Language Selection

English French German Italian Portuguese Spanish

Security

Capsule8 Building Container-Aware Security Platform for Linux

Filed under
Linux
Security

Security startup Capsule8 emerged from its stealth mode in February with a plan to help provide a new model for application container security. In a video interview with eWEEK, Capsule8 CTO Dino Dai Zovi and CEO John Viega explain what's missing from container security today and what they are building to help fill the gap.

"Capsule8 is container-aware, real-time threat protection for Linux-based production environments," Dai Zovi said.

Dai Zovi explained that the company name Capsule8 is a pun on what it does—which is encapsulates security knowledge in software, providing a secure approach to application delivery and deployment.

Read more

An Important Linux Kernel Security Patch Is Available for CentOS 7, Update Now

Filed under
Linux
Red Hat
Security

CentOS maintainer Johnny Hughes has informed the community about the availability of yet another important kernel security update, this time for users of the CentOS Linux 7 operating system series.

Read more

Big Linux bug, low security concerns

Filed under
Linux
Security

This Linux/Android bug sure sounded bad.

The National Institute of Standards and Technology (NIST) and Symantec announced a LinuxKernel ipv4/udp.c bug that made the LinuxKernel 4.4 and earlier vulnerable to remote code-execution. In turn, an attacker could exploit this issue to execute arbitrary code. Worse still, even failed exploits might cause denial-of-service attacks.

There's only one problem with this analysis and the resulting uproar: It's wrong.

Yes, the bug existed. NIST described it as a "critical" bug, and its description makes it sound like it can open Linux and Android-powered devices to attacks via UDP network traffic. The important phrase is "sound like."

Read more

Long Term Support and Security

Filed under
Security
  • Freexian’s report about Debian Long Term Support, March 2017

    Like each month, here comes a report about the work of paid contributors to Debian LTS.

  • Unpatched vulnerability exposes Magento online shops to hacking

    An unpatched vulnerability in the Magento e-commerce platform could allow hackers to upload and execute malicious code on web servers that host online shops.

    The flaw was discovered by researchers from security consultancy DefenseCode and is located in a feature that retrieves preview images for videos hosted on Vimeo. Such videos can be added to product listings in Magento.

    The DefenseCode researchers determined that if the image URL points to a different file, for example a PHP script, Magento will download the file in order to validate it. If the file is not an image, the platform will return a "Disallowed file type" error, but won't actually remove it from the server.

  • NSA's arsenal of Windows hacking tools have leaked

    A new trove of alleged surveillance tools and exploits from the National Security Agency's elite hacking team have been released by the Shadow Brokers' hacking group.

    The group Friday appeared to release tools designed to target Windows PCs and servers, along with presentations and files purporting to detail the agency's methods of carrying out clandestine surveillance.

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Is this a Ubuntu-based Botnet deploying Tor Relays and Bridges?
  • Microsoft Word 0-day was actively exploited by strange bedfellows

    A critical Microsoft Word zero-day that was actively exploited for months connected two strange bedfellows, including government-sponsored hackers spying on Russian targets and financially motivated crooks pushing crimeware.

  • Microsoft reduces Patch Tuesday to an incomprehensible mess
  • Nation-State Hackers Go Open Source [Ed: How to associate FOSS with crime? Hmmm… let us think. Our writer Kelly Jackson Higgins can take care of that…]

    Researchers who track nation-state groups say open-source hacking tools increasingly are becoming part of the APT attack arsenal.

    Nation-state hacking teams increasingly are employing open-source software tools in their cyber espionage and other attack campaigns.

  • New release: usbguard-0.7.0

    From all the bug fixes in this release, I’d like to point out one which required a backwards incompatible change and requires an update to existing policies. The Linux USB root hub devices use the kernel version as the bcdDevice attribute value. The value is part of the USB descriptor data which USBGuard uses for computing the device hash and therefore causes the device hash to change on every kernel update. This in turn makes USBGuard rules which rely on this hash to not match and block the device. And because it’s a root hub device that gets blocked, all the other devices get blocked too. The bug fix is simple, reset the bcdDevice value to zero before hashing (applied only for the Linux root hub devices).

Security Leftovers

Filed under
Security
  • Why creating an open-source ecosystem doesn’t mean you’re taking on security risks

    Anyone who uses technology benefits from open-source software. Most applications you use have implemented open-source code to varying degrees. This isn’t just small-time developers that use this code, either. Many large enterprises rely on this software to build their own products and solutions.

    Because of this, any CIO would be wise to have their developers follow the same blueprint. However, some developers have concerns about open-source. In an open environment where any contributor can drop potentially harmful code into the global library, is it safe — or wise — to lean heavily on these development resources?

  • Security updates for Wednesday
  • 9 Ways to Harden Your Linux Workstation After Distro Installation

    So far in this series, we’ve walked through security considerations for your SysAdmin workstation from choosing the right hardware and Linux distribution, to setting up a secure pre-boot environment and distro installation. Now it’s time to cover post-installation hardening.

Tor Security for Android and Desktop Linux

Filed under
Android
Linux
Security

Internet service providers in the United States have just been given the green light to sell usage history of their subscribers by S J Res 34, opening the gates for private subscriber data to become public. The law appears to direct ISPs to provide an "opt-out" mechanism for subscribers to retain private control of their usage history, which every subscriber should complete.

