Language Selection

English French German Italian Portuguese Spanish

Security

Security: Updates and Intel Back Doors

Filed under
Security

Security Leftovers

Filed under
Security
  • What Is ARP Spoofing? — Attacks, Detection, And Prevention

    Spoofing is often defined as imitating (something) while exaggerating its characteristic features for comic effect. Not in the real world but also in the computer networking world, spoofing is a common practice among notorious users to intercept data and traffic meant for a particular user.

  • New Hope for Digital Identity

    For your inconvenience, every organization's identity system is also a separate and proprietary silo, even if it is built with open-source software and methods. Worse, an organization might have many different silo'd identity systems that know little or nothing about each other. Even an organization as unitary as a university might have completely different identity systems operating within HR, health care, parking, laundry, sports and IT—as well as within its scholastic realm, which also might have any number of different departmental administrative systems, each with its own record of students past and present.

  • Linux has a whole crock of USB vulnerabilities
  • Google Patches KRACK Vulnerability in Android

Security: Vault 8 From Wikileaks, Yahoo and Other Massive Data Leaks

Filed under
Security
  • Vault 8

    Source code and analysis for CIA software projects including those described in the Vault7 series.

    This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components.

    Source code published in this series contains software designed to run on servers controlled by the CIA. Like WikiLeaks' earlier Vault7 series, the material published by WikiLeaks does not contain 0-days or similar security vulnerabilities which could be repurposed by others.

  • Marissa Mayer sounds distraught over Yahoo’s massive data breach

    Former Yahoo CEO Marissa Mayer appeared distraught at a US Senate hearing Wednesday (Nov. 8) on the unprecedented data breaches at the company during her tenure.

    “As you know, Yahoo was the victim of criminal, state-sponsored attacks on its systems, resulting in the theft of certain user information,” Mayer said in her opening remarks, rarely looking up from her notes. “As CEO, these thefts occurred during my tenure, and I want to sincerely apologize to each and every one of our users.”

Security: USB. WPA2, Updates, Magento

Filed under
Security

Microsoft and Intel Back Doors

Filed under
Microsoft
Security

10 Most Secure Linux Distros For Complete Privacy & Anonymity | 2017 Edition

Filed under
GNU
Linux
Security

One of the most compelling reasons to use Linux is its ability to deliver a secure computing experience. There are some specialized secure Linux distros for security that add extra layers and make sure that you complete your work anonymously and privately. Some of the popular secure Linux distros for 2017 are Tails, Whoix, Kodachi, etc.

Read more

Ethical Hacking OS Parrot Security 3.9 Officially Out, Parrot 4.0 In the Works

Filed under
OS
Security

Just a minor improvement to the Parrot Security 3.x series of the Linux-based operating system used by security researchers for various pentesting and ethical hacking tasks, Parrot Security OS 3.9 is here with all the latest security patches and bug fixes released upstream in the Debian GNU/Linux repositories.

But it also looks like it ships with some important new features that promise to make the ethical hacking computer operating system more secure and reliable. One of these is a new sandbox system based on the Firejail SUID program and designed to add an extra layer of protection to many apps, protecting users from 0day attacks.

Read more

Latest IPFire 2.19 Linux Firewall Update Patches OpenSSL, Wget Vulnerabilities

Filed under
Linux
Security

Coming only a few days after the Core Update 115 release, which introduced a new IPFire Captive Portal allowing for easy access control of wireless and wired networks, along with updated OpenVPN configuration options, the IPFire 2.19 Core Update 116 release patches important security vulnerabilities.

For starters, the update bumps the OpenSSL version to 1.0.2m, a release that addresses two security flaws affecting modern AMD Ryzen and Intel Broadwell processors, as well as certificate data. More details about the two vulnerabilities are available at CVE-2017-3736 and CVE-2017-3735.

Read more

Security: Marcher, WPA2, Updates, Reproducible Builds and More

Filed under
Security

Kernel: USB Vulnerabilities in Linux, Linux Foundation Adds B9lab

Filed under
Linux
Security
  • Linux kernel: multiple vulnerabilities in the USB subsystem
  • More Than One Dozen USB Vulnerabilities Published For The Linux Kernel

    Made public on Monday were details on 14 known security vulnerabilities within the Linux kernel's USB subsystem while there is also known to be more similar bugs that are yet to be resolved.

    The good news about these USB vulnerabilities is that they would require any rogue individual to first have created a specially-crafted USB device and to have physical address to the vulnerable Linux system.

  • B9lab Joins Hyperledger Project and Linux Foundation

    B9lab is pleased to announce it has joined the Hyperledger Project and the Linux Foundation. This follows the recent launch of their in-depth Hyperledger Fabric course for software engineers. Over the past two years B9lab has been committed to providing high quality education and certification to the wider blockchain industry for both developers and stakeholders.

