Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Security advisories for Wednesday
  • encrypt all the things: blogs
  • Changes to password policies

    In reaction to the recent attacks on Linux Mint, many measures were taken to reduce the risk of future intrusions, but we also worked on the eventuality of being hacked again. In particular, additional measures were taken to detect issues faster, to reduce their impact and to recover from them more efficiently. Today, we’re implementing a final set of measures aimed at lowering the value of the information stored on our servers.

  • The rise of IoT hacking: New dangers, new solutions

    The explosive growth of the Internet of Things has created a host of new threats for the enterprise. Here's how hackers are targeting your connected devices and what you can do about it.

  • Google Offers Tool to Help Evaluate Vendor Security

    The vendor security evaluation framework provides questions that organizations need to ask to accurately assess a third-party's security and privacy readiness, Google said.

    Google has released a framework to open source that it implements internally to evaluate the security posture of the numerous vendors it uses for various services each year.

  • A new name and roadmap for the Let's Encrypt client

    Yesterday, the Let's Encrypt CA issued its millionth certificate. This is a perfect occasion for us to talk about some plans for the CA and client software through the rest of 2016.

    In April of this year, all of the clients for Let's Encrypt will be renamed to be clearly distinct from the CA service offered by ISRG. The Let's Encrypt python client has primarily been an EFF project, so we'll start hosting it to make that clear.

Qubes OS 3.1 has been released!

Filed under
OS
Security

I’m happy to announce that today we’re releasing Qubes OS 3.1!

The major new architectural feature of this release has been the introduction of the Qubes Management infrastructure, which is based on the popular Salt management software.

Read more

Security Leftovers

Filed under
Security

Google Patches Android for Stagefright in March Update

Filed under
Android
Google
Security

Among the related libraries is the core Android mediaserver, which Google is patching this month for six different vulnerabilities. Two of the issues (CVE-2016-0815 and CVE-2016-0816) are identified as critical vulnerabilities in mediaserver that could lead to a potential remote-code execution.

Another two issues (CVE-2016-0826 and CVE-2016-0827) are privilege escalation vulnerabilities in Android that Google rates as high-severity issues. Google has identified two more high-severity issues (CVE-2016-0828 and CVE-2016-0829) in mediaserver as information-disclosure vulnerabilities.

Read more

Tails 2.2 Anonymous Live CD Out Now, Adds Onion Circuits and Tor Browser 5.5.3

Filed under
OSS
Security

The open-source Tails amnesic incognito live system reached a new milestone on March 8, 2016, stable version 2.2, which adds several new features and improvements, along with security patches and software updates.

Read more

Security Leftovers

Filed under
Security
  • Google offers app to help companies assess their vendors' security

    Google has published an interactive questionnaire that companies can use to assess the security practices of their suppliers or to review and improve their own security programs.

    The Vendor Security Assessment Questionnaire (VSAQ) is a Web-based application and was released under an open-source license on GitHub. It contains a collection of questionnaires that Google itself uses to review multiple aspects of a vendor's security.

  • Google Opens Up Collection of Vendor Security Assessment Questionnaires

    Google is continuing its rapid pace of open source contributions this year. As we've covered, the company recently opened up some powerful and interesting machine learning tools. It is open sourcing a program called TensorFlow that is based on the same internal toolset that Google has spent years developing to support its AI software and other predictive and analytics programs. You can find out more about TensorFlow at its site, and you might be surprised to learn that it is the engine behind several Google tools you may already use, including Google Photos and the speech recognition found in the Google app.

  • Let's Encrypt has issued its first million certificates
  • WordPress: Got Plugins? (4 Plugins you need to check)

    Thanks to a wordfence blog post, we have a fuller understanding of a previously disclosed backdoored official plugin ( CCTM ) and 3 more plugins which within the last week or so have been publicly disclosed and patched.

  • New Mac ransomware was ported from Linux

Linux Mint Passwords Change

Filed under
Security
  • Linux Mint Devs Finally Decide to Change the Website's Password Policies
  • Linux Mint updates password policy after getting hacked and failing its users

    Linux Mint is a good operating system. The problem, however, is that it really doesn't need to exist. Mint is based on Ubuntu, which is a wonderful OS on its own. Ultimately, the biggest reason for Mint's existence is the Cinnamon desktop environment, and that is certainly no reason for an entirely new OS. One of the things keeping Linux behind on the desktop is the sheer number of unnecessary distributions, such as Mint, but I digress.

    When Linux Mint forums and ISOs were compromised, many of its users felt betrayed. After all, Linux is supposed to be safe and secure -- this hack was a major blemish to the community overall. Of course, this is unfair -- the kernel was not hacked, only Mint's servers. Today, as a reactionary response to the hack, Mint is changing password policies.

