Language Selection

English French German Italian Portuguese Spanish


Security News

Filed under
  • OpenSSL 1.1.0 released
  • Security advisories for Friday
  • Openwall 3.1-20160824 is out

    New Openwall GNU/*/Linux ISO images and OpenVZ container templates are out.

  • Scorpene Leak Could Be Part Of 'Economic War,' Says French Maker: 10 Facts

    The leak, was first reported in The Australian newspaper. Ship maker DCNS has a nearly 38 billion dollar contract with Australia, but the leak has no mention of the 12 vessels being designed for Australia.

  • Homeland Security has 'open investigation' into Leslie Jones hacking

    The Department of Homeland Security is investigating the cyberattack against Ghostbusters actor Leslie Jones one day after her personal information and explicit images were leaked online.

    In a short statement on Thursday, a spokesperson for the US Immigration and Customs Enforcement agency said that the Homeland Security investigations unit in New York “has an open investigation into this matter”.

    “As a matter of agency policy and in order to protect the integrity of an ongoing investigation, we will not disclose any details,” the statement said.

    “As a matter of agency policy, we are unable to disclose any information related to an active investigation,” a spokeswoman said.

Security News

Filed under
  • Thursday's security updates
  • Priorities in security
  • How Core Infrastructure Initiative Aims to Secure the Internet

    In the aftermath of the Heartbleed vulnerability's emergence in 2014, the Linux Foundation created the Core Infrastructure Initiative (CII)to help prevent that type of issue from recurring. Two years later, the Linux Foundation has tasked its newly minted CTO, Nicko van Someren, to help lead the effort and push it forward.

    CII has multiple efforts under way already to help improve open-source security. Those efforts include directly funding developers to work on security, a badging program that promotes security practices and an audit of code to help identify vulnerable code bases that might need help. In a video interview with eWEEKat the LinuxCon conference here, Van Someren detailed why he joined the Linux Foundation and what he hopes to achieve.

  • Certificate Authority Gave Out Certs For GitHub To Someone Who Just Had A GitHub Account

    For many years now, we've talked about the many different problems today's web security system has based on the model of security certificates issued by Certificate Authorities. All you need is a bad Certificate Authority be trusted and a lot of bad stuff can happen. And it appears we've got yet another example.

    A message on Mozilla's security policy mailing list notes that a free certificate authority named WoSign appeared to be doing some pretty bad stuff, including handing out certificates for a base domain if someone merely had control over a subdomain. This was discovered by accident, but then tested on GitHub... and it worked.

Red Hat Enterprise Linux 7.3 Beta Adds NVDIMM Support, Improves Security

Filed under
Red Hat

Today, August 25, 2016, Red Hat announced that version 7.3 of its powerful Red Hat Enterprise Linux operating system is now in development, and a Beta build is available for download and testing.

Red Hat Enterprise Linux 7.3 Beta brings lots of improvements and innovations, support for new hardware devices, and improves the overall security of the Linux kernel-based operating system used by some of the biggest enterprises and organizations around the globe. Among some of the major new features implemented in the Red Hat Enterprise Linux 7.3 release, we can mention important networking improvements, and support for Non-Volatile Dual In-line Memory Modules (NVDIMMs).

Read more

Also: CentOS 6 Linux OS Receives Important Kernel Security Update from Red Hat

Release of Red Hat Virtualization 4 Offers New Functionality for Workloads

Security News

Filed under
  • Jay Beale: Linux Security and Remembering Bastille Linux

    Security expert and co-creator of the Linux-hardening (and now Unix-hardening) project Bastille Linux. That’s Jay Beale. He’s been working with Linux, and specifically on security, since the late 1980s. The greatest threat to Linux these days? According to Beale, the thing you really need to watch out for is your Android phone, which your handset manufacturer and wireless carrier may or may not be good about updating with the latest security patches. Even worse? Applications you get outside of the controlled Google Play and Amazon environments, where who-knows-what malware may lurk.

    On your regular desktop or laptop Linux installation, Beale says the best security precaution you can take is encrypting your hard drive — which isn’t at all hard to do. He and I also talked a bit, toward the end, about how “the Linux community” was so tiny, once upon a time, that it wasn’t hard to know most of its major players. He also has some words of encouragement for those of you who are new to Linux and possibly a bit confused now and then. We were all new and confused once upon a time, and got less confused as we learned. Guess what? You can learn, too, and you never know where that knowledge can take you.

