Language Selection

English French German Italian Portuguese Spanish

Security

Tails interview

Filed under
Interviews
Security
Debian

Tails was built with two specific things in mind: sustainability and usability.
Sustainability refers to how this is a project that can be relied on by its users. The team goes on to explain the importance of usability: “We believe that the best security tool is of no use if people who really need it on the field cannot use it. Moreover, security tools must be hard to misuse, they should prevent you from doing critical mistakes, or ask you to make security decisions that you are not able to make.”

Tails has been around for a while as previously stated, however its notoriety was elevated after the Snowden revelations: “What really changed is the public awareness regarding those issues,” the team told us. “It is now hard to deny that internet security has to do with politics and not only with technology. The Snowden revelations also made it clear that online privacy is an issue for everyone, and not only for paranoid people. That point was still hard to make, even in the Linux world.”

Read more

New Private Cloud Devices Aim to Block Cyber Spies

Filed under
Linux
Security

Suddenly, consumer-oriented private cloud storage devices are everywhere, with many -- if not most -- running Linux. The market segment has blossomed thanks to growing concerns over government cyber-spying, notably in the case of the U.S. National Security Agency and the Chinese military. There is also growing unease about sharing of user data by mobile carriers, financial firms, and high-tech companies, as well as fears about cyber-criminals.

Read more

Join the FSF and allies: strengthen the Tor anti-surveillance network

Filed under
OSS
Security

Today we're joining our allies at the Electronic Frontier Foundation (EFF) in kicking off the Tor Challenge, an effort to strengthen the global Tor network that protects Internet traffic from surveillance.

Tor is a publicly accessible, free software-based system for anonymizing Internet traffic. Tor relies on thousands of computers around the world called relays, which route traffic in tricky ways to dodge spying. The more relays, the stronger and faster the network.

Read more

Kali Linux Improves Penetration Testing

Filed under
Reviews
Security

There are a lot of tools and applications available to security researchers to conduct penetration testing. Many of those tools run on the open-source Linux operating system, though not every distribution is properly configured to be a proper platform for security research. That's where the Kali Linux distribution comes into play as an optimized Linux distribution built for security researchers. The Kali Linux 1.0.7 distribution was officially released on May 27, providing users with a number of new features. Kali Linux was originally known as Backtrack Linux, before being renamed and rebuilt in March 2013. One of the primary new features in Version 1.0.7 is the introduction of encrypted USB persistence for Live images. With that feature, Kali Linux can be installed onto a USB storage key, with user storage that can be updated and fully encrypted. One of the key benefits of Kali Linux is that it assembles in one place many tools that security researchers need. Tools for information gathering, vulnerability analysis, Web applications, password attacks, stress testing and even hardware hacking are all included. In this slide show, eWEEK takes a look at some of the features of the Kali Linux 1.0.7 release.

Read more

OpenSSL Security Advisory [05 Jun 2014]

Filed under
OSS
Security

OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g.

Read more

More: How I discovered CCS Injection Vulnerability (CVE-2014-0224)

OSSEC 2.8 has been released

Filed under
Security

OSSEC is a cross-platform host intrusion detection system. Hence it’s also known as OSSEC HIDS. It is Free software released under the GNU General Public License, and features log analysis, file integrity monitoring, rootkit detection and real-time active responses. If you intend to run a server anywhere, this is one of the first applications you want to install on it.

OSSEC is a much better security application than Fail2ban, another popular host intrusion prevention application. OSSEC offers a centralized management server with support for agent and agentless monitoring. A complete description of its features are available here.

Read more

Why open source development is getting more secure

Filed under
OSS
Security

With fewer defects being found in major open source projects than in large proprietary software packages, what are the security strengths and weaknesses of open source development?

Read more

Google's Nexus devices get stealth Android update

Filed under
Android
Security

Google has quietly begun rolling out a new version of Android to its flagship Nexus devices, but so far it has remained shtum on just what has changed.

Support pages from US wireless player T-Mobile reveal that the Nexus 4 and Nexus 5 handsets and the 2013 version of the Nexus 7 tablet all began receiving over-the-air updates to Android 4.4.3 on Monday.

