Language Selection

English French German Italian Portuguese Spanish

Security

Tux Machines Again Faces DDOS Attacks

Filed under
Security

The popular website Tux Machines has evidently fallen victim to a DDOS attack that made the site unavailable for part of the day on Friday. The announcement of the attack was initially made in a blog notice posted on the site late Friday morning GMT which opened with the line “Tux Machines has been mostly offline this morning.”

Read more

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Researchers poke hole in custom crypto built for Amazon Web Services

    Underscoring just how hard it is to design secure cryptographic software, academic researchers recently uncovered a potentially serious weakness in an early version of the code library protecting Amazon Web Services.

    Ironically, s2n, as Amazon's transport layer security implementation is called, was intended to be a simpler, more secure way to encrypt and authenticate Web sessions. Where the OpenSSL library requires more than 70,000 lines of code to execute the highly complex TLS standard, s2n—short for signal to noise—has just 6,000 lines. Amazon hailed the brevity as a key security feature when unveiling s2n in June. What's more, Amazon said the new code had already passed three external security evaluations and penetration tests.

  • Social engineering: hacker tricks that make recipients click

    Social engineering is one of the most powerful tools in the hacker's arsenal and it generally plays a part in most of the major security breaches we hear about today. However, there is a common misconception around the role social engineering plays in attacks.

  • Judge Gives Preliminary Approval to $8 Million Settlement Over Sony Hack

    Sony agreed to reimburse employees up to $10,000 apiece for identity-theft losses

  • Cyber Monday: it's the most wonderful time of year for cyber-attackers

    Malicious attacks on shoppers increased 40% on Cyber Monday in 2013 and 2014, according to EnigmaSoftware.com, an anti-malware and spyware company, compared to the average number of attacks on days during the month prior. Other cybersecurity software providers have identified the December holiday shopping season as the most dangerous time of year to make online purchases.

    “The attackers know that there are more people online, so there will be more attacks,” said Christopher Budd, Trend Micro’s global threat communications manager. “Cyber Monday is not a one-day thing, it’s the beginning of a sustained focus on attacks that go after people in the holiday shopping season.”

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

Mozilla Releases Thunderbird 38.4.0 to Patch High and Critical Security Issues

Filed under
Moz/FF
Security

Mozilla has announced the release of a new maintenance version of the popular, open-source, and cross-platform Mozilla Thunderbird 38 email and news client for all supported operating systems, including GNU/Linux, Mac OS X, and Windows.

Read more

LibreOffice Has About 1,200 UI-Related Reported Bugs, Come and Help Fix Them

Filed under
LibO
Security

LibreOffice might be a great office suite, but the community doesn’t like the fact that the UI still looks kind of dated. The good news is that anyone with some coding skills can try to fix that by working on the project.

Read more

Security Leftovers

Filed under
Security

Looking at the security of Plasma/Wayland

Filed under
Security

This can be used to create very interesting attacks. It’s one of the reasons why I for example think it’s a very bad idea to start the file manager as root on the same X server. I’m quite certain that if I wanted to I could exploit this relatively easily just through what X provides.

The insecurity of X11 also influenced the security design of applications running on X11. It’s pointless to think about preventing potential attacks if you could get the same by just using core X11 functionality. For example KWin’s scripting functionality allows to interact with the X11 windows. In general one could say that’s dangerous as it allows untrusted code to change aspects of the managed windows, but it’s nothing you could not get with plain X11.

Read more

Antivirus Live CD 15.0-0.98.7 Uses ClamAV 0.98.7 to Clean Your PCs of Viruses

Filed under
GNU
Linux
Security

Zbigniew Konojacki, the lead developer and maintainer of the independent 4MLinux GNU/Linux distribution, has been happy to inform us earlier about the release and immediate availability for download of Antivirus Live CD 15.0-0.98.7.

Read more

Security Leftovers

Filed under
Security
  • Chrome Extensions – AKA Total Absence of Privacy

    Google, claiming that Chrome is the safest web browser out there, is actually making it very simple for extensions to hide how aggressively they are tracking their users. We have also discovered exactly how intrusive this sort of tracking actually is and how these tracking companies actually do a lot of things trying to hide it. Due to the fact that the gathering of data is made inside an extension, all other extensions created to prevent tracking (such as Ghostery) are completely bypassed.

  • 10 dumb security mistakes sys admins make

    When you log in as root, you have full control over the box. This can be extremely dangerous because if your credentials get stolen, an attacker can do whatever he or she wants.

  • Friday's security updates
Syndicate content

More in Tux Machines

Debian and the Internet of Things

Everybody is talking about the Internet of Things. Unfortunately there is no sign of it in Debian yet. Besides some smaller packages like sispmctl, usbrelay or the 1-wire support in digitemp and owfs, there is not much software to control devices over a network. With the recent upload of alljoyn-core-1504 this might change. Read more

AMDGPU-PRO Beta 2 vs. Mesa 11.3 + Linux 4.6: Very Competitive For Linux Gamers

Following last week's AMDGPU-PRO 16.20.3 "Beta 2" driver release of AMD's new hybrid driver stack for Linux that makes use of the AMDGPU open-source kernel DRM driver with the closed-source OpenGL driver derived from Catalyst / Radeon Software, I set out to do a fresh open vs. closed-source driver comparison. For the Radeon R9 285, R9 290, and R9 Fury, I compared the performance of this new AMDGPU-PRO driver against Mesa 11.3-devel Git and Linux 4.6 for the latest open-source driver stack. Read more

Petros Koutoupis' RapidDisk

RapidDisk is an open-source and enhanced Linux RAM drive solution led by BDFL Petros Koutoupis (who also writes for Linux Journal) that allows users to create, resize and remove RAM drives dynamically or map those same RAM drives as a cache to slower data volumes. The latest version 4.0 release adds a series of complementary improvements, such as kernel module optimizations, code cleanup/redesign and bug fixes. RapidDisk consists of a collection of kernel modules, an administration utility, high-availability scripts and a RESTful API for third-party integration. By design, RapidDisk volumes are thinly provisioned and will allocate memory only upon usage. Read more

Major CoreOS Linux Alpha Vulnerability Patched

A major vulnerability in CoreOS Linux Alpha has been patched, with the issue limited to versions 104x.0.0 of the distribution. In the blog post Major Remote SSH Security Issue in CoreOS Linux Alpha, Subset of Users Affected the CoreOS Security Team described the issue saying: Read more