Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

Black Duck's Free Tool Digs Out Open Source Bugs

Filed under
OSS
Security

The main advantage of such tools is ease of use. The main limitation is that a tool is only as effective as its creators' list of vulnerabilities. Using a given tool implies that you trust the vendor to stay alert and on the job, noted King.

Developers have "a ton of other similar offerings out there," he said. By offering a free scanner, Black Duck can draw attention to its other products.

"If the new tool delivers what the company promises, it will help put the company in good stead with customer developers. Satisfied customers tend to be repeat customers," King said.

Read more

Security Leftovers

Filed under
Security
  • Friday's security updates
  • Judge Says The FBI Can Keep Its Hacking Tool Secret, But Not The Evidence Obtained With It

    Michaud hasn't had the case against him dismissed, but the government will now have to rely on evidence it didn't gain access to by using its illegal search. And there can't be much of that, considering the FBI had no idea who Michaud was or where he resided until after the malware-that-isn't-malware had stripped away Tor's protections and revealed his IP address.

    The FBI really can't blame anyone but itself for this outcome. Judge Bryan may have agreed that the FBI had good reason to keep its technique secret, but there was nothing preventing the FBI from voluntarily turning over details on its hacking tool to Michaud. But it chose not to, despite his lawyer's assurance it would maintain as much of the FBI's secrecy as possible while still defending his client.

    Judge Bryan found the FBI's ex parte arguments persuasive and declared the agency could keep the info out of Michaud's hands. But doing so meant the judicial playing field was no longer level, as he acknowledged in his written ruling. Fortunately, the court has decided it's not going to allow the government to have its secrecy cake and eat it, too. If it wants to deploy exploits with minimal judicial oversight, then it has to realize it can't successfully counter suppression requests with vows of silence.

  • Researcher Pockets $30,000 in Chrome Bounties

    Having cashed in earlier in May to the tune of $15,500, Mlynski pocketed another $30,000 courtesy of Google’s bug bounty program after four high-severity vulnerabilities were patched in the Chrome browser, each worth $7,500 to the white-hat hacker.

Kali Linux Alternative: BackBox Linux 4.6 Released With Updated Hacking Tools

Filed under
GNU
Linux
Security

BackBox Linux, a Kali Linux alternative, is here with its latest version i.e. BackBox Linux 4.6. Based on Ubuntu Linux, this hacking operating system is now available for download with updated hacking tools and Ruby 2.2.

Read more

Secure Desktops with Qubes: Introduction

Filed under
OS
Security

This is the first in a multipart series on Qubes OS, a security-focused operating system that is fundamentally different from any other Linux desktop I've ever used and one I personally switched to during the past couple months. In this first article, I provide an overview of what Qubes is, some of the approaches it takes that are completely different from what you might be used to on a Linux desktop and some of its particularly interesting security features. In future articles, I'll give more how-to guides on installing and configuring it and how to use some of its more-advanced features.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Thursday
  • Paul Vixie on IPv6 NAT, IPv6 security and Internet of Things

    Internet pioneer Paul Vixie spoke with SearchSecurity about IPv6 NAT, IPv6 and the Internet of Things, and the long, thankless path to deploying IPv6.

  • PHP 7.0.7 Released Fixing 28 Bugs

    As is the case with a .xy update, this is mostly a bug fix update, with at least 28 different issues being fixed in an effort to make PHP 7.x more stable. Though the PHP project hasn't identified any specific security vulnerabilities that are fixed in the update, I see at least one with bug #72162.

  • Skimmers Found at Walmart: A Closer Look

    Recent local news stories about credit card skimmers found in self-checkout lanes at some Walmart locations reminds me of a criminal sales pitch I saw recently for overlay skimmers made specifically for the very same card terminals.

Anonymous Live CD Tails to Use Tor Browser 6.0, Firewall and Kernel Hardening

Filed under
Security
Debian

The next major version of the Tails amnesic incognito live system, also known as the Anonymous Live CD used by ex-CIA employee Edward Snowden to stay hidden online using the latest Tor technologies, is now in the works.

Tails 2.4 development is open, and it looks like the first Release Candidate (RC) build has already landed for public beta testing, incorporating some major new features and changes, among which we can mention the upgrade to the latest Tor Browser 6.0 web browser based on Mozilla Firefox 45.2.

Read more

Also: Ubuntu 16.04 LTS (Xenial Xerus) Release Party in Japan to Take Place June 26

Security Leftovers

Filed under
Security

Torvalds unhappy with sloppy Unix Millennium Bug patches for Linux kernel

Filed under
Linux
Security

Along similar lines to the Y2K bug, there is a new challenge faced by Unix-like operating systems known as the year 2038 problem or 'Unix Millennium Bug'. Under these operating systems, date values are stored in a signed 32-bit integer indicating the number of seconds since January 1, 1970. A problem arises with the 32-bit integer overflowing at approximately 0314 hours on January 19, 2038 causing systems to interpret the date value as December 13, 1901.

Read more

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

Open/Hacker Hardware

4MLinux 20.1 released.

This is a minor maintenance release in the 4MLinux STABLE channel. The release ships with the Linux kernel 4.4.34, which restores PAE support that "magically" disappeared in 4MLinux 20.0 (sorry :-). Additionally, some popular programs (Double Commander, Dropbox, Firefox, Java RE, Opera, PeaZip, Thunderbird, Wine) have been updated, too. Read more

Refracta 8.0 Is a Pint-Sized Powerhouse

Refracta is a somewhat obscure Linux distribution that offers exceptional functionality and stability. Obscurity is not always a bad thing when it comes to Linux distros. You can find some very worthwhile alternatives to your current operating system. Refracta is a big surprise in a small package. Many look-alike desktop distros are difficult to distinguish from run-of-the-mill garden varieties. Others offer new adopters something unique that makes using them fun and productive. Refracta is one of the few full-service Linux distros that makes an easy and more convenient replacement for pocket Linux options such as Puppy Linux. Not all Linux distros that install to a USB drive -- and have the ability to save files and system settings in a persistent mode -- work equally well. Read more

Clear Linux With Mesa 13 Is A Strong Match For Intel Linux Performance

When benchmarking Intel's Clear Linux distribution earlier this year we found its Intel graphics performance to be quite good and slightly faster than other Linux distributions even when Clear was using an older version of Mesa. Now with Clear Linux having switched to Mesa 13, I decided to run some fresh Intel OpenGL benchmarks on it compared to other distributions. Read more