Language Selection

English French German Italian Portuguese Spanish

Security

OpenSSH 6.8 released

Filed under
Security
BSD

OpenSSH 6.8 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:

Read more

Mozilla Releases Open Source Masche Forensics Tool

Filed under
Moz/FF
OSS
Security

Mozilla has released an open source memory forensics tool that some college students designed and built during the company’s recent Winter of Security event.

The new tool, known as Masche, is designed specifically for investigating server memory and has the advantage of being able to scan running processes without causing any problems with the machine. Masche runs on Linux, OS X and Windows and Mozilla has posted the code on GitHub.

Read more

Open Source Crypto is Hard: Part 7846

Filed under
OSS
Security

Our GnuPG strategy and code isn't ready. We need to either make all that crypto stuff completely seamless, or improve the tools we expose to the user for manual work. Preferably both.

Of course, the last of those is the big one, and goes back to the discussion around Thunderbird last week. As the Mailpile team emphasised, the project is not being abandoned: the beta-testing did what it was supposed to do - winkle out problems - and the team will now use that feedback to address issues and improve things. But it does show once more that crypto is hard - and that's true not just for open source, but for all kinds of software. The big question remains: is it possible to make it easy enough for many more people to use, or is it doomed to be the preserve of those who really need it, or at least think they do?

Read more

​NCC Group to audit OpenSSL for security holes

Filed under
OSS
Security

OpenSSL, arguably the world's most important Web security library with its support for Secure Sockets Layer (SSL) and Transport Layer Security (TLS) in such popular Web servers as Apache and Nginx, has had real trouble. First, there was HeartBleed and more recently there is FREAK. It's been one serious security problem after another. Now, the NCC Group, a well-regarded security company, will be auditing OpenSSL's code to catch errors before they appear in the wild.

Read more

5 awesome security features to expect in PC-BSD 10.1.2

Filed under
Security
BSD

Five of those security and security-related features were announced today and are on track to be included in the next edition, which should be PC-BSD 10.1.2. They are

PersonaCrypt – a command line utility to backup a user’s home directory to an encrypted external media
Tor Mode in System Updater Tray
Stealth Mode in PersonaCrypt
Ports now use LibreSSL by default instead of OpenSSL
Support for encrypted backups in Life-Preserver utility

Read more

Blackphone unveils a new phone and tablet running secure, encrypted Android

Filed under
Android
Security

Today at Mobile World Congress, the encrypted phone system Blackphone announced a new phone and tablet, along with a new business focus on enterprise. The phone is called the Blackphone 2, a successor to the first Blackphone shown at MWC last year, but adds a new processor, better screen, and a larger profile overall. The tablet, called the Blackphone+, is slated for release in the fall. Both run Blackphone's secure OS, forked off of Android, which is designed to protect metadata and provide end-to-end encryption throughout.

Read more

Snowden's favourite Linux - Tails - rushes sec-fix version to market

Filed under
GNU
Linux
Security
Debian

The developers want to kill off the previous version, Tails 1.2.3, as soon as possible, with a list of 14 security issues covering everything from the Tor browser and its network security services (NSS) through to a sudo privilege escalation bug.

Read more

Tell Lenovo: respect user freedom and prevent future Superfishes

Filed under
GNU
Security

Security experts have discovered a highly threatening vulnerability in software preinstalled on some Windows computers manufactured by Lenovo through January 2015. Extreme negligence on the part of Lenovo and unscrupulous programming by its adware partner Superfish seem to have caused the vulnerability.

Read more

5 ethical open source hacking tools for business

Filed under
OSS
Security

Many businesses routinely employ "ethical" hackers as a means of testing whether their systems are secure, paying the tech-savvy to break into their computers in what is known as penetration testing, or pen testing.

Read more

Critical 0-days in open source? The problem isn't code, it's CASH

Filed under
OSS
Security

Linux Foundation Executive Director Jim Zemlin thinks the information security world needs fewer surgeons and more personal trainers, and he's putting his organization's money where his mouth is.

Speaking at this year's Linux Foundation Collaboration Summit, an invite-only event taking place this week in Santa Rosa, California, Zemlin took a break from his customary Linux and open source cheerleading to stress that the open source community needs to do more to address security.

Read more

Syndicate content

More in Tux Machines

LibreOffice 5.1 Officially Released with Redesigned User Interface, New Features

Today, February 10, The Document Foundation non-profit organization has proudly announced the release and immediate availability for download of the LibreOffice 5.1 open-source and cross-platform office suite for all supported platforms. Read more Also: LibreOffice 5.1: The premier open-source office suite just keeps getting better LibreOffice 5.1 Officially Released As The Best Open-Source Office Suite

Ubuntu 16.04 LTS Is Now Using the Latest Linux Kernel 4.4.1

The Ubuntu kernel team has upgraded the Linux kernel for Ubuntu 16.04 LTS (Xenial Xerus) to version 4.4.1 and is also tracking future updates for this branch. Read more

Putin's New Internet Czar Wants Apple and Google to Pay More Taxes

Microsoft, Google and other U.S. companies “reached the point of no return” when they complied with sanctions over Putin’s annexation of Crimea by halting all business with the peninsula, according to Klimenko. As a result, it’s “inevitable” Russia will switch state networks from Windows to an open-source system based on Linux, a move 22,000 municipal governments are prepared to make immediately, he said. Read more