Language Selection

English French German Italian Portuguese Spanish


Security Leftovers

Filed under
  • Security advisories for Monday
  • Outdated authentication practices create an opportunity for threat hunter Infocyte

    “Having Linux allows us to look at web servers, for instance. If you’re going to bypass the biometrics, you’re going to need to get into that system itself,” Gerritz says. “That’s where we come in, is finding people who have inserted themselves under that authentication layer.”

  • Cable Sees NFV Enhancing Network Security

    Network functions virtualization is all the rage because of the money it can save, and because of the network flexibility it helps afford, but the cable industry is enthused about NFV for yet another, less publicized benefit: the potential NFV creates for improving network security.

  • IoT Consensus - A Solution Suggestion to the 'Baskets of Remote' Problem by Benedikt Herudek

    Bitcoin is able to integrate and have endpoints (in Bitcoin terminology ‘wallets’ and ‘miners’) seamlessly talk to each other in a large and dynamic network. Devices and their protocols do not have the ability to seamlessly communicate with other devices. This presentation will try to show where Bitcoin and the underlying Blockchain and Consenus Technology can offer an innovative approach to integrating members of a large and dynamic network.

  • Ready to form Voltron! why security is like a giant robot make of lions

    Due to various conversations about security this week, Voltron came up in the context of security. This is sort of a strange topic, but it makes sense when we ponder modern day security. If you talk to anyone, there is generally one thing they push as a solution for a problem. This is no different for security technologies. There is always one thing that will fix your problems. In reality this is never the case. Good security is about putting a number of technologies together to create something bigger and better than any one thing can do by itself.

  • Email Address Disclosures, Preliminary Report, June 11 2016

    On June 11 2016 (UTC), we started sending an email to all active subscribers who provided an email address, informing them of an update to our subscriber agreement. This was done via an automated system which contained a bug that mistakenly prepended between 0 and 7,618 other email addresses to the body of the email. The result was that recipients could see the email addresses of other recipients. The problem was noticed and the system was stopped after 7,618 out of approximately 383,000 emails (1.9%) were sent. Each email mistakenly contained the email addresses from the emails sent prior to it, so earlier emails contained fewer addresses than later ones.

  • Universities Become New Target for Ransomware Attacks [iophk: "Calgary has no excuse, given the particular tech activity headquartered specifically in their town. Some top Univ executives need firing +fines for having allowed Microsoft into their infrastructure."]

    This week the University of Calgary in Canada admitted paying C$20,000 (€13,900) to a hacker to regain access to files stored in 600 computers, after it suffered a ransomware attack compromising over 9,000 email accounts. In order to receive the keys, the school paid the equivalent of C$20,000 in Bitcoins.

  • Blue Coat to Sell Itself to Symantec, Abandoning I.P.O. Plans

    Blue Coat Systems seemed poised to begin life as a public company, after selling itself to a private equity firm last year.

    Now, the cybersecurity software company plans to sell itself to Symantec instead.

    Blue Coat said late on Sunday that it would sell itself to Symantec for $4.65 billion. As part of the deal, Blue Coat’s chief executive, Greg Clark, will take over as the chief executive of the combined security software maker.

    To help finance the transaction, Blue Coat’s existing majority investor, Bain Capital, will invest an additional $750 million in the deal. The private equity firm Silver Lake, which invested $500 million in Symantec in February, will invest an additional $500 million.

Security Leftovers

Filed under

App stores and Linux repositories: Maybe the worst ideas ever

Filed under

Technically, since we’re talking about Linux and free/open source software here, there’s nothing stopping someone from cloning the entire repository for a system before it goes offline and then providing that repository as a service to people who still want it. But this is a big undertaking and is something that a casual user of a platform simply isn’t going to do.

In my case, I absolutely would have done this for my N810. I would have cloned the entire repository, including system updates, and hosted it on my server for personal use (and provided it to anyone else who needed it). Would I have ever bothered to update it? Probably not. But I would have had it there for as long as I ran that device. But, alas, I didn’t know the company was killing the entire repository (perhaps I should have expected it, but I didn’t). So, I’m plum out of luck. Plus, I’m weird. Most people would absolutely not clone a repository and self-host it. That's just a crazy thing to do.

