Language Selection

English French German Italian Portuguese Spanish

Security

How To Chroot Apache 2 Web Server Under Red Hat / CentOS Linux

Filed under
Linux
Software
Security

A chroot on Red Hat / CentOS / Fedora Linux operating changes the apparent disk root directory for the Apache process and its children. Once this is done attacker or other php / perl / python scripts cannot access or name files outside that directory. This is called a "chroot jail" for Apache. You should never ever run a web server without jail. There should be privilege separation between web server and rest of the system.

Newly Discovered Kernel Vulnerabilities Affect All Ubuntu Users

Filed under
Security

news.softpedia.com: Yesterday, November 27th, the Ubuntu developers discovered yet another security issue (actually, more than one) in the Linux kernel packages. These vulnerabilities affect the following Ubuntu distributions: 6.06 LTS, 7.10, 8.04 LTS and 8.10 (also applies to Kubuntu, Edubuntu and Xubuntu).

Linux Virus: A False Sense Of Security

Filed under
Linux
Security

linuxhaxor.net: There seems to be a false sense of security among some Linux users. The number of malicious programs specifically written for GNU/Linux has been on the increase in recent years and in the year of 2005 alone has more than doubled: from 422 to 863.

Remote buffer overflow bug bites Linux Kernel

Filed under
Linux
Security

blogs.zdnet: A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public.

Mac, Linux, BSD open for attack: Kaspersky

Filed under
Security

computerworld.com.au: Looming attacks will soon pop the security bubble enjoyed by Linux and Macintosh users, according to Russian security expert Eugene Kaspersky.

Firefox add-on blocks 'clickjacking' attacks

Filed under
Moz/FF
Security

computerworld.com: A popular Firefox add-on designed to block scripts and plug-ins has been updated to stymie the new "clickjacking" class of attacks, the extension's developer said today.

Vendors rush to fix critical TCP/IP bug

Filed under
Security

techworld.com (IDG): Internet infrastructure vendors are rushing to develop patches for a set of TCP/IP security flaws, which could help hackers knock servers offline with very little effort. Robert Lee and Jack Louis, have said that they can knock Windows, Linux, embedded systems and even firewalls offline.

How To Stop Firefox Clickjacking Exploit Attack

Filed under
Security

cyberciti.biz: Really scary exploit attack in wild, which affects all browsers under any desktop operating systems including MS IE, Linux, Apple safari, Opera, Firefox and Adobe flash. Any website that uses CSS, flash and IFRAME can be used to attack on end users. Attacker is able to take control of the links that your browser visits.

Hackers attack Large Hadron Collider

Filed under
Security

telegraph.co.uk: Hackers have mounted an attack on the Large Hadron Collider, raising concerns about the security of the biggest experiment in the world as it passes an important new milestone.

Red Hat's security issue

Filed under
Linux
Security

blog.perens.com: Last month, Red Hat issued a security bulletin. Not all that went on is clear, but it seems that the servers used to develop and distribute Fedora and Red Hat were accessed by a person with criminal intent. But there are continuing problems with Red Hat's handling of the situation.

Also: Fedora and our security attitude

Syndicate content

More in Tux Machines

Android Leftovers

  • 1B Android phones shipped in 2014, but they don’t all help Google
    When Android first arrived in 2007, it was (and still is) a key part of the OHA, or Open-Handset Alliance. OHA partners — which include Samsung, LG, Dell, HTC, Huawei and ZTE, to name a few — all loosely work together to help improve Android, while competing against one another by using Android on their respective hardware products. Android is the commonality between all of the OHA partners. And then there’s Google.
  • Android beats iOS for app downloads, but revenues are still a different story
    There are plenty of caveats to this line of reasoning, though. First, Google Play is not the only Android app store – Amazon and Samsung run their own stores, while in countries like China there are dozens of stores offering Android apps.
  • HTC One M8 Android 5.0 Lollipop Update: What U.S. Owners Can Expect
    When Google announced Android 5.0 Lollipop back in October many smartphone owners like those with the HTC One or HTC One M8 instantly started waiting for details regarding the Android 5.0 Lollipop update. It has arrived for a few devices already, including the HTC One and HTC One M8 Google Play Edition handsets, but below we’ll go over what regular HTC One owners need to know about the Android 5.0 update.
  • Samsung Galaxy S4 Updated To The Android Lollipop 5.0 OS
    The Android Lollipop 5.0 update is finally available for the Samsung S4. The operating system is also available for the Samsung Galaxy S5, Note 4, Note 3, and Note Edge. Samsung Galaxy and Note users will be happy to hear that the long waited update is coming in the near future. But should Galaxy S4 users take advantage of the Android Lollipop update?
  • Don’t wait for Android 5.0, this app makes your phone look like Lollipop for free
    Android 5.0 Lollipop is a huge upgrade for Google’s mobile operating system. The only problem with it, of course, is that it’s only available for a handful of devices. Most Android smartphone users still have plenty more waiting to do before Lollipop is finally available for their handset, but now there’s a terrific app that will make your older version of Android look just like Lollipop — and it’s free!
  • Is this Apple’s secret weapon that could force Android users to buy an iPhone?
    There are many reasons why Android users switch to iPhone, and vice-versa, but Apple may have a secret (or not-so-secret) weapon that could pressure some Android fans to considering a move to the other side. No, it’s not Apple Pay, an exclusive iPhone 6 feature that’s heavily marketed by various banks in the U.S., further helping Apple market its 2014 iPhones. It’s actually a stock iOS app that has been hiding in plain sight for years.
  • Android 5.0.2 Lollipop Problems Frustrating Nexus Users
    Google rolled out its Android 5.0.2 Lollipop update to fix Nexus Lollipop problems. And while it did fix some of the bigger issues, Android 5.0.2 Lollipop problems continue to frustrate Nexus users.

Libreboot X200 laptop now FSF-certified to respect your freedom

This is the second Libreboot laptop from Gluglug (a project of Minifree, Ltd.) to achieve RYF certification, the first being the Libreboot X60 in December 2013. The Libreboot X200 offers many improvements over the Libreboot X60, including a faster CPU, faster graphics, 64-bit GNU/Linux support (on all models), support for more RAM, higher screen resolution, and more. The Libreboot X200 can be purchased from Gluglug at http://shop.gluglug.org.uk/product/libreboot-x200/. Read more

Ubuntu 15.04 Now Based on Linux Kernel 3.18.4, Devs Are Tracking the 3.19 Branch

A new Linux kernel has been made available for Ubuntu 15.04 (Vivid Vervet) and the developers are also tracking the current 3.19 branch of the kernel, which will eventually be adopted after it reaches a stable state. Read more

Ubuntu Users See Private, Hybrid Cloud Expansion

Canonical, the company behind the open source cross-platform operating system Ubuntu, released its annual cloud and server survey this week that seeks to cast more light on the makeup of cloud infrastructure, how it is managed, and what is driving cloud adoption. Canonical said it surveyed 3,100 customers, most of whom are Ubuntu server and cloud users, about the makeup of their cloud infrastructure and how it is being used. Read more