Language Selection

English French German Italian Portuguese Spanish

Security

Tails 1.5 RC1 Incognito Live CD Is Out for Testing and It Needs Your Help

Filed under
Security
Debian

The first Release Candidate of Tails 1.5, the amnesic incognito Live CD distribution used by Edward Snowden to browse websites anonymously and stay invisible online, was announced on August 6, 2015.

Read more

Security Leftovers

Filed under
Security
  • Tuesday's security advisories
  • Security updates for Wednesday
  • bad robot

    The best part of running your own server is definitely reviewing the logs.

  • MVEL as an attack vector

    Java-based expression languages provide significant flexibility when using middleware products such as Business Rules Management System (BRMS). This flexibility comes at a price as there are significant security concerns in their use. In this article MVEL is used in JBoss BRMS to demonstrate some of the problems. Other products might be exposed to the same risk.

Keep Dream of a Free and Open Internet Alive, Black Hat Keynoter Urges

Filed under
OSS
Security
Web

Black Hat keynoter Jennifer Granick, director of Civil Liberties at the Stanford Center for Internet and Society, discusses the need for legal and policy change to defend Internet freedom.

Read more

5 Best Practices for Security in Open Source Development

Filed under
OSS
Security

Let's look at five best practices for working with security in open source programming. When you write software, there's a high likelihood that you'll have to include some kind of security. Plenty of open source libraries are available to help you add security, but you have to do it right. Otherwise, you'll be asking for big trouble later, which might include your client getting featured on the national news.

Read more

More Oxide Security Issues Have Been Fixed in Ubuntu 15.04 and Ubuntu 14.04 LTS

Filed under
Security
Ubuntu

Canonical has released details about quite a few Oxide vulnerabilities that have been found and fixed in Ubuntu 15.04 and Ubuntu 14.04 LTS in a security notification.

Read more

Security Leftovers

Filed under
Security

Linux Foundation's CII Donates $50k+ To OpenBSD

Filed under
Linux
Security
BSD

The Linux Foundation's Core Infrastructure Initiative (CII) has made a donation in the range of $50~100k USD to the OpenBSD project.

Read more

Also: Lumina Desktop 0.8.6 Released for PC-BSD 10.2 and FreeBSD 10.2, Here's What's New

Security Leftovers

Filed under
Security
  • Hacktivists congratulate Daily Show's Jon Stewart via Donald Trump's website

    Canadian hacktivists Telecomix Canada have defaced Donald Trump's website. The message, entitled "Your Moment of Zen, Mr Stewart" is a shoutout to Jon Stewart of the Daily Show for his steady criticism of Donald Trump.

    The announcement was made by Telecomix Canada on pastebin and says that the reveal of the server penetration is in honour of the last week of Stewart's tenure helming the Daily Show on Comedy Central.

  • Macs can be remotely infected with firmware malware that remains after reformatting

    When companies claim their products are unhackable or invulnerable, it must be like waving a red flag in front of bulls as it practically dares security researchers to prove otherwise. Apple previously claimed that Macs were not vulnerable to the same firmware flaws that could backdoor PCs, so researchers proved they could remotely infect Macs with a firmware worm that is so tough to detect and to get rid of that they suggested it presents a toss your Mac in the trash situation.

  • More malware turns up on Macs

    As we head into the middle of the week more news will be coming out surrounding the Black Hat hacker conference which takes places on the 5th and 6th this week. A talk that will be given by Trammell Hudson, Xeno Kovah and Cory Kallenberg is set to show a flaw in the firmware of Mac computers which can be remotely targeted.

  • The World's First Firmware Worm for Mac Is Here, and It Sounds Scary
  • 0-day bug in fully patched OS X comes under active exploit to hijack Macs

    Hackers are exploiting a serious zero-day vulnerability in the latest version of Apple's OS X so they can perform drive-by attacks that install malware without requiring victims to enter system passwords, researchers said.

  • Hackers are exploiting an OS X flaw to install unwanted adware
  • Apple stock implosion shreds $113.4B

    Apple (AAPL) shares are down significantly for the second day Tuesday — bringing investors' paper losses to staggering levels and putting the stock further into correction territory.

  • From Car-Jacking To Car-Hacking: How Vehicles Became Targets For Cybercriminals

    The morning after Laura Capehorn parked her Saab 9-3 estate, all she could find of it was a car-shaped hole in the snow.

    The interior designer had left the vehicle outside her mother-in-law's house in Shepherd's Bush, London, one evening in January 2014. By the morning it was gone, presumed stolen.

    Police immediately asked to see the car's key, and weren't surprised to find out it was an electronic fob. They had seen an increase in tech-savvy criminals using a key-cloning system to gain entry to high-value vehicles. Once in, the thieves drive away within seconds.

  • WordPress 4.2.4 Security and Maintenance Release

    WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

  • Six Vulnerabilities Patched With Release of WordPress 4.2.4

    The developers of the WordPress content management system (CMS) today announced the release of version 4.2.4. This security release addresses six vulnerabilities and four bugs.

    According to the release notes, WordPress 4.2.4 patches three cross-site scripting (XSS) flaws and a SQL injection vulnerability that can be exploited to compromise websites. The latest version also protects users against a potential timing side-channel attack, and prevents attackers from locking posts from being edited.

    Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, Ivan Grigorov, Johannes Schmitt of Scrutinizer, and Mohamed A. Baset have been credited for reporting these vulnerabilities.

    WordPress has noted that these fixes are also included in WordPress 4.3 RC2.

    Check Point has published a brief advisory for the SQL injection vulnerability (CVE-2015-2213) patched in the latest version of WordPress. According to the security firm, this is a critical flaw affecting WordPress 4.2.3 and prior.

Security Leftovers

Filed under
Security
  • DNS server attacks begin using BIND software flaw

    Attackers have started exploiting a flaw in the most widely used software for the DNS (Domain Name System), which translates domain names into IP addresses.

    Last week, a patch was issued for the denial-of-service flaw, which affects all versions of BIND 9, open-source software originally developed by the University of California at Berkeley in the 1980s.

  • Researchers Create First Firmware Worm That Attacks Macs

    The common wisdom when it comes to PCs and Apple computers is that the latter are much more secure. Particularly when it comes to firmware, people have assumed that Apple systems are locked down in ways that PCs aren’t.

    It turns out this isn’t true. Two researchers have found that several known vulnerabilities affecting the firmware of all the top PC makers can also hit the firmware of MACs. What’s more, the researchers have designed a proof-of-concept worm for the first time that would allow a firmware attack to spread automatically from MacBook to MacBook, without the need for them to be networked.

Open Source Players Show Dedication To Heightening Security Measures

Filed under
OSS
Security

The Wall Street Journal recently reported that the Core Infrastructure Initiative, a group formed last year after the Heartbleed bug targeted vulnerabilities in OpenSSL encryption software, has invested $500,000 in three new projects aimed at improving the security of open source code. Participants in the Core Infrastructure Initiative include large corporations such as Microsoft, Facebook, and Cisco Systems; it is managed by the nonprofit Linux Foundation. This collaboration demonstrates a desire from both the open source community and technology leaders to preserve free and open standards while continuing to make security a top priority.

Read more

Syndicate content

More in Tux Machines

OpenPHT 1.5.1 for Debian/sid

I have updated the openpht repository with builds of OpenPHT 1.5.1 for Debian/sid for both amd64 and i386 architecture. For those who have forgotten it, OpenPHT is the open source fork of Plex Home Theater that is used on RasPlex, see my last post concerning OpenPHT for details. Read more

A man with his Fingers in many millions of pies

At the time of writing, over five million Raspberry Pis have been sold. That’s the same as the number of ZX Spectrums sold in the 80s. And like the Spectrum, the Pi is likely to have a far-reaching legacy, helping the next generation of games designers and computer scientists find their feet. Countless numbers of people have helped make this happen, but Eben Upton has been there from the beginning. He’s the founder and the CEO of the Raspberry Pi Foundation, and he’s still shaping every aspect of the Raspberry Pi, from its hardware to the software. We met Eben shortly before the launch of the model 2. He told us about the effort they’ve put into making the Pi better and how a chance conversation with the boss of Google shaped the Pi’s future. Read more

Linux for your Loved Ones

Few things in this life are more frustrating than trying to provide tech support to loved ones. If you’re reading this, odds are you’ve run into this experience yourself at some point in your life. Now, I should point out that no operating system is completely free from bugs. Even the most locked down devices, such as tablets or Chromebooks can still experience challenges due to connectivity. I believe today’s popular Linux distributions are a far better option in the long run. Using a Linux distro often means you can work with existing PC hardware instead of buying new stuff. And unlike Google’s Chromebook, you’re not providing remote access help over wifi – the older PC running Linux happens to have a wired connection. This alone is enough to save one’s sanity. (Read the rest)

Red Hat and Fedora

  • Red Hat Drives FPGAs, ARM Servers
    FPGA vendors and users will meet next month in an effort to define a standard software interface for accelerators. The meeting is being convened by Red Hat’s chief ARM architect, who gave an update (Wednesday) on efforts to establish ARM servers. “There’s a trend towards high-level synthesis so an FPGA programmer can write in OpenCL up front but the little piece that’s been ignored is how OpenCL talks to Linux,” said Jon Masters, speaking at the Linley Data Center event here.
  • Rackspace Launches Private Cloud Powered by Red Hat
  • Rackspace now hosts Red Hat’s Enterprise Linux OpenStack on its private cloud
  • Everence Capital Management Inc. Buys 3,232 Shares of Red Hat Inc (RHT)
    Everence Capital Management Inc. increased its position in Red Hat Inc (NYSE:RHT) by 105.1% during the fourth quarter, according to its most recent Form 13F filing with the Securities and Exchange Commission. The fund owned 6,307 shares of the open-source software company’s stock after buying an additional 3,232 shares during the period. Everence Capital Management Inc.’s holdings in Red Hat were worth $522,000 as of its most recent filing with the SEC.
  • New standing desk set up
  • Fedora News Channel on Telegram
    I and Justin Flory have created a Fedora News channel on Telegram. It’s a new way to follow news about the Fedora Project and it’s supplementary to the news channels we’re already using (Planet Fedora/RSS, Facebook, Google+, Twitter, mailing lists). The Telegram channel is a one-way communication, there is no way to reply or comment on news messages. For discussion, we already have a Fedora group chat.