Language Selection

English French German Italian Portuguese Spanish

Security

Docker Delivers Security Configuration Checking Tool

Filed under
Server
Security

The Docker Bench for Security script is packaged as a Docker container to make it easier to run and test. One of the CIS Benchmark's recommendations is to limit container privileges to only what is needed to run. Somewhat ironically, the Docker Bench for Security script is a very high-privilege container that has broad access to host resources—usually something a container should not be able to do. That said, as a security testing tool, the container does need the broad access to validate host configuration for container deployment properly.

Read more

Run the Kali Linux Penetration Testing Distro on Any Platform via Docker Images

Filed under
GNU
Linux
Security

At the request of many users, the Kali Linux developers are proud to announce the immediate availability of Docker images for the Kali Linux operating system, helping users run Kali on various OSes.

Read more

IPFire 2.17 Update 90 Gets GeoIP-Based Blocking, Legacy Microsoft Hyper-V Support

Filed under
GNU
Linux
Security

The IPFire team had the pleasure of announcing earlier today, May 28, the immediate availability for download of IPFire 2.17 Core Update 90, a major version that brings a number of new features, updated packages, a new kernel, and various security enhancements.

Read more

Security and Linux

Filed under
Linux
Security

Is your open source security software less secure?

Filed under
OSS
Security

"Your secure software is open source; doesn't that make it less secure?"

This is a recurring question that we get at Benetech about Martus, our free, strongly encrypted tool for secure collection and management of sensitive information built and provided by the Benetech Human Rights Program. It's an important question for us and for all of our peers developing secure software in today's post-Snowden environment of fear and worry about surveillance. We strongly believe not only that open source is compatible with digital security, but that it's also essential for it.

Read more

Malware is not only about viruses – companies preinstall it all the time

Filed under
GNU
Security

In 1983, when I started the free software movement, malware was so rare that each case was shocking and scandalous. Now it’s normal.

To be sure, I am not talking about viruses. Malware is the name for a program designed to mistreat its users. Viruses typically are malicious, but software products and software preinstalled in products can also be malicious – and often are, when not free/libre.

In 1983, the software field had become dominated by proprietary (ie nonfree) programs, and users were forbidden to change or redistribute them. I developed the GNU operating system, which is often called Linux, to escape and end that injustice. But proprietary developers in the 1980s still had some ethical standards: they sincerely tried to make programs serve their users, even while denying users control over how they would be served.

Read more

Security News

Filed under
Linux
Security
  • Oracle Patches the Venom Security Issue in All Supported VirtualBox Branches
  • Is SELinux good anti-venom?

    Dan Berrange, creator of libvirt, sums it up nicely on the Fedora Devel list:

    "While you might be able to crash the QEMU process associated with your own guest, you should not be able to escalate from there to take over the host, nor be able to compromise other guests on the same host. The attacker would need to find a second independent security flaw to let them escape SELinux in some manner, or some way to trick libvirt via its QEMU monitor connection. Nothing is guaranteed 100% foolproof, but in absence of other known bugs, sVirt provides good anti-venom for this flaw IMHO."

  • Tuesday's security updates
  • DDoS reflection attacks are back – and this time, it's personal

    At the start of 2014, attackers' favorite distributed denial of service attack strategy was to send messages to misconfigured servers with a spoofed return address – the servers would keep trying to reply to those messages, allowing the attackers to magnify the impact of their traffic.

  • Another HTTPS Vulnerability Rattles The Internet

    Another HTTPS vulnerability has started to make its rounds earlier this morning. Dubbed Logjam by its researchers, the vulnerability stems from the US's encryption export mandate back in the 1990s. This particular vulnerability, in the transport-layer security layer protocol, breaks the Diffie-Hellman perfect forward-secrecy. Susceptibility to the vulnerability is depended on servers and clients supporting the DHE_EXPORT encryption scheme, or using a key less-than-or-equal to 1024 bits.

Tails 1.4 Linux Distro Fixes Security Flaws, Focuses on Privacy

Filed under
Security
Debian

Tails first achieved notoriety as the Linux distribution that National Security Agency whistleblower Ed Snowden used. Tails, an acronym for The Amnesic Incognito Live System, is focused on enabling user privacy while online. On April 29, 2014, the Tails 1.0 debuted, and it has been steadily updated ever since. Tails 1.4 launched May 12 of this year with a number of new capabilities, including several important security updates. Among the big changes in Tails 1.4 is a new privacy-focused search tool called Disconnect. Tails 1.4 also enables users to print a paper copy of their privacy keys using the Paperkey tool. A core part of every Tails release is the included Tor browser, which benefits from an update in Tails 1.4 that fixes a number of recently disclosed security vulnerabilities. There are times when the Tor browser isn't enough, and users need a regular browser to get access to a service, which is why Tails 1.4 also includes an Unsafe Browser, as well. In this slide show, eWEEK examines key features of the Tails 1.4 release.

