Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

Matriux Linux Operating System For Hackers — An Alternative To Kali Linux

Filed under
GNU
Linux
Security

Matriux is an open source Linux-based operating system that’s designed in accordance with the needs of security researchers and professionals. The OS comes with more than 300 hacking tools that include the likes of Wireshark, Aircrack-ng, Nmap, Vidalia, TrueCrypt and more. Matriux hacking OS features a traditional desktop environment that’s powered by GNOME Classic

Read more

Security Leftovers

Filed under
Security
  • Linux Ransomware and why everyone could be affected [Ed: Bitdefender ad as ‘article’]
  • Kaiten targets Linux routers, gateways, access points and now IoT

    Change default passwords on network equipment even if it is not reachable from the Internet.

  • Security is really about Risk vs Reward

    Every now and then the conversation erupts about what is security really? There's the old saying that the only secure computer is one that's off (or fill in your favorite quote here, there are hundreds). But the thing is, security isn't the binary concept: you can be secure, or insecure. That's not how anything works. Everything is a sliding scale, you are never secure, you are never insecure. You're somewhere in the middle. Rather than bumble around about your risk though, you need to understand what's going on and plan for the risk.

Safety/Privacy in Firefox

Filed under
Moz/FF
Security
  • Firefox and cookie micromanagement

    For most of its existence, Firefox has provided users with the ability to manage how cookies are stored with a rather high degree of granularity: users can block specific cookies, create site-wide exceptions to the accept/block policy, and configure behavior for third-party cookies. Up until Firefox 44, there was an additional option as well, one that allowed users to choose the expiration point (that is, expiring them at the end of the session or letting them persist) for every cookie they encounter. That option was removed in the Firefox 44 release, which has made some users rather unhappy.

    The option in question was found in the Privacy preferences screen, labeled "Ask me every time" on the "Keep until:" selector. When enabled, the option raised a dialog box asking the user to accept or reject each cookie encountered, with a "accept for this session only" choice provided. Removing the option was proposed in 2010, although the patch to perform the removal did not land until 2015. It was released in Firefox 44 in January 2016.

  • How Safe Browsing works in Firefox

    If you want to learn more about how Safe Browsing works in Firefox, you can find all of the technical details on the Safe Browsing and Application Reputation pages of the Mozilla wiki or you can ask questions on our mailing list.

  • Decentraleyes Addon Fixes Browser Privacy, Circumvents CDNs

    Widespread CDN acceptance has been a security flaw that sacrifices privacy simply because it breaks web pages on anything put a text-based browser, which is a sacrifice few are willing to make for the sake of their information remaining local.

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Reviewing Important Healthcare Cybersecurity Frameworks [Ed: Microsoft Windows]

    Just recently, a ransomware attack affected Hollywood Presbyterian in California, causing the hospital to pay $17,000 to regain access to its databases.

  • U.S., Canada issue joint alert on 'ransomware' after hospital attacks [iophk: The governments need to track down those spreading Windows in the hospitals.]

    The United States and Canada on Thursday issued a rare joint cyber alert, warning against a recent surge in extortion attacks that infect computers with viruses known as "ransomware," which encrypt data and demand payments for it to be unlocked.

    The warning follows reports from several private security firms that they expect the crisis to worsen, because hackers are getting more sophisticated and few businesses have adopted proper security measures to thwart such attacks.

  • NIST Publishes New Security Standard For Encrypting Credit Card, Medical Info

    The National Institute of Standards and Technology (NIST) has developed new encryption methods for securing financial data and other sensitive information.

    The NIST publication SP 800-38G authored by Morris Dworkin specifies cryptography standards for both binary and non-binary data, preserving the look and feel of the unencrypted digits. Earlier encryption methods designed by NIST worked for binary data. But for strings of decimal numbers, there was no feasible technique to produce coded data that preserves the original format.

LibreOffice 5.2 Launches in August, First Bug Hunting Session Starts April 22

Filed under
LibO
Security

On March 31, 2016, The Document Foundation Co-Founder Italo Vignoli announced the release plan for the upcoming major release of the world's popular free office suite, LibreOffice 5.2.

Read more

Security Leftovers

Filed under
Security
  • Thursday's security updates
  • Your router could succumb to a new Telnet worm

    Building botnets made up of routers, modems, wireless access points and other networking devices doesn't require sophisticated exploits. Remaiten, a new worm that infects embedded systems, spreads by taking advantage of weak Telnet passwords.

    Remaiten is the latest incarnation of distributed denial-of-service Linux bots designed for embedded architectures. Its authors actually call it KTN-Remastered, where KTN most likely stands for a known Linux bot called Kaiten.

  • Remaiten Is a New DDoS Bot Targeting Linux-Based Home Routers

    Malware coders have created a new DDoS bot called Remaiten that targets home routers running on common Linux architectures, which also shares a lot of similarities with other DDoS bots like Tsunami and Gafgyt.

  • Oh, Look: Yet Another Security Flaw In Government Websites

    Or worse. The open direct could lead to spyware and malware, rather than just advertising masquerading as content or bottom-feeder clickbait. Fortunately, you can keep an eye on what URLs are being reached using these open redirects via this link. Unfortunately, it may be only citizens keeping an eye on that page, and they're in no position to prevent further abuse.