Read more

Security Leftovers

Filed under
  • EFF's Badge Hack Pageant Returns to DEF CON

    We are proud to announce the return of EFF's Badge Hack Pageant at the 24th annual DEF CON hacking conference in Las Vegas. EFF invites all DEF CON attendees to stretch their creative skills by reinventing past conference badges as practical, artful, and over-the-top objects of their choosing. The numerous 2015 pageant entries included a crocheted badge cozy, a quadcopter, counterfeit badges, a human baby, a breathalyzer, a dazzling array of LED shows, and more than one hand-made record player that would make MacGyver weep. We encourage you to join us and contribute something whether you are a crafter, a beginner, or a hardware hacking wizard. It's a great summer project so get started now and enjoy a great show!

  • @Deray’s Twitter Hack Reminds Us Even Two-Factor Isn’t Enough

    This has been the week of Twitter hacks, from Mark Zuckerberg to a trove of millions of passwords dumped online to, most recently, Black Lives Matter activist DeRay McKesson.

  • System calls for memory protection keys

    "Memory protection keys" are an Intel processor feature that is making its first appearance in Skylake server CPUs. They are a user-controllable, coarse-grained protection mechanism, allowing a program to deny certain types of access to ranges of memory. LWN last looked at kernel support for memory protection keys (or "pkeys") at the end of 2015. The system-call interface is now deemed to be in its final form, and there is a push to stage it for merging during the 4.8 development cycle. So the time seems right for a look at how this feature will be used on Linux systems.

YubiKey NEO: Ubuntu 16.04 usefulness (+ review)

Filed under

I got a hold of a YubiKey NEO, so I was wondering how useful it is and what can I do with it. Here’s my “tutorial” on setting it up using Ubuntu 16.04 and actually using it.

Read more

Tails 2.4 Launched With TOR 6.0 — Best Linux Distro For Anonymity And Privacy

Filed under

Tails is a popular privacy-focused Linux distribution–here are some other Linux distros for different purposes–with an aim to provide anonymous computing experience. This distro was most famously used by NSA whistleblower Edward Snowden.

If you are acquainted with Tails, you might be knowing that Tails forces all the network activity to go through the TOR network, making your all activities anonymous. Being a Live Linux distro, it can be booted from an SD card, DVD, or USB drive.

Read more

Security Leftovers

Filed under
  • Massive DDoS attacks reach record levels as botnets make them cheaper to launch

    There were 19 distributed denial-of-service (DDoS) attacks that exceeded 100 Gbps during the first three months of the year, almost four times more than in the previous quarter.

    Even more concerning is that these mega attacks, which few companies can withstand on their own, were launched using so-called booter or stresser botnets that are common and cheap to rent. This means that more criminals can now afford to launch such crippling attacks.

  • Twitter locks user accounts that need 'extra protection'

    Better safe than sorry, or so goes Twitter's latest thinking.

    The social network on Friday maintained it was not the victim of a hack or data breach, as previously reported. But Michael Coates, Twitter's head of information security, wrote in a blog post that the company has identified some accounts that need "extra protection." Those accounts have been locked, requiring users to reset their passwords in order to access them.

Security Leftovers

Filed under
  • Tuesday's security updates
  • Security advisories for Wednesday
  • Thursday's security updates
  • Security advisories for Friday
  • Slicing Into a Point-of-Sale Botnet

    Point-of-sale based malware has driven most of the credit card breaches over the past two years, including intrusions at Target and Home Depot, as well as breaches at a slew of point-of-sale vendors. The malware usually is installed via hacked remote administration tools. Once the attackers have their malware loaded onto the point-of-sale devices, they can remotely capture data from each card swiped at that cash register.

  • Microsoft's BITS file transfer tool fooled into malware distribution

    Researchers at Dell SecureWorks have spotted a new and dangerous way to misuse of Microsoft's Background Intelligent Transfer Service (BITS).

    While working on a customer clean-up project, SecureWorks staff found that attackers had created self-contained BITS tasks that didn't appear in the registries of affected machines, and their footprints were limited to entries on the BITS database.

    The attack was spotted on a Windows 7 machine in an academic administration environment.

iTWire shows Linux Australia the right way to host a server

Filed under

An iTWire article appears to have resulted in Linux Australia seeing the folly of not having proper arrangements in place for hosting its website.

