Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • School Creates Own Security Hole; Tries To Have Concerned Parent Arrested For Hacking

    We've seen it so often over the years, it's probably now time to accept the fact that this will never change: when entities are presented evidence of security holes and breaches, far too often the initial reaction is to shoot the messenger.

    A school whose online student portal exposed a lot of sensitive data decided the best way to handle a concerned parent's repeated questions about how it was handling the problem was to file a criminal complaint against the parent. (via the Office of Inadequate Security)

    The details of the breach (since closed) were reported by independent journalist Sherrie Peif.

  • [Tor] A New Bridge Authority

    After ten years of volunteer maintenance of Tonga, Tor's bridge Authority—a piece of critical infrastructure within the Tor network—our colleague and friend, Lucky Green, a long time cypherpunk, and free speech and privacy advocate, has decided to step down from this role. Tonga's cryptographic keys will be destroyed this week. We are incredibly thankful to Lucky for all his support and selfless labour in maintaining a key component of our censorship circumvention efforts, grateful for the years we have spent working with him, and very sorry to see him go.

  • More Than 40% Of Attacks Abuse SSL Encryption

    There’s an important caveat about encrypted traffic from new research released this week: Encryption works so well that hackers are using it as cover.

    A new study from A10 and the Ponemon Institute found that 80% of respondents say their organizations have been the victim of a cyberattack or malicious insiders in the past year -- and 41% of the attacks have used encryption to evade detection. In addition, 75% say malware hidden within encrypted traffic is a risk to their organizations.

    At issue: The report found that SSL encryption not only hides data from would-be hackers but also from common security tools.

    “Hackers are using SSL encryption to slide by standard perimeter defenses,” says Chase Cunningham, director of cyber operations at A10 Networks.

  • The Cloud Security Alliance publishes its best practices for Big Data security

    Big Data is a boon for businesses worldwide, but the benefits come at a cost. The more data companies store, the more vulnerable they are to potential security breaches. And data breaches can be enormously expensive when they occur. IBM’s 2016 Cost of Data Breach report found that the average consolidated total cost of a data breach grew from $3.8 million to $4 million in the last year, which makes securing their data an important goal for any company that’s invested in it.

Redis Misconfiguration and Ransom

Filed under
Linux
Security

Leftovers: Security

Filed under
Security
  • Tor 0.2.8.7 Addresses Important Bug Related to ReachableAddresses Option

    The Tor Project, through Nick Mathewson, is pleased to inform the Tor community about the release and general availability of yet another maintenance update to the Tor 0.2.8 stable series.

  • Emergency Service Window for Kolab Now

    We’re going to need to free up a hypervisor and put its load on other hypervisors, in order to pull out the one hypervisor and have some of its faulty hardware replaced — but there’s two problems;

    The hypervisor to free up has asserted required CPU capabilities most of the eligible targets do not have — this prevents a migration that does not involve a shut down, reconfiguration, and restart of the guest.

TheSSS 19.0 Linux Server Out with Kernel 4.4.14, Apache 2.4.23 & MariaDB 10.1.16

Filed under
GNU
Linux
Security

TheSSS (The Smallest Server Suite) is one of the lightest Linux kernel-based operating systems designed to be used as an all-around server for home users, as well as small- and medium-sized businesses looking for a quick and painless way of distributing files across networks or to simply test some web-based software.

Read more

Leftovers: Security

Filed under
Security

Security Leftovers

Filed under
Security
  • FBI detects breaches against two state voter systems

    The Federal Bureau of Investigation has found breaches in Illinois and Arizona's voter registration databases and is urging states to increase computer security ahead of the Nov. 8 presidential election, according to a U.S. official familiar with the probe.

    The official, speaking on condition of anonymity, said on Monday that investigators were also seeking evidence of whether other states may have been targeted.

    The FBI warning in an Aug. 18 flash alert from the agency's Cyber Division did not identify the intruders or the two states targeted.

    Reuters obtained a copy of the document after Yahoo News first reported the story Monday.

  • Russians Hacked Two U.S. Voter Databases, Say Officials [Ed: blaming without evidence again]

    Two other officials said that U.S. intelligence agencies have not yet concluded that the Russian government is trying to do that, but they are worried about it.

