Language Selection

English French German Italian Portuguese Spanish

Security

Fedora 24 Linux OS Gets New, Updated Lives ISOs with Latest Security Patches

Filed under
Red Hat
Security

Founder of The Fedora Unity Project and Fedora Ambassador, Ben Williams, is happy to report that updated Live ISO images of the Fedora 24 GNU/Linux operating system are now available for download.

Read more

Security News

Filed under
Security
  • Security advisories for Thursday
  • Please save GMane!
  • The End of Gmane?

    In 2002, I grew annoyed with not finding the obscure technical information I was looking for, so I started Gmane, the mailing list archive. All technical discussion took place on mailing lists those days, and archiving those were, at best, spotty and with horrible web interfaces.

    The past few weeks, the Gmane machines (and more importantly, the company I work for, who are graciously hosting the servers) have been the target of a number of distributed denial of service attacks. Our upstream have been good about helping us filter out the DDoS traffic, but it’s meant serious downtime where we’ve been completely off the Internet.

  • Pwnie Express makes IoT, Android security arsenal open source

    Pwnie Express has given the keys to software used to secure the Internet of Things (IoT) and Android software to the open-source community.

    The Internet of Things (IoT), the emergence of devices ranging from lighting to fridges and embedded systems which are connected to the web, has paved an avenue for cyberattackers to exploit.

  • The Software Supply Chain Is Bedeviled by Bad Open-Source Code [Ed: again, trace this back to FUD firms like Sonatype in this case]

    Open-source components play a key role in the software supply chain. By reducing the amount of code that development organizations need to write, open source enables companies to deliver software more efficiently — but not without significant risks, including defective and outdated components and security vulnerabilities.

  • Securing a Virtual World [Ed: paywall, undated (no year but reposted)]
  • Google tells Android's Linux kernel to toughen up and fight off those horrible hacker bullies

    In a blog post, Jeff Vander Stoep of the mobile operating system's security team said that in the next build of the OS, named Nougat, Google is going to be addressing two key areas of the Linux kernel that reside at the heart of most of the world's smartphones: memory protection and reducing areas available for attack by hackers.

Security Leftovers

Filed under
Security

Parrot Security OS – A Debian Based Distro for Penetration Testing, Hacking and Anonymity

Filed under
GNU
Linux
Security
Debian

Parrot Security operating system is a Debian-based Linux distribution built by Frozenbox Network for cloud oriented penetration testing. It is a comprehensive, portable security lab that you can use for cloud pentesting, computer forensics, reverse engineering, hacking, cryptography and privacy/anonymity.

Read more

OPNsense 16.7

Filed under
Security
BSD
  • OPNsense 16.7 released
  • pfSense/m0n0wall-Forked OPNsense 16.7 Released

    The latest major release is out of OPNsense, a BSD open-source firewall OS project derived from pfSense and m0n0wall.

    OPNsense 16.7 brings NetFlow-based reporting and export, trafic shaping support, two-factor authentication, HTTPS and ICAP support in the proxy server, and UEFI boot and installation modes.

Security News

Filed under
Security
  • Linux Security Automation at Scale in the Cloud

    Ten years ago it didn’t seem like Linux growth could increase any faster. Then, in 2006, Amazon launched Amazon Web Services (AWS). Linux growth went from linear to exponential. AWS competitors sprang up and were acquired by IBM, Microsoft, and other big players, accelerating Linux expansion even more.

    Linux became the platform of choice for the private cloud. But this movement wasn’t confined to the cloud. A rush to create Linux applications and services spilled over to traditional on premises. Linux had evolved from that obscure thing people ran web servers on to the backbone operating system of the majority of IT.

  • Don’t want to get hacked? Close your laptop.

    My friends often leave their computers open and unlocked. I tell them they should probably get in the habit of locking their computers, but they don’t listen to me. So I’ve created a simple project to hack my friends and show them the importance of computer security.

    All I need to do is wait for them to leave their computer unlocked for a few seconds, open up their terminal, and type a single, short command.

  • Citibank IT guy deliberately wiped routers, shut down 90% of firm’s networks across America

    It was just after 6pm on December 23, 2013, and Lennon Ray Brown, a computer engineer at the Citibank Regents Campus in Irving, Texas, was out for revenge.

    Earlier in the day, Brown – who was responsible for the bank’s IT systems – had attended a work performance review with his supervisor.

    It hadn’t gone well.

    Brown was now a ticking time bomb inside the organisation, waiting for his opportunity to strike. And with the insider privileges given to him by the company, he had more of an opportunity to wreak havoc than any external hacker.

  • Explo-Xen! Bunker buster bug breaks out guests from hypervisor

    A super-bug in the Xen hypervisor may allow privileged code running in guests to escape to the underlying host.

    This means, on vulnerable systems, malicious administrators within virtual machines can potentially break out of their confines and start interfering with the host server and other guests. This could be really bad news for shared environments.

