Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Security advisories for Wednesday
  • German nuclear plant infected with computer viruses, operator says

    A nuclear power plant in Germany has been found to be infected with computer viruses, but they appear not to have posed a threat to the facility's operations because it is isolated from the Internet, the station's operator said on Tuesday.

    The Gundremmingen plant, located about 120 km (75 miles) northwest of Munich, is run by the German utility RWE (RWEG.DE).

    The viruses, which include "W32.Ramnit" and "Conficker", were discovered at Gundremmingen's B unit in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods, RWE said.

    Malware was also found on 18 removable data drives, mainly USB sticks, in office computers maintained separately from the plant's operating systems. RWE said it had increased cyber-security measures as a result.

  • Death of the enterprise VPN - if remote access is not secure what comes next? [iophk: "Spam. Besides, if an app cannot be put on the net without a VPN then it does not belong on the net in the first place."]

    VPNs are the backbone of enterprise remote access and yet their security limitations are starting to pile up. The problem is that the very thing that once made them so useful, network access, is now their biggest weakness. As the 2014 attacks on retailers Target and Home Depot painfully illustrate, this architecture can easily be exploited by attackers armed with stolen credentials to move around networks from within in ways that are difficult to spot until it’s too late.

GNOME Software Bug Doesn't Let Ubuntu 16.04 LTS Users Install Third-Party Debs

Filed under
GNOME
Security
Ubuntu

We've been tipped earlier by one of our readers that there's a bug in the GNOME Software (Ubuntu Software) package manager which doesn't let users install third-party .deb files in Ubuntu 16.04 LTS.

Read more

Security Leftovers

Filed under
Security

Security support for Wheezy handed over to the LTS team

Filed under
Security
Debian

As of 25 April, one year after the release of Debian 8, alias "Jessie", and nearly three years after the release of Debian 7, alias "Wheezy", regular security support for Wheezy comes to an end. The Debian Long Term Support (LTS) Team will take over security support.

Read more

Also: Debian GNU/Linux 7 "Wheezy" Has Become an LTS Release, Supported Until May 2018

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Why I gave your paper a Strong Reject

    Writing a bunch of wordy bullshit that doesn't mean anything. Trust me, you're not going to wow and amaze the program committee by talking about dynamic, scalable, context-aware, Pareto-optimal middleware for cloud hosting of sensing-intensive distributed vehicular applications. If your writing sounds like the automatically-generated, fake Rooter paper ("A theoretical grand challenge in theory is the important unification of virtual machines and real-time theory. To what extent can web browsers be constructed to achieve this purpose?"), you might want to rethink your approach. Be concise and concrete. Explain what you're doing in clear terms. Bad ideas won't get accepted just because they sound fancy.

  • Computer System Security Policy Debate (Follow-up)

    The challenge is that political people see everything as a political/policy issue, but this isn’t that kind of issue. I get particularly frustrated when I read ignorant ramblings like this that dismiss the overwhelming consensus of the people that actually understand what needs to be done as emotional, hysterical obstructionism. Contrary to what seems to be that author’s point, constructive dialogue and understanding values does nothing to change the technical risks of mandating exceptional access. Of course the opponents of Feinstein-Burr decry it as technologically illiterate, it is technologically illiterate.

Security Leftovers

Filed under
Security
  • Let's Encrypt Reaches 2,000,000 Certificates

    Earlier today, the Let's Encrypt certificate authority issued its two millionth certificate, less than two months after the millionth certificate. As we noted when the millionth certificate was issued, each certificate can cover several web sites, so the certificates Let's Encrypt has issued are already protecting millions and millions of sites.

  • Hackers Make This Search Engine Out Of 70 Million Voters’ Data

    Did you ever imagine an easily-browsable hacked data available to public and that too in the form of a search engine? Well, here is one of those interesting hacking cases where hackers made a search engine out of the hacked data of the 70 million citizens of Philippines and anyone can easily search for everybody else.

  • How Big Is Your Target?

    In his 2014 TED presentation Cory Doctorow compares an open system of development to the scientific method and credits the methods for bringing mankind out of the dark ages. Tim Berners-Lee has a very credible claim to patent the technology that runs the internet, but instead has championed for its open development. This open development has launched us forward into a brave new world. Nearly one third of all internet traffic rides on just one openly developed project. Its place of dominance may be unsure as we approach a world with cybersecurity headlines. Those headlines do much to feed the industry of fear resulting in government efforts to close doors on open source efforts.