  • FBI Says Foreign Hackers Got Into Election Computers

    We've written probably hundreds of stories on just what a dumb idea electronic voting systems are, highlighting how poorly implemented they are, and how easily hacked. And, yet, despite lots of security experts sounding the alarm over and over again, you still get election officials ridiculously declaring that their own systems are somehow hack proof.

    And now, along comes the FBI to alert people that it's discovered at least two state election computer systems have been hacked already, and both by foreign entities.

  • Researchers Reveal SDN Security Vulnerability, Propose Solution

    Three Italian researchers have published a paper highlighting a security vulnerability in software-defined networking (SDN) that isn't intrinsic to legacy networks. It's not a showstopper, though, and they propose a solution to protect against it.

    "It" is a new attack they call Know Your Enemy (KYE), through which the bad guys could potentially collect information about a network, such as security tool configuration data that could, for example, reveal attack detection thresholds for network security scanning tools. Or the collected information could be more general in nature, such as quality-of-service or network virtualization policies.

  • NV Gains Momentum for a Secure DMZ

    When it comes to making the shift to network virtualization (NV) and software-defined networking (SDN), one of the approaches gaining momentum is using virtualization technology to build a secure demilitarized zone (DMZ) in the data center.

    Historically, there have been two major drawbacks to deploying firewalls as a secure mechanism inside a data center. The first is the impact a physical hardware appliance has on application performance once another network hop gets introduced. The second is the complexity associated with managing the firewall rules.

    NV technologies make it possible to employ virtual firewalls that can be attached to specific applications and segregate them based on risk. This is the concept of building a secure DMZ in the data center. The end result is that the virtual firewall is not only capable of examining every packet associated with a specific application, but keeping track of what specific firewall rules are associated with a particular application becomes much simpler.

Parsix GNU/Linux 8.10 "Erik" Users Receive the Latest Debian Security Updates

Filed under
GNU
Linux
Security

Today, August 29, 2016, the maintainers of the Parsix GNU/Linux distribution announced the availability of multiple security updates, along with a new kernel version for the Parsix GNU/Linux 8.10 "Erik" release.

Read more

Ubuntu 14.04 LTS and 12.04 LTS Users Get New Kernel Updates with Security Fixes

Filed under
Security
Ubuntu

Immediately after informing us about the availability of a new kernel update for the Ubuntu 16.04 LTS (Xenial Xerus) operating system, Canonical published more security advisories about updated kernel versions for Ubuntu 14.04 LTS and Ubuntu 12.04 LTS.

Read more

Syndicate content

More in Tux Machines

Linux 4.10-rc5

Things seem to be calming down a bit, and everything looks nominal. There's only been about 250 changes (not counting merges) in the last week, and the diffstat touches less than 300 files (with drivers and architecture updates being the bulk, but there's tooling, networking and filesystems in there too). Read more Also: Linus Torvalds Announces Fifth Linux 4.10 Kernel RC, Everything Looks Nominal Linux 4.10-rc5 Released, Now Codenamed "Anniversary Edition"

Fedora 26 Linux to Enable TRIM for Better Performance of Encrypted SSD Disks

According to the Fedora 26 release schedule, the upcoming operating system is approaching an important milestone, namely the proposal submission deadline for system-wide changes, which is currently set for January 31. Read more Also: Fedora 26 Planning To Enable TRIM/Discard On Encrypted Disks

New CloudLinux 7 and CloudLinux 6 Linux Kernel Security Updates Pushed Into Beta

CloudLinux's Mykola Naugolnyi is informing users of the CloudLinux 7 and CloudLinux 6 enterprise-ready operating systems to upgrade their kernel packages immediately if they are using the Beta channel. Read more

KDE Neon Installer

  • KDE Neon Has Stylish New Install Wizard
    KDE Neon has adopted distro-agnostic Linux installer ‘Calamares’ its unstable developer edition. Calamares replaces the Canonical-developed Ubiquity installer as the default graphical installer used when installing the Ubuntu-based OS on a new machine. The stylish install wizard is already in use on a number of other KDE-based Linux distributions, including Chakra Linux and Netrunner.
  • KDE neon Inaugurated with Calamares Installer
    You voted for change and today we’re bringing change. Today we give back the installer to the people. Today Calamares 3 was released. It’s been a long standing wish of KDE neon to switch to the Calamares installer. Calamares is a distro independent installer used by various projects such as Netrunner and Tanglu. It’s written in Qt and KDE Frameworks and has modules in C++ or Python.