compatibility and cost-efficiency that Linux offers make it a popular choice among businesses and organizations looking to secure high-value data. Linux has already been adopted by governments and tech giants around the world including IBM, Google and Amazon, and currently powers 97% of the top one million domains in the world. All of today’s most popular programming languages were first developed on Linux and can now run on any OS. In this sense, we’re all using Linux - whether we know it or not!
This article will examine why Linux is arguably the best choice for businesses looking for a flexible, cost-efficient, exceptionally secure OS. To help you weigh your options, we’ll explore how Linux compares to Windows in the level of privacy and protection against vulnerabilities and attacks it is able to offer all businesses and organizations.
|
Recent comments
1 min 1 sec ago
3 min 51 sec ago
9 min ago
6 hours 40 min ago
7 hours 3 min ago
7 hours 10 min ago
10 hours 55 min ago
11 hours 45 min ago
11 hours 52 min ago
12 hours 18 min ago