Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Rootkit Security: The Next Big Challenge

    Combining this with the Juniper issue, where VPN communication could have been hacked, got me thinking about how firmware can be verified and how to ensure that it’s doing what we think it should be doing and not what someone else wants it to do.

  • What Are Your Container Security Options?

    When virtual machine technology emerged, many organizations' initial approach to security was to apply the same security measures to virtual machines as they did to physical machines. Only later did more specialized software emerge that was specifically designed to meet the security requirements of virtual machines.

    That process is now beginning to repeat itself, with software specifically designed to meet the security requirements of containers now starting to emerge. Some examples of specialized container security software include Clair and Twistlock.

  • In the shadows of the cyber colossus

    It might come as a surprise that South Africa is not always rated near the bottom in international surveys. According to various reports, the country comes out either third or sixth in the world of top cyber crime hotspots.

  • Mysterious spike in WordPress hacks silently delivers ransomware to visitors

    It's still not clear how, but a disproportionately large number of websites that run on the WordPress content management system are being hacked to deliver crypto ransomware and other malicious software to unwitting end users.

Tor Browser 5.5.1 Brings a Functional Private Anonymous Browser to Chinese Users

Filed under
OSS
Security

The Tor Project announced today, February 5, 2016, the immediate availability for download of the first point release for the Tor Browser 5.5 anonymous web browser for Linux, Mac OS X, and Microsoft Windows platforms.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Security advisories for Wednesday
  • Default settings in Apache may decloak Tor hidden services

    The information leak has long been known to careful administrators who take the time to read Tor documentation, but that hasn't prevented some Tor hidden services from falling victim to it. To plug the hole, darkweb sites that run Apache must disable the mod_status module that by default sets up a server status page displaying a variety of potentially sensitive information about the servers. Details include the number of requests per second sent to the server, the most recent HTTP requests received, CPU usage, and in some cases the approximate longitude of the server.

  • WordPress Update Patches Pair of Vulnerabilities

    Automatic updates that patch the two flaws and fix 17 bugs are now rolling out to users of the open-source WordPress CMS.
    A new update to the WordPress open-source blogging and content management system (CMS) has been released that patches a pair of security vulnerabilities and includes 17 bug fixes that improve functionality.

  • Linux Computers Becoming Increasingly Malware Prone
  • 10 Mistakes to Avoid to Make Open Source More Secure

    Open source is becoming more popular in the enterprise. But so are open-source vulnerabilities. Here is how you can prevent open source-related mishaps in 2016.

  • Custom and Open-Source Code: A New Approach to Application Security Management

    Use of open-source software is ubiquitous across the Web, cloud, containers, enterprise apps, mobile and the Internet of Things (IoT). Analysis from Black Duck, an IBM Security partner, showed that open-source code comprises about 30 percent of the average commercial software application; this figure can jump even higher for in-house applications. According to Gartner, open source will be included in mission-critical applications within 99 percent of Global 2000 enterprises by the end of 2016.

Ubuntu Phone Users Getting Patch for Mir Bug That Made Their Devices Unstable

Filed under
Security
Ubuntu

On February 3, 2016, Canonical's Łukasz Zemczak sent his daily report to inform all Ubuntu Phone users about the latest work done by the Ubuntu Touch development team on the upcoming OTA-9.5 hotfix.

Read more

Go phish your own staff: Dev builds open-source fool-testing tool

Filed under
OSS
Security

The platform was written in Go and has been posted to GitHub where it's had more than 300 commits at the time of writing. It differs from some other anti-phishing platforms in part because it is hosted on premise rather than in the cloud, “There are many commercial offerings that provide phishing simulation/training [but] unfortunately, these are SaaS solutions that require you to hand over your data to someone else,” the GoFish team says.

Read more

Security Leftovers

Filed under
Security
  • Tuesday's security advisories
  • Best practice - Don't serve writeable PHP files

    I deal with compromises often enough of PHP-based websites that I wish to improve hardening.

    One obvious way to improve things is to not serve PHP files which are writeable by the webserver-user. This would ensure that things like wp-content/uploads didn't get served as PHP if a compromise wrote valid PHP there.

  • New Cross-Platform Backdoors Go From Linux to Windows

    Kaspersky Lab has once again found a nasty little piece of malware that started out in Linux and made the jump to Windows. These cross-platform backdoors spy on the user and are by no means the first backdoor virus of this kind.