    All versions of open-source Xen are affected (CVE-2016-6258, XSA-182) although it is only potentially exploitable on x86 hardware running paravirtualized (PV) guests. The bug was discovered by Jérémie Boutoille of Quarkslab, and publicly patched on Tuesday for Xen versions 4.3 to 4.7 and the latest bleeding-edge code.

  • Intel Puts Numbers on the Security Talent Shortage

    The cybersecurity shortfall in the workforce remains a critical vulnerability for companies and nations, according to an Intel Security report being issued today.

    Eighty-two percent of surveyed respondents reported a shortage of security skills, and respondents in every country said that cybersecurity education is deficient.

Antivirus Live CD 19.0-0.99.2 Released Based on 4MLinux 19.0 and ClamAV 0.99.2

Filed under
GNU
Linux
Security

Softpedia has been informed by GNU/Linux developer and creator of the 4MLinux project, Mr. Zbigniew Konojacki, about the immediate availability for download of the Antivirus Live CD 19.0-0.99.2 distrolette.

Read more

Security Leftovers

Filed under
Security

Tor: Statement

Filed under
Security

Seven weeks ago, I published a blog post saying that Jacob Appelbaum had left the Tor Project, and I invited people to contact me as the Tor Project began an investigation into allegations regarding his behavior.

Since then, a number of people have come forward with first-person accounts and other information. The Tor Project hired a professional investigator, and she interviewed many individuals to determine the facts concerning the allegations. The investigator worked closely with me and our attorneys, helping us to understand the overall factual picture as it emerged.

Read more

Security Leftovers

Filed under
Security
  • Tuesday's security updates
  • Oops: Bounty-hunter found Vine's source code in plain sight

    A bounty-hunter has gone public with a complete howler made by Vine, the six-second-video-loop app Twitter acquired in 2012.

    According to this post by @avicoder (Vjex at GitHub), Vine's source code was for a while available on what was supposed to be a private Docker registry.

    While docker.vineapp.com, hosted at Amazon, wasn't meant to be available, @avicoder found he was able to download images with a simple pull request.

  • US standards lab says SMS is no good for authentication

    America's National Institute for Standards and Technology has advised abandonment of SMS-based two-factor authentication.

    That's the gist of the latest draft of its Digital Authentication Guideline, here. Down in section 5.1.3.2, the document says out-of-band verification using SMS is deprecated and won't appear in future releases of NIST's guidance.

