Language Selection

English French German Italian Portuguese Spanish

Security

Leftovers: Security

Filed under
Security

Security Leftovers

Filed under
Security
  • Teardrop Attack: What Is It And How Does It Work?

    In Teardrop Attack, fragmented packets that are sent in the to the target machine, are buggy in nature and the victim’s machine is unable to reassemble those packets due to the bug in the TCP/IP fragmentation.

  • Updating code can mean fewer security headaches

    Organizations with high rates of code deployments spend half as much time fixing security issues as organizations without such frequent code updates, according to a newly released study.

    In its latest annual state-of-the-developer report, Devops software provider Puppet found that by better integrating security objectives into daily work, teams in "high-performing organizations" build more secure systems. The report, which surveyed 4,600 technical professionals worldwide, defines high IT performers as offering on-demand, multiple code deploys per day, with lead times for changes of less than one hour. Puppet has been publishing its annual report for five years.

  • Over half of world's top domains weak against email spoofing

    Over half of the world's most popular online services have misconfigured servers which could place users at risk from spoof emails, researchers have warned.

    According to Swedish cybersecurity firm Detectify, poor authentication processes and configuration settings in servers belonging to hundreds of major online domains are could put users at risk of legitimate-looking phishing campaigns and fraudulent emails.

Linux Kernel 4.6.3 Has Multiple Networking Improvements, Better SPARC Support

Filed under
Linux
Security

Today, June 24, 2016, renowned Linux kernel developer Greg Kroah-Hartman has announced the general availability of the third maintenance release for the Linux 4.6 kernel series.

Linux kernel 4.6.3 is here two weeks after the release of the second maintenance update in the series, Linux kernel 4.6.2, to change a total of 88 files, with 1302 insertions and 967 deletions. Unfortunately, very few GNU/Linux distributions have adopted the Linux 4.6 series, despite the fact that Greg Kroah-Hartman urged everyone to move to this most advanced kernel branch as soon as possible from Linux 4.5, which reached end of life.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Security updates for Tuesday
  • Google Hacker Donates His $15,000 Bug Bounty Cash Award To Charity

    Google’s leading security engineer Tavis Ormandy recently won a bug bounty challenge run by security solutions firm Bromium and decided to donate the money to charity. Following his gesture, Bromium matched Ormandy’s donation and donated $15,000 to Amnesty International organization.

  • Mozilla Awards $385,000 to Open Source Projects as part of MOSS “Mission Partners” Program

    For many years people with visual impairments and the legally blind have paid a steep price to access the Web on Windows-based computers. The market-leading software for screen readers costs well over $1,000. The high price is a considerable obstacle to keeping the Web open and accessible to all. The NVDA Project has developed an open source screen reader that is free to download and to use, and which works well with Firefox. NVDA aligns with one of the Mozilla Manifesto’s principles: “The Internet is a global public resource that must remain open and accessible.”

  • TOR Project And Security Experts Making A “Hardened” Version Of TOR To Defeat FBI

    The TOR Project is working closely with security researchers to implement a new technique to secure the TOR Browser against the FBI’s de-anonymization exploits. Called “Selfrando”, this technique will fight the FBI’s “Code Reuse” exploits and create a “hardened” version of TOR.

Security Leftovers

Filed under
Security
  • New RAA ransomware written in JavaScript discovered

    A new variety of ransomware called RAA has been discovered that has the somewhat unusual attribution of being coded in JavaScript instead of one of the more standard programming languages making it more effective in certain situations.

  • Want To Be A Cool Security Guru?

    Well it will take some work, security is not like what they show on TV. You don’t need green on black text, special goggles or an unlimited enhance function. Instead, it requires sitting down and understanding the history of the field, what it means to be “secure” and what limitations or assumptions you can work under. This summer I have decided to start my journey on the vast field of cryptography and am doing an online course at Stanford University that provides an introduction to cryptography. It is appropriately named “Cryptography I” and is the first part of a two part course, the second part being offered later in the Fall. Both are taught by a really awesome professor Dan Boneh who I find explains the material very well. I decided I would like to make some posts about what I have learned in this course as I go through the material so that I can share my knowledge and get a chance to write it down somewhere for later reference.

  • WordPress 4.5.3 Maintenance and Security Release

    WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

Security Leftovers

Filed under
Security
  • Security advisories for Monday
  • BadTunnel: Critical vulnerability affects every version of Microsoft's OS since Windows 95

    A security researcher from Tencent, China's largest internet service portal, has discovered a critical security flaw in Microsoft's Windows operating system that affects every single version of Windows over the last two decades, from Windows 95 all the way to Windows 10.

  • Decentralized Security

    If you're a fan of the cryptocurrency projects, you've heard of something called Ethereum. It's similar to bitcoin, but is a seperate coin. It's been in the news lately due to an attack on the currency. Nobody is sure how this story will end at this point, there are a few possible options, none are good. This got me thinking about the future of security, there are some parallels when you compare traditional currency to crypto currency as well as where we see security heading (stick with me here).

