Language Selection

English French German Italian Portuguese Spanish

Security

Leftovers: Security

Filed under
Security

Security Leftovers

Filed under
Security
  • FBI detects breaches against two state voter systems

    The Federal Bureau of Investigation has found breaches in Illinois and Arizona's voter registration databases and is urging states to increase computer security ahead of the Nov. 8 presidential election, according to a U.S. official familiar with the probe.

    The official, speaking on condition of anonymity, said on Monday that investigators were also seeking evidence of whether other states may have been targeted.

    The FBI warning in an Aug. 18 flash alert from the agency's Cyber Division did not identify the intruders or the two states targeted.

    Reuters obtained a copy of the document after Yahoo News first reported the story Monday.

  • Russians Hacked Two U.S. Voter Databases, Say Officials [Ed: blaming without evidence again]

    Two other officials said that U.S. intelligence agencies have not yet concluded that the Russian government is trying to do that, but they are worried about it.

  • FBI Says Foreign Hackers Got Into Election Computers

    We've written probably hundreds of stories on just what a dumb idea electronic voting systems are, highlighting how poorly implemented they are, and how easily hacked. And, yet, despite lots of security experts sounding the alarm over and over again, you still get election officials ridiculously declaring that their own systems are somehow hack proof.

    And now, along comes the FBI to alert people that it's discovered at least two state election computer systems have been hacked already, and both by foreign entities.

  • Researchers Reveal SDN Security Vulnerability, Propose Solution

    Three Italian researchers have published a paper highlighting a security vulnerability in software-defined networking (SDN) that isn't intrinsic to legacy networks. It's not a showstopper, though, and they propose a solution to protect against it.

    "It" is a new attack they call Know Your Enemy (KYE), through which the bad guys could potentially collect information about a network, such as security tool configuration data that could, for example, reveal attack detection thresholds for network security scanning tools. Or the collected information could be more general in nature, such as quality-of-service or network virtualization policies.

  • NV Gains Momentum for a Secure DMZ

    When it comes to making the shift to network virtualization (NV) and software-defined networking (SDN), one of the approaches gaining momentum is using virtualization technology to build a secure demilitarized zone (DMZ) in the data center.

    Historically, there have been two major drawbacks to deploying firewalls as a secure mechanism inside a data center. The first is the impact a physical hardware appliance has on application performance once another network hop gets introduced. The second is the complexity associated with managing the firewall rules.

    NV technologies make it possible to employ virtual firewalls that can be attached to specific applications and segregate them based on risk. This is the concept of building a secure DMZ in the data center. The end result is that the virtual firewall is not only capable of examining every packet associated with a specific application, but keeping track of what specific firewall rules are associated with a particular application becomes much simpler.

Parsix GNU/Linux 8.10 "Erik" Users Receive the Latest Debian Security Updates

Filed under
GNU
Linux
Security

Today, August 29, 2016, the maintainers of the Parsix GNU/Linux distribution announced the availability of multiple security updates, along with a new kernel version for the Parsix GNU/Linux 8.10 "Erik" release.

Read more

Ubuntu 14.04 LTS and 12.04 LTS Users Get New Kernel Updates with Security Fixes

Filed under
Security
Ubuntu

Immediately after informing us about the availability of a new kernel update for the Ubuntu 16.04 LTS (Xenial Xerus) operating system, Canonical published more security advisories about updated kernel versions for Ubuntu 14.04 LTS and Ubuntu 12.04 LTS.

Read more

5 Best Linux Distros for Security

Filed under
Linux
Security

Security is nothing new to Linux distributions. Linux distros have always emphasized security and related matters like firewalls, penetration testing, anonymity, and privacy. So it is hardly surprising that security conscious distributions are common place. For instance, Distrowatch lists sixteen distros that specialize in firewalls, and four for privacy.

Most of these specialty security distributions, however, share the same drawback: they are tools for experts, not average users. Only recently have security distributions tried to make security features generally accessible for desktop users.