  • Obama’s $6bn Security Firewall EINSTEIN Is Not Good Enough To Protect The US Government

    The U.S. Department of Homeland Security (DHS) has spent about $6 billion on a firewall named EINSTEIN intrusion detection system. Officially known as the National Cybersecurity Protection System, the firewall is being developed with an intention to protect the U.S. government agencies against the malicious cyber attacks.

  • Another Serious Bug Hits OpenSSL, But this Time, It's No Heartbleed

    OpenSSL, the open source encryption toolkit that made headlines in 2014 for the Heartbleed security bug, has been hit by another serious vulnerability. This time, however, the real-world damage seems minimal.

    The project disclosed the bug, which results from a new method for generating numbers used for key exchanges, on Jan. 28. It assigned the bug a high severity level, presumably since the flaw could be exploited in order to decrypt data that is encrypted using OpenSSL, the protocol widely used for encrypting information transmitted to and from HTTPS-protected websites.

The top 10 Linux security distros

Filed under
Linux
Security

Linux distros can be used for a lot of things, from games to education, but when it comes to security, there’s a whole mini-universe available.

Not only can you find distros made to protect your privacy, making sure you leave no trace as you move around the web, but also those that help you test your network and system security.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • Your Smartphone Can Be Hacked Due To A Backdoor In Your Processor

    A new security vulnerability has been reported in the smartphones which use MediaTek Processors. MediaTek company is a Taiwan-based company which manufacturers processors for the budget range smartphones. The security bug was found because a debug feature was not closed on the smartphone after testing.

    A new bug has surfaced lately on the Android smartphones or tablets which use a MediaTek processor. These devices are vulnerable to remote hacking via a backdoor. This security vulnerability was discovered by a security researcher, Justin Case. The MediaTek company has been informed about the flaw. This security vulnerability is apparently due to a debug tool which was left open by MediaTek in the shipped devices.

  • Using IPv6 with Linux? You’ve likely been visited by Shodan and other scanners
  • Trojanized Android games hide malicious code inside images

    Over 60 Android games hosted on Google Play had Trojan-like functionality that allowed them to download and execute malicious code hidden inside images.

    The rogue apps were discovered by researchers from Russian antivirus vendor Doctor Web and were reported to Google last week. The researchers dubbed the new threat Android.Xiny.19.origin.

  • Google fixes multiple Wi-Fi flaws, mediaserver bugs in Android
  • On WebKit Security Updates

    Major desktop browsers push automatic security updates directly to users on a regular basis, so most users don’t have to worry about security updates. But Linux users are dependent on their distributions to release updates. Apple fixed over 100 vulnerabilities in WebKit last year, so getting updates out to users is critical.

Celebrating 15 Years of SELinux

Filed under
Red Hat
Security

On Dec. 22, 2000, the NSA released their code to the wider open source world in the form of SELinux, and in doing so forever changed the security landscape of not just Linux, but the technology world at large. A combination of policies and security frameworks, SELinux is one of the most widely-used Linux security modules. Without these innovations, Common Criteria, a crucial government security certification, would likely not exist for Linux.

Read more

Syndicate content

More in Tux Machines

systemd and DebConf16

  • systemd backport of v230 available for Debian/jessie
    At DebConf 16 I was working on a systemd backport for Debian/jessie. Results are officially available via the Debian archive now. In Debian jessie we have systemd v215 (which originally dates back to 2014-07-03 upstream-wise, plus changes + fixes from pkg-systemd folks of course). Now via Debian backports you have the option to update systemd to a very recent version: v230. If you have jessie-backports enabled it’s just an `apt install systemd -t jessie-backports` away. For the upstream changes between v215 and v230 see upstream’s NEWS file for list of changes. (Actually the systemd backport is available since 2016-07-19 for amd64, arm64 + armhf, though for mips, mipsel, powerpc, ppc64el + s390x we had to fight against GCC ICEs when compiling on/for Debian/jessie and for i386 architecture the systemd test-suite identified broken O_TMPFILE permission handling.)
  • DebConf16 low resolution videos
    If you go to the Debian video archive, you will notice the appearance of an "lq" directory in the debconf16 subdirectory of the archive. This directory contains low-resolution re-encodings of the same videos that are available in the toplevel.

Linux Kernel

Red Hat News

Android Leftovers