Language Selection

English French German Italian Portuguese Spanish

Security

Development Starts for Tails 2.6 Anonymous Live CD, Now Based on Tor 0.2.8.6

Filed under
Security
Debian

The development team behind the Tails amnesic incognito live system project known to many as the Linux-based Live CD used by ex-CIA employee Edward Snowden to stay hidden and anonymous online, announced the release of Tails 2.6 RC1.

Read more

Security Leftovers

Filed under
Security

Security News

Filed under
Security
  • Linux – Justice Grinds Slowly But Eventually Gets Its Hacker
  • Do electronic voting machines put 2016 election at risk? [Ed: Microsoft inside]

    Soon after the 2000 presidential elections went to a recount, Americans got acquainted with an exotic new vocabulary – hanging chads and butterfly ballots – and what lawmakers saw as a modern solution to the nightmare of punchcard voting systems: electronic voting machines.

    In 2002, Congress passed the Help America Vote Act, pouring nearly $3 billion into an effort to get states to adopt those machines.

  • FBI says foreign hackers penetrated state election systems [Ed: FBI also insists on back doors in everything!]

    The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials.

  • Hack Brief: As FBI Warns Election Sites Got Hacked, All Eyes Are on Russia

    In any other year, hackers breaking into a couple of state government websites through common web vulnerabilities would hardly raise a blip on the cybersecurity community’s radar. But in this strange and digitally fraught election season, the breach of two state board of election websites not only merits an FBI warning—it might just rise to the level of an international incident.

  • Ransomware Targets UK Hospitals, But NHS Won't Pay Up

    Ransomware has caused massive headaches for hospitals. In February of this year, at least a dozen hospitals around the world had been seriously infected with malware demanding cash to retrieve their files. Some even resorted to pen-and-paper systems, and others gave the hackers over $10,000 worth of bitcoin to unlock their systems.

    But judging by responses to Freedom of Information requests, UK hospitals are not paying hackers when ransomware strikes.

    Motherboard asked National Health Service (NHS) trusts for details on attack figures and payments stretching back to January 2012. Many had been successfully hacked at some point (although on a limited scale, infecting only a small number of computers). Another piece of research carried out by cybersecurity company NCC Group found nearly half of 60 NHS Trusts suffered a ransomware attack in the last year.

  • Malware-ridden Word docs lead to Microsoft alert blurt

    MICROSOFT HAS taken the trouble to warn Windows users about an attack that takes what trust people have left in the software and throws it out of the window.

    The firm explained that the problem involves macros and the use of social engineering. People are tricked into downloading and then enabling malicious content that ultimately leads to trouble when they innocently use Word.

    "Attackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigation investments in Windows," said the firm in a Microsoft TechNet blog post suggesting that this is a cheap shot by hackers.

  • About 70 credit card skimmers found at Michigan gas stations in past year

    In the year since the first credit-card skimmer was found in a Michigan gas station, about 70 more have been discovered in the state according to a press release from the Michigan Department of Agriculture and Rural Development.

    "Approximately 70 credit card skimmers have been found and removed from gas pumps statewide since last year," said MDARD director Jamie Clover Adams. "Credit card skimmers will not be tolerated in Michigan. MDARD's Weights and Measures inspectors, gas station owners, and law enforcement remain on the hunt for skimmers to protect the state's consumers from fraud."

    According to the MDARD, which inspects gas station pumps, the skimmers can't be seen from outside the pump and can be installed in seconds

    The skimmers copy the consumer's card information for criminals to make fraudulent purchases.

  • Dropbox has been hacked for a reported 68 million personal records

    ANOTHER DAY, another hacked site. Dropbox is the latest company to have its users' data dangled in harm's way after what appears to be a major cyber attack involving 68 million personal records.

    The incident has been confirmed by venerable security researcher Troy Hunt, who claimed that he and his wife were affected.

