Language Selection

English French German Italian Portuguese Spanish

Security

Free Linux-Based Firewall Smoothwall Express 3.1 Is One of the Biggest Releases in Years

Filed under
GNU
Linux
Security

Smoothwall Express is a free firewall that is based on a GNU/Linux kernel that comes with an easy to use interface. The latest version available is now 3.1 and its been in the works for a long time.

Read more

BlackPhone Reviewed: Secure OS Inside a Generic Design and Not Quite Cheap

Filed under
Android
Security

“If privacy is important to you, the Blackphone is almost certainly what you’re after in a mobile device. Besides, you don’t have much choice currently. One thing I’m still coming to terms with, however, is the concept of selling peace of mind.

As Edward Snowden continues to leak information about how the NSA and other national government agencies were/are hoovering up every bit of personal data available to them, digital privacy has never been a hotter topic. With people wanting more control over how their data is handled, it was inevitable that products like the Blackphone would appear.”

Read more

Tails OS Will Keep You Anonymous Online and Offline

Filed under
Security
Debian

There are many Linux distributions available right now that claim to protect the privacy of their users, but very few actually do it properly. Tails is definitively among the top ones, if not the best. Now, a new version has been made available, but it's just an RC for an upcoming release...

Read more

Adobe Digital Editions 4 Spies on Users - Because of DRM

Filed under
Security

This column has written many times about the deep flaws of Digital Rights Management (DRM) - or "Digital Restrictions Management" as Richard Stallman rightly calls it - and the ridiculous laws that have been passed to "protect" it. What these effectively do is place copyright above basic rights - not just in the realm of copyright, but even in areas like privacy. Yesterday, another example of the folly of using DRM'd products came to light.

Read more

The Source of Vulnerabilities, How Red Hat finds out about vulnerabilities.

Filed under
Red Hat
Security

Red Hat Product Security track lots of data about every vulnerability affecting every Red Hat product. We make all this data available on our Measurement page and from time to time write various blog posts and reports about interesting metrics or trends.

One metric we’ve not written about since 2009 is the source of the vulnerabilities we fix. We want to answer the question of how did Red Hat Product Security first hear about each vulnerability?

Every vulnerability that affects a Red Hat product is given a master tracking bug in Red Hat bugzilla. This bug contains a whiteboard field with a comma separated list of metadata including the dates we found out about the issue, and the source. You can get a file containing all this information already gathered for every CVE. A few months ago we updated our ‘daysofrisk’ command line tool to parse the source information allowing anyone to quickly create reports like this one.

Read more

USB Sees Many Changes For Linux 3.18 Kernel

Filed under
Linux
Hardware
Security

Greg Kroah-Hartman sent in pull requests on Tuesday for the various kernel subsystems he maintains. The USB changes as he put it are "lots of little changes in here, all over the place", per his mailing list post.

Read more

Ten Year Old "Critical" Bug Discovered In OpenBSD

Filed under
Security
BSD

While OpenBSD generally prides itself on being a secure, open-source operating system and focusing more on code corectness and security rather than flashy features, it turns out a potential security bug has been living within OpenBSD for the past decade.

Phoronix German ready "FRIGN" wrote in to Phoronix this afternoon with a subject entitled, "10 year old critical bug in OpenBSD discovered." He pointed out a post today about a bug discovered in OpenBSD's polling subsystem that could allow DDoS-style attacks on servers, "a critical bug in the polling-subsystem in OpenBSD has been uncovered which allows DDoS-attacks on servers using a non-standard derivation from the POSIX-standard in marking file descriptors non-readable when they should return EOF."

Read more

Open source's "shallow bugs" theory hasn't been Shellshocked

Filed under
OSS
Security

It hasn't been a good year for open source. Not for its generally golden reputation for software quality and security, anyway. But in a rush to lay blame for the Bash Shellshock vulnerability (and previously for Heartbleed) some, like Roger Grimes, want to dismantle some of the cardinal tenets of open source, like the suggestion that "given enough eyeballs, all bugs are shallow."

Read more

Tor executive director hints at Firefox integration

Filed under
Moz/FF
Security

Tor, which is capable of of all that and more, crucially blocks websites from learning any identifying information about you and circumvents censorship. It also stymies eavesdroppers from discovering what you’re doing on the Web. For those reasons, it would be a powerful addition to the arsenal of privacy tools Firefox already possesses.

The Tor Browser is already a modified version of Firefox, developed over the last decade with close communication between the Tor developers and Mozilla on issues such as security and usability.

Read more

LibreSSL: More Than 30 Days Later

Filed under
Security
BSD

Instead, libressl is here because of a tragic comedy of other errors. Let's start with the obvious. Why were heartbeats, a feature only useful for the DTLS protocol over UDP, built into the TLS protocol that runs over TCP? And why was this entirely useless feature enabled by default? Then there's some nonsense with the buffer allocator and freelists and exploit mitigation countermeasures, and we keep on digging and we keep on not liking what we're seeing. Bob's talk has all the gory details.
But why fork? Why not start from scratch? Why not start with some other contender? We did look around a bit, but sadly the state of affairs is that the other contenders aren't so great themselves. Not long before Heartbleed, you may recall Apple dealing with goto fail, aka the worst bug ever, but actually about par for the course.

Read more

Syndicate content

More in Tux Machines

What Your CIO Needs to Know About Open Source

Today’s businesses are becoming increasingly familiar with the many benefits of open source software. In fact, 74 percent of IT professionals, in the U.S. alone, agree that the software offers better quality of continuity and control than that of proprietary. However, some CIOs are still skeptical about adopting open source software into their IT infrastructure as they’ve grown accustomed to their proprietary software vendors. Read more

Elementary OS Freya 0.3 review

Elementary OS is a Linux desktop distribution that’s being primed as a “fast and open replacement for Windows and OS X.” It’s safe to say that that’s the goal of every Linux distribution. Some distributions have, to a large extent, succeeded, while some are partially or completely misguided. Elementary OS, even though it’s still just at version 0.3, belongs to the first group. Some of the design decisions make it slightly painful to use, but as a unit, the distribution is moving in the right direction. Will it ever get to the point where it replaces Windows and OS X for all users? No, because there’ll always be those that love Windows and Mac OS X no matter what. And there are still applications that have no real alternatives in Linux. Read more

Evolving KDE: Lehman’s Laws of Software Evolution In The Community

The board of KDE eV has launched a new initiative to ensure that KDE remains awesome and relevant for the foreseeable future. Unlike previous approaches it is not a point-in-time solution, it is a continuous process of improvement. And it is a good thing. Previously, I have written/spoken a lot about the role of Brooks’ Law in the context of Free Software. Brooks’ Law teaches us to be careful about the management of growth in our communities. Especially treated in consideration with the grossly under appreciated Conway’s Law. There are, of course, other laws of Software Engineering that apply to Free Software development. Read more