Read more

CoreOS Aims to Help Secure OpenStack Clouds

Filed under
Linux
Security

Brian "Redbeard" Harrington, principal architect at CoreOS, discusses the intersection of containers and the cloud.

Read more

Syndicate content

More in Tux Machines

today's leftovers

  • XDC2015 X.Org Conference Announced, CFP Issued
  • Persistent Memory Microconference Accepted into 2015 Linux Plumbers Conference
    The topic of persistent memory is back to the future for those of us old enough to have used core memory, but today’s persistent memory boasts densities, speeds, latencies, and capacities that are well beyond the scope even of science fiction back in the core-memory era.
  • AllSeen Alliance Strengthens IoT Open Source Ecosystem With 20 New Members
    The AllSeen Alliance, a cross-industry collaboration to advance the Internet of Everything through an open source software project, today announced 20 new members have joined the initiative. This marks the sixth consecutive month with double-digit member growth for the AllSeen Alliance, with more than 70 companies joining the initiative since January. Furthermore, these new members hold expertise across critical horizontal areas of the Internet of Things (IoT) -- telecommunications and networking operators, software developers, IoT platforms and solutions, product companies and smart home automation.
  • Libinput 0.16 Now Supports Devices Like The Chromebook Pixel
    The plans for Libinput 1.0 haven't yielded fruit yet, but libinput 0.16 is out this afternoon as the latest version of this input library used both by Wayland and X11 (and potentially Mir moving forward).
  • libinput and the lack of device types
    libinput uses udev tags to determine what a device is. This is a significant difference to the X.Org stack which determines how to deal with a device based on an elaborate set of rules, rules grown over time, matured, but with a slight layer of mould on top by now. In evdev's case that is understandable, it stems from a design where you could just point it at a device in your xorg.conf and it'd automagically work, well before we had even input hotplugging in X. What it leads to now though is that the server uses slightly different rules to decide what a device is (to implement MatchIsTouchscreen for example) than evdev does. So you may have, in theory, a device that responds to MatchIsTouchscreen only to set itself up as keyboard.
  • AMD Catalyst 15.5 Beta Linux Driver Surfaces
    AMD is finally out with a big Catalyst Linux driver update!
  • NVIDIA/Nouveau PerfKit Implemented Over Gallium3D State Tracker
    Samuel Pitoiset today unveiled his long sought after patches for implementing NVIDIA's PerfKit performance utility as a Gallium3D state tracker for use by the open-source Linux graphics drivers.
  • Intel Compute Stick Performance Surprises Under Ubuntu Linux
    All of the Intel x86 systems were running Ubuntu 15.04 with the Linux 4.1 kernel and the rest of the same software make-up. With the Utilite, Ubuntu 12.04 with the Linux 3.0 kernel was used due to newer releases not being supported by CompuLab. With the Jetson TK1 was Ubuntu 14.04 with the Linux 3.10 kernel, likewise due to NVIDIA not providing any newer official images. Due to running OpenGL (non-GLES) tests, only for the x86 systems are the graphics test results while for all of the processor-bound tests are results for all six systems in total.
  • Qt 5.4.2 Officially Released
    While Qt 5.5 is hopefully shipping at the end of the month, Qt 5.4.2 is the newest stable version today. Qt 5.4.2 has important security fixes for the Qt WebEngine, DoS vulnerability fix for its BMP image handler, and various other security fixes. There's also updates in Qt 5.4.2 for third-party libraries bundled within this leading open-source tool-kit.
  • Qt 5.4.2 and Qt Creator 3.4.1 Officially Released with Multiple Improvements and Fixes
    On June 2, the Qt Company, through Tuukka Turunen, announced the immediate availability for download of the second patch release for the stable Qt 5.4 series of the world's most acclaimed GUI toolkit.
  • It is official, Marble is coming to Android
    First, I would like to announce, I have been chosen as a Google Summer of Code student and my task is to provide a working version of Marble on Android at the end of the summer.
  • Count downs: T -10 hours, -12 days, -30 days, -95 days
    So the first fundraiser I’d like to write about is the Make Krita faster than Photoshop Kickstarter campaign. It’s almost over and is already a success but that doesn’t mean you can’t still become a supporter of this awesome painting application. And for the case you shouldn’t have seen it there was a series of interviews with Krita users (and thus users of KDE software) you should have read at least in part.
  • Take control of your file systems with Konqueror
    Each of these profiles configures Konqueror in a specific way for a specific task. You can then use these as starting points configure Konqueror to meet your specific needs and save a profile so that you can reconfigure Konqueror at any time to meet those needs. Even when configured for one task, such as file management, Konqueror can be used for other tasks such as web browsing.
