Language Selection

English French German Italian Portuguese Spanish

Security

More Security News

Filed under
Security
  • Kaminsky Warns Black Hat Audience of Risks to the Internet
  • Severe vulnerabilities discovered in HTTP/2 protocol
  • ChaosKey v1.0 Released — USB Attached True Random Number Generator

    Support for this device is included in Linux starting with version 4.1. Plug ChaosKey into your system and the driver will automatically add entropy into the kernel pool, providing a constant supply of true random numbers to help keep the system secure.

    ChaosKey is free hardware running free software, built with free software on a free operating system.

  • Changes for GnuPG in Debian

    The GNU Privacy Guard (GnuPG) upstream team maintains three branches of development: 1.4 ("classic"), 2.0 ("stable"), and 2.1 ("modern").

    They differ in various ways: software architecture, supported algorithms, network transport mechanisms, protocol versions, development activity, co-installability, etc.

    Debian currently ships two versions of GnuPG in every maintained suite -- in particular, /usr/bin/gpg has historically always been provided by the "classic" branch.

    That's going to change!

    Debian unstable will soon be moving to the "modern" branch for providing /usr/bin/gpg. This will give several advantages for Debian and its users in the future, but it will require a transition. Hopefully we can make it a smooth one.

Security Leftovers

Filed under
Security
  • Kaspersky Lab Launches Bug Bounty Program With HackerOne

    The security firm allocates $50,000 to pay security researchers for responsibly disclosing flaws in its security products.
    Kaspersky Lab is no stranger to the world of vulnerability research, but the company is now opening up and enabling third-party security researchers to disclose vulnerabilities about Kaspersky's own software.

  • Reproducible builds for PaX/Grsecurity

    A series of scripts are created to do reproducible builds for Linux kernel with PaX/Grsecurity patch set.

    Thanks to:

    PaX/Grsecurity
    Debian GNU/Linux Community
    Shawn C[a.k.a “Citypw”]
    Linux From Scratch

    Without the contributions of the projects, community and people, the scripts cannot be accomplished.

  • Four flaws in HTTP/2 could bring down web servers

    SECURITY RESEARCHERS have uncovered at least four flaws in the HTTP/2 protocol, the successor to HTTP that was launched properly only in May last year, after Google rolled up its SPDY project into HTTP/2 in February.

    The flaws enable attackers to slow web servers by overwhelming them with seemingly innocent messages that carry a payload of gigabytes of data, putting them into infinite loops and even causing them to crash.

    The HTTP/2 protocol can be divided into three layers: the transmission layer, including streams, frames and flow control; the HPACK binary encoding and compression protocol; and the semantic layer, which is an enhanced version of HTTP/1.1 enriched with server-push capabilities.

Security News

Filed under
Security

Security News

Filed under
Security
  • Security Issue in Windows leaks Login Data [Ed: designed for back door access]

    An issue in all Windows systems might leak the user’s Windows login and password information. This is especially critical if the user is using a Microsoft account because this is linked to a number of other services the user may be using.

  • Get ready for an Internet of Things disaster, warns security guru Bruce Schneier

    Security guru Bruce Schneier, the author of multiple encryption algorithms, founder of security company Counterpane, and former chief technology officer of BT Managed Security Solutions, has warned that the ‘craze' for connecting devices to the internet with little thought about security will result in a major disaster.

    Schneier warned that "integrity and availability threats" are much worse than "confidentiality threats" with devices connected to the internet.

    "It's one thing if your smart door lock can be eavesdropped upon to know who is home. It's another thing entirely if it can be hacked to allow a burglar to open the door - or prevent you from opening your door. A hacker who can deny you control of your car, or take over control, is much more dangerous than one who can eavesdrop on your conversations or track your car's location," Schneier wrote.

    He continued: "With the advent of the Internet of Things and cyber-physical systems in general, we've given the internet hands and feet: the ability to directly affect the physical world. What used to be attacks against data and information have become attacks against flesh, steel, and concrete."

  • New Presidential Directive on Incident Response

    Last week, President Obama issued a policy directive (PPD-41) on cyber-incident response coordination. The FBI is in charge, which is no surprise. Actually, there's not much surprising in the document. I suppose it's important to formalize this stuff, but I think it's what happens now.

  • Kazakh dissidents and lawyers hit by cyber attacks: researchers

    Hackers believed to be working on behalf of Kazakhstan government officials tried to infect lawyers and other associates of exiled dissidents and publishers with spyware, according to a report to be presented at this week's Black Hat security conference in Las Vegas.

