Language Selection

English French German Italian Portuguese Spanish

Security

Tiny Core Linux 7.0 Launches with Patched Linux 4.2.9 Kernel and Glibc Library

Filed under
Linux
Security

The team behind Tiny Core Linux, one of the smallest distributions of GNU/Linux on the market, proudly announced the release of Tiny Core Linux 7.0, which users can now download from the official channels.

Read more

Security Leftovers

Filed under
Security
  • Hackers use Microsoft security tool to pwn Microsoft security tool

    FireEye security wonks Abdulellah Alsaheel and Raghav Pande have twisted the barrels of Microsoft's lauded EMET Windows defence gun 180 degrees and fired.

    The result of their research is p0wnage of the enhanced mitigation toolkit so that instead of defending Windows it attacks it.

    The attacks the pair found affect older versions of Windows which rely on EMET for modern defences like address space layout randomisation and data execution prevention.

  • Is Linux Really as Secure as You Think It Is?

    Security is an important topic on everyone’s minds in today’s highly-technological world. With all of the security news that pops up on almost a daily basis, trying to be aware of the choices you make can make a big difference. Linux is often touted as the most secure operating system you can get your hands onto, but is this reputation deserved?

  • A Fedora Distribution download primer

    With the fresh news of a compromise in the Linux Mint distribution images, I thought I would take a few minutes to explain how Fedora handles image downloads and what you can do as an end user to make sure you have the correct and official Fedora images.

  • Mousejack: Hacking Computers Via Your Mouse With 15 Lines Of Code And Radio Dongle
  • How Criminals Could Hijack Wireless Mice to Hack Computers from Afar

    Wireless computer mice give users the convenience of not having to deal with cumbersome wires and cables. But they might also open up the door for malicious hackers to get a way into their computers, researchers warn.

    A flaw in the way several popular models of wireless mice and their corresponding receivers, the sticks or “dongles” that plug into a USB port and transmit data between the mouse and the computer, handle encryption could leave “billions” of computers vulnerable to hackers, security firm Bastille warned on Tuesday.

  • Child tracking firm calls out security researcher on 'hack'

    A CHILD MONITORING COMPANY is mad as heck at a security researcher for highlighting a security problem without asking its consent first. Or something.

    The company in question is uKnowkids and its target is a chap called Chris Vickery, a security researcher. His crime? Security research.

    uKnowKids.com is a kind of virtual Mary Poppins. It does not put children in danger, like Mary Poppins, but it does look out for them and keep an eye on what they do by monitoring their communications and stuff.

    We imagine that in some circumstance it has got some children in trouble. This week it is getting an older person in trouble, and accusing a security researcher of hacking as opposed to security researching.

  • URL shortening – are these services now too big a security risk to use?

    Spammers and malware pushers are still heavily abusing URL shortening services, messaging security firm Cloudmark has reported in its 2015 annual security report (reg required). The popular Bit.ly service has recently become a particular favourite with criminals with 25,000 individual malicious links run though that service every single day in recent times. This sounds alarming but it gets worse. According to the firm, this meant that an extraordinary 97 percent of Bit.ly links now led to malicious websites.

KDE Partition Manager 2.0.1

Filed under
KDE
Security

I’m happy to announce new bugfix versions of KDE Partition Manager 2.0.1 and KPMcore 2.0.1.

Btrfs used space detection should work without crashing (it was actually cause by crash in btrfs-debug-tree program btrfs filesystem show is used).
Improved support for FAT12 partitions. They were not recognized before. For now they are reported as FAT16 (gparted behaves in the same way).
Installation path for libparted plugins is not force to be in system prefix anymore. This is consistent with how other KDE Applications work, but cmake might require KDE_INSTALL_USE_QT_SYS_PATHS to be set if you are installing kpmcore to /usr.
We know try to find KF5 version of kdesu in libexec even when kdesu is not in $PATH.
Fixed visible HTML in one dialog box (#354925).

There is still an open issue that Partition Manager reports itself as 2.0.0 instead of 2.0.1. I tried to bump the version but there seem to be some kind of bug that prevents KDE Partition Manager and Calamares to compile or work. We will continue to investigate this issue but 2.0.1 should work well despite incorrectly reporting it’s own version

Read more

Subgraph OS Wants to Make Using a Secure Operating System Less of a Headache

Filed under
GNU
Linux
Reviews
Security

While tools for message encryption have become easier to use in recent years, one gaping hole remains in many people's infosec: the security of the device they use (their “end-point”). A new secure operating system called Subgraph OS aims to make resisting hacking attacks easier, even on fairly low-powered laptops.

