Language Selection

English French German Italian Portuguese Spanish

Security

Which Linux Is Secure? The Analysis Of Top Popular Distributions

Filed under
Linux
Security

So, can I be sure that web site of my lovely Linux Distribution is real and hackers doesn’t replace it with infected software? Can I get a backdoor in my operating system from installed updates? No, but only with these conditions:

Read more

Security Leftovers

Filed under
Security

BlackArch Linux Expands Its Roster of Tools for Security Research

Filed under
Linux
Security

If having more tools is better for security, then the latest release of the BlackArch Linux distribution will be warmly received by security researchers. Version 2016.01.10 of BlackArch Linux, which was released on Jan. 10, boasts more than 30 new security tools, bringing the total number of security tools to 1,330. BlackArch is a security-focused operating system that is based on the Arch Linux distribution. Arch Linux is what is known as a rolling release Linux distribution because it is constantly being updated. BlackArch builds on top of Arch and includes anti-forensic, automation, backdoor, crypto, honeypot, networking, scanner, spoofer and wireless security tools for security research. Among the new tools is a utility to conduct attacks against IBM Lotus Domino servers. The new Jooforce tool, meanwhile, enables security researchers to attack the open-source Joomla content management system. Another interesting addition is the credential mapper (credmap) tool that aims to show researchers when user and account credentials have been reused. In this slide show, eWEEK takes a look at some of the features in the BlackArch 2016.01.10 milestone release.

Read more

Linux's Latest Security Vulnerability: Hype vs. Reality

Filed under
Linux
Security

In the latest bout of alarmist frenzy to sweep the security world, researchers disclosed a vulnerability in the Linux kernel's open source code last week. It turns out to pose little real threat.

The flaw, which has existed in Linux since 2012 but remained unknown, was reported by the Israeli security company Perception Point. It allows attackers to gain root access to computers running affected versions of the kernel. With root access, they can do anything they want to the system.

Read more

Security Leftovers

Filed under
Security
  • LeChiffre Ransomware Hits Three Indian Banks, Causes Millions in Damages

    An unknown hacker has breached the computer systems of three banks and a pharmaceutical company and infected most of their computers with crypto-ransomware.

    The incident took place at the start of January, all companies were located in India, and the hacker(s) used the LeChiffre ransomware family to encrypt files on the infected computers.

  • LeChiffre, Ransomware Ran Manually

    It encrypts files and appends to their names an extension “.LeChiffre”.

  • when preloads go sideways

    One solution would be to install an alternative operating system, like OpenBSD. Sorry, I meant to say ARCH LINUX.

    I note that a fair bit of the above foolishness revolves around adding some amount of pollution to the OS’s cabal store. Maybe we can use an OS that comes with a store we trust? For example, there’s several ways a user can install OpenBSD and verify that cert.pem has only the 4943 lines it’s supposed to have. That only pushes the question back a step, however. What lines are supposed to be in this file?

    [...]

    The trials and tribulations of bundleware mirror those of the government. For as long as most traffic was unencrypted, it was easy to inject value. But as sites started moving to full time https, the well of value started to dry up, requiring workarounds to stay in the game. Governments are facing much the same challenge, hence the large number of proposals to build a socialized, universal AV software, so that all citizens can enjoy its benefits on both desktop and mobile. How else will TrendMicro keep us safe from Let’s Encrypt?

    When asked to comment, Hillary Clinton responded with a statement. “I clearly specified that the problem was to be solved by Silicon Valley’s best and brightest, not bumbling mediocrity.” Donald Trump promised to build a wall around malware and make the neckbeards pay for it. Carly Fiorina simply tweeted, “Go Iowa!”

  • Microsoft putting users at risk by forcing Windows 10 upgrade

    Microsoft is forcing Windows users to upgrade to Windows 10 by quietly slipping in code through its regular updates. This has been confirmed by multiple sources.

    But what of those Windows users who want to stick with a known devil — in this case, their own versions of Windows, be they 7, 8 or 8.1 — until a little more is known by the public at large about the strengths and weaknesses of Windows 10?

  • Playing with Letsencrypt

    While I'm not convinced that encrypting everything by default is necessarily a good idea, it is certainly true that encryption has its uses. Unfortunately, for the longest time getting an SSL certificate from a CA was quite a hassle -- and then I'm not even mentioning the fact that it would cost money, too. In that light, the letsencrypt project is a useful alternative: rather than having to dabble with emails or webforms, letsencrypt does everything by way of a few scripts. Also, the letsencrypt CA is free to use, in contrast to many other certificate authorities.

Antivirus LiveCD 16.0-0.99 Promises to Clean Your PC of Viruses with ClamAV 0.99

Filed under
GNU
Linux
Security

Today, 4MLinux developer Zbigniew Konojacki informs us about the release and immediate availability for download of Antivirus Live CD 16.0-0.99.

If you don't know what Antivirus Live CD is, we will take this opportunity to remind you that it is a small, free and easy-to-use Live ISO image built around the open-source Clam AntiVirus (ClamAV) antivirus software and designed for cleaning your PC of viruses, no matter if you're using Linux, Mac or Windows.