Read more

Security News

Filed under
Security
  • New FairWare Ransomware targeting Linux Computers [Ed: probably just a side effect of keeping servers unpatched]

    A new attack called FaireWare Ransomware is targeting Linux users where the attackers hack a Linux server, delete the web folder, and then demand a ransom payment of two bitcoins to get their files back. In this attack, the attackers most likely do not encrypt the files, and if they do retain the files, probably just upload it to a server under their control.

  • How do we explain email to an "expert"?

    This has been a pretty wild week, more wild than usual I think we can all agree. The topic I found the most interesting wasn't about one of the countless 0day flaws, it was a story from Slate titled: In Praise of the Private Email Server

    The TL;DR says running your own email server is a great idea. Almost everyone came out proclaiming it a terrible idea. I agree it's a terrible idea, but this also got me thinking. How do you explain this to someone who doesn't really understand what's going on?

    There are three primary groups of people.

    1) People who know they know nothing
    2) People who think they're experts
    3) People who are actually experts

  • Why the term “zero day” needs to be in your brand’s cybersecurity vocabulary

    Linux is “open source” which means anyone can look at the code and point out flaws. In that sense, I’d say Linus Torvalds doesn’t have to be as omniscient as Tim Cook. Linux source code isn’t hidden behind closed doors. My understanding is, all the Linux code is out there for anyone to see, naked for anyone to scrutinize, which is why certain countries feel safer using it–there’s no hidden agenda or secret “back door” lurking in the shadows. Does that mean Android phones are safer? That’s up for debate.

Security News

Filed under
Security

  • Hacking the American College Application Process

    In recent years, foreign students have streamed into American universities, their numbers nearly doubling in the last decade. About half of all international students are coming from Asian countries, many of which have been subject to heavy recruitment from American colleges.

    Taking advantage of the popularity of an American education, a new industry has sprung up in East Asia, focused on guiding students through the U.S. college application process with SAT preparation courses, English tutors and college essay advisors.

    But not all college prep companies are playing by the rules. In their investigative series for Reuters, a team of reporters found that foreign companies are increasingly helping students game the U.S. college application process. Some companies have leaked questions from college entrance exams to their students before they take the test. Others have gone so far as to ghostwrite entire college applications and complete coursework for students when they arrive on campus. We spoke with Steve Stecklow, one of the reporters on the team, about what they uncovered.

  • illusive networks' Deceptions Everywhere

    illusive networks' bread and butter is its deception cybersecurity technology called Deceptions Everywhere whose approach is to neutralize targeted attacks and Advanced Persistent Threats by creating a deceptive layer across the entire network. By providing an endless source of false information, illusive networks disrupts and detects attacks with real-time forensics and without disruption to business.

  • Mozila Offers Free Security Scanning Service: Observatory

    With an eye toward helpiing administrators protect their websites and user communities, Mozilla has developed an online scanner that can check if web servers have optimal security settings in place.

    It's called Observatory and was initially built for in-house use, but it may very well be a difference maker for you.

    "Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely," the company reports.

Opera Data Breach, Security of Personal Data

Filed under
Security
  • Opera User? Your Stored Passwords May Have Been Stolen

    Barely a week passes without another well-known web company suffering a data breach or hack of some kind. This week it is Opera’s turn. Opera Software, the company behind the web-browser and recently sold to a Chinese consortium for $600 million, reported a ‘server breach incident’ on its blog this weekend.

  • When it comes to protecting personal data, security gurus make their own rules

    Marcin Kleczynski, CEO of a company devoted to protecting people from hackers, has safeguarded his Twitter account with a 14-character password and by turning on two-factor authentication, an extra precaution in case that password is cracked.

    But Cooper Quintin, a security researcher and chief technologist at the Electronic Frontier Foundation, doesn’t bother running an anti-virus program on his computer.

    And Bruce Schneier? The prominent cryptography expert and chief technology officer of IBM-owned security company Resilient Systems, won’t even risk talking about what he does to secure his devices and data.

