Language Selection

English French German Italian Portuguese Spanish

Security

Open source security is not as big of a concern as it once was

Filed under
OSS
Security

Many tools that are open sourced are more readily usable than the closed source alternatives. The visibility of how the code works allows an end user the ability to quickly integrate the open source tool into existing systems. “When we are examining potential new tools, selecting an open source project which satisfies our needs is typically a better option than the alternatives. This is because we are able to rapidly deploy an open source tool without making a financial commitment to another company. It also lets us determine a proof of concept for using the new project,” he said.

Read more

Linux distros aren't updating WebKit, making web browsers and email clients vulnerable

Filed under
Linux
Security

The WebKit rendering engine used in many Linux applications is a complete security mess. That’s the takeaway from a blog post by Michael Catanzaro, who works on GNOME’s WebKitGTK+ project. He’s sounding the alarm about a problem the open-source community needs to fix.

Read more

FreeBSD, Variants Not Affected by Recent GNU Bug

Filed under
Security
BSD

Much has been made about a vulnerability in a function in the GNU C Library. And searching far and wide over the Internet, there was little — actually nothing — I could find regarding how this affected BSD variants.

However, you can rest easy, BSDers: Not our circus, not our monkeys.

Dag-Erling Smørgrav, a FreeBSD developer since 1998 and the current FreeBSD Security Officer, writes in his blog that “neither FreeBSD itself nor native FreeBSD applications are affected.”

Read more

Security Leftovers

Filed under
Security

Glibc:

Security:

KDE Applications 15.12.2 Released for KDE Plasma 5.5 with over 30 Bugfixes

Filed under
KDE
Security

Just a few moments ago, February 16, 2016, KDE had the pleasure of announcing the release and general availability of the second maintenance build in the stable KDE Applications 15.12 series.

Read more

Top 5 Best Security-Centric Linux Distributions Of 2016

Filed under
GNU
Linux
Security

Staying anonymous on the Internet might not necessarily mean the same as surfing the web safely but rather keeping yourself safe from prying eyes that may otherwise take advantage of the vulnerability of your system thereby exposing you and your data for whomever might just be up for the grabbing – especially some hacker snooping around for sensitive data to hoard (particularly if you’re being targeted) and use for otherwise evil purposes that can have some serious effects on the violated individual.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • Russian cyberspy group uses simple yet effective Linux Trojan

    A cyberespionage group of Russian origin known as Pawn Storm is infecting Linux systems with a simple but effective Trojan program that doesn't require highly privileged access.

  • Security update for Chromium 48

    Google released an update for Chrome/Chromium – their version 48 of the browser is now at “48.0.2564.109“. The chromium sources are still not available six days after the announcement, even though the official Chrome binary distributions were available right from the start. I think that this is inexcusable for a big company like Google, but this is not the first time that their autobots falter and no one cares enough to fix the release process. Notwithstanding some complaints by fellow application packagers.

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Internet Providers to Use Private Routers as Public Hotspots

    The Juniper report highlighted the consumer benefits that the policy offers, such as free or reduced-fee access to the operator’s homespot network.
    At least one in three home routers will be used as public WiFi hotspots by 2017, and the total installed base of such dual-use routers will reach 366 million globally by the end of 2020, according to a report from Juniper Research.

  • Will you be my cryptovalentine?

    Over the last few year Free Software Foundation Europe runs a campaign called "I love Free Software Day". It's an opportunity to share your appreciation (or love) with the developers of your favorite Free Software project. So after you are done reading this post, choose your favorite project and send its developer(s) an appreciation email.

    Last year Zak Rogoff , had a great similar idea. On a post he wrote he suggested we use the Valentine's Day as an opportunity to use Free Software in order to setup secure and private communications with our significant other.

  • Pwn2Own Hacking Contest Returns as Joint HPE-Trend Micro Effort

    Over a half million dollars in prize money is up for grabs as the Zero Day Initiative browser hacking contest continues even as corporate ownership shifts.
    The annual Pwn2Own browser hacking competition that takes place at the CanSecWest conference is one of the premier security events in any given year, as security researchers attempt to demonstrate in real time zero-day exploits against modern Web browsers. This year there was initial concern that the event wouldn't happen, as the Zero Day Initiative (ZDI), which is the primary sponsor of Pwn2Own, is currently in a state of transition.

  • Kaspersky Researcher Shows How He Hacked His Hospital While Sitting In His Car

    When we visit a hospital, we put our complete trust in our doctor and the medical equipment that he/she uses. With advancement in technology, these equipment have become more complex and interconnected. Sadly, ensuring standard cybersecurity measures is not a top priority of the medical professionals. This fact was recently outlined by a Kaspersky security researcher who hacked a hospital while sitting in his car.

  • Amazon Cloud is Prepared for the Zombie Apocalypse

    There are a number of reasons why an Amazon Web Services (AWS) user might need to violate the acceptable terms of use - including the onset of a zombie apocalypse.

    Amazon updated its terms of service this week alongside its Lumberyard gaming development platform, with a new provision about acceptable use in connection with safety-critical systems.

Fysbis: The Linux Backdoor Used by Russian Hackers

Filed under
Linux
Security

Fysbis (or Linux.BackDoor.Fysbis) is a new malware family that targets Linux machines, on which it sets up a backdoor that allows the malware's author to spy on victims and carry out further attacks.