The new release, Antivirus Live CD 16.0-0.99, brings support for the recently announced ClamAV 0.99.0, which has all the latest virus definition updates and bugfixes for protecting your computer from malware. Besides that, Antivirus Live CD 16.0-0.99 is now based on the 4MLinux 16.0 operating system.

Read more

Security Leftovers

Filed under
Security

Kali Linux Reviewed, Release

Filed under
Reviews
Security
  • Hands-on with Kali Linux Rolling

    Kali Linux, long known as a premier security/pen-test distribution, announces a new release which is also UEFI compatible. Here are my experiences installing it.

  • Kali Linux, Rolling Edition Released – 2016.1

    Today marks an important milestone for us with the first public release of our Kali Linux rolling distribution. Kali switched to a rolling release model back when we hit version 2.0 (codename “sana”), however the rolling release was only available via an upgrade from 2.0 to kali-rolling for a select brave group. After 5 months of testing our rolling distribution (and its supporting infrastructure), we’re confident in its reliability – giving our users the best of all worlds – the stability of Debian, together with the latest versions of the many outstanding penetration testing tools created and shared by the information security community.

Security Leftovers

Filed under
Security

Kwort Linux 4.3.1 Officially Released with Security Patches, Bootloader Improvements

Filed under
Linux
Security

David Cortarello of the Kwort project was proud to announce on January 21, 2016, that the first maintenance release of the Kwort Linux 4.3 operating system is now available for download.

Read more

Syndicate content

More in Tux Machines

today's howtos

Red Hat and Fedora

Android Leftovers

Leftovers: OSS and Sharing

  • Apache Graduates Another Big Data Project to Top Level
    For the past year, we've taken note of the many projects that the Apache Software Foundation has been elevating to Top-Level Status. The organization incubates more than 350 open source projects and initiatives, and has squarely turned its focus to Big Data and developer-focused tools in recent months. As Apache moves Big Data projects to Top-Level Status, they gain valuable community support. Only days ago, the foundation announced that Apache Kudu has graduated from the Apache Incubator to become a Top-Level Project (TLP). Kudu is an open source columnar storage engine built for the Apache Hadoop ecosystem designed to enable flexible, high-performance analytic pipelines. And now, Apache Twill has graduated as well. Twill is an abstraction over Apache Hadoop YARN that reduces the complexity of developing distributed Hadoop applications, allowing developers to focus more on their application logic.
  • Spark 2.0 takes an all-in-one approach to big data
    Apache Spark, the in-memory processing system that's fast become a centerpiece of modern big data frameworks, has officially released its long-awaited version 2.0. Aside from some major usability and performance improvements, Spark 2.0's mission is to become a total solution for streaming and real-time data. This comes as a number of other projects -- including others from the Apache Foundation -- provide their own ways to boost real-time and in-memory processing.
  • Why Uber Engineering Switched from Postgres to MySQL
    The early architecture of Uber consisted of a monolithic backend application written in Python that used Postgres for data persistence. Since that time, the architecture of Uber has changed significantly, to a model of microservices and new data platforms. Specifically, in many of the cases where we previously used Postgres, we now use Schemaless, a novel database sharding layer built on top of MySQL. In this article, we’ll explore some of the drawbacks we found with Postgres and explain the decision to build Schemaless and other backend services on top of MySQL.
  • GNU Hyperbole 6.0.1 for Emacs 24.4 to 25 is released
    GNU Hyperbole (pronounced Ga-new Hi-per-bo-lee), or just Hyperbole, is an amazing programmable hypertextual information management system implemented as a GNU Emacs package. This is the first public release in 2016. Hyperbole has been greatly expanded and modernized for use with the latest Emacs 25 releases; it supports GNU Emacs 24.4 or above. It contains an extensive set of improvements that can greatly boost your day-to-day productivity with Emacs and your ability to manage information stored across many different machines on the internet. People who get used to Hyperbole find it helps them so much that they prefer never to use Emacs without it.
  • Belgium mulls reuse of banking mobile eID app
    The Belgium government wants to reuse ‘Belgian Mobile ID’ a smartphone app for electronic identification, developed by banks and telecom providers in the country. The eID app could be used for eGovernment services, and the federal IT service agency, Fedict, is working on the app’s integration.
  • Water resilience that flows: Open source technologies keep an eye on the water flow
    Communities around the world are familiar with the devastation brought on by floods and droughts. Scientists are concerned that, in light of global climate change, these events will only become more frequent and intense. Water variability, at its worst, can threaten the lives and well-beings of countless people. Sadly, humans cannot control the weather to protect themselves. But according to Silja Hund, a researcher at the University of British Columbia, communities can build resilience to water resource stress. Hund studies the occurrence and behavior of water. In particular, she studies rivers and streams. These have features (like water volume) that can change quickly. According to Hund, it is essential for communities to understand local water systems. Knowledge of water resources is helpful in developing effective water strategies. And one of the best ways to understand dynamic water bodies like rivers is to collect lots of data.