  • KDEPIM KF5
    I started porting of kdepim to KF5 1 year ago (in may 2014). When I started it I thought that it should be easy. But it was not easy because firstly KF5 was not release and it was not stable, there was some bugs. Secondary kdepim is not just KMail, it contains the kdepim libs + akonadi + kdepim runtime + kdepim apps (as korganizer, kmail, etc.).
  • Cinnamon 2.6 Yields Lower CPU Usage
  • Cinnamon 2.6
    On behalf of the team and all the developers who contributed to this build, I am proud to announce the release of Cinnamon 2.6!
  • Tiny Core v6.3
    Team Tiny Core is proud to announce the release of Core v6.3...
  • Peppermint OS Six Screencast and Screenshots
  • Peppermint OS Six released
  • Peppermint Six is Here!
    Peppermint is excited to announce the launch of our latest operating system Peppermint Six. Lightweight and designed for speed, Peppermint Six delivers on that promise whether using software on your desktop, online, or using cloud based apps.
  • [Slackware] KDE 5_15.06 with a few useful fixes
    Yesterday there was a new release for the KDE Applications. I know that I updated my KDE 5 package set barely a week ago, but there were a few updates that I wanted to push anyway, so adding the updated Applications packages seemed like the proper thing to do.
  • Improving update of existing debian/copyright file
  • Reproducible builds: week 5 in Stretch cycle
  • Qseven COM runs Linux on 14nm Braswell, offers 4K video
    Congatec’s “Conga-QA4″ Qseven COM is based on Intel’s 14nm “Braswell” Pentium and Celeron SoCs, and offers MIPI-CSI, dual SATA ports, and 4K video.
  • Expandable 3.5-inch SBC runs Linux on Bay Trail SoCs
    Axiomtek’s “CAPA840″ SBC supports Atom E3800 SoCs, and offers -20 to 70°C support, wide-range power, dual mini-PCIe, and a “ZIO” connector for I/O modules.
  • Sysadmin adventures: When weather threatens our work
    With summer fast approaching in Boston, I appreciate the FSF office's air conditioning system. It keeps us comfortable in the heat, but during the record-breaking snowfall this winter, the system broke down, and as a result I found myself on an unexpected adventure.
  • Google’s Project Vault Is A Secure Computing Environment On A Micro SD Card, For Any Platform
    Onboard the Vault itself is an ARM processor running RTOS, a secure operating system focused on privacy and data security. It also has an NFC chip and an antenna (for proving that you are in control and that it’s correctly authorized). Finally, there’s a suite of cryptographic services, including hashing, signing, batch encryption and a hardware random number generator.
  • Cavium, System Makers Unveil ARM-Based Servers, Boards
    As Computex 2015 gets under way, server makers like Asus and Gigabyte announce they are using Cavium's ThunderX SoCs in new systems.
  • Tuesday's security updates
  • OpenSSL Certificate Authority v1.0.0
    I’ve recently made many improvements and additions. The series is now available as a standalone document titled OpenSSL Certificate Authority. Make sure you check it out!
  • Majority of websites have serious, unfixed vulnerabilities
    In a recent analysis of more than 30,000 websites, most had at least one serious vulnerability for 150 or more days last year.
  • StackIQ debuts fastest, easiest open-source bare-metal installer for Linux server provisioning
    StackIQ, Inc., makers of the Warehouse-grade automation platform for any large-scale server infrastructure, today announced the release of open source Stacki (short for “Stack Installer”), the world’s fastest and easiest-to-use Linux server provisioning tool. With Stacki, there are zero prerequisites for taking systems from bare metal to ‘a ping and a prompt.’ Alongside this new release, the company made available a one-day, on-site Stacki training and an implementation service for users who want to use the tools immediately for production servers.
  • A good start with room to improve: Thoughts on Citrix's Linux VDA, plus a video demo from Citrix Synergy 2015
    One of the more surprising things in a relatively unsurprising Citrix Synergy was the round of applause created by the announcement of the Linux VDA Tech Preview. I think it’s great, but it’s not the kind of announcement you’d think would garner much more than a murmur, let alone get a larger reaction from the audience than the iBand’s rendition of “Hey Ya!"
  • The Worm (Dell) Has Turned
    Amazing. Wonders never cease in 2015, The Year Of The GNU/Linux Desktop.
  • Is Eye Candy Doomed?
    With the popularity of mobile computing, some thought that windows would not be necessary anymore. The guys at Redmond, for example, made an atrocity of an OS and trumpeted as the latest-greatest. It dismissed the idea of windows because all apps ran full screen. Way to go! Especially if one uses a big monitor...what a waste of screen real estate!

Leftovers: Software

today's howtos

Leftovers: Gaming