Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

SAP's HANA will lose the big data war without open source, as proven by 21 new security flaws

Filed under
OSS
Security

SAP has been boasting about its "revolutionary" big data platform, SAP HANA, for years. While its claims have always been a bit suspect, recent revelations that HANA is riddled with critical security flaws only reinforce the mantra that, when it comes to big data infrastructure, open source is best.

Read more

Magenta (CMS) Bug Still Treated Like 'Linux' Issue in the Media

Filed under
Security

Security Leftovers

Filed under
Security
  • First Linux ransomware program cracked, for now

    Administrators of Web servers that were infected with a recently released ransomware program for Linux are in luck: There's now a free tool that can decrypt their files.

    The tool was created by malware researchers from antivirus firm Bitdefender, who found a major flaw in how the Linux.Encoder.1 ransomware uses encryption.

  • Gone in a Flash: Top 10 Vulnerabilities Used by Exploit Kits

    Recorded Future threat intelligence analysis of over 100 exploit kits (EKs) and known vulnerabilities identified Adobe Flash Player as the most frequently exploited product. While the role of Adobe Flash vulnerabilities as a regular in-road for criminals and malware should come as no surprise to information security professionals, the scale is significant.

  • Security updates for Monday

Fedora 23 Improves Security, Desktop and Cloud

Filed under
Red Hat
Security

The Fedora Linux 23 was officially released on Nov. 3, providing the second major update for Red Hat's community Linux distribution in 2015. The release of two Fedora distributions in the same year puts the project back on track, after only a single release in 2014, when the Fedora Project reorganized under the Fedora Next banner, with specific products for Workstation, Server and Cloud use cases. One of the big new features in Fedora 23 is a capability that can enable an organization to bring a cloud image back down into a server image, with the cloudtoserver tool. The basic premise behind the tool is that cloud images are often ephemeral and not long-lived, while servers are more cared for and applications run for long periods of time. The common analogy used is that of pets versus cattle, where servers are treated as well cared for pets, while cloud images are slaughtered and killed as needed. On the workstation side, Fedora 23 includes the new GNOME 3.18 open-source desktop. GNOME 3.18 offers enhanced features such as an improved calendar, software updating and file management capabilities. In this slide show, eWEEK takes a look at the highlights of the Fedora 23 Linux release.

Read more

Let me tell you about Wireshark 2.0

Filed under
Software
Security

We’re getting ready to release Wireshark 2.0, which includes a major user interface update. As a comparison, here’s a picture of Wireshark 1.12.8, which is the current stable release:

Read more

Linux security: circling the wagons

Filed under
Linux
Security

People who belong to the free and open source software community have one trait in common: they are extremely sensitive to criticism of any kind of the software that belongs to this genre.

Nothing else can account for the reaction that has been forthcoming after the Washington Post published an article on Linux a few days back, a fairly long and detailed account that in the main cast doubts on the security afforded by the kernel.

The article is the fifth in a series looking at the security of the internet broadly, and the first article was published back in May. The five pieces are being sold as an e-book for US$2.99. Yet many FOSS people did not even bother to note this and assumed the worst.

Leading the way was Jonathan Corbet, editor of a website called Linux Weekly News, that advertises itself as "a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities"

Read more

Security Leftovers

Filed under
GNU
Linux
Security
  • Friday's security updates
  • ProtonMail Pays Crooks $6,000 In Bitcoin To Cease DDoS Bombardment

    ProtonMail is getting its first taste of life as an entity known to criminals looking for a quick, easy payday.

    Throughout most of yesterday and through to this morning, the encrypted email service, set up by CERN scientists in Geneva last year to fight snooping by the likes of the NSA, was offline. The company had to use a WordPress blog to disclose what was happening to customers.

    Its datacenter was effectively shut down by waves of traffic thanks to two separate Distributed Denial of Service (DDoS) attacks. One of the groups responsible for flooding the servers demanded ProtonMail cough up 15 Bitcoin (currently worth around $6,000), or the attack would continue.

  • Ransomware Found Targeting Linux Servers and Coding Repositories

    A newly discovered ransomware is attacking Linux Web servers, taking aim at Web development environments used to host websites or code repositories.

  • Linux Ransomware Is Now Attacking Webmasters

    A new bit of ransomware is now attacking Linux-based machines, specifically the folders associated with serving web pages. Called Linux.Encoder.1 the ransomware will encrypt your MySQL, Apache, and home/root folders. The system then asks for a single bitcoin to decrypt the files.

  • Auto-Hacking Class Action Likely to Die

    A federal judge Tuesday indicated he will dismiss with leave to amend a class action claiming Ford, Toyota and General Motors made their cars vulnerable to hackers.

  • Volkswagen and the Real Insider Threat

    Over the last several weeks, reporting has revealed a coordinated insider effort at Volkswagen to insert a malicious piece of software—a defeat device—into the car’s electronic control module. The device was able to sense when emission tests were being conducted by monitoring things like “speed, engine operation, air pressure and even the position of the steering wheel,” and triggered changes to the car’s operations to reduce emissions during the testing process so that those cars would pass the tests. When the malicious software remained dormant, the emission controls were disabled and the cars spewed up to 40 times the EPA-mandated emissions limits. Through the defeat device, Volkswagen was able to sell more than half a million diesel-fueled cars in the U.S. in violation of U.S. environmental laws.

  • Encrypted resistance: from digital security to dual power

    Digital technology is often seen as a curiosity in revolutionary politics, perhaps as a specialized skill set that is peripheral to the hard work of organizing. But the growing trend of “cyber-resistance” might hold more potential than we have given it credit for. Specifically, the popularized use of encryption gives us the ability to form a type of liberated space within the shifting maze of cables and servers that make up the Internet. The “web” is bound by the laws of math and physics before the laws of states, and in that cyberspace we may be able to birth a new revolutionary consciousness.

Syndicate content

More in Tux Machines

The Internet Without Connection, Free Endless OS For Emerging Markets

There are four billion people on the planet without PCs or access to affordable personal computers. That figure should surely be tempered with some contextualization i.e. not everybody actually wants to have an Internet connection and many traditional, native or bucolic ways of live do still exist on the planet. Regardless, there are a batch of global initiatives in existence which seek to give computer access to every man, woman and especially child. Endless OS is one such project. The free operating system has been designed explicitly to work in the expensive or restrictive Internet data conditions that often exist in emerging markets where fabulously affordable broadband has yet to arrive. The software itself is built to provide useful information and educational content, with or without an Internet connection. Read more