Further, a member of Linux Australia has suggested the office-bearers should resign en masse for not anticipating a breakdown in hosting the organisation's website recently.

Linux Australia secretary, Sae Ra Germaine, posted to the Linux-aus mailing list in April to explain why the organisation experienced server downtime, ultimately because the team charged with managing this task, while recognising a risk of disruption, did not engage with the University hosting the server instead choosing only to liaise with ex-employees, and discontinued searching for a new host between December 2015 and March 2016.

Read more

Also: Preventing break-ins on your Linux system

Imagination’s new router chips could save open source firmware from FCC rules

Filed under

A company that designs MIPS processors for networking hardware says it is developing technology that would allow installation of open source firmware on wireless routers while still complying with the US Federal Communications Commission's latest anti-interference rules.

The FCC now requires router makers to prevent third-party firmware from changing radio frequency parameters in ways that could cause interference with other devices, such as FAA Doppler weather radar systems.

Read more

Also: Small footprint open source hypervisor makes highly efficient use of hardware virtualization technology in Imagination’s MIPS CPUs

Syndicate content

More in Tux Machines

Tizen News

  • New details revealed about future Samsung QLED TVs
    Samsung has unveiled the latest details of his stunning, next-generation TV. Named SUHD Qualmark Red TV, it’s based on the proprietary technology Samsung has pioneered: QLED, long for Quantum dot Light-Emitting Diode. According to sources from Samsung Electronics, the product will cover the high-end spectrum of the market, proposing itself as the top premium TV produced by the South Korean company. This move, which confirms Samsung’s continuos attention to innovation, proves the drive of the enterprise on delivering the highest quality products with consistency while maintaining a strong focus on research and development.
  • Samsung Z2 Officially Launched in Indonesia
    The Samsung Z2 launch which was initially planned for the month of September in Indonesia, however that didn’t turn out to be true. Samsung Indonesia have finally launched the Z2 in the country at an official launch event. The launch took place at the country’s capital Jakarta on Wednesday that is the 19th of October. The smartphone has been priced at 899,000 Indonesian Rupiah ($70 approx.). Samsung are also bundling a free Batik back cover with the smartphone for the early customers. This is also the first Tizen smartphone to be launched in Indonesia.
  • Game: Candy Funny for your Tizen smartphone
    Here is another puzzle type game that has recently hit the Tizen Store for you to enjoy. “Candy Funny” is brought to you by developer Julio Cesar and is very similar to Candy Crush. You have 300 levels available to play and all levels have 3 stars , the number of stars shows how good or bad you actually are. You don’t have much time to accumulate the highest score you can and unlock further screens.
  • Master Blaster T20 Cup 2016 Game for Tizen Smartphones
    Games2Win India Pvt. Ltd. ( an Indian app development company has more than 800 proprietary apps and games in all smartphone and tablet platforms. Now, they have 51 million downloads of their apps and games in all platforms. They have already got 8 games in the Tizen Store and today they added a new cricket game “Master Blaster T20 Cup 2016”.
  • Slender Man Game Series now available on Tizen Store

Red Hat and Fedora

  • Rivals Red Hat, Mirantis Announce New OpenStack Partnerships
    The cloud rivals both announce new telco alliances as competition in the cloud market heats up. Red Hat and Mirantis both announced large agreements this week that bring their respective OpenStack technologies to carrier partners. The news comes ahead of the OpenStack Summit that kicks off in Barcelona, Spain, on Oct. 24. Red Hat announced on Oct. 19 that it has a new OpenStack partnership with telco provider Ericsson. "Ericsson and Red Hat recognize that we share a common belief in using open source to transform the telecommunications industry, and we are collaborating to bring more open solutions, from OpenStack-based clouds to software-defined networking and infrastructure, to customers," Radhesh Balakrishnan, general manager of OpenStack at Red Hat, told eWEEK.
  • Turbulent Week Ends, How Did This Stock Fare: Red Hat, Inc. (NYSE:RHT)
  • Flatpak; the road to CI/CD for desktop applications?
    In this presentation I will introduce Flatpak and how it changes the software distribution model for Linux. In short it will explain the negatives of using packages, how Flatpak solves this, and how to create your own applications and distribute them for use with Flatpak. This presentation was given at the GNOME 3.22 release party, organized by the Beijing GNOME User Group.
  • The who in the where?
    The job is like many other roles called “Community Manager” or “Community Lead.” That means there is a focus on metrics and experiences. One role is to try ensure smooth forward movement of the project towards its goals. Another role is to serve as a source of information and motivation. Another role is as a liaison between the project and significant downstream and sponsoring organizations. In Fedora, this means I help the Fedora Project Leader. I try to be the yen to his yang, the zig to his zag, or the right hand to his right elbow. In all seriousness, it means that I work on a lot of the non-engineering focused areas of the Fedora Project. While Matthew has responsibility for the project as a whole I try to think about users and contributors and be mechanics of keeping the project running smoothly.

