Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

How Linux Kernel Development Impacts Security

Filed under
Linux
Security

The Linux kernel is a fast moving project, and it's important for both users and developers to quickly update to new releases to remain up-to-date and secure. That was the keynote message Greg Kroah-Hartman, maintainer of the stable Linux kernel, delivered at CoreOS Fest on May 9 here.

Kroah-Hartman is a luminary in the Linux community and is employed by the Linux Foundation, publishing on average a new Linux stable kernel update every week. In recent years, he has also taken upon himself the task of helping to author the "Who Writes Linux" report that details the latest statistics on kernel development. He noted that, from April 2015 to March 2016, there were 10,800 new lines of code added, 5,300 lines removed and 1,875 lines modified in Linux every day.

Read more

Also: Neat drm/i915 Stuff for 4.7

Here's a List of All the Ethical Hacking Tools Included in BlackArch Linux

Filed under
GNU
Linux
Security

At the beginning of the month, we informed you about the general availability of an updated ISO image for the Arch Linux-based BlackArch Linux operating system, which gave users access to over 1,400 penetration testing tools.

BlackArch Linux 2016.04.28 was, as its version number suggests, baked and cooked at the end of April, and it introduced 80 new security-oriented utilities to the ever growing collection of tools that are available in the software repositories of this GNU/Linux operating system.

Read more

Compare to: IE and Graphics head Microsoft's Patch Tuesday critical list

Debian-Based Univention Corporate Server 4.1-2 Brings Important Security Updates

Filed under
Security
Debian

Maren Abatielos of Univention GmbH informs us today, May 10, 2016, about the release of the second maintenance build of Univention Corporate Server (UCS) 4.1.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Tuesday
  • This Botnet, Called Jaku, Only Targets Scientists, Engineers, And Academics

    Jaku Botnet discriminates while targeting its victims in the wild. It is easier to download from the famous sources like images or Torrents — thanks to the unforced human errors — and once installed, it grips that computer and makes that a part of the Botnet network.

  • Reproducible builds: week 54 in Stretch cycle

    There has been a surprising tweet last week: "Props to @FiloSottile for his nifty gvt golang tool. We're using it to get reproducible builds for a Zika & West Nile monitoring project." and to our surprise Kenn confirmed privately that he indeed meant "reproducible builds" as in "bit by bit identical builds". Wow. We're looking forward to learn more details about this; for now we just know that they are doing this for software quality reasons basically.

  • Security Analyst Arrested For Disclosing Security Flaw In Florida County's Election Systems

    A Florida man has been charged with felony criminal hacking charges after disclosing vulnerabilities in the voting systems used in Lee County, Florida. Security analyst David Levin was arrested 3 months after reporting un-patched SQL injection vulnerabilities in the county's election systems. Levin was charged with three counts of unauthorized access to a computer, network, or electronic device and released on $15,000 bond. Levin's first and biggest mistake was to post a video of himself on YouTube logging into the Lee County Elections Office network using the credentials of Sharon Harrington, the Lee County Supervisor of Elections.

KDE Applications 16.04 Gets Its First Point Release, Includes Over 25 Bug Fixes

Filed under
KDE
Security

Today, May 10, 2016, KDE has announced the general availability of the first point release in the latest stable and most advanced KDE Applications 16.04 series of the software suite used for the KDE Plasma 5 desktop environment.

Read more

Security Leftovers

Filed under
Security

Ubuntu LTS Kernel Vulnerabilities

Filed under
Security
Ubuntu

Security Leftovers

Filed under
Security
  • Secure from whom

    Side-channel attacks are a thing, this is true. But they also cost a lot of time and money to develop. If you want something that can be applied to more than just a single target, that cost explodes. That is why the two most common places where side-channel attacks are developed are nation states and universities specializing in that research.

    [...]

    So in summation, I’m far more interested in focusing on our ability to get security fixes out to users in a timely fashion. Herd immunity can work for software too.

  • Security isn't a feature, it's a part of everything

    Almost every industry goes through a time when new novel features are sold as some sort of add on or extra product. Remember needing a TCP stack? What about having to buy a sound card for your computer, or a CD drive? (Does anyone even know what a CD is anymore?) Did you know that web browsers used to cost money? Times were crazy.