    The current way currency works is there is some central organization that is responsible for minting and controlling the currency, usually a country. There are banks, exchanges, loans, interest, physical money, and countless other ways the currency interacts with society. We will compare this to how IT security has mostly worked in the past. You had one large organization responsible for everything. If something went wrong, you could rely on the owner to take control and make things better. There are some instances where this isn't true, but in general it holds.

    Now if we look at cryptocurrency, there isn't really a single group or person in charge. That's the whole point though. The idea is to have nobody in charge so the currency can be used with some level of anonymity. You don't have to rely on some sort of central organization to give the currency legitimacy, the system itself has legitimacy built in.

Parrot Security OS 3.0 Ethical Hacking Distro Is Out, Now Ready for Raspberry Pi

Filed under
OS
Security

Parrot Security OS developer Frozenbox Network was extremely proud to announce the release of the final Parrot Security OS 3.0 "Lithium" computer operating system.

Read more

Security Leftovers

Filed under
Security
  • Making a Case for Security Analytics

    Being a victim of a data breach no longer results in a slap on the wrist. Instead it can lead to costly fines, job loss, physical damage and an organization's massive loss of reputation. Case in point: Target. Following its high-profile breach in late 2013, Target suffered large losses in market valuation and paid more than $100 million in damages.

  • GoToMyPC password hack – urgent, change passwords NOW

    If you use the popular Citrix GoToMyPC remote access product for macOS, Windows, Kindle, iOS, and Android you will need to change all passwords now.

  • Web Application Defender's Field Report: Account Takeover Campaigns Spotlight

    ATO attacks (also known as credential stuffing) use previously breached username and password pairs to automate login attempts. This data may have been previously released on public dumpsites such as Pastebin or directly obtained by attackers through web application attacks such as SQLi. The goal of the attacks is to identify valid login credential data that can then be sold to gain fraudulent access to user accounts. ATO may be considered a subset of brute force attacks, however it is an increasing threat because it is harder to identify such attacks through traditional individual account authentication errors. The Akamai Threat Research Team analyzed web login transactions for one week across our customer base to identify ATO attack campaigns.

  • Google's security princess talks cybersecurity

    Her talk was even-keeled, informative, and included strong FOSS messaging about everyone's vested interest in internet security and privacy. After the talk was done, I watched her take audience questions (long enough for me to take a short conference call) where she patiently and handily fielded all manner of queries from up and down the stack.

BusyBotNet is a Fork of Busybox with Security Tools

Filed under
OSS
Security

Busybox provides a lightweight version of common command line utilities normally found on “big” Linux into a single binary, in order to bring them to embedded systems with limited memory and storage. As more and more embedded systems are now connected to the Internet, or as they are called nowadays the Internet of Things nodes, adding security tools, such as cryptographic utilities, could prove useful for administrators of such system, and so BusyBotNet project wsa born out of a fork of Busybox.

Read more

Syndicate content

More in Tux Machines

Leftovers: OSS and Sharing

  • 4 tips for teaching kids how to build electronics
    Kids are naturally curious about how things work, and with a new trend in hardware companies creating open source hardware products, it's a great time to teach kids about electronics. But modern technology can seem too complex to even begin to understand. So where do you start?
  • Oil companies joining open source world by sharing data [Ed: No, oil companies, sharing data is open data and not open source. More openwashing, like greenwashing]
    The oil and gas industry has long collected huge volumes of data, but it hasn’t always known quite what to do with it all. Often, the terabytes aren’t even stored on computer systems that readily talk to each other. Industry insiders are used to it, said Michael Jones, senior director of strategy at the oil and gas software maker Landmark. But it’s not OK, he said. So, about a year ago, Jones and some of his oil industry colleagues set about to fix it. This week, at Landmark’s Innovation Forum & Expo at the Westin hotel in northwest Houston, the company unveiled the beginnings of a collaborative its members called groundbreaking. In a move to drive technology further, faster — and, perhaps, take a bigger piece of the burgeoning big-data market — Landmark is pushing its main computing platform into the cloud, for all to use.
  • Interactive, open source visualizations of nocturnal bird migrations in near real-time
    New flow visualizations using data from weather radar networks depict nocturnal bird migrations, according to a study published August 24, 2016 in the open-access journal PLOS ONE by Judy Shamoun-Baranes from University of Amsterdam, the Netherlands, and colleagues.
  • Go! Speed Racer Go!
    I finally reached a point where I could start running the go version of sm-photo-tool. I finished the option validation for the list command. While I was testing it I noticed how much faster the Go version felt. Here are the python vs Go versions of the commands.
  • Semantic Interoperability for European Public Services will be presented at the SEMANTiCS 2016 conference
    The revision of the European Interoperability Framework and the importance of data and information standardisation for promoting semantic interoperability for European Public Services will be presented by Dr. Vassilios Peristeras, DG Informatics, ISA unit at the SEMANTiCS 2016 conference which takes place in Leipzig on September 13th and 14th 2016. The title of the presentation is “Promoting Semantic Interoperability for European Public Services: the European Commission ISA2 Programme” (slideset to appear here soon).

