Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

NSA's XKEYSCORE Surveillance Is Running on Hundreds of Red Hat Linux Servers

Filed under
Red Hat
Security

Details about the NSA surveillance program unveiled by Edward Snowden are still coming to light, two years after the initial revelations were made. From the looks of it, at least one of the components of the NSA surveillance is being run from Red Hat Linux servers.

Read more

Claws Mail 3.13 Open-Source Email Client Has Great New Features, Bugfixes

Filed under
OSS
Security

A new version of the GTK+ based, open-source, user-friendly, free, fast and lightweight Claws Mail email client for GNU/Linux and Windows operating systems is now available for download, as announced by its developers on October 11, 2015.

Read more

Security Leftovers

Filed under
Security
  • Tor browser co-creator: Experian breach shows encryption may not be security panacea

    The Experian/T-Mobile hack may be more worrisome than Experian’s carefully worded description of it suggests, some security experts said Friday.

    One is the co-creator of the Tor secure browser, David Goldschlag, (now SVP of strategy at Pulse Secure). Goldschlag previously was head of mobile at McAfee, and also once worked at the NSA.

    I asked Goldschlag a simple question: “After the Office of Personnel Management and Experian hacks, is there reason to fear that hackers now have the means to steal actual financial information (credit card numbers, etc.) from banks or insurers?”

  • AV-TEST tests Linux security solutions against Linux and Windows threats

    To do so, it is often sufficient to copy files from a Linux environment to Windows.” it further adds. The most obvious mode of attack involves luring victims to install software or updates via third-party package sources. The team conducted test by running 16 different Anti-virus solutions and splitting test session into three distinct phases,

    The detection of Windows malware
    The detection of Linux malware and
    The test for false positives.

    Out of 16 antivirus solutions 8 detected between 95-99% of the 12,000 Windows threat used in the test: The Anti-virus solutions that helped in detection include Bitdefender, ESET, Avast, F-Secure, eScan, G Data, Sophos and Kaspersky Lab (server version).

  • Outlook.com had classic security blunder in authentication engine

    The cross-site request forgery vulnerability means that any user visiting a malicious page can have their accounts hijacked without further interaction.

    The since-patched hole existed in Microsoft Live.com and could have been spun into a dangerous worm, Wineberg says.

  • Meet the White Team, Makers of the Linux.Wifatch Viligante Malware

    However, Softpedia News noted that the Linux.Wifatch source code has not been released in its entirety. That’s likely because the White Team is worried that traditional cybercriminals would exploit the malware for more nefarious purposes. It also explains why it was a clandestine operation in which router owners weren’t aware their systems had been infected, even if it was only to defend them against black-hat attackers.

    Whether or not anyone appreciates the White Team’s form of vigilante security tactics, they may believe the work should serve as a warning to those who don’t follow basic data protection procedures, Hacked said. For example, there are still untold numbers of home routers that use default passwords and leave admin access wide open to malware and other threats.

  • Practical SHA-1 Collision Months, Not Years, Away
  • Search engine can find the VPN that NUCLEAR PLANT boss DIDN'T KNOW was there - report

    The nuclear industry is ignorant of its cybersecurity shortcomings, claimed a report released today, and despite understanding the consequences of an interruption to power generation and the related issues, cyber efforts to prevent such incidents are lacking.

    The report adds that search engines can "readily identify critical infrastructure components with" VPNs, some of which are power plants. It also adds that facility operators are "sometimes unaware of" them.

    Nuclear plants don't understand their cyber vulnerability, stated the Chatham House report, which found industrial, cultural and technical challenges affecting facilities worldwide. It specifically pointed to a "lack of executive-level awareness".

FreeNAS 10 Enters Alpha, Brings Lots of New Technologies, Based on FreeBSD 10.2

Filed under
Security
BSD

FreeNAS' Jordan Hubbard was proud to announce the other day, October 8, the release and immediate availability for download of the first Alpha build of the upcoming FreeNAS open source Network Attached Storage (NAS) solution.

Read more

Lastpass sold to LogMeIn -- should Linux users panic?

Filed under
Linux
Security

Today, however, Lastpass drops a bombshell, announcing it has been bought by the company LogMeIn. I am not familiar with this new owner, but many people are unhappy -- the comment section on the announcement is full of outrage. If you only use Windows, Mac, iOS or Android, there are alternatives, so you can switch if things get bad. Users of Chrome OS, Ubuntu, Fedora and other such operating systems? Not so much. Should we Linux users panic?