Development News

  • Eclipse Foundation Collaboration Yields Open Source Technology for Computational Science
    The gap between the computational science and open source software communities just got smaller – thanks to a collaboration among national laboratories, universities and industry.
  • PyCon India 2016
    “This is awesome!”, this was my first reaction when I boarded my first flight to Delhi. I was having trouble in finding a proper accommodation Kushal, Sayan and Chandan helped me a lot in that part, I finally got honour of bunking with Sayan , Subho and Rtnpro which I will never forget. So, I landed and directly went to JNU convention center. I met the whole Red Hat intern gang . It was fun to meet them all. I had proposed Pagure for Dev Sprint and I pulled in Vivek to do the same. The dev sprint started and there was no sign of Vivek or Saptak, Saptak is FOSSASIA contributor and Vivek contributes to Pagure with me. Finally it was my turn to talk about Pagure on stage , it was beautiful the experience and the energy. We got a lot of young and new contributors and we tried to guide them and make them send at least one PR. One of them was lucky enough to actually make a PR and it got readily merged.
  • Hack This: An Overdue Python Primer
    In writing the most recent Hack This ("Scrape the Web with Beautiful Soup") I again found myself trapped between the competing causes of blog-brevity and making sure everything is totally clear for non-programmers. It's a tough spot! Recapping every little Python (the default language of Hack This) concept is tiring for everyone, but what's the point in the first place if no one can follow what's going on? This post is then intended then as a sort of in-between edition of Hack This, covering a handful of Python features that are going to recur in pretty much every programming tutorial that we do under the Hack This name. A nice thing about Python is that it makes many things much clearer than is possible in almost any other language.
  • Why I won’t be attending Systems We Love
    Here’s one way to put it: to me, Bryan Cantrill is the opposite of another person I admire in operating systems (whom I will leave unnamed). This person makes me feel excited and welcome and safe to talk about and explore operating systems. I’ve never seen them shame or insult or put down anyone. They enthusiastically and openly talk about learning new systems concepts, even when other people think they should already know them. By doing this, they show others that it’s safe to admit that they don’t know something, which is the first step to learning new things. They are helping create the kind of culture I want in systems programming – the kind of culture promoted by Papers We Love, which Bryan cites as the inspiration for Systems We Love. By contrast, when I’m talking to Bryan I feel afraid, cautious, and fearful. Over the years I worked with Bryan, I watched him shame and insult hundreds of people, in public and in private, over email and in person, in papers and talks. Bryan is no Linus Torvalds – Bryan’s insults are usually subtle, insinuating, and beautifully phrased, whereas Linus’ insults tend towards the crude and direct. Even as you are blushing in shame from what Bryan just said about you, you are also admiring his vocabulary, cadence, and command of classical allusion. When I talked to Bryan about any topic, I felt like I was engaging in combat with a much stronger foe who only wanted to win, not help me learn. I always had the nagging fear that I probably wouldn’t even know how cleverly he had insulted me until hours later. I’m sure other people had more positive experiences with Bryan, but my experience matches that of many others. In summary, Bryan is supporting the status quo of the existing culture of systems programming, which is a culture of combat, humiliation, and domination. [...] He gaily recounts the time he gave a highly critical keynote speech at USENIX, bashfully links to a video praising him at a Papers We Love event, elegantly puts down most of the existing operating systems research community, and does it all while using the words “ancillary,” “verve,” and “quadrennial.” Once you know the underlying structure – a layer cake of vituperation and braggadocio, frosted with eloquence – you can see the same pattern in most of his writing and talks.

Android Leftovers