Read more

Syndicate content

More in Tux Machines

10 hot Android smartphones that got price cuts recently

With numerous smartphone getting launched each month, brands always adjust prices to give slightly competitive edge to older smartphone models and also to clear inventories. Here are 10 smartphones that got price cuts recently. Read more

Debian and Ubuntu News

  • Debian Project News - July 29th, 2016
    Welcome to this year's third issue of DPN, the newsletter for the Debian community.
  • SteamOS Brewmaster 2.87 Released With NVIDIA Pascal Support
  • Snap interfaces for sandboxed applications
    Last week, we took a look at the initial release of the "portal" framework developed for Flatpak, the application-packaging format currently being developed in GNOME. For comparison, we will also explore the corresponding resource-control framework available in the Snap format developed in Ubuntu. The two packaging projects have broadly similar end goals, as many have observed, but they tend to vary quite a bit in the implementation details. Naturally, those differences are of particular importance to the intended audience: application developers. There is some common ground between the projects. Both use some combination of techniques (namespaces, control groups, seccomp filters, etc.) to restrict what a packaged application can do. Moreover, both implement a "deny by default" sandbox, then provide a supplemental means for applications to access certain useful system resources on a restricted or mediated basis. As we will see, there is also some overlap in what interfaces are offered, although the implementations differ. Snap has been available since 2014, so its sandboxing and resource-control implementations have already seen real-world usage. That said, the design of Snap originated in the Ubuntu Touch project aimed at smartphones, so some of its assumptions are undergoing revision as Snap comes to desktop systems. In the Snap framework, the interfaces that are defined to provide access to system resources are called, simply, "interfaces." As we will see, they cover similar territory to the recently unveiled "portals" for Flatpak, but there are some key distinctions. Two classes of Snap interfaces are defined: one for the standard resources expected to be of use to end-user applications, and one designed for use by system utilities. Snap packages using the standard interfaces can be installed with the snap command-line tool (which is the equivalent of apt for .deb packages). Packages using the advanced interfaces require a separate management tool.
  • Ubuntu 15.10 (Wily Werewolf) Reaches End Of Life Today (July 28)
  • Ubuntu MATE 16.10 Yakkety Yak Gets A Unity HUD-Like Searchable Menu
    MATE HUD, a Unity HUD-like tool that allows searching through an application's menu, was recently uploaded to the official Yakkety Yak repositories, and is available (but not enabled) by default in Ubuntu MATE 16.10.

Tablet review: BQ Aquaris M10 Ubuntu Edition

As employees have become more and more flexible in recent years thanks to the power and performance of mobile devices, the way we work has changed dramatically. We frequently chop and change between smartphones, tablets and laptops for different tasks, which has led to the growth of the hybrid market – devices such as Microsoft’s Surface Pro 3 and Apple’s iPad Pro – that provide the power and functionality of a laptop with the mobility and convenience of a tablet. Read more

Leftovers: Software

  • qutebrowser v0.8.1
  • Anonymous publishing with Riffle
    Preserving anonymity online is an understandably hot topic these days. But it can be confused with related concepts like privacy and secure communication. A new protocol called Riffle was recently published [PDF] by researchers at MIT; it offers a different take on anonymity than that implemented by other projects. A Riffle network could be used to implement an anonymous but verifiable blogging or publishing platform: one in which the messages are visible to everyone, but the identity of all users remains hidden. For comparison, the most well-known anonymity project is, no doubt, Tor, which enables users to access Internet services without revealing their physical location on the network. It is possible to use Tor to access publishing services like Twitter and, thus, to broadcast content to the Internet at large without revealing one's identity. But Tor is just as useful at solving other problems, such as accessing remote servers that are blocked by a firewall. While important, that usage of Tor does not necessarily involve anonymity; one could, for instance, use it to log in to Facebook, and Tor alone does not prevent the use of web trackers by sites. Furthermore, Tor is the focus of near-constant attacks (against the network itself and against the algorithms that keep it working), and it may be vulnerable to large-scale traffic analysis—such as a national ISP could perform. One of the stated goals of Riffle is to prevent such traffic analysis, which has led to popular reports and online discussions referring to Riffle as a Tor competitor. But Riffle, in fact, tackles a narrower problem set. In a Riffle network, every message sent or file uploaded is eventually published in plaintext form where everyone can see it. The Riffle protocol offers strong guarantees that the identity of the message's uploader cannot be discovered—even in cases where multiple servers in the network have been compromised.
  • Announcing Serval!
    Serval is launching on Tuesday the 2nd of August, 2016. It will be available under the GPLv2 and is completely free to use.
  • Tangent Animation studio will support the Blender Institute to hire two devs full time to work on Blender 2.8 and a third one for Cycles
  • 5 Best Calendar Apps for Linux Desktop
    Time is money, as goes an old saying, therefore you need to manage it very well. This then calls for proper planning of your daily schedule, future events, appointments and several other daily activities.
  • Pandora Client `Pithos` Sees New Major Release
    Pithos 1.2.0 was released today and it includes a new explicit content filter option, new dialog design, along with other improvements and important bug fixes.
  • Terminix Now Available In PPA For Ubuntu 16.04 And Linux Mint 18 [Quick Update]
    Terminix was uploaded to the Debian Sid repositories recently. To make it easier to install and stay up to date with the latest Terminix versions, I used the official Debian packaging (thanks to the packagers!) and created a Terminix PPA for Ubuntu 16.04 and Linux Mint 18.
  • Geary – A Good Looking Modern Email Client for Linux
    Geary is a free and open source email client. It’s simple to setup and install, in a few minutes your done. No need to add extra features or add ons to install, it just works. The user interface is the easiest and simplest to use.
  • PVS-Studio confesses its love for Linux
    This post is about love. About the love of the static code analyzer PVS-Studio, for the great open source Linux operating system. This love is young, touching and fragile. It needs help and care. You will help greatly if you volunteer to help testing the beta-version of PVS-Studio for Linux.