Linux at 25: How Linux changed the world

I walked into an apartment in Boston on a sunny day in June 1995. It was small and bohemian, with the normal detritus a pair of young men would scatter here and there. On the kitchen table was a 15-inch CRT display married to a fat, coverless PC case sitting on its side, network cables streaking back to a hub in the living room. The screen displayed a mess of data, the contents of some logfile, and sitting at the bottom was a Bash root prompt decorated in red and blue, the cursor blinking lazily. I was no stranger to Unix, having spent plenty of time on commercial Unix systems like OSF/1, HP-UX, SunOS, and the newly christened Sun Solaris. But this was different. Read more

Linux Kernel News and Microsoft Breaks PowerShell

  • Coherent Accelerators, FPGAs, and PLD Microconference Accepted into 2016 Linux Plumbers Conference
    It has been more than a decade since CPU core clock frequencies stopped doubling every 18 months, which has shifted the search for performance from the "hardware free lunch" to concurrency and, more recently, hardware accelerators. Beyond accelerating computational offload, field-programmable gate arrays (FPGAs) and programmable logic devices (PLDs) have long been used in the embedded space to provide ways to offload I/O or to implement timing-sensitive algorithms as close as possible to the pin.
  • Linux's brilliant career, in pictures
    Aug. 25 marks the 25th anniversary of Linux, the free and open source operating system that's used around the globe in smarphones, tablets, desktop PCs, servers, supercomputers, and more. Though its beginnings were humble, Linux has become the world’s largest and most pervasive open source software project in history. How did it get here? Read on for a look at some of the notable events along the way.
  • Quarter Century of Innovation – aka Happy Birthday Linux!
    Happy birthday Linux. You’ve defined how we should be using and adoption technology. You’ve disrupted and continue to disrupt, industries all over the place. You’ve helped define what it means to share ideas openly and freely. You’ve shown what happens when we collaborate and work together. Free and Open Source is a win-win for all and Linux is the Gold Standard of that.
  • Microsoft Open Source Czar Takes Spotlight at LinuxCon [Ed: Microsoft paid for this]
  • Windows Update borks PowerShell – Microsoft won't fix it for a week
    You'd be forgiven for thinking Microsoft is actively trying to stop people using Windows 10 Anniversary Edition. A patch this week broke one of the key features of the OS: PowerShell.

Android Leftovers

  • Xiaomi Redmi Note 4 unveiled in China, priced at $135
    Xiaomi took the wraps off their latest smartphone offering, the Redmi Note 4, earlier today, and as is expected from the budget-friendly Redmi series, the device offers a premium look, specifications, and features, and more importantly, an ultra-affordable price tag. The Redmi Note 4 retains the premium full metal unibody construction that was introduced with its predecessor, but now comes with a brushed metal finish and chamfered edges that looks and feels even better. The design language is quite similar as well, with the Redmi Note 4 also coming with a fingerprint scanner on the back. Under the hood, the Redmi Note 4 comes with a 5.5-inch Full HD display that is covered with a 2.5D curved glass panel. The phone is powered by a MediaTek Helio X20 processor, that is backed by the Mali-T880MP4 GPU and 2 GB or 3 GB of RAM. 16 GB or 64 GB are the on-board storage options available, which also dictates how much RAM you get, and you also get expandable storage via microSD card to cover all your needs. Keeping everything running is a huge 4,100 mAh battery.
  • New study finds iPhones fail far more often than Android phones
    Apple customers are generally a shockingly loyal bunch. The company’s high repeat customer rate can be attributed to a combination of factors that concern iPhones themselves as well as Apple’s industry-leading customer service. Dealing with Apple’s customer care department has always been a pleasure compared to dealing with rival companies, and iPhones themselves have historically been very reliable, offering a consistently smooth user experience that people love.
  • Relax, Spire can now connect to Android phones
    Spire, the wearable that promises to help you with healthy breathing and mindfulness, was previously only available for iOS devices. But that should change with an update rolling out now.
  • Android 7.0 Nougat: Small changes that make a big difference in UX
    The seventh iteration of Android (Nougat) has finally been released by the mighty Google. If you happen to be the owner of a Nexus device, you might see this update very soon. Everyone else...you know the drill. So after an extended period of waiting for the update to trickle through your carrier and onto your device, what can you expect to happen to your Android device once its center has become a creamier shade of Nougat?
  • Two Nokia Android smartphones show up in benchmark
    Nokia is definitely coming out with a few Android smartphones later this year, but today's Nokia has little in common with the company that ruled the mobile phone industry for years. For starters, the devices that will be released this year, or the next, will be made by a third-party company. Nokia won't be manufacturing phones anymore and most likely it won't manage the way they are sold through retailers and authorized resellers.
  • Proxima bae, Instagram scams, Android goes full crypto: ICYMI
  • PayPal adds proper Nexus Imprint fingerprint login support on Android
  • Google Duo has been downloaded 5 million times on Android since its release