“It's designed for anybody who wants an end-point that's resistant against remote network exploitation,” David Mirza Ahmad, president of Subgraph, said in a phone interview. Subgraph’s four-man team recently received funding from the Open Technology Fund (OTF) to work on the operating system; the OTF is ultimately funded by grants from Congress.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Security advisories for Monday
  • Kaminsky: A Skeleton Key of Unknown Strength
  • A Skeleton Key of Unknown Strength

    TL;DR: The glibc DNS bug (CVE-2015-7547) is unusually bad. Even Shellshock and Heartbleed tended to affect things we knew were on the network and knew we had to defend. This affects a universally used library (glibc) at a universally used protocol (DNS). Generic tools that we didn’t even know had network surface (sudo) are thus exposed, as is software written in programming languages designed explicitly to be safe. Who can exploit this vulnerability? We know unambiguously that an attacker directly on our networks can take over many systems running Linux. What we are unsure of is whether an attacker anywhere on the Internet is similarly empowered, given only the trivial capacity to cause our systems to look up addresses inside their malicious domains.

  • IPFire 2.17 Core Update 98 Patches Glibc Vulnerability for the Linux Firewall

    Michael Tremer, a developer working on the open source IPFire Linux firewall project, announced on February 22, 2016, the availability of a new Core Update for the distribution.

GNU cpio Vulnerabilities Closed in Ubuntu OSes

Filed under
Security
Ubuntu

Canonical has just revealed that a couple of GNU cpio vulnerabilities were found and fixed in Ubuntu 15.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems.

Read more

Also: Canonical Patches Five New Linux Kernel Vulnerabilities in Ubuntu 15.10

Minor Linux Kernel Vulnerability Patched in Ubuntu 12.04 LTS (Precise Pangolin)

Security Leftovers

Filed under
Security
  • SMEs vulnerable through insufficient IT, data security

    Small businesses are particularly vulnerable to breaches of IT security, according to a newly published survey which finds that security of data and IT systems is a growing concern for business leaders across Australia.

    Despite facing the same online risks as larger corporates, research by recruitment agency Robert Half the shows that small and medium businesses typically use fewer data protection tools than large companies.

  • US School Agrees to Pay $8,500 to Get Rid of Ransomware [Ed: Microsoft Windows]

    Administrators of the Horry County school district (South Carolina, US) have agreed to make a $8,500 / €7,600 payment to get rid of a ransomware infection that has affected the school's servers.

  • Linux Computers Targeted with Fresh Fysbis Spying Malware

    One fresh malicious program called Fysbis, whose other name is Linux.BackDoor.Fysbis has been created for targeting Linux computers through installation of a backdoor which reportedly opens the machine's access to the malware owner, thus facilitating him with spying on the user as well as carrying out more attacks.

  • CVE-2016-2384: arbitrary code execution due to a double-free in the usb-midi linux kernel driver

    This post describes an exploitable vulnerability (CVE-2016-2384) in the usb-midi Linux kernel driver. The vulnerability is present only if the usb-midi module is enabled, but as far as I can see many modern distributions do this. The bug has been fixed upstream.

Security Leftovers

Filed under
Security
  • Friday's security updates
  • A few words about the glibc vulnerability, CVE-2015-7547

    On February 16th, news reached ISC about CVE-2015-7547, a serious defect in the getaddrinfo() library call in glibc. This defect allows an attacker to cause buffer overflow to occur, creating the possibility of remote code execution in some circumstances. ISC has been asked by several of our customers and partners to comment on whether this vulnerability should be of concern to operators using our products.

  • Change direction, increase speed! (or why glibc changes nothing)

    The conclusion I came up with is we are basically the aliens from space invaders. Change direction, increase speed! While this can give the appearance of doing something, we are all very busy all the time.

  • Glibc 2.23 Released With Many Changes

    The GNU C Library 2.23 adds Unicode 8.0.0 support, a fix for a defect in malloc going back a number of years, some optimized functions for the IBM z13, a number of security related changes, and a whole lot of bug fixing.

How To Install & Use VeraCrypt In Linux An Alternative To TrueCrypt [COMPLETE TUTORIAL]

Filed under
Linux
News
Security

VeraCrypt is a free, open source and cross platform data encryption tool. It's an alternative to TrueCrypt(project discontinued), the popular encryption tool for all Operating systems. VeraCrypt is an easy to use tool. In this article I will walk you through the complete process of installing & using VeraCrypt in any Linux distributions such as Debian, Arch, Ubuntu, Linux Mint etc. So let's get started.