  • Automotive security: How safe is a next-generation car?

    The vehicles we drive are becoming increasingly connected through a variety of technologies. Features such as keyless entry and self-diagnostics are becoming commonplace. Unfortunately, they can also introduce IT security issues.

  • Let's Encrypt: Every Server on the Internet Should Have a Certificate

    The web is not secure. As of August 2016, only 45.5 percent of Firefox page loads are HTTPS, according to Josh Aas, co-founder and executive director of Internet Security Research Group. This number should be 100 percent, he said in his talk called “Let’s Encrypt: A Free, Automated, and Open Certificate Authority” at LinuxCon North America.

    Why is HTTPS so important? Because without security, users are not in control of their data and unencrypted traffic can be modified. The web is wonderfully complex and, Aas said, it’s a fool’s errand to try to protect this certain thing or that. Instead, we need to protect everything. That’s why, in the summer of 2012, Aas and his friend and co-worker Eric Rescorla decided to address the problem and began working on what would become the Let’s Encrypt project.

  • OpenSSL 1.1 Released With Many Changes

    OpenSSL 1.1.0 was released today as a major update to this free software cryptography and SSL/TLS toolkit.

    In addition to OpenSSL 1.1 rolling out a new build system and new security levels and support for pipelining and a new threading API, security additions to OpenSSL 1.1 include adding the AFALG engine, support for ChaChao20 in libcrypto/libssl, scrypto algorithm support, and support for X25519, among many other additions.

  • Is Windows ​10’s ‘Hidden Administrator Account’ a security risk? [Ed: Damage control from Microsoft Jack (Jack Schofield) because Microsoft Windows is vulnerable by design]

Security News

Filed under
  • Wednesday's security updates
  • This Android botnet relies on Twitter for its commands
  • Android Security Flaw Exposes 1.4B Devices [Ed: Alternative headline is, "Android is very popular, it has billions of users. And yes, security ain’t perfect." When did the press ever publish a headline like, "Windows flaw leaves 2 billion PCs susceptible for remote takeover?" (happens a lot)]
  • Wildfire ransomware code cracked: Victims can now unlock encrypted files for free

    Victims of the Wildfire ransomware can get their encrypted files back without paying hackers for the privilege, after the No More Ransom initiative released a free decryption tool.

    No More Ransom runs a web portal that provides keys for unlocking files encrypted by various strains of ransomware, including Shade, Coinvault, Rannoh, Rakhn and, most recently, Wildfire.

    Aimed at helping ransomware victims retrieve their data, No More Ransom is a collaborative project between Europol, the Dutch National Police, Intel Security, and Kaspersky Lab.

    Wildfire victims are served with a ransom note demanding payment of 1.5 Bitcoins -- the cryptocurrency favored by cybercriminals -- in exchange for unlocking the encrypted files. However, cybersecurity researchers from McAfee Labs, part of Intel Security, point out that the hackers behind Wildfire are open to negotiation, often accepting 0.5 Bitcoins as a payment.

    Most victims of the ransomware are located in the Netherlands and Belgium, with the malicious software spread through phishing emails aimed at Dutch speakers. The email claims to be from a transport company and suggests that the target has missed a parcel delivery -- encouraging them to fill in a form to rearrange delivery for another date. It's this form which drops Wildfire ransomware onto the victim's system and locks it down.

Security Leftovers

Filed under

Security News

Filed under

Canonical Releases Massive Mir 0.24.0 Display Server Update for Ubuntu Linux OS

Filed under

Canonical has pushed a new massive update (version 0.24.0) of the Mir display server used to power the Unity 8 user interface of the next-generation Ubuntu Linux operating system.