Syndicate content

More in Tux Machines

Red Hat and Fedora

Leftovers: OSS and Sharing

  • Learn from the Experts at The Linux Foundation’s Europe Events
    The Linux Foundation has released session details for three major conferences coming up this fall: MesosCon Europe, Embedded Linux Conference / OpenIoT Summit Europe, and LinuxCon + ContainerCon Europe. MesosCon Europe, which will take place August 31-September 1 in Amsterdam, The Netherlands, is an annual conference organized by the Apache Mesos community, bringing together users and developers for two days of sessions about Mesos and related technologies. This year, the MesosCon program will include workshops to get started with Mesos, keynote speakers from industry leaders, and sessions led by adopters and contributors.
  • The Firebird Project's Firebird Relational Database
    Firebird distills its identity into the phrase "True universal open-source database" and boasts not only of being "free like free beer" but also, fittingly, of being "free like a bird". The latter permits anyone to build a custom version of the Firebird, as long as the modifications are made available for others to use and build upon.
  • Report: Austria can benefit from Big Data solutions
    Big Data solutions can contribute significantly to Austrian public administrations, a working group concludes in a report published in June. Benefits include improved quality of life, finding optimal business locations, and offering better guidance to citizens. The report by the Big Data working group aims to help public administration when considering Big Data solutions, providing legal, economic and technical context.
  • Report: over half of Spain’s regions now use SaaS
    In 2014, 59% of Spain’s regional governments used Software as a Service, according to the 2015 eGovernment report published on 30 June by PAe, Spain’s eGovernment portal. Next most-used cloud computing service is Infrastructure as a Service (40%), and third is Platform as a Service (20%). The usage of cloud computing is just one of the attributes of and indicators for eGovernment services that are aggregated in the report. The document shows the use of document management systems and support of electronic signatures. The text looks at interoperability, open data portals and eParticipation, lists region’s maturity levels of eGovernment services, from the availability to download forms online to the fully electronic management of applications.
  • Software Freedom in Kosovo, Waiting for Xfce Mint & More…
    It’s not FOSS, but I reckon the biggest story in tech this week, ignoring claims of Russia hacking for Trump, is the sale of Yahoo to Verizon for $4.8 billion. Considering that traffic watcher Alexa says the site is the fifth most visited address on the web, that seems like something of a bargain to me. Add to that Yahoo’s prime Silicon Valley real estate and the price seems to be in the “it fell of the truck” category. The sale puts Verizon in control of both America Online and Yahoo, so I suspect we’ll be seeing Verizon trying to compete with Google and Bing for a share of the search advertising market. [...] We’ve also heard from Software Freedom Kosova, which tells us it’s issued this year’s call for speakers, which will be open through September 15. This will be the seventh year for the Kosovo event, which aims to “promote free/libre open source software, free culture and open knowledge” — all laudable goals in my estimation. Potential speakers should know “the topic must be related to free software and hardware, open knowledge and culture.” Mike DuPont, the SFK member who made us aware of the event, told FOSS Force, “There might be travel expenses for qualified speakers.” The event will take place October 21-23.
  • Cloud, open source and DevOps: Technology at the GLA
    David Munn, head of IT at the Greater London Authority, explains what technology his organisation has adopted in order to help individuals keep innovating
  • Our attitude towards wealth played a crucial role in Brexit. We need a rethink
    Money was a key factor in the outcome of the EU referendum. We will now have to learn to collaborate and to share [...] Does money matter? Does wealth make us rich any more? These might seem like odd questions for a physicist to try to answer, but Britain’s referendum decision is a reminder that everything is connected and that if we wish to understand the fundamental nature of the universe, we’d be very foolish to ignore the role that wealth does and doesn’t play in our society.
  • France’s Insee and Drees publish microsimulation model to increase transparency
    Insee (Institut national de la statistique), the French public agency for statistics, and Drees (Direction des études du Ministère des Affaires sociales et de la santé), which is in charge of surveys at the Ministry of Social Affairs and Health, has published the source code of the microsimulation algorithmic model called Ines.
  • Plant Sciences pushing open-source berry model
    Several of those opportunities appear to lie in the development of so-called ‘open market’ breeding. Historically, Plant Sciences’ berry varieties have made it into the commercial arena under limited licensing arrangements, with individuals or groups of grower-shippers paying a premium to use them. While Nelson is eager to point out that this model continues to perform well, his company have decided to structure its business in Europe in such a way that it offers varieties to the “largest audience possible” at the most competitive price. “Given the price pressures that producers, marketers and retailers are under, we sense that such an approach is needed to remain most viable going forward and bring new varieties forward to the broadest market,” he explained.
  • Drug discovery test leads to malaria drug prospects at UW
  • Worldwide Open-Source Project Discovers Promising Disease-Fighting Compounds
  • Open-source drug discovery a success
  • The Global Open Data Index to be updated
    Open Knowledge International, a not-for-profit organisation that promotes openness and transparency, has decided to update the survey for its Global Open Data Index. This index measures Open Data publication in 122 countries.
  • This Startup Created the Ultimate Open-Source Prototyping Product
    The world has become a technologically focused place. Unless you’ve set up shop in a cabin in the woods, your life is likely filled with gadgets, wearables, devices, and doodads that control everything from your TV to your laptop. And with all this technology, it’s no wonder tech jobs have become so prevalent in the market. Fortunately, there are a number of ways to learn skills and prototyping projects that will impress even the most critical interviewer. And one startup has built the perfect product to do just that. Created by a group of students from the India Institute of Technology, evive is an open-source prototyping module that can make creating projects easier than ever. It has a power module, plug and play hardware interface, user interface, data acquisition module, shield stack space and more. It’s even IoT ready so it can connect to more devices than you can count. Plus, it works across multiple platforms like LabVIEW, MATLAB, Scratch, Eclipse, ROS, Python, Arduino IDE and many more.
  • Friday's security updates
  • Pwnie Express Open Sources Tools to Lock Down IoT/Android Security
    Pwnie Express isn't a name that everyone is familiar with, but in the security arena the company has a good reputation for its wired and wireless threat detection technologies. Now, the Boston-based firm has announced plans to open source key tools that it has used to secure the Internet of Things (IoT) and Android software. Blue Hydra is a Bluetooth utility that can detect Bluetooth devices, and also work as a sniffer to query devices it detects for threats. Meanwhile, the Android Open Pwn Project (AOPP), is an Android ROM built for security testers. It's based on the Android Open Source Project (AOSP) and community-developed ROMS -- one of which is CyanogenMod. It lets developers on the Android front sniff out threats on mobile platforms.

Openwashing

Sailfish OS 2.0.2

  • Sailfish OS 2.0.2 In Early Access With Variety Of Improvements
    Jolla announced today that their Sailfish OS 2.0.2 "Aurajoki" mobile operating system release is available as early access. Sailfish OS 2.0.2 makes it easier to take screenshots via the volume buttons, a variety of new keyboard layouts, a new layout on the media app, a new Sailfish OS logo, simplified backups, browser improvements, support for flash when recording videos, the cloud services now supports the VK service, dual SIM support on capable devices, Dropbox and OneDrive integration in the photo gallery, and a wide variety of other fixes and improvements.
  • [Early Access] Sailfish OS 2.0.2 Aurajoki
    This update contains of many bug fixes and new added features such as taking screenshot by holding down volume buttons for 0.5 seconds, added keyboard layouts for Indian languages Telugu, Malayalam, Kannada, Punjabi, Tamil and Bengali, new layout on Media app’s front page, new Sailfish OS logo and many more.