Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Open-source code from Mars rover used in espionage campaign targeting Indian government

    Two open-source code libraries used in the development of the historic Mars rover have been exploited by cybercriminals and moulded into an effective espionage tool that is being used to target high-level officials in the Indian government.

    First exposed by security researchers at Palo Alto Networks, the malware, now dubbed Rover, was found in a malicious phishing email received by India's ambassador to Afghanistan that was made to look like it was sent from India's defence minister which, if opened, would have installed a slew of vicious exploits on the computer system.

    Upon analysis, the experts found the malware, which contained code that attacked a flaw in Office XP, boasted a range of spying features including the ability to hijack computer files, launch a keylogger, take screenshots and even record audio and video in real-time. All of the data compromised would be sent straight to the malware creator's command and control (C&C) server.

  • Open Source Code Of Mars Rover Being Used To Create Malware To Target Indian Government

    Last year on December 24, 2015, a potential online target was identified which was delivered via an email to a high profile Indian diplomat, an Ambassador to Afghanistan. The email was spoofed and crafted as if it was sent by the current defence minister of India, Mr. Manohar Parikar. The mail commended the Ambassador to Afghanistan on his contributions and success.

  • Report: 3.5 Million HTTPS Servers Vulnerable to DROWN

    A report released Tuesday on the DROWN vulnerability raises concerns about possible attacks that could expose encrypted communications. DROWN is a serious vulnerability that affects HTTPS and other services using SSL version 2, according to the team of security researchers who compiled the report. The protocols affected are some of the essential cryptographic protocols for Internet security. An attack could decrypt secure HTTPS communications, such as passwords or credit card numbers, within minutes.

  • OpenSSL update fixes Drown vulnerability
  • HTTPS DROWN flaw: Security bods' hearts sink as tatty protocols wash away web crypto

    DROWN (aka Decrypting RSA with Obsolete and Weakened eNcryption) is a serious design flaw that affects HTTPS websites and other network services that rely on SSL and TLS – which are core cryptographic protocols for internet security. As previously reported, about a third of all HTTPS servers are vulnerable to attack, the computer scientists behind the discovery of the issue warn.

This open source private server is as easy to use as a smartphone and can ease your privacy concerns

Filed under
OSS
Security

Recently, while visiting Swecha, a non-profit in Hyderabad that is bringing social change with free and open source software and is part of the Free Software Movement of India, I came to know about FreedomBox. Maintained by the non-profit FreedomBox Foundation that runs on donations, the FreedomBox is a revolution in itself. This project's flagship product, costing just US$100, uses various open hardware components, runs on free operating system Debian OS and works as a secure personal server for distributed social networking, email and audio-visual communications.

Read more

KDE Plasma 5.5.5 Bugfix Release Is Out

Filed under
KDE
Security

The KDE Community has announced that a new iteration of the famous Plasma desktop has been released, bringing the version number up to 5.5.5.

Read more

Security Leftovers (New Hype With Brand and Logo)

Filed under
Security

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • Peer-Seeking Webcam Reveals the Security Dangers of Internet Things

    Last week security blogger Brian Krebs revealed that a popular internet-enabled security camera “secretly and constantly connects into a vast peer-to-peer network run by the Chinese manufacturer of the hardware.”

  • Joomla Sites Join WordPress As TeslaCrypt Ransomware Target

    Exploit kits infecting thousands of WordPress websites are setting their sights on the open-source content management system Joomla in a new campaign spotted by a researcher at the SANS Institute’s Internet Storm Center.

    “The group behind the WordPress ‘admedia’ campaign is now apparently targeting Joomla sites,” said Brad Duncan, security researcher at Rackspace. “We are starting to see the same traffic characteristics in infections that are associated with Joomla sites – as we did with the WordPress campaign,” Duncan said.

  • Most software already has a “golden key” backdoor: the system update

    In 2014 when The Washington Post Editorial Board wrote "with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant," the Internet ridiculed them. Many people painstakingly explained that even if there were somehow wide agreement about who would be the "right" people and governments to hold such an all-powerful capability, it would ultimately be impossible to ensure that such power wouldn't fall in to the "wrong" hands.

Security Leftovers

Filed under
Security
  • Thursday's security updates
  • Friday's security updates
  • Rewrite Everything In Rust

    I just read Dan Kaminsky's post about the glibc DNS vulnerability and its terrifying implications. Unfortunately it's just one of many, many, many critical software vulnerabilities that have made computer security a joke.

    It's no secret that we have the technology to prevent most of these bugs. We have programming languages that practically guarantee important classes of bugs don't happen. The problem is that so much of our software doesn't use these languages. Until recently, there were good excuses for that; "safe" programming languages have generally been unsuitable for systems programming because they don't give you complete control over resources, and they require complex runtime support that doesn't fit in certain contexts (e.g. kernels).

    Rust is changing all that. We now have a language with desirable safety properties that offers the control you need for systems programming and does not impose a runtime. Its growing community shows that people enjoy programming in Rust. Servo shows that large, complex Rust applications can perform well.

  • Forthcoming OpenSSL releases
  • Improvements on Manjaro Security Updates
  • What is Glibc bug: Things To Know About It
  • IRS Cyberattack Total is More Than Twice Previously Disclosed

    Cyberattacks on taxpayer accounts affected more people than previously reported, the Internal Revenue Service said Friday.

    The IRS statement, originally reported by Dow Jones, revealed tax data for about 700,000 households might have been stolen: Specifically, a government review found potential access to about 390,000 more accounts than previously disclosed.