  • CNBC Asks Readers To Submit Their Password To Check Its Strength Into Exploitable Widget

    People's passwords and their relative strength and weakness is a subject I know quite well. As part of my business, we regularly battle users who think very simple passwords, often times relating to their birthdays and whatnot, are sufficient. Sometimes they simply make "password" or a similiar variant their go-to option. So, when CNBC put together a widget for readers to input the passwords they use to get feedback on their strength or weakness, I completely understand what they were attempting to accomplish. Password security is a real issue, after all -- which is what makes it all the more face-palming that the widget CNBC used was found to be exploitable.

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

KDE Advisory Board

  • Announcing the KDE Advisory Board
    With KDE having grown from a hobby project by a few volunteers 20 years ago to the large and central Free Software community it is now, our interactions with other organizations have become increasingly important for us. KDE software is available on several platforms, is shipped by numerous distributions large and small, and KDE has become the go-to Free Software community when it comes to Qt. In addition to those who cooperate with KDE on a technical level, organizations which fight for the same vision as ours are our natural allies as well. To put these alliances on a more formal level, the KDE e.V. hereby introduces the KDE e.V. Advisory Board as a means to offer a space for communication between organizations which are allied with KDE, from both the corporate and the non-profit worlds. One of the core goals of the Advisory Board is to provide KDE with insights into the needs of the various organizations that surround us. We are very aware that we need the ability to combine our efforts for greater impact and the only way we can do that is by adopting a more diverse view from outside of our organization on topics that are relevant to us. This will allow all of us to benefit from one another's experience.
  • KDE Introduces An Advisory Board

today's leftovers

  • Great first year at LAS GNOME!
    This was the first year of the Libre Application Summit, hosted by GNOME (aka "LAS GNOME"). Congratulations to the LAS GNOME team for a successful launch of this new conference! I hope to see more of them. In case you missed LAS GNOME, the conference was in Portland, Oregon. I thoroughly enjoyed this very walkable city. Portland is a great place for a conference venue. When I booked my hotel, I found lots of hotel options within easy walking distance to the LAS GNOME location. I walked every day, but you could also take any of the many light rail or bus or trolley options running throughout the city.
  • Red Hat Forum 2016 Celebrates the Power of Participation and Open Source Innovation in India Series
    Under the theme, “Power of Participation”, Red Hat Forum discussed how enterprises can transform and innovate by learning, networking, and collaborating via open source. The event was kicked off by Rajesh Rege, Managing Director, Red Hat India, which was followed by a series of topics covering various aspects of Open Source technology. Rajesh emphasized that open source is now at the forefront of every major breakthrough and the most innovative ideas do not merely come from the boardroom; but from a synergy of people working together.
  • Fedora Now Has Bootable RISC-V Disk Images Available
    Fedora has been making a lot of RISC-V build/packaging progress over the past few months while this weekend the milestone was announced that they are hosting clean, RPM-built, bootable disk images for this open-source RISC-V instruction set architecture.
  • Ghost Minitaur Robot Opens Doors & Climbs Fences & Stairs!
    Give this little droid a compatible brain, like a Raspberry Pi 3, which can display images via a built-in HDMI port and runs Linux at 1.2 Gigahertz, and is more akin to an actual computer than a microcontroller, and let programming of a robotic brain function shatter the ceiling on possibilities.
  • Attributes of Effective Project Managers
    Volunteers often work for both philanthropic and selfish reasons. For example, contributing to FreeBSD and having your code approved can translate to a career-building resume bullet (nearly ⅓ of the world’s internet traffic runs on FreeBSD). While not every contribution translates into a resume bullet, volunteers generally contribute more of their talents when their contributions are recognized. Martin takes great pride in publicly sharing information about how he gives back to his volunteers in the form of reasonably-sized monetary gifts. He remarked to me how one gift bought a programmer a new chair. While it may not seem like much, the contribution made a significant difference to that person’s sense of value to the project. Martin noticed that since the chair arrived the change requests for Ubuntu MATE that come from that programmer with the happy hind quarters seem to become his highest priority and Martin generally gets the changes in short order.
  • Show And Tell: Google Open Sources Its Image Captioning AI In TensorFlow
    Google has open sourced its Show and Tell system which will now be available in TensorFlow machine learning library. The Show and Tell system can analyze an image and provide a relevant caption describing the situation of the image. The code of the system is available on GitHub.
  • No, Google Hasn’t Killed Chromecast Support in Chromium Linux Builds
    This week a horde of angry, pitchfork-waving readers descended upon the e-mail inbox of both OMG! sites, demanding to know why we weren’t writing about the “shocking evil” Google is waging against the open-source community.
  • New Firefox 49 features in Fedora
    The latest release 49 of Firefox comes with some interesting new features. Here’s what they mean for Fedora users and how to enable them beyond default setup.
  • SDN and NFV integration, updated API documentation, and more OpenStack news
  • PostgreSQL 9.6 Preparing To Release Next Week With Its Parallel Queries Support
    PostgreSQL 9.6 is being prepared for release on 29 September as the database system's latest major update. Arguably the biggest feature of the upcoming PostgreSQL 9.6 release is the parallel query support for scans, joins, and aggregates that should speed up the performance of SELECTs by a lot. There are also other improvements like synchronous replication on multiple standby servers, full-text search for phrases, and more.
  • Developing a GIMP Deblur Plugin
    The original assignment was to implement Cho's algorithm for deblurring [Cho et al 2013] as a GIMP plugin. The previous bachelor thesis had found this algorithm as the best deblurring algorithm for recovering text. However, time marches on. During the literature review phase, the team came across some advances in deblurring. Moreover, the algorithm's description in the paper was incomplete, and patented. (Interestingly enough, the patent did not clarify the incompleteness.) There was a new algorithm by Pan et al [Pan et al 2014] that was simpler, faster, and: open source. However, the original was coded in Matlab, which is (1) proprietary, (2) not freely available, and (3) not in much use by people who want to edit pictures. So, the team investigated both algorithms in great (and hairy) detail, and implemented Pan et al's algo as an open source GIMP plugin. This required a working understanding of the maths involved (which is not explicitly taught in the Bachelor programme). Moreover, the end result is a sleek piece of work, showcasing the team's CS creds as well. Below, a tiny bit about how blurring works, and how to deblur. I'll skip most of the maths, promised.
  • North American Cities Slow to Adopt Open Source Software
    Most politicians who are setting the IT budgets do not have a clue what IT is doing. They demand more and more from them as technology changes. But unlike a crumbling road or rusting bridge that can be seen by all, they really do not see or understand what is happening in the IT department. As long as they can get access to their applications and data, everything is fine. This lack of knowledge leads to a lack of political willpower to make change happen or to even recognize that change is needed and that money can be saved by doing things differently.
  • Microsoft ends Tuesday patches
    Yesterday was a big day for Patch Tuesday. It was the last traditional Windows Patch Tuesday as Microsoft is moving to a new patching release model. In the future, patches will be bundled together and users will no longer be able to pick and choose which updates to install. Furthermore, these new ‘monthly update packs’ will be combined, so for instance, the November update will include all the patches from October as well.
  • The best way to develop software with effective security
    Regardless of the level at which you're doing your programming, security is going to get in the way. No amount of application abstraction or modern development process seems capable of shielding developers from the barriers raised by security. It's pretty hard not to hate security when it doesn't seem to add any intrinsic value, and often gets in the way of providing a delightful user experience. To top it off products can get hacked anyway, in spite of any and all work you do to make your products secure.
  • IBM Preaches Cognitive, Cloud, And IT Consumption
    They say it's not just about the technology. It's really about the business. But that brings to mind an old adage from the car industry: You sell the sizzle not the steak. Right now the sizzle is cognitive computing. It has edged out big data and analytics in the one-upsmanship match of IT leadership and the next big thing. At the Edge conference last week, when IBM executives talked strategy and road maps, cognitive computing was on the tip of tongues. Cognitive is a differentiator, an upper hand for IBM. Big Blue has not let the world forget about Watson, its game show champion that's evolved into a must-have business advantage in the making. Watson's augmented intelligence, a term IBM prefers over artificial intelligence, has been applied to healthcare, finance, commerce, education, and security. According to IBM, it has thousands of scientists and engineers working on cognitive projects, which also extend to clients, academics, and external experts.

