Language Selection

English French German Italian Portuguese Spanish

Security

Subgraph OS: Secure, Free, Open Source Linux Operating System For Non-technical Users

Filed under
GNU
Linux
Security

To answer your security related concerns, Subgraph OS is here as a free, secure, open source Linux operating system for the non-technical users. This security-focused distro comes with complete TOR integration, full-disk encryption, OpenPGP mail integration, system hardening and other features. Know more about the OS and make your system secure.

Read more

JasPer Vulnerabilities Fixed in Ubuntu

Filed under
Security
Ubuntu

A couple of JasPer issues have been found and repaired in the Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems.

Read more

Security Leftovers

Filed under
Security
  • Security advisories for Thursday
  • State Department Backs Off Criminalizing Security Research Tools

    Some good news for security researchers: the US government's adoption of the Wassenaar Arrangement will no longer treat the tools of security research like crates of machine guns. While exploits and penetration tools can be used by bad people for bad things, they're also invaluable to security researchers who use these to make the computing world a safer place.

    Vague wording in the US government's proposed adoption of the 2013 version of the Wassenaar Arrangement threatened to criminalize the development of security research tools and make any researcher traveling out of the country with a laptop full of exploits an exporter of forbidden weapons.

  • IRS Tool Designed To Protect Identity Theft Victims -- Exposes Users To Identity Theft

    Last year, the personal records of 100,000 taxpayers wound up in the hands of criminals, thanks to a flimsy authentication process in the agency's "Get Transcript" application. In short, the IRS used all-too-common static identifiers to verify taxpayer identity (information that could be found anywhere), allowing criminals to use the system to then obtain notably more sensitive taxpayer information and ultimately steal finances. At the time, the IRS breathlessly insisted it would be shoring up its security standards, though it failed to really detail how it would accomplish this.

  • 1Password sends your password across the loopback interface in clear text

    1Password sends your password in clear text across the loopback interface if you use the browser extensions.

  • Bruce Schneier: We're sleepwalking towards digital disaster and are too dumb to stop

    Security guru Bruce Schneier has issued a stark warning to the RSA 2016 conference – get smart or face a whole world of trouble.

    The level of interconnectedness of the world's technology is increasing daily, he said, and is becoming a world-sized web – which he acknowledged was a horrible term – made up of sensors, distributed computers, cloud systems, mobile, and autonomous data processing units. And no one is quite sure where it is all heading.

  • Latest attack against TLS shows the pitfalls of intentionally weakening encryption

Perl Vulnerabilities Closed in All Supported Ubuntu OSes

Filed under
Security
Ubuntu

Canonical has detailed three Perl vulnerabilities that have been identified and fixed in Ubuntu 15.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Open-source code from Mars rover used in espionage campaign targeting Indian government

    Two open-source code libraries used in the development of the historic Mars rover have been exploited by cybercriminals and moulded into an effective espionage tool that is being used to target high-level officials in the Indian government.

    First exposed by security researchers at Palo Alto Networks, the malware, now dubbed Rover, was found in a malicious phishing email received by India's ambassador to Afghanistan that was made to look like it was sent from India's defence minister which, if opened, would have installed a slew of vicious exploits on the computer system.

    Upon analysis, the experts found the malware, which contained code that attacked a flaw in Office XP, boasted a range of spying features including the ability to hijack computer files, launch a keylogger, take screenshots and even record audio and video in real-time. All of the data compromised would be sent straight to the malware creator's command and control (C&C) server.

  • Open Source Code Of Mars Rover Being Used To Create Malware To Target Indian Government

    Last year on December 24, 2015, a potential online target was identified which was delivered via an email to a high profile Indian diplomat, an Ambassador to Afghanistan. The email was spoofed and crafted as if it was sent by the current defence minister of India, Mr. Manohar Parikar. The mail commended the Ambassador to Afghanistan on his contributions and success.

