Language Selection

English French German Italian Portuguese Spanish

Security

Advanced spyware for Android now available to script kiddies everywhere

Filed under
Android
Security
Legal
  • Advanced spyware for Android now available to script kiddies everywhere

    One of the more recent discoveries resulting from the breach two weeks ago of malware-as-a-service provider Hacking Team is sure to interest Android enthusiasts. To wit, it's the source code to a fully featured malware suite that had the ability to infect devices even when they were running newer versions of the Google-developed mobile operating system.

    The leak of the code base for RCSAndroid—short for Remote Control System Android—is a mixed blessing. On the one hand, it provides the blueprints to a sophisticated, real-world surveillance program that can help Google and others better defend the Android platform against malware attacks. On the other, it provides even unskilled hackers with all the raw materials they need to deploy what's arguably one of the world's more advanced Android surveillance suites.

  • Security tool bod's hell: People think I wrote code for Hacking Team!

    A respected security researcher has denied any involvement with Hacking Team after open-source code he wrote was found in smartphone spyware sold by the surveillance-ware maker.

The French want to BAN .doc and .xls files from Le Gouvernement

Filed under
Microsoft
OSS
Security

Microsoft could get the boot from the French government if a new recommendation from an official advisor is adopted.

DISIC (Direction interministérielle des systèmes d'information et de communication de l'État) has recommended that French authorities ditch Microsoft Office tools in favour of the Open Document Format (ODF).

DISIC is responsible for harmonising and reducing the costs of all state computers, including government ministries, state and regional departments and local authorities, and sees ODF as the best way to make them all interoperable.

According to sources, an initial draft of the report envisaged outlawing Microsoft’s Open XML altogether, although with some agencies using tools specifically developed for use with Open XML, DISIC relented.

Read more

Security and Linux/FOSS/Proprietary

Filed under
Security
  • Security updates for Monday
  • Why DANE isn't going to win

    1024 bit RSA keys are quite common throughout the DNSSEC system. Getting rid of 1024 bit keys in the PKI has been a long-running effort; doing the same for DNSSEC is likely to take quite a while. Yes, rapid rotation is possible, by splitting key-signing and zone-signing (a good design choice), but since it can’t be enforced, it’s entirely likely that long-lived 1024 bit keys for signing DNSSEC zones is the rule, rather than exception.

  • RealVNC: more open remote access protocols will increase security

    Yes but RFB 5 is new... and it's a closed, secret, previously unpublished protocol (unlike earlier RFB 3.x versions).

    Hmm, still doesn't sound very secure.

    Security in remote access solutions will always be a concern for some it's true.

  • I worked at #HackingTeam, my emails were leaked to WikiLeaks and I’m ok with that

    Is radical transparency the best solution to expose injustice in this technocratic world, a world that is changing faster than law can keep up with?

    That question became even more relevant to me, a privacy activist, when I found myself in the Wikileaks archive, because I worked at Hacking Team 9 years ago.

    [...]

    This is a leak in the public interest, and I really feel that the personal and corporate damage is smaller than the improvement our society can gain from it. But to reach such an improvement, we have to focus on the bigger picture rather than getting distracted by the juicy details.

  • Hackers Remotely Kill a Jeep on the Highway—With Me in It

    Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.

    At that point, the interstate began to slope upward, so the Jeep lost more momentum and barely crept forward. Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver saw me, too, and could tell I was paralyzed on the highway.

  • 470,000 Vehicles At Risk After Hackers "Take Control & Crash" Jeep Cherokee From A Sofa 10 Miles Away

Researcher lashes out at Hacking Team over open-source code discovery

Filed under
OSS
Security

System security researcher Colin Mulliner said in a blog post on Tuesday that he discovered his open-source creations were being used -- without notice or permission by Hacking Team -- after individuals on Twitter pointed it out and he received a flood of emails and personal notifications.

Read more

OPSWAT adds support for Linux to their Multi Anti-Malware Scanner Metascan

Filed under
Linux
Security

OPSWAT, provider of solutions to secure and manage IT infrastructure, today announced the next generation of Metascan, that can be deployed on Linux. Metascan is a multi scanning solution for ISVs, IT admins and malware researchers that detects and prevents known and unknown threats. Metascan for Linux offers improved security and scalability, as well as enhanced usability and a new user interface.

Read more

The End of Adobe Flash?

Filed under
Software
Security
  • Hacking Team claims terrorists can now use its tools
  • Hacking Team: government-sponsored cyberattack company likely hacked by another country, it claims

    An elite cyberattack group that was employed by governments and agencies was probably hacked by another country, it has said — and the attack has led to its powerful hacking tools being released into the wild.

    Hacking Team was hacked last week, revealing private emails and documents as well as insights into its tools. The leaked documents showed many of the vulnerabilities that were being used by the group — such as a bug in Adobe Flash that can be exploited to get complete control of a computer — which has meant that anyone can counteract them as well as use them for their own ends.

