Language Selection

English French German Italian Portuguese Spanish

Security

Tor Improvements and Bugfix

Filed under
Security
Web
  • Next-Gen Algorithms Make Tor Browser More Secure And Private, Download The Alpha Now

    Tor, the anonymity network was in need of an upgrade, as the world started raising concerns about its reliability. It was this year only when a hacker managed to take down almost 1/5th of the onion network.

    The possible applications of Tor have reached far ahead than calling it a grey market for drugs and other illegal things. It’s already actively used for the exchange of confidential information, file transfer, and cryptocurrency transactions with an expectation that nobody can track it.

  • TorMoil Vulnerability Leaks Real IP Address from Tor Browser Users

    The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users' real IP addresses.

    The vulnerability was spotted by Filippo Cavallarin, CEO of We Are Segment, an Italian company specialized in cyber-security and ethical hacking.

  • Critical Tor flaw leaks users’ real IP address—update now

    Mac and Linux versions of the Tor anonymity browser just received a temporary fix for a critical vulnerability that leaks users' IP addresses when they visit certain types of addresses.

    TorMoil, as the flaw has been dubbed by its discoverer, is triggered when users click on links that begin with file:// rather than the more common https:// and http:// address prefixes. When the Tor browser for macOS and Linux is in the process of opening such an address, "the operating system may directly connect to the remote host, bypassing Tor Browser," according to a brief blog post published Tuesday by We Are Segment, the security firm that privately reported the bug to Tor developers.

IPFire 2.19 - Core Update 115 released

Filed under
GNU
Linux
Security

finally, we are releasing the long-awaited IPFire 2.19 – Core Update 115 which brings the shiny new Captive Portal and various security and performance improvements as well as fixing security vulnerabilities.

This is a large Core Update with a huge number of changes and to support our efforts to develop new features and maintain the existing system as well as constantly improving it, we would like to ask you to donate!

Read more

Security: Dashlane, Coverity, FireEye's GoCrack

Filed under
Security

Security: Pwn2Own, WordPress, Black Duck's Latest FUD (Sales Pitch), Claims of Russian Meddling

Filed under
Security

Security: Kaspersky, GDPR, NIST, Voting

Filed under
Security
  • Kaspersky purged from 'vast majority' of US government systems

    Michael Duffy, who leads cybersecurity and communications at the DHS, explained that fewer than half of their agencies were using Kaspersky's anti-virus software.

  • The EU’s GDPR is even more relevant to Linux systems, and here is why

    This new regulation represents a tightening of the data protection laws. The new regulation requires far faster responses to data breaches (within 72 hours), and the maximum penalty for breaching the legislation has increased by over four times to twenty million euros or four percent of a business’s annual global turnover, whichever is higher. In addition, GDPR will unify the processes by which EU countries regulate their data security. This will ensure breaches are easier to report, investigate and respond to the new supervisory authorities being introduced.

  • New Network Security Standards Will Protect Internet’s Routing

    Electronic messages traveling across the internet are under constant threat from data thieves, but new security standards created with the technical guidance of the National Institute of Standards and Technology (NIST) will reduce the risk of messages being intercepted or stolen. These standards address a security weakness that has been a part of the internet since its earliest days.

  • Disney-branded internet filter had Mickey Mouse security

    A Disney-branded home internet filtering device might keep bad content out, but it was an open door to bad actors until earlier this month.

    That's what Cisco Talos's William Largfent found when he took a look at "Circle with Disney", a Circle Media parental control device on which the entertainment giant slapped its brand.

    Whatever its qualities in filtering an screen time management, the US$99 box is riddled with 23 vulns, as the Talos post discloses.

  • Episode 68 - Ruining the Internet: Episode 68 - Ruining the Internet
  • Security updates for Wednesday
  • Trump administration reportedly kills vehicle-to-vehicle safety mandate [Updated]
  • Members of Congress want you to hack the US election voting system

    This summer, DefCon's "Voting Machine Hacking Village" turned up a host of US election vulnerabilities (PDF). Now, imagine a more mainstream national hacking event backed by the Department of Homeland Security that has the same goal: to discover weaknesses in voting machines used by states for local and national elections.

    That might just become a reality if federal legislation (PDF) unveiled Tuesday becomes law. The proposal comes with a safe harbor provision to exempt participants from federal hacking laws. Several federal exemptions for ethical hacking that paved the way for the DefCon hacking village expire next year.

