Language Selection

English French German Italian Portuguese Spanish

Security

The Linux Foundation’s Core Infrastructure Initiative Working with White House on Cybersecurity National Action Plan

Filed under
Linux
Security

The White House today announced its Cybersecurity National Action Plan (CNAP), which includes a series of steps and programs to enhance cybersecurity capabilities within the Federal Government and across the country. In the proposal, the White House announced collaboration with The Linux Foundation’s Core Infrastructure Initiative(CII) to better secure Internet "utilities" such as open-source software, protocols and standards.

Read more

Security Leftovers

Filed under
Security
  • Docker Engine Hardened with Secure Computing Nodes and User Namespaces

    Enterprise systems need enterprise-grade security. With this in mind, Docker Inc. has updated its core container engine with some potentially powerful security measures.

    Docker Inc. has described this release as “huge leap forward for container security.” The company also added a plethora of networking enhancements to Docker 1.10, released Thursday.

  • USENIX Enigma 2016 - Defending, Detecting, and Responding to Hardware and Firmware Attacks
  • Vulnerabilities in Font Processing Library Impact Firefox, Linux: Report

    Security researchers have found vulnerabilities in Graphite, also known as Libgraphite font processing library, that affects a number of systems. The vulnerabilities, if exploited, allow an attacker to seed malicious fonts to a machine. The Libgraphite library is utilised by Linux, Thunderbird, WordPad, Firefox, OpenOffice, as well as several other major platforms and applications.

    Security researchers from Cisco have posted an advisory to outline four vulnerabilities in the Libgraphite font processing library. One of the vulnerabilities allows the attackers to execute arbitrary code on the machine, and among other things, crash the system.

Tails 2.0

Filed under
Reviews
Security
Debian

The newest 2.0 release of Tails brings many enhancements to the distribution. Tails is now based on Debian 8 (Jessie), so packages from the 1.x releases of Tails have been updated to much newer versions. The desktop environment is now GNOME 3.14 running in Classic mode, which is a major advancement over the GNOME 3.4. desktop used in Tails 1.x. However, there is one drawback to this update -- Tails' optional Windows 8 look-alike theme is no longer available. While I normally do not like look-alike themes, having the desktop look like Windows 8 was an understandable and helpful feature in Tails. GNOME 3's Classic mode is a nice, clean environment, but it does not look like Windows or Mac OS X, so using Tails in public is bound to attract some attention.

Read more

Security Leftovers

Filed under
Security
  • ‘White hat’ then, Red Hat now

    “From white hat to Red Hat,” was the joke a senior executive of Red Hat quipped to Alessandro Perilli, after hearing excerpts from The Manila Times interview with him, to which Perilli answered back with a wink, and a seemingly knowing smile. In the vast world of technology, a “white hat” is an internet slang, which refers to an ethical computer hacker or a computer security expert who hacks with the intention of improving security systems.

    Perilli is currently the general manager for Cloud Management Strategy for Red Hat, the world’s leading provider of open source solutions. The technology company recently hosted a full-house Red Hat Forum Asia Pacific in Manila, where key senior executives were in attendance.

  • Vulnerability in Font Processing Library Affects Linux, OpenOffice, Firefox

    Four vulnerabilities in the Graphite (or libgraphite) font processing library allow attackers to compromise machines by supplying them with malicious fonts.

  • Air Force to develop cyber-squadrons, Gen. Hyten says at Broadmoor symposium

    The Air Force plans to revolutionize how it handles computer warfare by beefing up its force of cyberspace experts while contracting out easier jobs, like running the service's network.

  • USENIX Enigma 2016 - Usable Security–The Source Awakens

Security Leftovers

Filed under
Security
  • Rootkit Security: The Next Big Challenge

    Combining this with the Juniper issue, where VPN communication could have been hacked, got me thinking about how firmware can be verified and how to ensure that it’s doing what we think it should be doing and not what someone else wants it to do.

  • What Are Your Container Security Options?

    When virtual machine technology emerged, many organizations' initial approach to security was to apply the same security measures to virtual machines as they did to physical machines. Only later did more specialized software emerge that was specifically designed to meet the security requirements of virtual machines.

    That process is now beginning to repeat itself, with software specifically designed to meet the security requirements of containers now starting to emerge. Some examples of specialized container security software include Clair and Twistlock.

  • In the shadows of the cyber colossus

    It might come as a surprise that South Africa is not always rated near the bottom in international surveys. According to various reports, the country comes out either third or sixth in the world of top cyber crime hotspots.

  • Mysterious spike in WordPress hacks silently delivers ransomware to visitors

    It's still not clear how, but a disproportionately large number of websites that run on the WordPress content management system are being hacked to deliver crypto ransomware and other malicious software to unwitting end users.