Security News

Filed under
Security
  • OpenSSL 1.1.0 Series Release Notes
  • Linux.PNScan Malware Brute-Forces Linux-Based Routers
  • St. Jude stock shorted on heart device hacking fears; shares drop

    The stock of pacemaker manufacturer St. Jude Medical Inc (STJ.N) fell sharply on Thursday after short-selling firm Muddy Waters said it had placed a bet that the shares would fall, claiming its implanted heart devices were vulnerable to cyber attacks.

    St. Jude, which agreed in April to sell itself for $25 billion to Abbott Laboratories (ABT.N), said the allegations were false. St Jude shares closed down 4.96 percent, the biggest one-day fall in 7 months and at a 7.4 percent discount to Abbott's takeover offer.

    Muddy Waters head Carson Block said the firm's position was motivated by research from a cyber security firm, MedSec Holdings Inc, which has a financial arrangement with Muddy Waters. MedSec asserted that St. Jude's heart devices were vulnerable to cyber attack and were a risk to patients.

  • BlackArch Linux ISO now comes with over 1,500 hacking tools

    On a move to counter distros like Kali Linux and BackBox, BlackArch has got a new ISO image that includes more than 1,500 hacking tools. The update also brings several security and software tweaks to deliver an enhanced platform for various penetration testing and security assessment activities.

    The new BlackArch Linux ISO includes an all new Linux installer and more than 100 new penetration testing and hacking tools. There is also Linux 4.7.1 to fix the bugs and compatibility issues of the previous kernel. Additionally, the BlackArch team has updated all its in-house tools and system packages as well as updated menu entries for the Openbox, Fluxbox and Awesome windows managers.

Security News

Filed under
Security
  • OpenSSL 1.1.0 released
  • Security advisories for Friday
  • Openwall 3.1-20160824 is out

    New Openwall GNU/*/Linux ISO images and OpenVZ container templates are out.

  • Scorpene Leak Could Be Part Of 'Economic War,' Says French Maker: 10 Facts

    The leak, was first reported in The Australian newspaper. Ship maker DCNS has a nearly 38 billion dollar contract with Australia, but the leak has no mention of the 12 vessels being designed for Australia.

  • Homeland Security has 'open investigation' into Leslie Jones hacking

    The Department of Homeland Security is investigating the cyberattack against Ghostbusters actor Leslie Jones one day after her personal information and explicit images were leaked online.

    In a short statement on Thursday, a spokesperson for the US Immigration and Customs Enforcement agency said that the Homeland Security investigations unit in New York “has an open investigation into this matter”.

    “As a matter of agency policy and in order to protect the integrity of an ongoing investigation, we will not disclose any details,” the statement said.

    “As a matter of agency policy, we are unable to disclose any information related to an active investigation,” a spokeswoman said.

Syndicate content

More in Tux Machines

today's howtos

Leftovers: Software

  • HandBrake 1.0.2 Open-Source Video Transcoder Released for Linux, Mac and Windows
    After more than 13 years of development, the HandBrake open-source video transcoding app reached 1.0 milestone on Christmas Eve last year, and the second bugfix release is already available. HandBrake 1.0.2 is full of improvements and bug fixes enhancing the out-of-the-box video, audio, and subtitles support, but also adds various platform specific changes for all supported operating systems, including GNU/Linux, macOS, and Microsoft Windows.
  • SMPlayer 17.1 Open-Source Video Player Introduces Chromecast Support, More
    It's been two and a half months since you last updated your SMPlayer open-source video player, and a new stable release is now available, versioned 17.1, with some exciting features. Sporting initial Chromecast support, SMPlayer 17.1 will let you send video files from your personal computer to your Chromecast device to watch them on your big-screen TV, or your friends for that matter. The feature supports both online and local sources, including those from popular video hosting services like YouTube and Vimeo.
  • Firefox 51 Released with FLAC Support, Better CPU Usage
    A new month means a new release of the venerable Mozilla Firefox web browser. Firefox 51 ships with FLAC support, WebGL 2, and a whole heap more — come see!
  • Mozilla Firefox 51.0 Now Available for Download, Supports FLAC Playback, WebGL 2
    It's not yet official, but the binary and source packages of the Firefox 51.0 web browser are now available for download on your GNU/Linux, macOS, or Microsoft Windows operating system. Mozilla will have the pleasure of unveiling the Firefox 51.0 release tomorrow, January 24, according to the official schedule, but you can already get your hands on the final version of the web browser by downloading the installers for your favorite OS right now from our website (links are at the end of the article).

