Language Selection

English French German Italian Portuguese Spanish

Security

Security News

Filed under
Security
  • Jay Beale: Linux Security and Remembering Bastille Linux

    Security expert and co-creator of the Linux-hardening (and now Unix-hardening) project Bastille Linux. That’s Jay Beale. He’s been working with Linux, and specifically on security, since the late 1980s. The greatest threat to Linux these days? According to Beale, the thing you really need to watch out for is your Android phone, which your handset manufacturer and wireless carrier may or may not be good about updating with the latest security patches. Even worse? Applications you get outside of the controlled Google Play and Amazon environments, where who-knows-what malware may lurk.

    On your regular desktop or laptop Linux installation, Beale says the best security precaution you can take is encrypting your hard drive — which isn’t at all hard to do. He and I also talked a bit, toward the end, about how “the Linux community” was so tiny, once upon a time, that it wasn’t hard to know most of its major players. He also has some words of encouragement for those of you who are new to Linux and possibly a bit confused now and then. We were all new and confused once upon a time, and got less confused as we learned. Guess what? You can learn, too, and you never know where that knowledge can take you.

  • Automotive security: How safe is a next-generation car?

    The vehicles we drive are becoming increasingly connected through a variety of technologies. Features such as keyless entry and self-diagnostics are becoming commonplace. Unfortunately, they can also introduce IT security issues.

  • Let's Encrypt: Every Server on the Internet Should Have a Certificate

    The web is not secure. As of August 2016, only 45.5 percent of Firefox page loads are HTTPS, according to Josh Aas, co-founder and executive director of Internet Security Research Group. This number should be 100 percent, he said in his talk called “Let’s Encrypt: A Free, Automated, and Open Certificate Authority” at LinuxCon North America.

    Why is HTTPS so important? Because without security, users are not in control of their data and unencrypted traffic can be modified. The web is wonderfully complex and, Aas said, it’s a fool’s errand to try to protect this certain thing or that. Instead, we need to protect everything. That’s why, in the summer of 2012, Aas and his friend and co-worker Eric Rescorla decided to address the problem and began working on what would become the Let’s Encrypt project.

  • OpenSSL 1.1 Released With Many Changes

    OpenSSL 1.1.0 was released today as a major update to this free software cryptography and SSL/TLS toolkit.

    In addition to OpenSSL 1.1 rolling out a new build system and new security levels and support for pipelining and a new threading API, security additions to OpenSSL 1.1 include adding the AFALG engine, support for ChaChao20 in libcrypto/libssl, scrypto algorithm support, and support for X25519, among many other additions.

  • Is Windows ​10’s ‘Hidden Administrator Account’ a security risk? [Ed: Damage control from Microsoft Jack (Jack Schofield) because Microsoft Windows is vulnerable by design]

Security News

Filed under
Security
  • Wednesday's security updates
  • This Android botnet relies on Twitter for its commands
  • Android Security Flaw Exposes 1.4B Devices [Ed: Alternative headline is, "Android is very popular, it has billions of users. And yes, security ain’t perfect." When did the press ever publish a headline like, "Windows flaw leaves 2 billion PCs susceptible for remote takeover?" (happens a lot)]
  • Wildfire ransomware code cracked: Victims can now unlock encrypted files for free

    Victims of the Wildfire ransomware can get their encrypted files back without paying hackers for the privilege, after the No More Ransom initiative released a free decryption tool.

    No More Ransom runs a web portal that provides keys for unlocking files encrypted by various strains of ransomware, including Shade, Coinvault, Rannoh, Rakhn and, most recently, Wildfire.

    Aimed at helping ransomware victims retrieve their data, No More Ransom is a collaborative project between Europol, the Dutch National Police, Intel Security, and Kaspersky Lab.

    Wildfire victims are served with a ransom note demanding payment of 1.5 Bitcoins -- the cryptocurrency favored by cybercriminals -- in exchange for unlocking the encrypted files. However, cybersecurity researchers from McAfee Labs, part of Intel Security, point out that the hackers behind Wildfire are open to negotiation, often accepting 0.5 Bitcoins as a payment.

    Most victims of the ransomware are located in the Netherlands and Belgium, with the malicious software spread through phishing emails aimed at Dutch speakers. The email claims to be from a transport company and suggests that the target has missed a parcel delivery -- encouraging them to fill in a form to rearrange delivery for another date. It's this form which drops Wildfire ransomware onto the victim's system and locks it down.

Security Leftovers

Filed under
Security

Security News

Filed under
Security

Canonical Releases Massive Mir 0.24.0 Display Server Update for Ubuntu Linux OS

Filed under
Security
Ubuntu

Canonical has pushed a new massive update (version 0.24.0) of the Mir display server used to power the Unity 8 user interface of the next-generation Ubuntu Linux operating system.

Read more

Security Leftovers

Filed under
Security

Security News

Filed under
Security

GitLab Features Expansion

Filed under
Development
Security

Security Leftovers

Filed under
Security

Security News

Filed under
Security
  • Security and reproducible-build progress in Guix 0.11

    The GNU Guix package-manager project recently released version 0.11, bringing with it support for several hundred new packages, a range of new tools, and some significant progress toward making an entire operating system (OS) installable using reproducible builds.

    Guix is a "functional" package manager, built on many of the same ideas found in the Nix package manager. As the Nix site explains it, the functional paradigm means that packages are treated like values in a functional programming language—Haskell in Nix's case, Scheme in Guix's. The functions that build and install packages do so without side effects, so the system can easily offer nice features like atomic transactions, rollbacks, and the ability for individual users to build and install separate copies of a package without fear that they will interfere. Part of making such a system reliable is to ensure that builds are "reproducible"—meaning that two corresponding copies of a binary built on different systems at different times will be bit-for-bit identical.

  • VeraCrypt Audit Under Way; Email Mystery Cleared Up

    To say the VeraCrypt audit, which begins today, got off to an inauspicious start would be an understatement.

    On Sunday, two weeks after the announcement that the open source file and disk encryption software would be formally scrutinized for security vulnerabilities, executives at one of the firms funding the audit posted a notice that four emails between the parties involved had been intercepted.

  • Cryptocurrency Mining Virus Targets Linux Machines
  • Why The Windows Secure Boot Hack Is a Good Thing

    Most coverage of the subject has been written in that panicky, alarmist prose that makes for exciting news, but the problem is that the invalidation of Secure Boot is a very positive development for everyone concerned, except for Microsoft. Yes, it shows why backdoors for “the good guys” are a terrible idea — yes, it even has far-reaching implications for every piece of computing technology using the UEFI standard. However, I maintain that it will have a positive influence on the direction of security and tech standards moving forward.

Syndicate content

More in Tux Machines

Voyager 9 Linux Distro Enters Development, Now Based on Debian 9 "Stretch"

The developers of the Voyager Linux OS announced the availability of the first Beta build of the upcoming Voyager 9 release, which will be based on the soon-to-be-announced Debian GNU/Linux 9 "Stretch" operating system. Read more

Black Lab Linux Gets First Weekly ISOs, Adds Linux Kernel 4.8 from Ubuntu 16.10

Earlier this week, we told you that Black Lab Software, the developers of the Ubuntu-based Black Lab Linux distribution, published the roadmap of the next Black Lab Linux releases. Read more

Games for GNU/Linux

Linux 4.9.13

I'm announcing the release of the 4.9.13 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-st... Read more Also: Linux 4.4.52 Linux 4.10.1