    The hacking campaign was part of a complicated tale that also involved physical surveillance and threats of violence - a rare instance of cyber attacks coming alongside real-world crimes.

    It is also unusual in that the campaign involved an Indian company that was apparently hired by the hackers, and it targeted Western lawyers along with alleged opponents of the Kazakh government.

    A spokesman at the Kazakhstan embassy in Washington did not respond to emailed questions.

  • Bruce Schneier: major IoT disaster could happen at any time

    THE CRAZE for connecting anything and everything and controlling it over the internet will result in a major disaster without better built-in security, according to security expert Bruce Schneier.

    Furthermore, if secret services really are trying to influence elections by hacking the systems of political parties and releasing embarrassing emails, they will almost certainly attempt to hack into the increasing number of internet-connected voting machines for the same ends.

    Schneier is the author of multiple encryption algorithms, founder of security company Counterpane, and former chief technology officer of BT Managed Security Solutions.

    "It's one thing if your smart door lock can be eavesdropped on to know who is home. It's another thing entirely if it can be hacked to allow a burglar to open the door or prevent you opening your door," Schneier wrote in an article published by Motherboard.

  • Linux botnets on the rise, says Kaspersky DDoS report [Ed: Kaspersky marketing with dramatic and misleading headlines]
  • Hackers break into Telegram, revealing 15 million users’ phone numbers

    Iranian hackers have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users, the largest known breach of the encrypted communications system, cyber researchers told Reuters.

    The attacks, which took place this year and have not been previously reported, jeopardized the communications of activists, journalists and other people in sensitive positions in Iran, where Telegram is used by some 20 million people, said independent cyber researcher Collin Anderson and Amnesty International technologist Claudio Guarnieri, who have been studying Iranian hacking groups for three years.

    Telegram promotes itself as an ultra secure instant messaging system because all data is encrypted from start to finish, known in the industry as end-to-end encryption. A number of other messaging services, including Facebook Inc’s WhatsApp, say they have similar capabilities.

Tor 0.2.8.6

Filed under
Software
OSS
Security
Debian
  • Tor 0.2.8.6 is released

    Hi, all! After months of work, a new Tor release series is finally stable.

  • Tor browser a bit too unique?

    Ok, this is scary: tor browser on https://browserprint.info/test -- "Your browser fingerprint appears to be unique among the 8,440 tested so far. Currently, we estimate that your browser has a fingerprint that conveys 13.04 bits of identifying information."

  • Debian Project Enhances the Anonymity and Security of Debian Linux Users via Tor

    The Debian Project, through Peter Palfrader, announced recently that its services and repositories for the Debian GNU/Linux operating system would be accessible through the Tor network.

    To further enhance the anonymity and security of users when either accessing any of the Debian online services, such as the Debian website or Wiki, as well as when using the Debian GNU/Linux operating system, the Debian Project partnership with the Tor Project to enable Tor onion services for many of their services.

Gentoo-Based Pentoo 2015.0 Linux Distro for Ethical Hackers Gets New RC Release

Filed under
Gentoo
Security

The Pentoo Linux development team proudly announces today, August 2, 2016, the availability for download of the fifth Release Candidate (RC) build towards the Pentoo 2015.0 GNU/Linux operating system.

We don't write so often about the Pentoo GNU/Linux operating system because new releases are being made available to the public online when a new DEF CON event (the world's largest annual hacker convention) is taking place. So yes, it's now a tradition to see a new Pentoo release around a DEF CON conference.

Read more

Security Leftovers

Filed under
Security

Kaspersky Selling His Snake Oil

Filed under
GNU
Linux
Security

Security News

Filed under
Security
  • Securing Embedded Linux

    Until fairly recently, Linux developers have been spared many of the security threats that have bedeviled the Windows world. Yet, when moving from desktops and servers to the embedded Internet of Things, a much higher threat level awaits.

    “The basic rules for Linux security are the same whether it’s desktop, server, or embedded, but because IoT devices are typically on all the time, they pose some unique challenges,” said Mike Anderson, CTO and Chief Scientist for The PTR Group, Inc. during an Embedded Linux Conference talk called “Securing Embedded Linux.”

  • Security updates for Monday
  • Packt security bundle winner announced!
  • Everyone has been hacked

    Unless you live in a cave (if you do, I'm pretty jealous) you've heard about all the political hacking going on. I don't like to take sides, so let's put aside who is right or wrong and use it as a lesson in thinking about how we have to operate in what is the new world.

