Language Selection

English French German Italian Portuguese Spanish

Security

Entropy drought hits Raspberry Pi harvests, weakens SSH security

Filed under
Security

The November 2015 release of Raspbian does not use a hardware random number generator by default, according to a bug report posted to the Pi forums. Ideally, this generator should pour unpredictable numbers into a so-called entropy pool from which cryptographically secure numbers can be obtained – but this doesn't happen, and so the operating system's algorithms end up producing rather predictable "random" numbers.

Read more

Qubes OS 3.0 (also KaOS 2015.10 and Plasma on Wayland and NetBSD 7.0)

Filed under
GNU
Linux
Reviews
Security

I am sorry to say I have tried each major release of Qubes OS released to date and, so far, none has installed successfully for me. I admire the goal of the Qubes project, making it easy for users to isolate separate tasks in order to improve security. I am of the opinion the concept of a user (and a user's processes) having full access to everything in a user's account raises security concerns. I would like to see more effort put into projects like Qubes and AppArmor in order to make it easier for a user to compartmentalize their digital life.

Read more

Security Leftovers

Filed under
Security
  • Security advisories for Monday
  • Warning: Internet security turbulence ahead

    A little more than a year ago, I urged manufacturing companies testing the IoT waters to leave the work of bringing Internet connectivity to their traditionally unconnected products to those who understand what’s at stake. I’m not alone in my concerns that the IoT brigade will bring with it an avalanche of staggeringly insecure products that will find their way into our daily lives.

    What we’re seeing right now is a hopefully imperfect storm of security challenges that, with any luck, will not result in global security and privacy breaches. In one corner, we have companies like Dell and Lenovo distributing computers with wide-open root CAs, allowing anyone with a small amount of skill to crib a certificate and spoof SSL websites, run man-in-the-middle attacks, and install malicious software on those Windows systems with nary a whimper from the “protections” in place to prevent such issues.

  • Flaws in Huawei WiMax routers won't be fixed, researcher says

    Huawei isn't planning on patching several flaws in seven models of WiMax routers that are not being supported anymore by the company, according to a security researcher.

    Huawei isn't planning on patching several flaws in seven models of WiMax routers that are not being supported anymore by the company, according to a security researcher.

    Pierre Kimpublished a list of the affected models, which are still used in countries including Ivory Coast, Iran, Iraq, Libya, the Philippines, Bahrain and Ukraine.

  • The threats of November 2015, Linux ransomware leads the way according to new report [Ed: Blaming already-resolved CMS bugs on “Linux”]
  • Can't get a break: Pwned Linux ransomware pwned again, infects 3000

    WordPress and Magento sites are the main targets. The software had infected 2000 sites by 12 November and surpassed 3000 two weeks later.

Tux Machines Again Faces DDOS Attacks

Filed under
Security

The popular website Tux Machines has evidently fallen victim to a DDOS attack that made the site unavailable for part of the day on Friday. The announcement of the attack was initially made in a blog notice posted on the site late Friday morning GMT which opened with the line “Tux Machines has been mostly offline this morning.”

Read more

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Researchers poke hole in custom crypto built for Amazon Web Services

    Underscoring just how hard it is to design secure cryptographic software, academic researchers recently uncovered a potentially serious weakness in an early version of the code library protecting Amazon Web Services.

    Ironically, s2n, as Amazon's transport layer security implementation is called, was intended to be a simpler, more secure way to encrypt and authenticate Web sessions. Where the OpenSSL library requires more than 70,000 lines of code to execute the highly complex TLS standard, s2n—short for signal to noise—has just 6,000 lines. Amazon hailed the brevity as a key security feature when unveiling s2n in June. What's more, Amazon said the new code had already passed three external security evaluations and penetration tests.

  • Social engineering: hacker tricks that make recipients click

    Social engineering is one of the most powerful tools in the hacker's arsenal and it generally plays a part in most of the major security breaches we hear about today. However, there is a common misconception around the role social engineering plays in attacks.