Read more

GnuTLS and reproducible builds

Filed under
GNU
Security
  • [Older] Improving by simplifying the GnuTLS PRNG

    One of the most unwanted baggages for crypto implementations written prior to this decade is the (pseudo-)random generator, or simply PRNG. Speaking for GnuTLS, the random generator was written at a time where devices like /dev/urandom did not come by default on widely used operating systems, and even if they did, they were not universally available, e.g., devices would not be present, the Entropy Gathering Daemon (EGD) was something that was actually used in practice, and was common for software libraries like libgcrypt to include code to gather entropy on a system by running arbitrary command line tools.

  • [Older] GNUtls: GnuTLS 3.5.10

    Released GnuTLS 3.5.11 which is a bug fix release in the stable branch.

  • [Older] Practical basics of reproducible builds

    One issue though: people have to trust me -- and my computer's integrity.
    Reproducible builds could address that.

    My release process is tightly controlled, but is my project reproducible? If not, what do I need? Let's check!

  • [Older] Practical basics of reproducible builds 2

Security Leftovers

Filed under
Security
  • Security updates for Tuesday
  • Alleged Spam King Pyotr Levashov Arrested

    Levashov is currently listed as #7 in the the world’s Top 10 Worst Spammers list maintained by anti-spam group Spamhaus.

  • Oh my Microsoft Word: Dridex hackers exploit unpatched flaw

    Cybercrooks are actively exploiting an unpatched Microsoft Word vulnerability to distribute the Dridex banking trojan, claim researchers.

    Booby-trapped emails designed to spread the cyber-pathogen have been sent to hundreds of thousands of recipients across numerous organisations, according to email security firm Proofpoint.

    The switch to document exploits by the hackers represents a change of tactics by a group that previously leaned heavily on malicious macros to distribute their wares.

  • Critical Word 0-day is only 1 of 3 Microsoft bugs under attack

    A zero-day code-execution vulnerability in Microsoft Office is one of three critical flaws under active attack in the wild [...]

  • Cowardly Microsoft buries critical Hyper-V, WordPad, Office, Outlook, etc security patches in normal fixes

    Microsoft today buried among minor bug fixes patches for critical security flaws that can be exploited by attackers to hijack vulnerable computers.

    In a massive shakeup of its monthly Patch Tuesday updates, the Windows giant has done away with its easy-to-understand lists of security fixes published on TechNet – and instead scattered details of changes across a new portal: Microsoft's Security Update Guide.

  • Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2)

    In this blog post we'll continue our journey into gaining remote kernel code execution, by means of Wi-Fi communication alone. Having previously developed a remote code execution exploit giving us control over Broadcom’s Wi-Fi SoC, we are now left with the task of exploiting this vantage point in order to further elevate our privileges into the kernel.

Syndicate content

More in Tux Machines

Today in Techrights

today's leftovers

  • Bookworm – A Simple Focused Ebook Reader for Linux
    Bookworm is a simple eBook reader created with an emphasis on a distraction-free mode. It was developed by Siddhartha Das to be able to open a variety of file formats including epub, pdf, Mobi, and CBR, among others. Bookworm also serves as an e-book manager since it lets you organize, sort and edit your .epub, PDF, .cbr/CBS and .mobi collection all from inside the same app. This version supports EPUB, PDF, and Comics (CBR and CBZ) formats with support for more formats to follow soon.
  • MellowPlayer is a Cross-Platform Qt Cloud Music App
    Never heard of it? I can’t say I had, either. But a reader of this site, and a fan of MellowPlayer, asked if I could write a few lines about its latest release.
  • Google Unveils the Android 8.0 "Oreo" Mobile Operating System, Here's What's New
  • Rugged, fanless box-PC runs Linux on G-Series, offers real-time Ethernet
    MEN Micro’s rugged, fanless “BC50F” box-PC runs Linux on AMD G-Series SoCs, and offers dual HD graphics, GbE, “real-time Ethernet,” mini-PCIe, and more. Nuremberg, Germany-based MEN Micro (aka MEN Mikro) has for many years designed and manufactured rugged embedded PCs targeting applications such as industrial control and public transport. In addition to rugged board-level products, such this FPGA-enabled COM and this i.MX6-based touchscreen controller, the company offers an broad line of rugged box-PCs, including the Intel-based BL70S and BL70W, the AMD-based BL50W and circa-2011 BC1, and the ARM-based BE10A.
  • Just finished, almost done.
    It is with great pleasure that I announce my first involvement with the flock-2017 in Hyannis, Massachusetts, also as speaker.

Server: Serverless, Containers, and SysAdmin Careers

  • This Week in Numbers: Serverless Adoption on Par with Containers
    Serverless technologies like functions as a service (FaaS) are in use by 43 percent of enterprises that both have a significant number of strategic workloads running in the public cloud workloads and the ability to dynamically manage them. Without those qualifications, it is easy to misinterpret the findings from New Relic’s survey-based ebook “Achieving Serverless Success with Dynamic Cloud and DevOps.” After digging in, we found that the survey says 70 percent of enterprises have migrated a significant number of workloads to the public cloud. Among this group, 39 percent of using serverless, 40 percent are using containers and 34 percent are using container orchestration.
  • Future Proof Your SysAdmin Career: Configuration and Automation
    System administrators looking to differentiate themselves from the pack are increasingly getting cloud computing certification or picking up skills with configuration management tools. From Puppet, to Chef to Ansible, powerful configuration management tools can arm sysadmins with new skills such as cloud provisioning, application monitoring and management, and countless types of automation. Configuration management platforms and tools have converged directly with the world of open source. In fact, several of the best tools are fully free and open source. From server orchestration to securely delivering high-availability applications, open source tools such as Chef and Puppet can bring organizations enormous efficiency boosts.

Linux: Landlock Linux Security Module (LSM) and AMDKF