Language Selection

English French German Italian Portuguese Spanish

Security

2014: Year of open source miracles

Filed under
OSS
Security

We open with the recent unpleasantness at the Drupal project. The SQL injection vulnerability, while serious, isn’t unusual. It’s actually the most common vulnerability in the world. What made the exploit newsworthy was the very short amount of time between disclosure and widespread exploitation: "if timely patches weren’t applied, then the Drupal security team outlined a lengthy process required to restore a website to health." Basically, you had seven hours to fix it before evil robots descended on your servers.

This isn’t an open source problem, it’s a software management problem.

Read more

Lollipop's Encryption Takes a Hefty Toll

Filed under
Android
Security

The new full-disk encryption feature that's enabled by default in Android 5.0 Lollipop comes at a hefty price in terms of performance, according to a recent benchmark report.

In fact, when full-disk encryption is enabled, random read performance drops by 62.9 percent, while random write performance falls by 50.5 percent, AnandTech reported late last week. Sequential read performance, meanwhile, drops by a whopping 80.7 percent.

Read more

Open Source Code Contains Fewer Defects, But There's a Catch

Filed under
Development
OSS
Security

Research suggests that software developed using open source code contains fewer defects than that built with proprietary code. The catch is that open source code rarely benefits from security teams specifically tasked with looking for bugs.

Read more

Gngr: A New Web Browser Focused On Privacy

Filed under
OSS
Security
Web

A group of developers have started writing their own open-source web browser that primarily is designed to increase web privacy and greater security.

Gngr is the new web browser under development and its conservative defaults mean no cookies, JavaScript, HTTP referring support, third-party frames, and a minimalistic user-agent string.

Gngr is written in Java to make use of the Java runtime's sandboxing abilities but ultimately they plan to switch over to some other JVM-based language.

While the code has yet to drop on Gngr, it's said to be coming after the initial release.

Those interested in more information on this privacy-focused web-browser can visit Gngr.info.

Read more

Security considerations for Enterprise Linux

Filed under
GNU
Linux
Security

To maintain an application infrastructure that meets continually expanding business demands, organizations need more than a maintenance and support contract. Organizations need a proven, scalable, reliable, and secure enterprise platform.

Read more

Synchronize Your Life with ownCloud

Filed under
OSS
Security

Like most families these days, our family is extremely busy. We have four boys who have activities and appointments. My wife and I both have our own businesses as well as outside activities. For years, we've been using eGroupware to help coordinate our schedules and manage contacts. The eGroupware system has served us well for a long time. However, it is starting to show its age. As a Web-based groupware system, it's pretty well polished, but it doesn't hold a candle to Kontact or Thunderbird. Also, my wife finds that she needs to access her calendar from her Android phone, and eGroupware just isn't very mobile-friendly. Sure, we can set up calendar synchronization, but eGroupware seems to have added synchronization as an afterthought, and it really doesn't work as well as we'd like.

Read more

Linux Security Distros Compared: Tails vs. Kali vs. Qubes

Filed under
GNU
Linux
Security

If you're interested in security, you've probably already heard of security-focused Linux distros like Tails, Kali, and Qubes. They're really useful for browsing anonymously, penetration testing, and tightening down your system so it's secure from would-be hackers. Here are the strengths and weaknesses of all three.

It seems like every other day we hear about another hack, browser exploit, or nasty bit of malware. If you do a lot of your browsing on public Wi-Fi networks, you're a lot more susceptible to these types of hacks. A security-focused distribution of Linux can help. For most of us, the use cases here are pretty simple.

Read more

Enterprise Linux 6.5 to 6.6 risk report

Filed under
Red Hat
Security

Red Hat Enterprise Linux 6.6 was released the 14th of October, 2014, eleven months since the release of 6.5 in November 2013. So lets use this opportunity to take a quick look back over the vulnerabilities and security updates made in that time, specifically for Red Hat Enterprise Linux 6 Server.

Read more

Google Open Sources Sophisticated Network Security Tool

Filed under
Google
OSS
Security

Google has announced an open source tool for testing network traffic security called Nogotofail. The project is now available on GitHub, and Google is inviting the community to work with it and help improve the security of networks and the Internet.

Many people are familiar with the “HTTPS everywhere” tool, and a related Firefox add-on, which protect online security. Nogotofail is a roughly similar tool, but is more robust. Here are the details.

Read more

Also: Google Releases Nogotofail Tool to Test Network Security

Syndicate content

More in Tux Machines

An open source Christmas with Kano

So this season, what every open sourc-erer wants might just be Kano, a computer kit that comes will all the functions needed to build it and learn to code afterwards. Read more

Particulate sensor developed using open source approach

A New York based start up company has used an open source approach, as well as funding from Kickstarter, to develop AirBeam – a handheld sensor which determines the concentration of particles in the air measuring 2.5µm or less. [...] The AirCasting app and website code is available on GitHub as open source, along with the AirBeam firmware and electronic schematics. The STL files for 3D printing the AirBeam and LiteBeam enclosures can be downloaded from www.shapeways.com. Read more

Brocade relying on open source and 'natural tension' for growth

In line with this prediction, Brocade has been working towards changing its business tactics from being known as a hardware enterprise storage provider to also becoming an additional player in the software-defined network market — one in which rival Cisco has also been dipping its toes. Read more

Hey, here's some face-tracking tech from Samsung you probably won't find creepy at all

Samsung says it'll release the source code to software that allows physically disabled people to move a mouse pointer with their eyes. Read more