    In August, the IRS said that the number of potential victims stood at more than 334,000 — more than twice the initial estimate of more than 100,000.

  • Protect your file server from the Locky trojan
  • Google's Project Shield defends small websites from DDoS bombardment

    If you want to apply, there's an online form to fill in here which asks for the details of your site, and poses a few other questions about security and whether you've been hit by DDoS in the past. Note that you'll need to set up a Google account if you don't already have one.

  • 90 Percent of All SSL VPNs Use Insecure or Outdated Encryption

    Information security firm High-Tech Bridge has conducted a study of SSL VPNs (Virtual Private Networks) and discovered that nine out of ten such servers don't provide the security they should be offering, mainly because they are using insecure or outdated encryption.

Security Leftovers

Filed under
Security

Canonical Patches Ubuntu 15.10 Kernel Regression That Broke Graphics Displays

Filed under
Security

Linux kernel regressions in Ubuntu don't happen all the time, but from time to time Canonical manages to introduce a small issue when it updates the kernel package of one of its supported Ubuntu OSes, which is quickly fixed.

Read more

Security Leftovers

Filed under
Security
  • The Downside of Linux Popularity

    Popularity is becoming a two-edged sword for Linux.

    The open source operating system has become a key component of the Internet's infrastructure, and it's also the foundation for the world's largest mobile OS, Google's Android.

    Widespread use of the OS, though, has attracted the attention of hackers looking to transfer the dirty tricks previously aimed at Windows to Linux.

    Last year, for example, ransomware purveyors targeted Linux. Granted, it wasn't a very virulent strain of ransomware, but more potent versions likely will be on the way.

  • Baidu Browser Acts like a Mildly Tempered Infostealer Virus

    The Baidu Web browser for Windows and Android exhibits behavior that could easily allow a security researcher to categorize it as an infostealer virus because it collects information on its users and then sends it to Baidu's home servers.

  • Malware déjà vu - why we're still falling for the same old threats

    In second place was Conficker - first discovered in 2008 - which again allows remote control and malware downloads. Together, these two families were responsible for nearly 40% of all malware attacks detected in 2015.

  • Conficker, AndroRAT Continue Malware Reigns of Terror

    Conficker meanwhile continued in its position as King of the Worms, remaining the most prevalent malware type and accounting for 25% of all known attacks during the period. Conficker is popular with criminals thanks to its focus on disabling security services to create more vulnerabilities in the network, enabling them to be compromised further and used for launching DDoS and spam attacks.

  • Child-Monitoring Company Responds To Notification Of Security Breach By Publicly Disparaging Researcher Who Reported It

    "Thanks for letting us know about this! We'll get it fixed immediately!" said almost no company ever.

    There's a long, but definitely not proud, tradition of companies shooting the messenger when informed of security flaws or possible breaches. The tradition continues.

    uKnowKids is monitoring software parents can install on their children's cell phones that allows them to track their child's location, as well as social media activity, text messages and created media. As such, it collects quite a bit of info.

Tor users are actively discriminated against by website operators

Filed under
Security

Computer scientists have documented how a large and growing number of websites discriminate against people who browse them using Tor.

Tor is an anonymity service that is maintained with assistance from the US State Department and designed in part to allows victims of censorship in countries like China and Iran to surf the web. New research show how corporations are discriminating against Tor users, in some cases partly because it’s harder to classify anonymous users for the purpose of pushing ads at them.

Read more

Syndicate content

More in Tux Machines

Leftovers: KDE

  • KDE's Project Neon Begins Publishing Daily Wayland Images
    KDE -- KDE's Project Neon has begun publishing daily images of the latest KDE Plasma stack powered atop Wayland rather than the X.Org Server. Jonathan Riddell passed along word that daily ISOs are now being spun of the freshest KDE development code with KWin acting as a Wayland compositor. The OS base is still Ubuntu 16.04 LTS.
  • The Qt Company's Qt Start-Up
    The Qt Company is proud to offer a new version of the Qt for Application Development package called Qt Start-Up, the company's C++-based framework of libraries and tools that enables the development of powerful, interactive and cross-platform applications and devices. Now used by around one million developers worldwide, the Qt Company seeks to expand its user base by targeting smaller enterprises.

Linux 4.5.3

I'm announcing the release of the 4.5.3 kernel. All users of the 4.5 kernel series must upgrade. The updated 4.5.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.5.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-st... thanks, greg k-h Read more Also: Linux 4.4.9 Linux 3.14.68

Open source near ubiquitous in IoT, report finds

Open source is increasingly standard operating procedure in software, but nowhere is this more true than Internet of Things development. According to a new VisionMobile survey of 3,700 IoT developers, 91% of respondents use open source software in at least one area of their software stack. This is good news for IoT because only open source promises to reduce or eliminate the potential for lock-in imposed by proprietary “standards.” What’s perhaps most interesting in this affection for open source, however, is that even as enterprise developers have eschewed the politics of open source licensing, IoT developers seem to favor open source because “it’s free as in freedom.” Read more

Ubuntu 16.04 – My Experience so Far and Customization

While I earnestly anticipated the release of Unity 8 with Xenial Xerus (after watching a couple of videos that showcased its function), I was utterly disappointed that Canonical was going to further push its release — even though it was originally meant to debut with Ubuntu 14.04. Back to the point at hand, I immediately went ahead and installed Unity Tweak Tool, moved my dash to the bottom (very important) and then proceeded to replace Nautilus with the extensive Nemo file manager which is native to Linux Mint and by far superior to the former (my opinion). Read more