8 great Android features that iOS needs to steal

Not that long ago, I used to feel sorry for Android users and their clunky, sluggish devices—the thought of giving up my iPhone never crossed my mind. Recently, though, I’ve been the one green-eyed with envy, as snazzy new Android features make my once-precious iOS handset feel old and tired by comparison. Below I’ve highlighted eight of the most notable Android features that iOS needs to steal (there are plenty more, mind you), from automatic power-saving mode and installing apps from the web to smarter keypad shortcuts and the ability to clear storage-hogging app caches with a single tap. Read more

Leftovers: Software

  • Linux Twitter App ‘Corebird’ Now Supports Longer Tweets
    An updated version of the open-source desktop Twitter client Corebird is available for download. Corebird 1.3.2 is the second bug-fix release since the release of Corebird 1.3 back in July. It enables support for the social media service’s newer, longer tweets. Twitter says the new so-called “expanded tweets” do not count media attachments (photos, GIFs, videos, and polls) towards the 140-character limit. It also says it plans to exclude usernames in replies from the character count too, though an exact date for this has yet to be announced.
  • GTK Radio Player ‘Gradio’ Gets New Beta Release, Gains New Features
    A new beta release of the desktop radio player app GRadio is available for download — and it’s broadcasting a wealth of changes. Developer Häcker Felix says the next major stable release needs to deliver ‘a rock-solid stable base for the next versions’, and to do so he needs feedback on how the app is shaping up right now.
  • Kdenlive news and packaging
    Following our last week’s monthly Café, we decided to concentrate on advanced trimming features and if possible an audio mixer for the next Kdenlive 16.12 release. It was also mentionned that several users requested the comeback of the rotoscoping effect, which was lost in the KF5 port, preventing some users to upgrade their Kdenlive version.