Language Selection

English French German Italian Portuguese Spanish

Security

The current state of Drupal security

Filed under
Interviews
Drupal
Security

Greg Knaddison has worked for big consulting firms, boutique software firms, startups, professional service firms, and former Drupal Security Team leader. He is currently the director of Engineering at CARD.com and a Drupal Association advisory board member.

Michael Hess works with the University of Michigan School of Information and the UM Medical Center teaching three courses on content management platforms and overseeing the functionality of hundreds of campus websites. He serves in a consulting and development role for many other university departments and is the current Drupal Security Team leader. He also consults with BlueCross on large-scale medical research projects. Hess is a graduate of the University of Michigan School of Information with a master's degree in information.

Read more

Tails 1.4 RC1 Anonymous Live CD Uses Tor Browser 4.5 and Debian 8 Jessie Sources

Filed under
Linux
Security

The Tails development team announced the immediate availability for download and testing of the first Release Candidate (RC) version of the upcoming Tails 1.4 amnesic incognito Live CD distribution that has been used by Edward Snowden to stay invisible online and browse websites anonymously.

Read more

Security News

Filed under
GNU
Linux
Security
  • Now available from GNU Press, the NeuG True Random Number Generator

    This week I had a chance to add a NeuG, a True Random Number Generator, to the Free Software Foundation network. The NeuG exclusively uses free software and was developed in Japan by NIIBE Yutaka. A random number generator (RNG) is a device used to generate random numbers for computers. Without getting into a philosophical argument, we humans tend to take the concept of entropy (randomness) for granted. If we wish to produce random data, we simply do so. Computers, on the other hand, do as we tell them to do. They follow a set of instructions provided by a programmer and follow each instruction precisely. So there is no way to ask a computer to give us a random number because we would have to tell the computer in advance what the number is. There are some ways around this. For example, we could use a system's current timestamp as a seed, or starting point, for producing random-seeming numbers by using an algorithm. This approach will create the illusion of entropy, but if someone else knows both the timestamp used for the seed and the algorithm used to generate the random numbers, the sequence of the random number generator can be calculated and predicted.

  • Apple, Linux devices to be decoded at new CBI lab

    The Central Bureau of Investigation has got a new specialized forensic lab to decipher and recover data from Apple devices seized from suspects during investigation of cases. The new lab, inaugurated at the CBI academy in Ghaziabad, will be fully equipped with latest workstations and software to decode the digital information stored in Apple devices, said sources.

Apache SpamAssassin 3.4.1 released

Filed under
Server
OSS
Security

On behalf of the project, I am pleased to announce the release of Apache SpamAssassin v3.4.1.

Read more

Valve Releases New SteamOS Beta with Lots of Security Updates

Filed under
Security
Debian
Gaming

Valve has released a new Beta version of its SteamOS Linux operating system, and they have upgraded a number of packages, mostly to fix various small problems and security issues.

Read more

Varnish: SSL revisited

Filed under
Security
BSD

our years ago, I wrote a rant about why Varnish has no SSL support (Why no SSL ?) and the upcoming 4.1 release is good excuse to revisit that issue.

Read more

Old Ubuntu Bug Lets Malicious Users Gain Sudo Access

Filed under
Security
Ubuntu

It appears that there's a bug in Ubuntu distributions which lets malicious users locally exploit sudo and gain access to the user's account without knowing their password. The bug was submitted to Canonical's Launchpad back in September 2013 by user Mark Smith.

Read more

Tor Browser 4.5 is released

Filed under
OSS
Security

The Tor Browser Team is proud to announce the first stable release in the 4.5 series. This release is available from the Tor Browser Project page and also from our distribution directory.
The 4.5 series provides significant usability, security, and privacy enhancements over the 4.0 series. Because these changes are significant, we will be delaying the automatic update of 4.0 users to the 4.5 series for one week.

Read more

Can funding open source bug bounties save Europe from mass-surveillance?

Filed under
OSS
Security

The report also suggests promoting open-source software as a way to build resilience to surveillance, which could be achieved by funding audits of important open-source software. Among several products it highlights is disk encryption software, TrueCrypt, which was recently subjected to a crowd-funded audit that was able to rule out the existence of NSA backdoors in the product.

“TrueCrypt is a typical example of a problem of the commons: worldwide use of software package was probably dependent on two or three developers,” the study notes to highlight why funding open source projects may be valuable.

Read more

LibreOffice Vulnerabilities Closed in Ubuntu 14.10, Ubuntu 14.04, and Ubuntu 12.04

Filed under
LibO
Security
Ubuntu

Canonical revealed details about a number of LibreOffice vulnerabilities that have been found and fixed in Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS, which also upgrades the office suite.

Read more

Syndicate content

More in Tux Machines

Netflix FIDO

Chromixium – An Ubuntu Based Google’s Chrome OS Clone

Today, We have come up with an interesting news for both Ubuntu and Chrome OS users. Meet Chromixium – the new modern desktop operating system based on Ubuntu that has the functionality, look and feel of Google’s “Chrome OS”. Chromixium has brought the elegant simplicity of Chromebook and flexibility and stability of Ubuntu together. Chromixium puts the web front and center of the user experience. Web and Chrome apps work straight out of the browser to connect you to all your personal, work and education networks. Sign into Chromium to sync all your apps and bookmarks. When you are offline or when you need more power, you can install any number of applications for work or play, including LibreOffice, Skype, Steam and a whole lot more. Security updates are installed seamlessly and effortlessly in the background and will be supplied until 2019. You can install Chromixium in place of any existing operating system, or alongside Windows or Linux. Read more

BQ Aquaris E4.5 Ubuntu Edition review: A promising start

The first 'production' smartphone running the Ubuntu operating system is finally here. Designed and marketed by the Spanish company BQ (not to be confused with the Chinese company BQ Mobile) and made in China, the first Ubuntu Phone is based on the 4.5-inch BQ Aquaris E4.5, which normally ships with Android 4.4. Included with the BQ Aquaris E4.5 Ubuntu Edition are two copies of the quick-start guide (in four languages each, one of the eight being English), a charger (with a built-in two-pin continental mains plug) and a 1-metre USB-to-Micro-USB cable. A comprehensive User Manual is available for download from the BQ website. The list price for the Aquaris E4.5 Ubuntu Edition, which is only available in the EU, is €169.90 (~£125). Read more Also: Ubuntu and Windows set to contest desktop/smartphone hybrid market Ubuntu phone that works as a desktop PC coming in 2015

Enabling Open Source SDN and NFV in the Enterprise

I recently attended the Intel Developer Forum (IDF) in Shenzhen, China, to promote Intel’s software defined networking (SDN) and network functions virtualization (NFV) software solutions. During this year’s IDF, Intel has made several announcements and our CEO Brian Krzanich showcased Intel’s innovation leadership across a wide range of technologies with our local partners in China. On the heel of Krzanich’s announcements, Intel Software & Services Group Senior VP Doug Fisher extended Krzanich’s message to stress the importance of open source collaboration to drive industry innovation and transformation, citing OpenStack and Hadoop as prime examples. Read more Also: Myth-Busting the Open-Source Cloud Part 2