  • Let's Encrypt client imported into -current

    Kristaps Dzonsons' Let's Encrypt client, letskencrypt, has been imported into OpenBSD-current as acme-client.

    letskencrypt, which has previously been available as a port, is a privilege-separated Let's Encrypt (ACME protocol) client written in C.

  • The story of how WoSign gave me an SSL certificate for GitHub.com
  • Attackers Infect Transmission Torrent Client With OS X Malware

    Researchers at ESET say that malware designed to steal the content of OS X’s keychain and maintain a permanent backdoor was found in a recent build of open source torrent client Transmission. Following an investigation, the Transmission team say they were subjected to an attack on their servers. Steps have been taken to ensure greater security in the future.

  • BitTorrent Client Transmission Again Victimized by OS X Malware

    Just five months after Transmission was infected with the first "ransomware" ever found on the Mac, the popular BitTorrent client is again at the center of newly uncovered OS X malware.

    Researchers at security website We Live Security have discovered the malware, called OSX/Keydnap, was spread through a recompiled version of Transmission temporarily distributed through the client's official website.

Security Leftovers

Filed under
Security

Security News

Filed under
Security
  • Thursday's security updates
  • Friday's security updates
  • Security advisories for Monday
  • Tox Is Your New Secure Chat Application

    In a previous article, I talked about the Ring communication app. The article proved quite popular and aside from drawing a bit of attention -- or maybe because of it -- that article also drew some criticism, including "What about Tox?" That’s a totally fair question, so here we are.

  • Florida Computer Programmer Arrested For Hacking

    A South Florida-based computer programmer made an appearance in the Southern District of Florida today after being arrested Sunday on charges of hacking into computers operated by the Linux Kernel Organization and the Linux Foundation, announced United States Attorney Brian J. Stretch and Federal Bureau of Investigation Special Agent in Charge John F. Bennett.

    The Linux Kernel Organization operates the www.kernel.org website from which it distributes the Linux kernel software. The Linux Foundation is a separate nonprofit foundation that supports the www.kernel.org website.

  • ​Florida Man Arrested for Allegedly Hacking Key Linux Servers

    A computer programmer from South Florida was arrested last week for allegedly hacking into servers related to the Linux operating system, the Department of Justice announced on Thursday. The case acts as a reminder that even the websites that host and distribute the operating systems our devices run on can be targeted by hackers.

Security Leftovers

Filed under
Security
  • School Creates Own Security Hole; Tries To Have Concerned Parent Arrested For Hacking

    We've seen it so often over the years, it's probably now time to accept the fact that this will never change: when entities are presented evidence of security holes and breaches, far too often the initial reaction is to shoot the messenger.

    A school whose online student portal exposed a lot of sensitive data decided the best way to handle a concerned parent's repeated questions about how it was handling the problem was to file a criminal complaint against the parent. (via the Office of Inadequate Security)

    The details of the breach (since closed) were reported by independent journalist Sherrie Peif.

  • [Tor] A New Bridge Authority

    After ten years of volunteer maintenance of Tonga, Tor's bridge Authority—a piece of critical infrastructure within the Tor network—our colleague and friend, Lucky Green, a long time cypherpunk, and free speech and privacy advocate, has decided to step down from this role. Tonga's cryptographic keys will be destroyed this week. We are incredibly thankful to Lucky for all his support and selfless labour in maintaining a key component of our censorship circumvention efforts, grateful for the years we have spent working with him, and very sorry to see him go.

  • More Than 40% Of Attacks Abuse SSL Encryption

    There’s an important caveat about encrypted traffic from new research released this week: Encryption works so well that hackers are using it as cover.

    A new study from A10 and the Ponemon Institute found that 80% of respondents say their organizations have been the victim of a cyberattack or malicious insiders in the past year -- and 41% of the attacks have used encryption to evade detection. In addition, 75% say malware hidden within encrypted traffic is a risk to their organizations.

    At issue: The report found that SSL encryption not only hides data from would-be hackers but also from common security tools.

