Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

NSA's XKEYSCORE Surveillance Is Running on Hundreds of Red Hat Linux Servers

Filed under
Red Hat
Security

Details about the NSA surveillance program unveiled by Edward Snowden are still coming to light, two years after the initial revelations were made. From the looks of it, at least one of the components of the NSA surveillance is being run from Red Hat Linux servers.

Read more

Claws Mail 3.13 Open-Source Email Client Has Great New Features, Bugfixes

Filed under
OSS
Security

A new version of the GTK+ based, open-source, user-friendly, free, fast and lightweight Claws Mail email client for GNU/Linux and Windows operating systems is now available for download, as announced by its developers on October 11, 2015.

Read more

Security Leftovers

Filed under
Security
  • Tor browser co-creator: Experian breach shows encryption may not be security panacea

    The Experian/T-Mobile hack may be more worrisome than Experian’s carefully worded description of it suggests, some security experts said Friday.

    One is the co-creator of the Tor secure browser, David Goldschlag, (now SVP of strategy at Pulse Secure). Goldschlag previously was head of mobile at McAfee, and also once worked at the NSA.

    I asked Goldschlag a simple question: “After the Office of Personnel Management and Experian hacks, is there reason to fear that hackers now have the means to steal actual financial information (credit card numbers, etc.) from banks or insurers?”

  • AV-TEST tests Linux security solutions against Linux and Windows threats

    To do so, it is often sufficient to copy files from a Linux environment to Windows.” it further adds. The most obvious mode of attack involves luring victims to install software or updates via third-party package sources. The team conducted test by running 16 different Anti-virus solutions and splitting test session into three distinct phases,

    The detection of Windows malware
    The detection of Linux malware and
    The test for false positives.

    Out of 16 antivirus solutions 8 detected between 95-99% of the 12,000 Windows threat used in the test: The Anti-virus solutions that helped in detection include Bitdefender, ESET, Avast, F-Secure, eScan, G Data, Sophos and Kaspersky Lab (server version).

  • Outlook.com had classic security blunder in authentication engine

    The cross-site request forgery vulnerability means that any user visiting a malicious page can have their accounts hijacked without further interaction.

    The since-patched hole existed in Microsoft Live.com and could have been spun into a dangerous worm, Wineberg says.

  • Meet the White Team, Makers of the Linux.Wifatch Viligante Malware

    However, Softpedia News noted that the Linux.Wifatch source code has not been released in its entirety. That’s likely because the White Team is worried that traditional cybercriminals would exploit the malware for more nefarious purposes. It also explains why it was a clandestine operation in which router owners weren’t aware their systems had been infected, even if it was only to defend them against black-hat attackers.

    Whether or not anyone appreciates the White Team’s form of vigilante security tactics, they may believe the work should serve as a warning to those who don’t follow basic data protection procedures, Hacked said. For example, there are still untold numbers of home routers that use default passwords and leave admin access wide open to malware and other threats.

  • Practical SHA-1 Collision Months, Not Years, Away
  • Search engine can find the VPN that NUCLEAR PLANT boss DIDN'T KNOW was there - report

    The nuclear industry is ignorant of its cybersecurity shortcomings, claimed a report released today, and despite understanding the consequences of an interruption to power generation and the related issues, cyber efforts to prevent such incidents are lacking.

    The report adds that search engines can "readily identify critical infrastructure components with" VPNs, some of which are power plants. It also adds that facility operators are "sometimes unaware of" them.

    Nuclear plants don't understand their cyber vulnerability, stated the Chatham House report, which found industrial, cultural and technical challenges affecting facilities worldwide. It specifically pointed to a "lack of executive-level awareness".

FreeNAS 10 Enters Alpha, Brings Lots of New Technologies, Based on FreeBSD 10.2

Filed under
Security
BSD

FreeNAS' Jordan Hubbard was proud to announce the other day, October 8, the release and immediate availability for download of the first Alpha build of the upcoming FreeNAS open source Network Attached Storage (NAS) solution.

Read more

Lastpass sold to LogMeIn -- should Linux users panic?

Filed under
Linux
Security

Today, however, Lastpass drops a bombshell, announcing it has been bought by the company LogMeIn. I am not familiar with this new owner, but many people are unhappy -- the comment section on the announcement is full of outrage. If you only use Windows, Mac, iOS or Android, there are alternatives, so you can switch if things get bad. Users of Chrome OS, Ubuntu, Fedora and other such operating systems? Not so much. Should we Linux users panic?

Read more

Security Leftovers

Filed under
Linux
Security

How Xen Manages Security Disclosure

Filed under
OSS
Security

When security vulnerabilities are found in any piece of software, the ideal way to fix them is before the general public or attackers are made aware of bugs. Kurth explained that the traditional wisdom in security is to keep any type of predisclosure list for security as small as possible. In Xen's case, the project went through multiple iterations of its security disclosure process, in an attempt to keep things fair for both large and small vendors.