  • Flash HOLED AGAIN TWICE below waterline in fresh Hacking Team reveals
  • Adobe to Patch Two More Zero-Day Flaws in Flash
  • Mozilla blocks Flash as Facebook security chief calls for its death

    After yesterday's news that Facebook's new chief security officer wants to set a date to kill Flash once and for all, the latest version Mozilla's Firefox browser now blocks Adobe's vulnerability-riddled software as standard. Mark Schmidt, the head of the Firefox support team at Mozilla, tweeted that all versions of Flash Player are blocked in the browser as of its latest update, accompanying the news with an image showing a raised fist and the phrase "Occupy Flash."

  • Can we kill Adobe Flash?

    Yesterday the usual tech news outlets were buzzing over an accidental tweet which the media incorrectly interpreted as Mozilla was ditching flash (Blame The Verge for the chain reaction of copied news articles) entirely as a policy. While that is not the case, I was just as excited as many at the faux-news. This got me thinking: what would it really take for the web to kill Adobe Flash? Could Mozilla really make such a move and kill Flash on its own if it wanted to?

  • No Flash 0.5 - still fighting the legacy

    Last week I released No Flash 0.5, my addon for Firefox to fix the legacy of video embedding done with Flash. If you are like me and don't have Flash installed, sometime you encounter embedded video that don't work. No Flash will fix some by replacing the Flash object with a HTML5 video. This is done using the proper video embedding for HTML5.

  • Facebook's New Security Chief Calls On Adobe To Kill Flash

    This message comes after it was revealed that the recently hacked "Hacking Team" was using Flash zero-day vulnerabilities to hack journalists, activists, governments and more. Alex Stamos, like other security experts, must have also gotten tired of hearing about so many security vulnerabilities that Flash has had during its entire lifetime.

  • How to disable Flash Player: Why now's a better time than ever

    Now more than ever, leaving Adobe Flash Player on your system is looking like a dubious proposition.

    While Flash has long been a popular vector for malware, last week’s security breach of surveillance software firm Hacking Team underscored just how vulnerable Flash can be. Hacking Team was relying on at least three unpatched Flash exploits, which cybercriminals immediately adapted for their own nefarious uses. Adobe is scrambling to patch the exploits, but at least one remains unfixed as of this writing.

The NSA Is Looking At Systemd's KDBUS

Filed under
Red Hat
Security

While it's true that an NSA analyst sent out an email about KDBUS security, it hopefully shouldn't raise any alarm bells. The thread in question is about credential faking for KDBUS and why it's even there. Stephen Smalley of the NSA was asking why there's support for credential faking for this soon-to-be-in-kernel code while it wasn't part of the original D-Bus daemon in user-space. The preference of Stephen Smalley is to actually get rood of this functionality that could be abused.

Read more

Core Linux tools top list of most at-risk software

Filed under
Linux
Security

In a Core Infrastructure Initiative survey of at-risk software most in need of close attention, many fundamental Linux utilities sit at the top

Read more

CII and OpenSSL

Filed under
OSS
Security
Web

Another day, another OpenSSL patch

Filed under
OSS
Security

The latest OpenSSL security hole isn't a bad one as these things go. It's no Heartbleed, Freak, or Logjam. But it's serious enough that, if you're running alpha or beta operating systems, you shouldn't delay patching it.

Fortunately, the affected OpenSSL versions are not commonly used in enterprise operating systems. For example, it doesn't impact shipping and supported versions of Red Hat Enterprise Linux (RHEL) or Ubuntu. In the case of Ubuntu, it does affect the 15.10 development release, but the patch is already available.

Read more

Syndicate content

More in Tux Machines

Raspberry Pi: New NOOBS and Raspbian releases

The Release Notes are available, and don't indicate that there are very large changes in this release, just some nice incremental updates, bug fixes, and general cleanup. There may be some interesting internal changes; we'll have to wait for the official announcement to hear about that. Read more

Tunir 0.13 is released and one year of development

I have started Tunir on Jan 12 2015, means it got more than one year of development history. At the beginning it was just a project to help me out with Fedora Cloud image testing. But it grew to a point where it is being used as the Autocloud backend to test Fedora Cloud, and Vagrant images. We will soon start testing the Fedora AMI(s) too using the same. Within this one year, there were total 7 contributors to the project. In total we are around 1k lines of Python code. I am personally using Tunir for various other projects too. One funny thing from the code commits timings, no commit on Sundays :) Read more

Andy Rubin Unleashed Android on the World. Now Watch Him Do the Same With AI

Now that Rubin had shepherded smartphones from concept to phenomenon, they no longer held much interest. As an engineering problem, they had been solved. Sure, entrepreneurs kept launching new apps, but for someone who considered engineering an art, that was like adding a few brushstrokes atop layers of dried paint. Rubin wanted to touch canvas again—and he could see a fresh one unfurling in front of him. Read more

Building a culture of more pluggable open source

If there is one word that often percolates conversations hailing the benefits of open source, it is choice. We often celebrate many of the 800+ Linux distributions, the countless desktops, applications, frameworks, and more. Choice, it would seem, is a good thing. Interestingly, choice is also an emotive thing. Read more