Language Selection

English French German Italian Portuguese Spanish

Security

Java-based malware driving DDoS botnet infects Windows, Mac, Linux devices

Filed under
Software
Security

The cross-platform HEUR:Backdoor.Java.Agent.a, as reported in a blog post published Tuesday by Kaspersky Lab, takes hold of computers by exploiting CVE-2013-2465, a critical Java vulnerability that Oracle patched in June. The security bug is present on Java 7 u21 and earlier. Once the bot has infected a computer, it copies itself to the autostart directory of its respective platform to ensure it runs whenever the machine is turned on. Compromised computers then report to an Internet relay chat channel that acts as a command and control server.

Read more

FileZilla, Other Open-Source Software From 'Right' Sources Is Safe

Filed under
OSS
Security

A basic tenant of open-source software security has long been the idea that since the code is open, anyone can look inside to see if there is something that shouldn't be there.

Read more

IBM Shows That Collaborations With the NSA Are a Company’s Death Knell

Filed under
Security

At this stage, despite deceiving marketing, IBM needs GNU/Linux and Free software more than GNU/Linux and FOSS need IBM. Recently, the President of the Open Source Initiative (OSI) called IBM a patent troll. IBM can carry on openwashing its business with OpenStack [11,12], Hadoop [13] and so on (even OpenOffice.org), but until it stops serving the NSA, the software patents agenda and various other conflicting interests (causes that harm software freedom and GNU/Linux) we are better off nurturing “true” (as in completely) Free software companies.

Read more

If Microsoft thinks old Tor clients are risky, why not Windows XP?

Filed under
Microsoft
OSS
Security

Earlier this week, Microsoft revealed that it had been going into users computers and removing outdated Tor clients. At first glance, this might seem like a crazed, misplaced attack on the Tor network, not unlike a campaign by a certain Irish politician, but the issue runs deeper than first thought.

Read more

For Real Security, Use CentOS — Never RHEL — and Run Neither on Amazon’s Servers

Filed under
Linux
Security

Never run Red Hat’s “Enterprise Linux”, which cannot be trusted because of NSA involvement; Amazon, which pays Microsoft for RHEL and works with the CIA, should never be used for hosting

Read more

Renowned cryptographer believes his 'Blackphone' can stop the NSA

Filed under
Security

Revelations about how insecure our communications are have been a daily fixture of the news cycle recently, and it's in this climate that a pair of companies are combining to launch a new smartphone focused on privacy. The Blackphone will run a "security-oriented" version of Android named PrivatOS, which the companies say will allow users to securely place and receive phone calls, text messages, video chat, transfer and store files, and "anonymize your activity" through a VPN.

Read more

No hypervisor vulnerability exploited in OpenSSL site breach

Filed under
Security

The OpenSSL Project confirmed that weak passwords used on the hosting infrastructure led to the compromise of its website, dispelling concerns...

Read more

All Linux Distributions Store Wi-Fi Passwords in Plain Text If You Don’t Use Encryption

Filed under
Linux
Security

My colleague, Silviu Stahie, wrote an interesting article earlier today, regarding the “ability” of the Ubuntu Linux operating system to store Wi-Fi passwords in plain text, “thanks” to the default design of the NetworkManager application, initially developed by Red Hat.

Read more

Reminder to Corporate Press: PHP is Not Linux

Filed under
Linux
Security

Somehow a PHP issue gets described as a "Linux worm" (usually in headlines, too) for many other writers to repeat without researching any further. If there is any issue associated with embedded devices (which cannot be patched easily, if at all), then don't blame Linux; embedded systems just happen to be an area reined by Linux and GNU. Windows would not have coped any better.

Read more

Syndicate content

More in Tux Machines

today's howtos

Leftovers: Gaming

Android Leftovers

Leftovers: OSS