  • Judge Gives Preliminary Approval to $8 Million Settlement Over Sony Hack

    Sony agreed to reimburse employees up to $10,000 apiece for identity-theft losses

  • Cyber Monday: it's the most wonderful time of year for cyber-attackers

    Malicious attacks on shoppers increased 40% on Cyber Monday in 2013 and 2014, according to EnigmaSoftware.com, an anti-malware and spyware company, compared to the average number of attacks on days during the month prior. Other cybersecurity software providers have identified the December holiday shopping season as the most dangerous time of year to make online purchases.

    “The attackers know that there are more people online, so there will be more attacks,” said Christopher Budd, Trend Micro’s global threat communications manager. “Cyber Monday is not a one-day thing, it’s the beginning of a sustained focus on attacks that go after people in the holiday shopping season.”

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

Mozilla Releases Thunderbird 38.4.0 to Patch High and Critical Security Issues

Filed under
Moz/FF
Security

Mozilla has announced the release of a new maintenance version of the popular, open-source, and cross-platform Mozilla Thunderbird 38 email and news client for all supported operating systems, including GNU/Linux, Mac OS X, and Windows.

Read more

LibreOffice Has About 1,200 UI-Related Reported Bugs, Come and Help Fix Them

Filed under
LibO
Security

LibreOffice might be a great office suite, but the community doesn’t like the fact that the UI still looks kind of dated. The good news is that anyone with some coding skills can try to fix that by working on the project.

Read more

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

today's leftovers

  • Calamares 2.3 Installer Released
  • ANNOUNCE: libosinfo 0.3.1 released
    I am happy to announce a new release of libosinfo, version 0.3.1 is now available, signed with key DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF (4096R). All historical releases are available from the project download page.
  • There and Back Again: The MongoDB Cloud Story
    Before it was a database company, MongoDB was a cloud company. Founded in 2007 and originally known as 10gen, the company originally intended to build a Java cloud platform. After building a database it called MongoDB, the company realized that the infrastructure software it had built to support its product was more popular than the product itself, and the PaaS company pivoted to become a database company – eventually taking the obvious step of renaming itself to reflect its new purpose.
  • C++17: New Features Coming To 33-Year-Old Programming Language
    The C++17 standard is taking shape and adding new features to the vintage programming language. This major update aims to make C++ an easier language to work with and brings powerful technical specifications.
  • Clearing the Keystone Environment

GNU/Linux Leftovers

Red Hat Summit

  • Red Hat Summit Advocates the Power of Participation
    Red Hat hosted its annual Red Hat Summit customer event June 28-30 at the Moscone Center in San Francisco, with a theme of harnessing the power of participation. Once again, the DevNation developer event, which is the successor to JBoss World, was co-located with Red Hat Summit. For JBoss, 2016 is a particularly significant year as it marks 10 years since Red Hat acquired it. At DevNation, Red Hat announced the new JBoss Enterprise Application Platform (EAP) 7 release, providing new cloud-enhanced capabilities for Red Hat's flagship middleware platform. JBoss is now also working to help enable Java for the container era, with the launch of the MicroProfile Project, an effort to optimize enterprise Java for a microservices architecture. Java wasn't the only focus of DevNation this year either, as Microsoft took center stage too, announcing the availability of its .NET Core for Red Hat Enterprise Linux. In this slide show, eWEEK takes a look at some of the highlights of the Red Hat Summit and DevNation 2016 events.
  • How Red Hat is tailoring OpenStack to fit … everyone
    Even though there have been no major changes announced to the OpenStack platform of late, it was still one of the most talked about subjects at this year’s Red Hat Summit. Red Hat plays a significant role in the development of the platform and is very proud of its contribution to the community.
  • New technologies foster an open-source environment
    In 2007, when 3scale, Inc. was founded, some people thought it was crazy to be investing so much time and energy into API. But Steven Willmott, CEO of 3scale, Inc., said that even at that time his team knew that the future was API-driven, and they wanted to help that happen.

Leftovers: Gaming