    In the past, there were ways to communicate that one could be relatively certain was secure and/or private. Long ago you didn't write everything down. There was a lot of verbal communication. When things were written down there was generally only one copy. Making copies of things was hard. Recording communications was hard. Even viewing or hearing many of these conversations if you weren't supposed to was hard. None of this is true anymore, it hasn't been true for a long time, yet we still act like what we do is just fine.

  • Android Security Bulletin—July 2016
  • The July 2016 Android security bulletin
  • How To Use Google For Hacking?
  • Securing Embedded Linux by Michael E. Anderson
  • Botnet DDoS attacks in Q2: Linux Botnets on the rise, length of attacks increase

    Kaspersky Lab has released its report on botnet-assisted DDoS attacks for the second quarter of 2016 based on data provided by Kaspersky DDoS Intelligence*. The number of attacks on resources located on Chinese servers grew considerably, while Brazil, Italy and Israel all appeared among the leading countries hosting C&C servers.

  • Cisco Cybersecurity Report Warns of Serious Ransomware Dangers

SubgraphOS: Security Becomes Accessible

Filed under
Software
Security

Increased security often comes at a price in Linux distributions. Tails, for example, allows anonymous browsing at the cost of running from a flash drive. Similarly, Qubes OS provides comprehensive security but with an enormous increase in memory requirements. By contrast, Subgraph OS (SGOS) increase security by installing existing security features that other distributions leave out, adding graphical access to them at a cost no higher than some extra configuration after installation.

The maker of SGOS is Subgraph, an open source security company based in Montreal, Canada. Subgraph is also the developer of Vega, a web application security testing tool, and Orchid, a Java Tor client. SGOS itself is a Debian-derivative running a GNOME desktop environment, and currently in a usable if somewhat rough alpha release.

SGOS uses the standard Debian installer, with options for a Live Disk, and a standard or advanced installation. The standard install differs from Debian’s chiefly in the fact that disk encryption is mandatory and that partitions are over-written with random data before set up before installation — a process that can be skipped, but at the cost of some unspecified loss os security. Somewhat surprisingly, it enforces strong passwords or passphrases only by the number of characters, although whether that is due a conviction that passwords are weak security, or of less concern with disk encryption is uncertain. Or possibly SGOS will enforce passwords that include characters and a variety of cases in later releases.

Read more

Syndicate content

More in Tux Machines

Games for GNU/Linux

Qubes OS 3.2 has been released!

I’m happy to announce that today we’re releasing Qubes OS 3.2! This is an incremental improvement over the 3.1 version that we released earlier this year. A lot of work went into making this release more polished, more stable and easier to use than our previous releases. One major feature that we’ve improved upon in this release is our integrated management infrastructure, which was introduced in Qubes 3.1. Whereas before it was only possible to manage whole VMs, it is now possible to manage the insides of VMs as well. Read more

Red Hat claims headway in Asia, bets big on container and hybrid cloud

While the smallest in terms of revenue contribution, Asia is Red Hat's fastest growing region and is likely to continue its upwards trajectory as emerging markets roll out new infrastructure. Developing nations in the region were embarking on many net new infrastructure projects, rather than replacement for existing technology, and open source would be involved in a large share of such projects. The decisions on which technology to deploy would rarely be between proprietary or open source, but rather on which open source vendor to go with or to do so internally, said Red Hat President and CEO Jim Whitehurst. Read more

LibreOffice Office Suite Celebrates 6 Years of Activity with LibreOffice 5.2.2

Today, September 29, 2016, Italo Vignoli from The Document Foundation informs Softpedia via an email announcement about the general availability of the first point release of the LibreOffice 5.2 open-source and cross-platform office suite. On September 28, the LibreOffice project celebrated its 6th anniversary, and what better way to celebrate than to push a new update of the popular open source and cross-platform office suite used by millions of computer users worldwide. Therefore, we would like to inform our readers about the general availability of LibreOffice 5.2.2, which comes just three weeks after the release of LibreOffice 5.2.1. "Just one day after the project 6th anniversary, The Document Foundation (TDF) announces the availability of LibreOffice 5.2.2, the second minor release of the LibreOffice 5.2 family," says Italo Vignoli. "LibreOffice 5.2.2, targeted at technology enthusiasts, early adopters and power users, provides a number of fixes over the major release announced in August." Read more