Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Security updates for Thursday
  • Paul Vixie on IPv6 NAT, IPv6 security and Internet of Things

    Internet pioneer Paul Vixie spoke with SearchSecurity about IPv6 NAT, IPv6 and the Internet of Things, and the long, thankless path to deploying IPv6.

  • PHP 7.0.7 Released Fixing 28 Bugs

    As is the case with a .xy update, this is mostly a bug fix update, with at least 28 different issues being fixed in an effort to make PHP 7.x more stable. Though the PHP project hasn't identified any specific security vulnerabilities that are fixed in the update, I see at least one with bug #72162.

  • Skimmers Found at Walmart: A Closer Look

    Recent local news stories about credit card skimmers found in self-checkout lanes at some Walmart locations reminds me of a criminal sales pitch I saw recently for overlay skimmers made specifically for the very same card terminals.

Anonymous Live CD Tails to Use Tor Browser 6.0, Firewall and Kernel Hardening

Filed under
Security
Debian

The next major version of the Tails amnesic incognito live system, also known as the Anonymous Live CD used by ex-CIA employee Edward Snowden to stay hidden online using the latest Tor technologies, is now in the works.

Tails 2.4 development is open, and it looks like the first Release Candidate (RC) build has already landed for public beta testing, incorporating some major new features and changes, among which we can mention the upgrade to the latest Tor Browser 6.0 web browser based on Mozilla Firefox 45.2.

Read more

Also: Ubuntu 16.04 LTS (Xenial Xerus) Release Party in Japan to Take Place June 26

Security Leftovers

Filed under
Security

Torvalds unhappy with sloppy Unix Millennium Bug patches for Linux kernel

Filed under
Linux
Security

Along similar lines to the Y2K bug, there is a new challenge faced by Unix-like operating systems known as the year 2038 problem or 'Unix Millennium Bug'. Under these operating systems, date values are stored in a signed 32-bit integer indicating the number of seconds since January 1, 1970. A problem arises with the 32-bit integer overflowing at approximately 0314 hours on January 19, 2038 causing systems to interpret the date value as December 13, 1901.

Read more

Security Leftovers

Filed under
Security

Major CoreOS Linux Alpha Vulnerability Patched

Filed under
OS
Linux
Security

A major vulnerability in CoreOS Linux Alpha has been patched, with the issue limited to versions 104x.0.0 of the distribution.

In the blog post Major Remote SSH Security Issue in CoreOS Linux Alpha, Subset of Users Affected the CoreOS Security Team described the issue saying:

Read more

Security Leftovers

Filed under
Security
  • Security advisories for Monday
  • What's the point of (InfoSec) Certifications?

    When I did the GSE, I absolutely loved the hands-on lab more than anything-else I'd done in the world of SANS or GIAC, outside of Mike Poor's 503 Packet Work book (if you like packets, this is heaven, literally Smile ) and the "Capture the Flag" exercises created by Ed Skoudis in 504 and 560. I've also had some amazing instructors like Arrigo Triulzi (Arrigo teaching SEC504 actually convinced me that my future was in InfoSec) and Stephen Sims, however, I am questioning more than ever the value of certifications and to a lesser degree the training courses (which are priced to be exclusive to a tiny minority who are already fairly well off or lucky - I often recommend Coursera or the Offensive Security stuff to candidates when cost is a real issue).

  • Linux Kernel Website Kernel.org Banned By Norton

    Symantec’s automated threat analysis system, Norton Safe Web, claims that Linux kernel’s website kernel.org contains 4 threats and shows a red flag to the users. Looking at Norton’s past record, this threat detection could be just another false warning.

  • Oplcarus: An Anonymous Hacker Reveals The Motivation Behind Latest Attacks

    Here is an account of the operation against banks and financial institutes, named “OpIcarus”, by Anonymous. It reveals the purpose of the cyber attacks, their targets, and the future of OpIcarus operation as told by one of the Anonymous hacktivists with an online name of “The Voice” .

  • Systemd Reverts Its Stance On Letting Users Access Frame-Buffer Devices

    Last week's release of systemd 230 ended up shipping with a change that made it more easy for processes running as a user to snoop on frame-buffer devices. That change has already been reverted for the next systemd update.

Security Leftovers

Filed under
Security
  • TOTP SSH port fluxing

    Beware: I would not really recommend running this software - it was only written as a joke.

  • TeslaCrypt no more: Ransomware master decryption key released

    The developer has handed over the keys to the kingdom in a surprising twist in TeslaCrypt's tale.

  • Thoughts on our security bubble

    Last week I spent time with a lot of normal people. Well, they were all computer folks, but not the sort one would find in a typical security circle. It really got me thinking about the bubble we live in as the security people.

    There are a lot of things we take for granted. I can reference Dunning Kruger and "turtles all the way down" and not have to explain myself. If I talk about a buffer overflow, or most any security term I never have to explain what's going on. Even some of the more obscure technologies like container scanners and SCAP don't need but a few words to explain what happens. It's easy to talk to security people, at least it's easy for security people to talk to other security people.

  • Ransomware Adds DDoS Capabilities to Annoy Other People, Not Just You

    Ransomware developers seem to have found another way to monetize their operations by adding a DDoS component to their malicious payloads.

    Security researchers from Invincea reported this past Wednesday on a malware sample that appeared to be a modified version of an older threat, the Cerber ransomware.

    The malware analysis team that inspected the file discovered that, besides the file encryption and screen locking capabilities seen in most ransomware families, this threat also comes with an additional payload, which, when put under observation, seemed to be launching network packets towards a network subnet.

Antivirus Live CD 18.0-0.99.2 Uses ClamAV 0.99.2 to Clean Your PCs of Viruses

Filed under
OSS
Security

4MLinux developer Zbigniew Konojacki informs Softpedia today, May 21, 2016, about the launch of an updated version of his open-source, standalone Antivirus Live CD project.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Friday
  • Security brief: CoreOS Linux Alpha remote SSH issue

    On May 15, CoreOS was informed of a vulnerability in the alpha version of CoreOS Linux. Within 8 hours of this notification, over 99% of affected systems had been automatically patched. Though this issue was limited to an alpha version, we hold all of our releases to the same security standards, and we immediately responded, reported, and corrected the issue. This post describes the nature of the vulnerability, our response, and our plans to avoid similar issues in the future.

  • Purism Laptops to Protect You from Surveillance Capitalism

    There's a new hardware company on the scene called Purism, and the name is a significant clue as to what the company is all about: pure software. At its heart, Purism is dedicated to providing computer hardware driven entirely by open source software so that users can "trust, but verify." Purism is putting itself in direct opposition to what it considers "surveillance capitalism."

    I spoke with CEO Todd Weaver at Pepcom, and it was one of the most significant conversations I've had with a tech exec in a long time. I was already on board with Mr. Weaver's general message when he laid that phrase on me, "surveillance capitalism." That's when he really had me hooked.

Syndicate content