    The bipartisan "Securing America's Voting Equipment Act" also would provide election funding to the states and would designate voting systems as critical infrastructure—a designation that would open up communication channels between the federal government and the states to share classified threat information.

Security: Nextcloud, Microsoft/Windows, Canonical/Ubuntu

Filed under
Security

pfSense 2.3.5-RELEASE now available

Filed under
Security

As we have promised, will will continue to deliver security and stability fixes to the pfSense 2.3.x line even after we have released pfSense 2.4.0, since i386 and NanoBSD were deprecated in pfSense 2.4.0. These updates will continue for a minimum of one year after the pfSense 2.4.0 release date, which means they will continue through at least October 2018.

Read more

Security: Certificate Authorities, Coverity SPAM, and WordPress Patches

Filed under
Security
  • Mozilla devs discuss ditching Dutch CA, because cryptowars

    Concerns at the effect of The Netherlands' new security laws could result in the country's certificate authority being pulled from Mozilla's trust list.

    The nation's Information and Security Services Act will come into force in January 2018. The law includes metadata retention powers similar to those enacted in other countries, and also grants broad-based interception powers to Dutch security services.

  • Francisco Partners Acquires Comodo's Certificate Authority Business

    Private equity firm Francisco Partners announced on Oct. 31 that it has acquired the SSL/TLS Certificate Authority (CA) business from security firm Comodo Group. Financial terms of the deal are not being publicly disclosed.

    "This is a carve-out of the Comodo SSL business, which is now going to be a separate legal and operational entity," Bill Holtz, CEO of Comodo CA told eWEEK.

  • Open source developers make progress in adopting secure practices [Ed: Coverity marketing disguised as an article. Because journalism is dead. The business model is PR as 'reports']
  • WordPress 4.8.3 Security Release

Security: UEFI, Windows and NSA Back Doors

Filed under
Security
  • Replace Your Exploit-Ridden Firmware with Linux

    With the WikiLeaks release of the vault7 material, the security of the UEFI (Unified Extensible Firmware Interface) firmware used in most PCs and laptops is once again a concern. UEFI is a proprietary and closed-source operating system, with a codebase almost as large as the Linux kernel, that runs when the system is powered on and continues to run after it boots the OS (hence its designation as a “Ring -2 hypervisor"). It is a great place to hide exploits since it never stops running, and these exploits are undetectable by kernels and programs.

  • Your Windows Login Details Can Be Stolen By Hackers Without User Interaction

    From time to time, the security researchers continue to make us realize that Windows operating system is full of loopholes that can be exploited by hackers to steal our data. One such vulnerability was patched by Redmond in recent patch Tuesday.

  • NSA hacking tool EternalRomance found in BadRabbit

    Several research firms have named EternalRomance as the tool BadRabbit used to spread through an organisation once the ransomware was installed in a host computer. When the cyber-attack first sprang up on 24 October there were many reports claiming that EternalBlue, the tool made famous with the Petya/NotPetya attacks that took place earlier this year, was the culprit, but this was quickly disproven by researchers. However, EternalRomance does share at least one similarity with the other attack, each exploits the same Microsoft vulnerability.

Syndicate content

More in Tux Machines

Openwashing: Intel, Apple, and Microsoft

  • The Several Faces of Intel Compilers [Ed: It says that this so-called 'article' is "sponsored", so IDG is now running ads as 'articles'. Not even pretense about whether it's journalism or not.]
  • FoundationDB Goes Open Source [Ed: "FoundationDB gave Apple a foothold in the crowded NoSQL database sector," it says and this is what this openwashing is all about. It's helping Apple in spreading its proprietary frameworks and surveillance 'clouds'.]
  • Linux Everywhere (Premium) [Ed: "Linux Everywhere," says longtime Microsoft propagandist, in service (IMHO) of the latest EEE strategy. Don't forget who's still in charge.]

Android Leftovers

An introduction to the GNU Core Utilities

These two collections of Linux utilities, the GNU Core Utilities and util-linux, together provide the basic utilities required to administer a Linux system. As I researched this article, I found several interesting utilities I never knew about. Many of these commands are seldom needed, but when you need them, they are indispensable. Between these two collections, there are over 200 Linux utilities. While Linux has many more commands, these are the ones needed to manage the basic functions of a typical Linux host. Read more

Today in Techrights