GNU community members and collaborators have discovered threatening details about a five-country government surveillance program codenamed HACIENDA. The good news? Those same hackers have already worked out a free software countermeasure to thwart the program.
According to Heise newspaper, the intelligence agencies of the United States, Canada, United Kingdom, Australia, and New Zealand, have used HACIENDA to map every server in twenty-seven countries, employing a technique known as port scanning. The agencies have shared this map and use it to plan intrusions into the servers. Disturbingly, the HACIENDA system actually hijacks civilian computers to do some of its dirty work, allowing it to leach computing resources and cover its tracks.
On the topic of source code liability, Greer suggests that eventually software developers, including medical device development companies, will be responsible for the trouble their software causes (or fails to prevent). I think it’s fair to say that it is impossible to guarantee a totally secure system. You cannot prove a negative statement after all. Given enough time, most systems can be breached. So where does this potential liability end? What if my company has sloppy coding standards, no code reviews, or I use a third-party software library that has a vulnerability? Should hacking be considered foreseeable misuse?
Beginning on Monday, the security of the Linux kernel source code has become a little bit tighter with the addition of two-factor authentication for the kernel's Git code repositories.
Contributing code changes to the Linux kernel sources at Kernel.org already required more than just a password, even before the change. Developers must use their own unique SSH public keys to login to the Git repositories. But not even this added security layer was truly failsafe – as the software's maintainers found out in 2011 when their servers were rooted.
Jahia was incepted in 2002 in Switzerland – the name comes from the contraction of Java (our core language) and Bahia (which means “bay” in Brazil). To support the international growth of the project, Jahia Solutions Group was later formed (in 2005) with offices throughout Europe and Jahia Inc. (the US subsidiary) was created in 2008. Jahia has now offices in Geneva, Paris, Toronto, Chicago, Washington, DC, Dusseldorf and Klagenfurt – and outsourced support centers in Australia and Nicaragua.
German researchers develop defense software: Potential protection against the "Hacienda" intelligence programSubmitted by Roy Schestowitz on Friday 15th of August 2014 04:22:39 PM Filed under
Grothoff and his students at TUM have developed the "TCP Stealth" defense software, which can inhibit the identification of systems through both Hacienda and similar cyberattack software and, as a result, the undirected and massive takeover of computers worldwide, as Grothoff explains. "TCP Stealth" is free software that has as its prerequisites particular system requirements and computer expertise, for example, use of the GNU/Linux operating system. In order to make broader usage possible in the future, the software will need further development.
When it comes to control systems, a common question has long been: Is Linux inherently more secure than Windows? Being a fan of Linux/Unix systems, I desperately want to answer “yes” to this question. During the 1980s and 1990s, so much of the work I was involved in ran under Unix. These days I run Linux on my home computer, and once a year I boot up a Windows XP virtual machine running under Virtual Box, to run my tax software. In the office, I rant about the lousy Windows operating system (OS) and ask why the world doesn’t switch to Linux. And as much as I hate to admit it, as a system integrator I am mostly locked into dealing with Microsoft’s flavor of the month operating system because of customer standards and the tools available.
From the appearance of “Brain,” which is recognized as the first computer virus, in 1986, to Stuxnet to the Zotob worm (the virus that knocked 13 of DaimlerChrysler’s U.S. automobile manufacturing plants offline), one thing all these viruses have in common is that they were directed at Microsoft’s operating systems. However, according to Zone-H (an archive of defaced websites), in a statistics report for the period 2005-2007: “In the past the most attacked operating system was Windows, but many servers were migrated from Windows to Linux… Therefore the attacks migrated as well, as Linux is now the most attacked operating system with 1, 485,280 defacements against 815,119 in Windows systems (numbers calculated since 2000).”
Every year, heck...every month, Linux is adopted by more companies and organizations as an important if not primary component of their enterprise platform. And the more serious the hardware platform, the more likely it is to be running Linux. 60% of servers, 70% of Web servers and 95% of all supercomputers are Linux-based!
Even if they're not "Linux shops", companies realize certain benefits from bringing Linux in for specific purposes. Its reliability, flexibility, scalability and cost of ownership offer huge advantages over other OSes...but I don't have to tell you that, do I? You probably earn your keep because of these statistics!