OSS Leftovers

  • Berkeley launches RISELab, enabling computers to make intelligent real-time decisions
  • Amazon, Google, Huawei, and Microsoft sponsor UC Berkeley RISELab, AMPLab's successor
  • Brotli: A new compression algorithm for faster Internet
    Brotli is a new open source compression algorithm designed to enable an Internet that's faster for users. Modern web pages can often be made up of dozens of megabytes of HTML, CSS, and JavaScript, and that's before accounting for images, videos, or other large file content, which all makes for hefty downloads. Such loads are why pages are transferred in compressed formats; they significantly reduce the time required between a website visitor requesting a web page and that page appearing fully loaded on the screen and ready for use. While the Brotli algorithm was announced by Google in September 2015, only recently have the majority of web browsers have adopted it. The HTTP servers Apache and nginx now offer Brotli compression as an option. Besides Google, other commercial vendors (such as Cloudflare and DreamHost) have begun to deploy support for Brotli as well.
  • New Year’s resolution: Donate to 1 free software project every month
    Free and open source software is an absolutely critical part of our world—and the future of technology and computing. One problem that consistently plagues many free software projects, though, is the challenge of funding ongoing development (and support and documentation). With that in mind, I have finally settled on a New Year’s resolution for 2017: to donate to one free software project (or group) every month—or the whole year. After all, these projects are saving me a boatload of money because I don’t need to buy expensive, proprietary packages to accomplish the same things.
  • Toyota and Ford Promote Open Source Smartphone Interfaces
    Ford and Toyota have formed a four-automaker consortium to speed up the deployment of open source software for connected in-car systems, according to a report by Bloomberg. The SmartDeviceLink Consortium, which includes Mazda, PSA Group, Fuji, and Suzuki, aims to prevent Apple and Google from controlling how drivers connect smartphones to their vehicles. Suppliers Elektrobit, Harma, Luxoft, QNX, and Xevo have also joined the organization, which is named after an open source version of Ford’s AppLink connectivity interface, a system used in over 5 million vehicles globally.
  • What your code repository says about you
    "You only get one chance to make a first impression," the old saying goes. It's cliche, but nevertheless sound, practical advice. In the realm of open source, it can make the difference between a project that succeeds and a project that fails. That's why making a positive first impression when you release a repo to the world is essential—at least if your motivations involve gaining users, building a community of contributors, and attracting valuable feedback.
  • The Open Source Way of Reaching Across Languages
    I don’t speak Spanish, but that doesn’t mean I can’t learn some important things from this video. The visuals alone are quite instructive. At my public library job, I mentor a number of wonderful Latino youth. One of them might ask me about open source CAD software — and I’ll direct them right to this FOSS Force article. Of course, I subscribed to the YouTube channel of the creator of this video, and also clicked on its like button. If the screencast creator comes back to look at this video in February, they’ll find that they have a number of new subscribers, a number of likes for the video and the video view count might be more than 100. All those indicators will be encouragement for them to make their next open source screencast. And so it goes. That’s how we support each other in the open source world.
  • School systems desperate for standards-aligned curricula find hope
    Open Up Resources is a nonprofit collaborative formed by 13 U.S. states that creates high-quality, standards-aligned open educational resources (OERs) that are openly licensed under CC BY-SA 4.0. Unlike other providers, Open Up Resources provides curriculum-scale OER options; they believe that while many people seem to know where to find supplemental materials, most curriculum directors would not know where to look if they were planning a textbook adoption next year.
  • Visual Studio Test joins Microsoft's open source push [Ed: More openwashing of proprietary software from Microsoft, which interjects surveillance into compiled code]
  • Microsoft Open-Sources DirectX Shader Compiler [Ed: Windows lock-in.]

Red Hat's Survey in India