Read more

Security Leftovers

Filed under

Security News

Filed under
Syndicate content

More in Tux Machines

KNOPPIX 7.7.1 Distro Officially Released with Debian Goodies, Linux Kernel 4.7.9

Believe it or not, Klaus Knopper is still doing his thing with the KNOPPIX GNU/Linux distribution, which was just updated to version 7.7.1 to offer users the latest open source software and technologies. Read more

CentOS 6 Linux Servers Receive Important Kernel Security Patch, Update Now

We reported a couple of days ago that Johnny Hughes from the CentOS Linux team published an important kernel security advisory for users of the CentOS 7 operating system. Read more

Games for GNU/Linux

  • Why GNU/Linux ports can be less performant, a more in-depth answer
    When it comes to data handling, or rather data manipulation, different APIs can perform it in different ways. In one, you might simply be able to modify some memory and all is ok. In another, you might have to point to a copy and say "use that when you can instead and free the original then". This is not a one way is better than the other discussion - it's important only that they require different methods of handling it. Actually, OpenGL can have a lot of different methods, and knowing the "best" way for a particular scenario takes some experience to get right. When dealing with porting a game across though, there may not be a lot of options: the engine does things a certain way, so that way has to be faked if there's no exact translation. Guess what? That can affect OpenGL state, and require re-validation of an entire rendering pipeline, stalling command submission to the GPU, a.k.a less performance than the original game. It's again not really feasible to rip apart an entire game engine and redesign it just for that: take the performance hit and carry on. Note that some decisions are based around _porting_ a game. If one could design from the ground up with OpenGL, then OpenGL would likely give better performance...but it might also be more difficult to develop and test for. So there's a bit of a trade-off there, and most developers are probably going to be concerned with getting it running on Windows first, GNU/Linux second. This includes engine developers.
  • Why Linux games often perform worse than on Windows
    Drivers on Windows are tweaked rather often for specific games. You often see a "Game Ready" (or whatever term they use now) driver from Nvidia and AMD where they often state "increased performance in x game by x%". This happens for most major game releases on Windows. Nvidia and AMD have teams of people to specifically tweak the drivers for games on Windows. Looking at Nvidia specifically, in the last three months they have released six new drivers to improve performance in specific games.
  • Thoughts on 'Stellaris' with the 'Leviathans Story Pack' and latest patch, a better game that still needs work
  • Linux community has been sending their love to Feral Interactive & Aspyr Media
    This is awesome to see, people in the community have sent both Feral Interactive & Aspyr Media some little care packages full of treats. Since Aspyr Media have yet to bring us the new Civilization game, it looks like Linux users have been guilt-tripping the porters into speeding up, or just sending them into a sugar coma.
  • Feral Interactive's Linux ports may come with Vulkan sooner than we thought
  • Using Nvidia's NVENC with OBS Studio makes Linux game recording really great
    I had been meaning to try out Nvidia's NVENC for a while, but I never really bothered as I didn't think it would make such a drastic difference in recording gaming videos, but wow does it ever! I was trying to record a game recently and all other methods I tried made the game performance utterly dive, making it impossible to record it. So I asked for advice and eventually came to this way.

Leftovers: Software

  • DocKnot 1.00
    I'm a bit of a perfectionist about package documentation, and I'm also a huge fan of consistency. As I've slowly accumulated more open source software packages (alas, fewer new ones these days since I have less day-job time to work on them), I've developed a standard format for package documentation files, particularly the README in the package and the web pages I publish. I've iterated on these, tweaking them and messing with them, trying to incorporate all my accumulated wisdom about what information people need.
  • Shotwell moving along
    A new feature that was included is a contrast slider in the enhancement tool, moving on with integrating patches hanging around on Bugzilla for quite some time.
  • GObject and SVG
    GSVG is a project to provide a GObject API, using Vala. It has almost all, with some complementary, interfaces from W3C SVG 1.1 specification. GSVG is LGPL library. It will use GXml as XML engine. SVG 1.1 DOM interfaces relays on W3C DOM, then using GXml is a natural choice. SVG is XML and its DOM interfaces, requires to use Object’s properties and be able to add child DOM Elements; then, we need a new set of classes.
  • LibreOffice 5.1.6 Office Suite Released for Enterprise Deployments with 68 Fixes
    Today, October 27, 2016, we've been informed by The Document Foundation about the general availability of the sixth maintenance update to the LibreOffice 5.1 open-source and cross-platform office suite. You're reading that right, LibreOffice 5.1 got a new update not the current stable LibreOffice 5.2 branch, as The Document Foundation is known to maintain at least to versions of its popular office suite, one that is very well tested and can be used for enterprise deployments and another one that offers the latest technologies.