    “Hackers are using SSL encryption to slide by standard perimeter defenses,” says Chase Cunningham, director of cyber operations at A10 Networks.

  • The Cloud Security Alliance publishes its best practices for Big Data security

    Big Data is a boon for businesses worldwide, but the benefits come at a cost. The more data companies store, the more vulnerable they are to potential security breaches. And data breaches can be enormously expensive when they occur. IBM’s 2016 Cost of Data Breach report found that the average consolidated total cost of a data breach grew from $3.8 million to $4 million in the last year, which makes securing their data an important goal for any company that’s invested in it.

Redis Misconfiguration and Ransom

Filed under
Linux
Security
Syndicate content

More in Tux Machines

Latvian Ventspils controls costs with open source

The administration of Ventspils, Latvia’s sixth largest city, is an avid user of free and open source software. The main benefits: cost and resource optimisation. Read more

Ubuntu Touch finds a home on a conflict-free, fair-trade, user-maintainable handset

Handset maker Fairphone is teaming up with the community project UBports, which seeks to get Ubuntu Touch on mobile devices. They will be showing off Ubuntu Touch running on the Fairphone 2 during Mobile World Congress, which starts February 27 in Barcelona. While Ubuntu is probably not the first name that comes to mind when you think of mobile devices, the phone in question offers some compelling features. “UBports Foundation will be showcasing its work at the Canonical booth, the company behind Ubuntu. Canonical is planning to tell about the latest developments around the convergence of its devices and UBports Foundation will share its mission ‘Ubuntu On Every Device’ with the visitors,” UBports said in a February 8 press release. Currently, UBports’ website lists three devices as “fully working as daily drivers:” The OnePlus One, Nexus 5, and the Fairphone 2, with the latter showing all parts as functioning with Ubuntu Touch, save the GPS radio. (Interestingly, the UBports project website for the Fairphone 2 still lists the GSM radio [in addition to the GPS] as a work in progress. However there is a video of two people talking with the handset, so it’s likely the Fairphone 2 project website is out of date.) The website also has instructions for flashing Ubuntu to the Fairphone 2. Read more

BSD Leftovers

  • LLVM/Clang 4.0 Is Running Late Due To Seven Blocker Bugs
    LLVM 4.0 was supposed to have been released by now, but it's running late due to open blocker bugs. Hans Wennborg commented on the mailing list that while the release should have happened on 21 February, serving as release manager, he hasn't tagged the release yet due to open blocker bugs.
  • FreeBSD-Based pfSense 2.3.3 Open-Source Firewall Released with over 100 Changes
    Rubicon Communications' Jim Pingle announced the availability of a new point release to the pfSense 2.3 stable series, which adds over 100 improvements and a bunch of new features. Updated to FreeBSD 10.3-RELEASE-p16, the pfSense 2.3.3 maintenance release is here more than seven months after the 2.3.2 update and introduces several new packages, including TFTP Server, LCDproc, cellular, and tinc, a lot of improvements for the OpenVPN and IPsec implementations, as well as numerous stability and security fixes from FreeBSD. Dozens of bug fixes are included in pfSense 2.3.3 for WebGUI, graphs and monitoring, gateways and routing, notifications, Dynamic DNS, captive portal, NTP and GPS, DNS, resolver and forwarder, DHCP and DHCPv6 servers, router advertisements, HA and CARP, traffic shaping, firewall, rules, NAT, aliases, states, users, authentication, and privileges.
  • “Hi, I’m jkh and I’m a d**k”
    Yesterday, I was privy to a private email message discussing a topic I care deeply about. I contacted the author and said “You really need to make this public and give this a wider audience.” His response boiled down to “if I wanted it to get a wider audience, I was welcome to do so myself.” So here’s my first ever guest post, from Jordan K Hubbard, one of the founders of the FreeBSD Project. While this discussion focuses on FreeBSD, it’s applicable to any large open source project.

Linux Graphics