Syndicate content

More in Tux Machines

Graphics: Mesa 17.2.6 RC, AMDGPU, and Vulkan

  • Mesa 17.2.6 release candidate
  • Mesa 17.2.6 RC Arrives With 50+ Fixes
    While Mesa 17.3 is imminent and should be released as stable within the next few days, Mesa 17.2.6 is being prepped for release as the current point release.
  • 43 More AMDGPU DC Patches Hit The Streets
    While the massive AMDGPU DC infrastructure has been merged for Linux 4.15, the flow of improvements to this display code continues and it looks like the next few kernel cycles at least could be quite busy on the AMD front.
  • A Prototype Of The Vulkan Portability Initiative: Low-Level 3D To Vulkan / D3D12 / Metal
    A Mozilla engineer has put out a prototype library in working on the Vulkan Portability Initiative for allowing low-level 3D graphics support that's backed by Vulkan / Direct3D 12 / Metal. With Apple sticking to their own Metal graphics API and Direct3D 12 still being the dominant graphics API on Windows 10, The Khronos Group has been working towards better 3D portability for where Vulkan may not be directly supported by the OS/drivers or otherwise available. They've been working to target a subset of the Vulkan API that can be efficiently mapped to these other native graphics APIs and to have the libraries and tooling for better compatibility and code re-use of these different graphics APIs.

Kernel: Linux 4.15, TLDR, and Linus Torvalds' Latest Rant

  • Linux 4.15 Adds AMD Raven Ridge Audio ID
    Not only is AMD Stoney Ridge audio (finally) being supported by the Linux 4.15 kernel, but it also looks like Raven Ridge audio should now be working too.
  • Linux 4.14.2 Fixes The BCache Corruption Bug
    Normally I don't bother mentioning new Linux kernel point releases on Phoronix unless there are some significant changes, as is the case today with Linux 4.14.2.
  • TLDR is what Linux man pages always should have been
    If you get stuck using a Linux tool, the first port of call shouldn’t be to Stack Overflow, but rather its “man pages.” Man — which is short for manual — retrieves documentation for a given program. Unfortunately, this can often be dense, hard to understand, and lacking in practical examples to help you solve your problem. TLDR is another way of looking at documentation. Rather than being a comprehensive guide to a given tool, it instead focuses on offering practical example-driven instructions of how something works.
  • Linux creator Linus Torvalds: This is what drives me nuts about IT security
    Developers are often accused of not thinking about security, but Linux kernel founder Linus Torvalds has had enough of security people who don't think about developers and end-users. After blasting some kernel developers last week for killing processes in the name of hardening the kernel, Torvalds has offered a more measured explanation for his frustration with security myopia. While he agrees that having multiple layers of security in the kernel is a good idea, certain ways of implementing it are not, in particular if it annoys users and developers by killing processes that break users' machines and wreck core kernel code. Because ultimately, if there are no users, there's not much point in having a supremely secure kernel, Torvalds contends.

Unity 7 Hoping To Become An Official Flavor For Ubuntu 18.04 LTS

While Canonical abandoned their work on the Unity desktop environment in favor of the Unity-inspired customized GNOME Shell that debuted in Ubuntu 17.10, some within the community have remained interested in maintaining Unity 7 and even getting it into an official spin/flavor of Ubuntu. Posted today to the community.ubuntu.com was a Unity maintenance roadmap, reiterating the hope by some in the Ubuntu community for Ubuntu Unity to become an official LTS distribution of Ubuntu. They are hoping to make it an official flavor alongside Kubuntu, Ubuntu Budgie, Xubuntu, and others. Read more Original/direct: Unity Maintenance Roadmap

Programming/Development: Django and Google India

  • An introduction to the Django ORM
    One of the most powerful features of Django is its Object-Relational Mapper (ORM), which enables you to interact with your database, like you would with SQL. In fact, Django's ORM is just a pythonical way to create SQL to query and manipulate your database and get results in a pythonic fashion. Well, I say just a way, but it's actually really clever engineering that takes advantage of some of the more complex parts of Python to make developers' lives easier.
  • Hey, Coders! Google India Is Offering 130,000 Free Developer Scholarships — Here’s How To Apply
  • Google to prepare 1.3 lakh Indians for emerging technologies

    "The new scholarship programme is in tandem with Google's aim to train two million developers in India. The country is the second largest developer ecosystem in the world and is bound to overtake the US by 2021," William Florance, Developer Products Group and Skilling Lead for India, Google, told reporters here.