    This paper is a qualitative theoretical discussion regarding cyber security and open source solutions written in three parts. Its goal is to demonstrate that the use of open source technologies reduces vulnerability to cyber attacks. The first part of this paper identifies the difficulties in presenting a software consideration model capable of illustrating the full spectrum of expectations for the performance of today’s code. Previous models merely address basic requirements for execution namely security, functionality & usability. While these aspects are important they fail to take into account modern requirements for maintenance, scalability, price, reliability and accessibility of software. This part of the paper modernizes the model developed by Andrew Waite and presents a clear model for software discussion.

Security Leftovers

Filed under
Security
  • Thursday's security updates
  • libressl - more vague promises

    There hasn’t been a lot of noise coming out of the LibreSSL camp recently. Mostly there’s not much to report, so any talks or presentations will recover a lot of the same material. But it’s an election year, and in that spirit, we can look back at some promises previously made and hopefully make a few new ones.

  • My OpenWrt Tor configuration

    In my previous article I shared my thoughts on running Tor on the router. I described an ideal Tor router configuration and argued that having Tor on the router benefits both security and usability.

    This article is about that ideal Tor router configuration. How did I configure my router, and why did I choose the configuration? The interesting part is that it really is “just configuration”. No programming involved. Even more interesting, it's easy too!

Security Leftovers

Filed under
Security
  • April security sensationalism and FUD

    If you happen to follow the security scene, you must have noticed a lot of buzz around various security issues discovered this month. Namely, a critical vulnerability in the Microsoft Graphics Component, as outlined in the MS16-039 bulletin, stories and rumors around something called Badlock bug, and risks associated using Firefox add-ons. All well and good, except it's nothing more than clickbait hype nonsense.

    Reading the articles fueled my anger to such heights that I had to wait a day or two before writing this piece. Otherwise, it would have just been venom and expletives. But it is important to express myself and protect the Internet users from the torrent of pointless, amateurish, sensationalist wanna-be hackerish security diarrhea that has been produced this month. Follow me.

  • DRAM bitflipping exploits that hijack computers just got easier
  • PacketFence v6.0 released

    The Inverse team is pleased to announce the immediate availability of PacketFence 6.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised.

  • [Old] The Athens Affair

    How some extremely smart hackers pulled off the most audacious cell-network break-in ever

  • Write opinionated workarounds

    A few years ago, I decided that I should aim for my code to be as portable as possible. This generally meant targeting POSIX; in some cases I required slightly more, e.g., "POSIX with OpenSSL installed and cryptographic entropy available from /dev/urandom". This dedication made me rather unusual among software developers; grepping the source code for the software I have installed on my laptop, I cannot find any other examples of code with strictly POSIX compliant Makefiles, for example. (I did find one other Makefile which claimed to be POSIX-compatible; but in actual fact it used a GNU extension.) As far as I was concerned, strict POSIX compliance meant never having to say you're sorry for portability problems; if someone ran into problems with my standard-compliant code, well, they could fix their broken operating system.

Security Leftovers

Filed under
Security
  • Tuesday's security updates
  • Security advisories for Wednesday
  • Red Hat Product Security Risk Report: 2015

    This report takes a look at the state of security risk for Red Hat products for calendar year 2015. We look at key metrics, specific vulnerabilities, and the most common ways users of Red Hat products were affected by security issues.

    Our methodology is to look at how many vulnerabilities we addressed and their severity, then look at which issues were of meaningful risk, and which were exploited. All of the data used to create this report is available from public data maintained by Red Hat Product Security.

Syndicate content

More in Tux Machines

How I Use Android: Android Central Editor Emeritus Phil Nickinson

In the meantime, I was able to convince Phil to step out of his metaphorical kitchen for a few minutes to chat about how he uses Android in his day-to-day life. This is a man who has seen and used practically every Android device over the past several years, after all -- and a fair number of apps and customization tools, to boot. So what devices does someone with so much knowledge carry around in his own trousers, and how does he make the most of what they have to offer? Enough with the suspense already. In his own words, this is how Phil Nickinson uses Android. Read more

Best Android Phones Under 5.7 Inches

There's no question that Samsung hit a home run with its Galaxy S7 line. We already think the smaller GS7 is the best phone under 5.2 inches, and the larger, curved-screen Galaxy S7 edge is our pick for the best phone under 5.7 inches. Why? It takes everything we love about the smaller phone and makes it bigger — but not too much. Read more

Games for GNU/Linux