Security Leftovers

Filed under
Security

Making the Internet Safer, One Secure Site at a Time: Let’s Encrypt Hits 1 Million Certificates

Filed under
Linux
Security

Let’s Encrypt today issued its one millionth free certificate (at 9:04am GMT to be exact), just about 100 days after it released its beta version of the service. This is a major accomplishment for the group, but also big news for the web and the security of everyone online.

In the past three months, our online activities and web traffic have become much safer and better protected through the efforts of Let’s Encrypt, an open source project that is hosted by The Linux Foundation and supported by organizations like Mozilla, Cisco, Electronic Frontier Foundation, Facebook, and Google Chrome.

Read more

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

today's leftovers

Red Hat News

Linux Devices

Leftovers: OSS

  • Quantifying Benefits of Network Virtualization in the Data Center
    Modern data centers have increased significantly in scale and complexity as compute and storage resources become highly virtualized. The rise of the DevOps style of application deployment means that data center resources must be agile and respond rapidly to changing workload requirements. Data center network technologies have been challenged to keep up with these rapidly evolving application requirements.
  • Apache Zeppelin Joins Several Other Projects Gaining Top-Level Status
    As we've been reporting, The Apache Software Foundation, which incubates more than 350 open source projects and initiatives, has been elevating a lot of interesting new tools to Top-Level Status recently. The foundation has also made clear that you can expect more on this front, as graduating projects to Top-Level Status helps them get both advanced stewardship and certainly far more contributions. Only a few days ago, the foundation announced that a project called TinkerPop has graduated from the Apache Incubator to become a Top-Level Project (TLP). TinkerPop is a graph computing framework that provides developers the tools required to build modern graph applications in any application domain and at any scale. Now, it has announced that Apache Zeppelin has graduated as well. Zeppelin is a web-based notebook that enables interactive data analytics.
  • 6 Open Source Operating Systems for the Internet of Things (IoT)
    Whether you are small to large enterprises, IoT is one of the useful technology that can help you to be connected on-the-go.
  • 6 open source architecture projects to check out
    The world of architecture doesn't change as quickly as software, but architects are still finding new ways to share innovative designs and ideas. The open source architecture movement aims to make architectural designs, drawings, 3D renderings, and documentation freely available for integration into other projects under open source licenses. It owes much of its growth to the growing popularity of the maker movement, DIY culture, 3D printing, and CNC machines, as well as support from architects like Alejandro Aravana.
  • Yorubaname.com has gone opensource, codebase now on GitHub
    Online dictionary for yoruba names, YorubaName, has now made its backlog accessible to the public. In a post on their blog, the guys at YorubaName announced that the website codebase is now on GitHub.
  • A New Version of Rust Hits the Streets
    Version 1.9 of the Rust programming language has been released. Rust is a new language with a small but enthusiastic community of developers.
  • Here's how you can make a career in OpenStack
    OpenStack is one of the biggest open source movements. It is a free and open-source software platform for cloud computing, mostly deployed as an infrastructure-as-a-service (IaaS). The software platform consists of interrelated components that control hardware pools of processing, storage, and networking resources throughout a data centre. According to the official website, hundreds of the world's largest brands rely on OpenStack to run their businesses every day, reducing costs and helping them move faster. OpenStack has a strong ecosystem globally.
  • Compatibility before purity: Microsoft tweaks .NET Core again [Ed: Microsoft lied about .NET going Open Source; just forked it into Open Core version]
    Microsoft's open source fork of the .NET platform, called .NET Core, will be modified for better compatibility with existing applications, says Program Manager Immo Landwerth in a recent post.
  • EMC Ships Open Source Tool for Cloud and IoT Devices
  • Watch Benjamin Hindman Co-Creator of Apache Mesos Speak Live Tomorrow at MesosCon [Ed: Microsoft proxy in a sense]
  • MesosCon Preview: Q&A with Twitter’s Chris Pinkham
  • How to secure your open source code [Ed: more marketing nonsense of Black Duck]
  • Luxembourg launches open data portal
    The Grand Duchy of Luxembourg officially launched its national open data portal data.public.lu on April 8th. This portal, supported by Digital Luxembourg, the government agency in charge of digital affairs in the country, was presented during the Game of Code hackathon.
  • Denmark to accelerate government digitisation
    Open standards The existing shared solutions are to be adopted by all authorities and public sector institutions where relevant, according to a presentation in English. “Shared solutions need to be stable, secure and user-friendly, they will also be easy to implement because the infrastructure is based on open standards.” The strategy, an agreement involving the government, regions and municipalities, was announced on 12 May. It includes 33 initiatives, which among other things deal with ease of use, reuse of data, IT architecture, growth, security and digital skills, DIGST says.