Read more

Announcing Rapid Progress on Core Infrastructure Initiative

Filed under
OSS
Security

A month ago we announced the Core Infrastructure Initiative, a project to help fund critical open source projects that we all rely upon but that are in need of support. We moved quickly to organize the initiative and the industry reaction was swift and enthusiastic. I am proud to report on significant progress that I believe matches the quality of the reaction to the formation of the project.

First order of business was electing the Advisory Board, which will help the Steering Group (made up of funders and The Linux Foundation) determine which projects to fund. We are fortunate to have assembled many of the brightest minds in open source, web technology and computer security. I am thrilled to work with these individuals.

Read more

Tails 1.1 Beta 1 Secure Distro Now Has Windows 8 Comouflage Mode

Filed under
GNU
Linux
Security
Debian

Tails is a distribution based on Debian and Tor technologies that aims to keep its users as anonymous as possible. It gained a lot more visibility after Edward Snowden said that he used exactly this Linux distribution to hide his tracks. The developers are now implementing more changes and fixes that should ensure it becomes even more secure.

Read more

Syndicate content

More in Tux Machines

Today in Techrights

today's leftovers

  • Key Question: Is Bundling Proper?
    In both cases, bundling is either a restraint of trade or simply a wasted motion. You don’t paint a house green only to paint it red if you have any sense. The right way to do IT is to make your choice and buy/acquire what you need to accomplish your goals in the most efficient manner possible. Bundling exclusively That Other OS with all PCs was only good for an illegal monopolist and its “partners” in crime. This is not about denying businesses profits. It’s about competition in the market and freedom for users/buyers to have choice.
  • Dell Gets An Airplane Mode Switch Driver In Linux 4.2
  • Call for hosts for GUADEC 2016
    GUADEC is the biggest gathering of GNOME users and developers, which takes place in Europe every year. It includes conference days, the GNOME Foundation annual general meeting and hacking in a week of coding and discussion.
  • 4MLinux 13.0 Screencast and Screenshots
  • Tumbleweed is rolling again
    Opensuse Tumbleweed has been static since the 20150612 snapshot. But today the 20150630 snapshot was released. We are moving again.
  • openSUSE Tumbleweed net-tools vs net-tools-deprecated
  • PostgreSQL 9.5 in Debian
    The package is also waiting in NEW to be accepted for Debian experimental.
  • DUCK challenge at DebConf15
  • Upgrades to Jessie, Ruby 2.2 transition, and chef update
    Last month I started to track all the small Debian-related things that I do. My initial motivation was to be concious about how often I spend short periods of time working on Debian. Sometimes it’s during lunch breaks, weekends, first thing in the morning before regular work, after I am done for the day with regular work, or even during regular work, since I do have the chance of doing Debian work as part of my regular work occasionally. Now that I have this information, I need to do something with it. So this is probably the first of monthly updates I will post about my Debian work. Hopefully it won’t be the last.
  • Avalue debuts Braswellian COMs and an SBC
    Avalue unveiled three Linux-friendly embedded boards based on Intel’s 14nm Braswell SoCs: a Qseven COM, a COM Express Type 6 COM, and a 5.25-inch SBC.
  • Tizen In-App Purchases(IAP) for Unity Applications goes Live!
  • 5 Best Enterprise Apps and Extensions for Google Chrome
    We have already covered a lot of enterprise applications on our site before. However, one would never expect apps in this genre to exist on a browser like Google Chrome. But, nothing could be further from the real truth. Google's effort to outsmart even the biggest players in the enterprise market are gradually paying off. Slowly spreading its wings into the business world, Google is venturing into arenas where Microsoft once reigned supreme. While the competition doesn't concern us much, but what has happened, in effect, is that the rivalry is bringing out the best in both companies.
  • Platform9 Aims to Control the Private Cloud from the Cloud [Video]
  • Teaching Email Self-Defense: Campaigns intern leads a workshop at PorcFest
    My workshop on Email Self-Defense took place at the 12th annual Porcupine Freedom Festival in Lancaster, New Hampshire. Around eight people attended, which was a few more than I expected. Christopher Waid and Bob Call of ThinkPenguin joined me in helping everyone who brought a laptop to set up GnuPG properly. Those who didn't bring a laptop participated by observing the process on the system most similar to their own and asking questions about particular steps, so as to enable them to achieve the same configuration when they returned home.
  • Security advisories for Thursday

Leftovers: Software

today's howtos