Read more

Security Leftovers

Filed under
Linux
Security

How Xen Manages Security Disclosure

Filed under
OSS
Security

When security vulnerabilities are found in any piece of software, the ideal way to fix them is before the general public or attackers are made aware of bugs. Kurth explained that the traditional wisdom in security is to keep any type of predisclosure list for security as small as possible. In Xen's case, the project went through multiple iterations of its security disclosure process, in an attempt to keep things fair for both large and small vendors.

Read more

Security Leftovers

Filed under
Security
  • Malware Peddling Vigilantes behind Linux.Wifatch Speak Up

    The group also add that Linux.Wifatch was never intended to be secretive and added that to be “truly ethical, it needs to have a free license.” However, the developers did not go out of their way to make the Wifatch’s presence known in the wider community, to avoid detection by other malware authors.

    The group haven’t revealed their identity and contend that they are “nobody important,” while adding that although they can be trusted not to do “evil things” with users’ devices anybody could steal the key (speaking figuratively), no matter how well the group protects it.

  • Government Accountability Offices Finds Government Still Mostly Terrible When It Comes To Cybersecurity

    The government has done a spectacularly terrible job at protecting sensitive personal information over the past couple of years. Since 2013, the FDA, US Postal Service, Dept. of Veterans Affairs, the IRS and the Office of Personnel Management have all given up personal information. So, it's no surprise the Government Accountability Office's latest report on information security contains little in the way of properly-secured information.

  • This New 'Secure' App for Journalists May Not Be Secure At All

    When I started working as a journalist in Colombia in 2006, "What do I do if I get kidnapped?" was a common topic at parties. In fact in 2007, my brother (not a journalist) got kidnapped in a small town outside of Medellín. The Colombian anti-kidnapping squad (GAULA) rescued him.

    So let's just say I take an interest in journalist security tools. New apps have the potential to help journalists do their jobs, and stay safe while doing so.

    Unfortunately, Reporta, a new app from the International Women's Media Foundation (IWMF) billed as "the only comprehensive security app available worldwide created specifically for journalists," sounds like it may put journalists in danger.

Linux Security: Lock Down a New System Immediately

Filed under
GNU
Linux
Security

PCWorld recently published an article about Linux botnets launching DDoS attacks. The attackers find and exploit poorly secured Linux systems. Some Linux users have a fairly cavalier attitude about security, assuming the supposedly superior design of the OS somehow protects them. It doesn't. Now that Chromebooks outsell Windows laptops and Amdroid devices are ubiquitous the days when Linux was a secondary target for malware are long gone. Linux' prominence in both the server room and on consumer devices make it a prime target.

Read more

Syndicate content

More in Tux Machines

Yet another GTK+ update

GTK+ 3.20 was released a while ago; we’re up to 3.20.3 now. As I tried to explain in earlier posts here and here, this was a pretty active development cycle for GTK+. We landed a lot of of new stuff, and many things have changed. I’m using the neutral term changed here for a reason. How you view changes depends a lot on your perspective. Us, who implemented the changes, are of course convinced that they are great improvements. Others who maintain GTK+ themes or applications may have a different take, since changes often imply that they have to do work to adapt. Read more

Linux Kernel 3.4.112 LTS Has Many PowerPC, x86, HFS, and HFS+ Improvements

A couple of days ago, kernel developer Zefan Li released the one hundred twelfth maintenance build of the long-term supported Linux 3.4 kernel series for stable GNU/Linux users. Read more

Gentoo-Based Sabayon 16.05 Linux OS Switches to the Latest Linux 4.5 Kernel

Earlier today, April 29, 2016, the developers of the Gentoo-based Sabayon Linux operating system have announced the release of the respin ISO images for the month of May of 2016. Read more

Octa-core Cortex-A53 hacker SBC sells for $60

FriendlyARM’s $60, open spec “NanoPC-T3” SBC runs Android or Linux on an octa-core Cortex-A53 SoC packed with wireless and media interfaces, plus 8GB eMMC. The over-caffeinated board builders at Guangzhou, China-based FriendlyARM have shipped their highest-end hacker board yet. The NanoPC-T3 is almost identical to the NanoPC-T2 board, but swaps out the quad-core, Cortex-A9 Samsung S5P4418 SoC for a layout-compatible S5P6818 with eight Cortex-A53 cores that can be clocked dynamically from 400MHz to 1.4GHz. Last month, FriendlyARM’ unveiled an $11, quad-core NanoPi M1 single board computer with similarly open source hardware and Android and Linux software. Read more