Read more

Security Leftovers

Filed under
Security
  • Malware Peddling Vigilantes behind Linux.Wifatch Speak Up

    The group also add that Linux.Wifatch was never intended to be secretive and added that to be “truly ethical, it needs to have a free license.” However, the developers did not go out of their way to make the Wifatch’s presence known in the wider community, to avoid detection by other malware authors.

    The group haven’t revealed their identity and contend that they are “nobody important,” while adding that although they can be trusted not to do “evil things” with users’ devices anybody could steal the key (speaking figuratively), no matter how well the group protects it.

  • Government Accountability Offices Finds Government Still Mostly Terrible When It Comes To Cybersecurity

    The government has done a spectacularly terrible job at protecting sensitive personal information over the past couple of years. Since 2013, the FDA, US Postal Service, Dept. of Veterans Affairs, the IRS and the Office of Personnel Management have all given up personal information. So, it's no surprise the Government Accountability Office's latest report on information security contains little in the way of properly-secured information.

  • This New 'Secure' App for Journalists May Not Be Secure At All

    When I started working as a journalist in Colombia in 2006, "What do I do if I get kidnapped?" was a common topic at parties. In fact in 2007, my brother (not a journalist) got kidnapped in a small town outside of Medellín. The Colombian anti-kidnapping squad (GAULA) rescued him.

    So let's just say I take an interest in journalist security tools. New apps have the potential to help journalists do their jobs, and stay safe while doing so.

    Unfortunately, Reporta, a new app from the International Women's Media Foundation (IWMF) billed as "the only comprehensive security app available worldwide created specifically for journalists," sounds like it may put journalists in danger.

Linux Security: Lock Down a New System Immediately

Filed under
GNU
Linux
Security

PCWorld recently published an article about Linux botnets launching DDoS attacks. The attackers find and exploit poorly secured Linux systems. Some Linux users have a fairly cavalier attitude about security, assuming the supposedly superior design of the OS somehow protects them. It doesn't. Now that Chromebooks outsell Windows laptops and Amdroid devices are ubiquitous the days when Linux was a secondary target for malware are long gone. Linux' prominence in both the server room and on consumer devices make it a prime target.

Read more

Syndicate content

More in Tux Machines

12-Way NVIDIA GeForce Comparison For F1 2015 On Linux

While the F1 2015 Formula One racing game was released for Windows last year, only yesterday was the Linux port released by Feral Interactive. Given the high requirements for F1 2015 on Linux with this OpenGL port, I decided to test this racing game on a range of NVIDIA graphics cards under Ubuntu Linux. Yep, only NVIDIA tests this round as the game doesn't work yet with the AMD Linux drivers. Read more

Wine 1.9.11

  • Wine 1.9.11 Has Direct3D 11 Improvements
    Out now is Wine 1.9.11 and its release has improvements in its Direct3D 11 support, but still it doesn't appear that Wine is ready yet for handling all the latest D3D11 AAA games. The official Wine 1.9.11 announcement mentions "various Direct3D 11 improvements" along with better support for long URLs in WinInet, down-mixing support in DirectSound, cosmetic improvements to desktop mode, and bug fixes. In total there are 21 known bug fixes for this new development release.
  • Wine Announcement
  • Wine 1.9.11 Gets Direct3D 11 Improvements, DirectSound Down-Mixing Support
    The Wine team announced the release of the eleventh milestone towards Wine 2.0, adding more improvements and fixing issues with various Windows applications and games. Release highlights of Wine 1.9.11 include several improvements to the Direct3D 11 implementation, down-mixing support in DirectSound, various enhancements to the desktop mode, as well as better support for long URLs in the WinInet component.
  • The Wine Development Release 1.9.11 Is Now Available
    The Wine team released today another development release of their software. Version 1.9.11 has many small changes including 21 bugfixes.

Using Open Source Software, Powering Potential and the Raspberry Pi Foundation Bring Technology to Schools in Tanzania

Thanks to open source, Powering Potential and the Raspberry Pi Foundation are able to bring computers and a library of digital education content to rural schools in the East African nation of Tanzania. Recently, the Foundation funded a project now distributing Raspberry Pi computers with uploaded educational content alongside portable projectors and screens to 56 schools across the Zanzibar archipelago and two mainland regions of Tanzania. The Segal Family Foundation also provided matching funds, which enables the project to give computer training as well. With a five-fold increase in the number of students in the decade following 2003, the nation is struggling to provide more schools, classrooms, teachers, desks, and textbooks. Yet whenever you visit rural secondary schools in Tanzania, you will find eager girls and boys in roughly equal numbers outfitted in uniforms with ready smiles. Read more

Java Fair Game, Millennium Bug, Open Source DNA

The top story today was the court decision in Oracle vs Google for copyright infringement. Everyone is celebrating but Oracle. In other news Phoronix.com reported today that Linus is questioning the benefits of new Y2038 patches and Bryan Lunduke said that Open Source has been in our DNA since cave painting days. The Open Source Initiative released an Open Source License API and The Document Foundation posted a video explaining The Document Liberation Project. Read more