  • Student Tried to Hack His School Network, Police Calls Him An Anonymous Member

    The State police and school district officials in Pennsylvania are investigating a case that involves a school student trying to hack into the school’s Wi-Fi network. The officials have told a local newspaper that they have found some evidence regarding his association with the hacktivist group Anonymous

Syndicate content

More in Tux Machines

SparkyLinux Now Lets Users Test Drive Linux Kernel 4.7, Here's How to Install It

Just one day after the announcement of the GA release of the Linux 4.7 kernel, the SparkyLinux developers inform their users that they can now test drive the new kernel from the unstable repository. Read more

Clear Linux Is Among the First Distros to Adopt Kernel 4.7, X.Org Server 1.18.4

Today, July 26, 2016, Softpedia was informed by the Clear Linux team about the availability of new software updates for the GNU/Linux operating system designed for the Intel architecture. Read more

today's leftovers

  • Last gasp: Microsoft updates Get Windows 10 nagster, KB 3035583, yet again
    With nine days to go, Microsoft really, really wants you to claim your free upgrade to Windows 10. Come to think of it, Microsoft has really, really wanted you to upgrade your Windows 7 or 8.1 PC to Windows 10 for more than a year, and backed it with the GWX subsystem -- first installed by KB 3035583 in March 2015, 15 months ago.
  • AMD FireRender is now the open-source Radeon ProRender
  • NWM: An X11 Window Manager Written In Node.js
    In case you ever wanted to have a Node.js window manager, there's now one that works for X11 environments that works on Chrome OS, Debian, and friends.
  • We’ve come a long way from where we began!
    After working for several weeks on our WikiRating:Google Summer of Code project Davide, Alessandro and I have slowly reached up to the level where we can now visualize the entire project in its final stages.
  • Bringing your kids to GUADEC 2016
  • GNOME Keysign - Report #2 GSoC 2016
    More than a week ago I blogged about the new GUI made with GtkBuilder and Glade [1]. Now, I will talk about what has changed since then with the GUI and also the new functionality that has been added to it. I will start with the new "transition" page which I've added for the key download phase. Before going more in depth, I have to say that the app knows at each moment in what state it is, which really helps in adding more functionality.
  • Introducing: openSUSE heroes
    During the last weeks, the openSUSE board and others expressed their concern about the current state of some openSUSE infrastructure: especially the reaction times to change something in the setup were mentioned multiple times. Looks like we lost some administrators and/or contact points at SUSE who helped out in the past to eliminate problems or work together with the community. As result, there was a meeting held during the openSUSE Conference 2016, including some SUSE employees and openSUSE community members to discuss the current situation and search for some possible solutions. The discussion was very fruitful and we’d like to share some of the results here to inform everyone and actively ask for help. If you want to join us, the openSUSE heroes, do not hesitate to contact us and join an incredible team!
  • Artila Releases New Cortex-A5 based industrial embedded Linux computer

Server Administration

  • Open Source Docker Monitoring & Logging
    Docker is growing by leaps and bounds, and along with it, its ecosystem. Being light, the predominant container deployment involves running just a single app or service inside each container. Most software products and services are made up of at least several such apps/services. We all want all our apps/services to be highly available and fault tolerant. Thus, Docker containers in an organization quickly start popping up like mushrooms after the rain. They multiply faster than rabbits.While, in the beginning, we play with them like cute little pets, as their numbers quickly grow we realize we are dealing with a herd of cattle, implying we’ve become cowboys. Managing a herd with your two hands, a horse, and a lasso will only get you so far. You won’t be able to ride after each and every calf that wonders in the wrong direction. To get back to containers from this zoological analogy—operating so many moving pieces at scale is impossible without orchestration—this is why we’ve seen the rise of Docker Swarm, Kubernetes, Mesos, CoreOS, RancherOS, and so on.
  • DevOps: A Pillar of Modern IT Infrastructure
    A massive transformation is underway in the way we manage IT infrastructure. More companies are looking for improved agility and flexibility. They are moving from traditional server stacks to cloudy infrastructure to support a new array of applications and services that must be delivered at breakneck pace in order to remain competitive.
  • The one big change in IT
    Yet Bob does not believe the devops hammer should be used on anything that looks remotely like a nail. Accounting systems, supply chain management systems, warehouse management systems, and so on do not benefit from the constant modification enabled by devops. Those are bound by precise, interlocking processes along with granular permissions and regulations. Here, continuous change invites disaster of the type that ITIL-huggers and OCM (organizational change management) proponents fear most.