Tor Browser 5.5.1 Brings a Functional Private Anonymous Browser to Chinese Users

Filed under
OSS
Security

The Tor Project announced today, February 5, 2016, the immediate availability for download of the first point release for the Tor Browser 5.5 anonymous web browser for Linux, Mac OS X, and Microsoft Windows platforms.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Security advisories for Wednesday
  • Default settings in Apache may decloak Tor hidden services

    The information leak has long been known to careful administrators who take the time to read Tor documentation, but that hasn't prevented some Tor hidden services from falling victim to it. To plug the hole, darkweb sites that run Apache must disable the mod_status module that by default sets up a server status page displaying a variety of potentially sensitive information about the servers. Details include the number of requests per second sent to the server, the most recent HTTP requests received, CPU usage, and in some cases the approximate longitude of the server.

  • WordPress Update Patches Pair of Vulnerabilities

    Automatic updates that patch the two flaws and fix 17 bugs are now rolling out to users of the open-source WordPress CMS.
    A new update to the WordPress open-source blogging and content management system (CMS) has been released that patches a pair of security vulnerabilities and includes 17 bug fixes that improve functionality.

  • Linux Computers Becoming Increasingly Malware Prone
  • 10 Mistakes to Avoid to Make Open Source More Secure

    Open source is becoming more popular in the enterprise. But so are open-source vulnerabilities. Here is how you can prevent open source-related mishaps in 2016.

  • Custom and Open-Source Code: A New Approach to Application Security Management

    Use of open-source software is ubiquitous across the Web, cloud, containers, enterprise apps, mobile and the Internet of Things (IoT). Analysis from Black Duck, an IBM Security partner, showed that open-source code comprises about 30 percent of the average commercial software application; this figure can jump even higher for in-house applications. According to Gartner, open source will be included in mission-critical applications within 99 percent of Global 2000 enterprises by the end of 2016.

Ubuntu Phone Users Getting Patch for Mir Bug That Made Their Devices Unstable

Filed under
Security
Ubuntu

On February 3, 2016, Canonical's Łukasz Zemczak sent his daily report to inform all Ubuntu Phone users about the latest work done by the Ubuntu Touch development team on the upcoming OTA-9.5 hotfix.

Read more

Go phish your own staff: Dev builds open-source fool-testing tool

Filed under
OSS
Security

The platform was written in Go and has been posted to GitHub where it's had more than 300 commits at the time of writing. It differs from some other anti-phishing platforms in part because it is hosted on premise rather than in the cloud, “There are many commercial offerings that provide phishing simulation/training [but] unfortunately, these are SaaS solutions that require you to hand over your data to someone else,” the GoFish team says.

Read more

Syndicate content

More in Tux Machines

'Open' Processor

  • 25-core open source chip could pave way for monster 200,000-core PC
    PRINCETON UNIVERSITY BOFFINS have developed a 25-core open source processor that can be scaled to create a monster 200,000-core PC stuffed with 8,000 64-bit chips. The chip is called Piton after the metal spikes driven by rock climbers into mountain sides, and was presented at the Hot Chips symposium on high-performance computing in Cupertino this week.
  • New microchip demonstrates efficiency and scalable design
    Researchers at Princeton University have built a new computer chip that promises to boost performance of data centers that lie at the core of online services from email to social media. [...] Other Princeton researchers involved in the project since its 2013 inception are Yaosheng Fu, Tri Nguyen, Yanqi Zhou, Jonathan Balkind, Alexey Lavrov, Matthew Matl, Xiaohua Liang, and Samuel Payne, who is now at NVIDIA. The Princeton team designed the Piton chip, which was manufactured for the research team by IBM. Primary funding for the project has come from the National Science Foundation, the Defense Advanced Research Projects Agency, and the Air Force Office of Scientific Research.
  • Manycore ‘Piton’ Climbs Toward 200,000-Core Peak

Android Leftovers

Lubuntu 16.10 Beta Out Now with Linux Kernel 4.4 LTS and the Latest LXDE Desktop

As part of today's Ubuntu 16.10 (Yakkety Yak) Beta launch, Simon Quigley from the Lubuntu Linux team released the first Beta build of the upcoming Lubuntu 16.10 operating system. Read more Also: Ubuntu MATE 16.10 (Yakkety Yak) Beta Removes the Heads-Up Display (HUD) Feature Ubuntu GNOME 16.10 Beta 1 Released with GNOME 3.20 and GNOME 3.22 Beta Apps Ubuntu 16.10 "Yakkety Yak" Beta Released, Ubuntu GNOME Has Experimental Wayland

Facebook open sources its computer vision tools