Read more

Syndicate content

More in Tux Machines

Mozilla Thunderbird 45 Finally Lands in the Main Ubuntu Linux Repositories

After a long wait, Canonical has finally decided that it was time to upgrade the Mozilla Thunderbird software on all of its supported Ubuntu Linux operating systems, where it is used as the default email and news client. Read more

KDE Leftovers

  • Double Post – Lakademy and Randa 2016
    I Have a few favorites kde conventions that I really love to participate. Randa and Lakademy are always awesome, both are focused on hacking, and I surely do love to hack. On LaKademy I spend my days working on subsurface, reworking on the interface, trying to make it more pleasant to the eye, In Randa I worked on KDevelop and Marble, but oh my…
  • Plasma’s Publictransport applet’s porting status
    You might remember that I spoke about Plasma’s Publictransport applet getting some reworking during the summer. It’s been over a month since I made that announcement on my blog and while ideally, I’d have liked to have blogged every week about my work, I haven’t really been able to. This is largely down to the fact that I was occupied with work on a project back at my university and I shifted back to home from my hostel as well, after finishing four years of undergraduate studies.
  • KDE Community Working Group 2016
  • KDE Brasil Telegram group and IRC United
    That’s why the KDE Irc channel now has a bot that will forward all messages to our Telegram Channel and vice-versa, this way all the new cool kids can talk to all the old geeks around and continue to make the KDE awesome in their platform of choice.
  • Wiki, what’s going on? (Part 7)
    Tears followed by joy and happiness, discussions followed by great moments all together, problems followed by their solution and enthusiasm. Am I talking about my family? More or less, because actually I am talking about a family: the WikiToLearn community!
  • Kubuntu 16.04.1 LTS Update Out
    The first point release update to our LTS release 16.04 is out now. This contains all the bugfixes added to 16.04 since its first release in April. Users of 16.04 can run the normal update procedure to get these bugfixes.
  • Kubuntu Podcast #14 – UbPorts interview with Marius Gripsgard
  • KDStateMachineEditor 1.1.0 released
    KDStateMachineEditor is a Qt-based framework for creating Qt State Machine metacode using a graphical user interface. It works on all major platforms and is now available as part of the Qt Auto suite.
  • KDAB contributions to Qt 5.7
    The star of Qt 5.7 is the first stable release of Qt 3D 2.0. The new version of Qt 3D is a total redesign of its architecture into a modern and streamlined 3D engine, exploiting modern design patterns such as entity-component systems, and capable to scale due to the heavily threaded design. This important milestone was the result of a massive effort done by KDAB in coordination with The Qt Company.
  • Krita 3.0.1 Development Builds
    Because of unforeseen circumstances, we had to rejig our release schedule, there was no release last week. Still, we wanted to bring you a foretaste of some of the goodies that are going to be in the 3.0.1 release, which is now planned for September 5th. There’s lots to play with, here, from bug fixes (the double dot in file names is gone, the crash with cheap tablets is gone, a big issue with memory leaks in the graphics card is solved), to features (soft-proofing, among others). There may also be new bugs, and not all new features may be working correctly. Export to animated gif or video clips is still in development, and probably will not work well outside the developers’ computer.
  • KDE blowing out candles on FISL 17!
    My talk was the next. Its title was “20 anos de KDE: de Desktop a Guarda-Chuva de Projetos” (20 years of KDE: From Desktop to Project Umbrella). I presented the evolution process of our community, which led it from a desktop project to a incubator community. For those who did not attend the event the talk was recorded and it is available here. Below I also make available the slides of my presentation:
  • LabPlot 2.3.0 released
    Less then four months after the last release and after a lot of activity in our repository during this time, we’re happy to announce the next release of LabPlot with a lot of new features. So, be prepared for a long post.

Ubuntu tablet and smartphone: a personal "mini" review

So when Ubuntu and Canonical revealed they were partnering with actual, big manufacturers for Ubuntu mobile devices, a spark of hope was rekindled in my heart. Let it be clear, I am by no means an Ubuntu user, not even a fan. I left the fold nearly a decade ago, after having spent quite some time using and contributing to Kubuntu (to the point of becoming a certified “member” even, though I never ascended to the Council). In terms of loyalties and usage, I am a KDE user (and “helper”) foremost. I use Fedora because it just works for me, for now. So, yes, an Ubuntu Touch device would be another compromise for me, but it would be the smallest one. Or so I hoped. Read more

Ubuntu 16.04.1 LTS Released for Desktop, Server, and Cloud with All Flavors

Canonical has announced the first point release of the Ubuntu 16.04 LTS (Xenial Xerus) operating system, finally allowing users of Ubuntu 14.04.4 LTS (Trusty Tahr) to upgrade their installations. Read more