Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Vulnerability in popular bootloader puts locked-down Linux computers at risk

    Pressing the backspace key 28 times can bypass the Grub2 bootloader’s password protection and allow a hacker to install malware on a locked-down Linux system.

  • Grub2 Bypassable Without a Password

    The Grub system is pretty common on Linux desktops. Grub stands for GRand Unified Bootloader, and Grub2 is a continuation of its development. For a long time, another bootloader was also used by many distributions, called LiLo, which was short for Linux Loader, and while it is still actively developed, most distributions opt for Grub anymore.

  • Google's Project Zero uncovers critical flaw in FireEye products

    Google's Project Zero security team have uncovered security flaws in FireEye products which could lead to remote code execution and the compromise of full computer systems.

    Tavis Ormandy from the Google Project Zero vulnerability disclosure team said on Tuesday the flaws were serious enough for FireEye to ask for time to fix the problem, which had the potential to allow remote code execution to take place via a wide range of products.

Does SELinux Have Much Of A Performance Impact On Fedora 23?

Filed under
Graphics/Benchmarks
Red Hat
Security

Going back many years, SELinux would receive much criticism over slowing down the system's performance and causing an assortment of other problems. In the early days of Fedora it would often be wise to disable Security Enhanced Linux, but in the past few years it's been in good shape. With modern hardware, is there much of a performance impact in keeping SELinux enabled?

Read more

Security Leftovers

Filed under
Security

Tails 1.8 is out

Filed under
GNU
Linux
Security
Debian

This release fixes numerous security issues. All users must upgrade as soon as possible.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • The Joy of Getting Hacked

    Two weeks ago, the server I host all my personal projects on was hacked by some guy in Ukraine.

  • Microsoft Edge has inherited many of Internet Explorer's security holes

    We're all anxiously awaiting the day that Windows 10's new Edge browser becomes usable. That hasn't happened yet, but it will some day next year. Microsoft Edge should represent a huge improvement in browser security, particularly when compared with the ancient, creaking, and leaky Internet Explorer. Recent events, though, have me wondering if Edge really represents that big of a step forward.

  • DEF CON 23 - Runa Sandvik, Michael Auger - Hacking a Linux-Powered Rifle

    TrackingPoint is an Austin startup known for making precision-guided firearms. These firearms ship with a tightly integrated system coupling a rifle, an ARM-powered scope running a modified version of Linux, and a linked trigger mechanism. The scope can follow targets, calculate ballistics and drastically increase its user's first shot accuracy. The scope can also record video and audio, as well as stream video to other devices using its own wireless network and mobile applications.

  • Supporting secure DNS in glibc
  • TLS in the kernel

    An RFC patch from Dave Watson at Facebook proposes moving the bulk of Transport Layer Security (TLS) processing into the kernel. There are a number of advantages he sees for doing so, but most of the commenters on the patch set seem a bit skeptical about the idea. TLS is, of course, the encryption layer that protects HTTPS and other internet protocols.

  • Let's Encrypt Stats
  • December ’15 security fixes for Adobe Flash

Security Leftovers

Filed under
Security

EFF Launches Open Source Code Security Program to Improve User Privacy

Filed under
OSS
Security

The Electronic Frontier Foundation (EFF) has launched a new security initiative aimed at identifying vulnerabilities in open source code. The move is another sign of the open source world's increasing interest in leveraging the the community to shore up software security in the wake of embarrassments like Heartbleed, the bug found in the popular OpenSSL cryptographic software library that led to so much trouble last year.

Read more

Dutch government to shore up open source security

Filed under
OSS
Security

The Dutch Parliament on Tuesday approved a EUR 0.5 million budget to develop and improve existing open source encryption solutions that are a crucial part of the Internet. The plan is to enhance projects such as OpenSSL, LibreSSL or PolarSSL (mbed TLS).

Read more

Security Leftovers

Filed under
Security
  • Symantec: iOS and OS X users face a surge of fresh security threats

    SECURITY FIRM Symantec has warned that the hacker threat to Apple users has reached unprecedented levels.

    The firm reckons that Apple is a victim of its success, becoming a bigger target as its user base grows. To be fair to Apple most of the problem relates to jailbroken devices, which is not a thing that the firm recommends. We have seen incidents recently that make the most of this. The threat applies to mobile software and the desktop.

  • DoS attack brings UK universities to a virtual standstill

    According to the Telegraph newspaper, universities across the country have been hit by DoS attacks. This means in some cases no internet access, and that means students will have to study like it's 1980 something.

  • U.K. Cops Are Trying to Scare Teen Hackers With House Calls

    It was a summer morning, officer Paul Hastings recalls, when he arrived at a suspected hacker’s house in the northern English city of Hull. There, police had tracked one of the people who’d signed up online for a hacking service called Lizard Stresser that was used to attack companies including Microsoft, Amazon.com, and Sony at the end of 2014. This particularly fearsome cybervigilante was asleep when Hastings knocked, so his dad answered the door.

    The visit was one of about 50 U.K. police made this year to people they say used the Lizard Stresser site, many of them children. The Hull suspect, a teenager, couldn’t have done anything wrong, his dad told Hastings. He spent all his time upstairs, on his computer.

    [...]

    Teen hackers have been pop culture figures since Matthew Broderick starred in WarGames, and the U.K. has a long history with juvenile black hats. In 1994, when U.S. Air Force researchers found an unauthorized user on their systems downloading data, they tracked the hacker to a North London suburb. Working with London police, they found their culprit: a 16-year-old boy in an attic bedroom, as journalist Gordon Corera recounts in Intercept: The Secret History of Computers and Spies.

Syndicate content

More in Tux Machines

Facebook-squishing Indian regulator's next move: Open source code

Fresh from squashing Facebook's effort to grab the enormous India market, the sub-continent's regulator has another goal in mind: open source software. Speaking at the India Digital Summit this week, chairman of the Telecom Regulatory Authority of India (TRAI), Ram Sewak Sharma, told attendees: "No service can be hostage to a particular technology." He then went on to explicitly support the broader adoption of open source software, arguing that it would help the booming digital economy in India from being locked into buying from a specific company and enable a broader and more equitable internet for all. "Any technology that is deployed for connectivity must be interoperable and the open standards framework and the principles it entails are extremely important," he argued. Read more

Ubuntu 16.04 LTS to Let Users Change the Visibility of App Menus in Unity Panel

We've already told you that we're running the latest Ubuntu 16.04 LTS (Xenial Xerus) operating system, right? Well, guess what? Earlier today, Canonical pushed a bunch of important updates to the upcoming distribution. Read more

GNOME 3.19.90 beta tarballs due (and more)

Hello all, We would like to inform you about the following: * GNOME 3.19.90 beta tarballs due * API/ABI, UI and Feature Addition Freeze; String Change Announcement Period * New APIs must be fully documented * Writing of release notes begins Tarballs are due on 2016-02-15 before 23:59 UTC for the GNOME 3.19.90 beta release, which will be delivered on Wednesday. Modules which were proposed for inclusion should try to follow the unstable schedule so everyone can test them. Please make sure that your tarballs will be uploaded before Monday 23:59 UTC: tarballs uploaded later than that will probably be too late to get in 3.19.90. If you are not able to make a tarball before this deadline or if you think you'll be late, please send a mail to the release team and we'll find someone to roll the tarball for you! Read more

US Air Force's Secure LPS (Lightweight Portable Security) Linux OS Gets Updated

Lightweight Portable Security (LPS), a thin Linux kernel-based operating system that creates a secure end node from trusted media on almost any PC, has been updated recently to version 1.6.4. Read more