  • Report: 3.5 Million HTTPS Servers Vulnerable to DROWN

    A report released Tuesday on the DROWN vulnerability raises concerns about possible attacks that could expose encrypted communications. DROWN is a serious vulnerability that affects HTTPS and other services using SSL version 2, according to the team of security researchers who compiled the report. The protocols affected are some of the essential cryptographic protocols for Internet security. An attack could decrypt secure HTTPS communications, such as passwords or credit card numbers, within minutes.

  • OpenSSL update fixes Drown vulnerability
  • HTTPS DROWN flaw: Security bods' hearts sink as tatty protocols wash away web crypto

    DROWN (aka Decrypting RSA with Obsolete and Weakened eNcryption) is a serious design flaw that affects HTTPS websites and other network services that rely on SSL and TLS – which are core cryptographic protocols for internet security. As previously reported, about a third of all HTTPS servers are vulnerable to attack, the computer scientists behind the discovery of the issue warn.

This open source private server is as easy to use as a smartphone and can ease your privacy concerns

Filed under
OSS
Security

Recently, while visiting Swecha, a non-profit in Hyderabad that is bringing social change with free and open source software and is part of the Free Software Movement of India, I came to know about FreedomBox. Maintained by the non-profit FreedomBox Foundation that runs on donations, the FreedomBox is a revolution in itself. This project's flagship product, costing just US$100, uses various open hardware components, runs on free operating system Debian OS and works as a secure personal server for distributed social networking, email and audio-visual communications.

Read more

KDE Plasma 5.5.5 Bugfix Release Is Out

Filed under
KDE
Security

The KDE Community has announced that a new iteration of the famous Plasma desktop has been released, bringing the version number up to 5.5.5.

Read more

Security Leftovers (New Hype With Brand and Logo)

Filed under
Security

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • Peer-Seeking Webcam Reveals the Security Dangers of Internet Things

    Last week security blogger Brian Krebs revealed that a popular internet-enabled security camera “secretly and constantly connects into a vast peer-to-peer network run by the Chinese manufacturer of the hardware.”

  • Joomla Sites Join WordPress As TeslaCrypt Ransomware Target

    Exploit kits infecting thousands of WordPress websites are setting their sights on the open-source content management system Joomla in a new campaign spotted by a researcher at the SANS Institute’s Internet Storm Center.

    “The group behind the WordPress ‘admedia’ campaign is now apparently targeting Joomla sites,” said Brad Duncan, security researcher at Rackspace. “We are starting to see the same traffic characteristics in infections that are associated with Joomla sites – as we did with the WordPress campaign,” Duncan said.

  • Most software already has a “golden key” backdoor: the system update

    In 2014 when The Washington Post Editorial Board wrote "with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant," the Internet ridiculed them. Many people painstakingly explained that even if there were somehow wide agreement about who would be the "right" people and governments to hold such an all-powerful capability, it would ultimately be impossible to ensure that such power wouldn't fall in to the "wrong" hands.

Syndicate content

More in Tux Machines

Lenovo G50 & CentOS 7.2 MATE - Fairly solid

Is there a perfect track record for any which distro? No. Do any two desktop environments ever behave the same? No. Is there anything really good and cool about the MATE offering? Yes, definitely. It's not the finest, but it's definitely quite all right. You do get very decent hardware support, adequate battery life and good performance, smartphone and media support is top notch, and your applications will all run happily. On the other hand, you will struggle with Samba and Bluetooth, and there are some odd issues here and there. I think the Gnome and Xfce offerings are better, but MATE is not to be dissed as a useless relic. Far from it, this is definitely an option you ought to consider if you're into less-than-mainstream desktops, and you happen to like CentOS. To sum it all up, another goodie in the growing arsenal of CentOS fun facts. Enjoy. Read more

digiKam 5.2.0 is published...

After a second release 5.1.0 published one month ago, the digiKam team is proud to announce the new release 5.2.0 of digiKam Software Collection. This version introduces a new bugs triage and some fixes following new feedback from end-users. This release introduce also a new red eyes tool which automatize the red-eyes effect reduction process. Faces detection is processed on whole image and a new algorithm written by a Google Summer of Code 2016 student named Omar Amin is dedicated to recognize shapes and try to found eyes with direct flash reflection on retina. Read more

Games for GNU/Linux

Linux Graphics