Language Selection

English French German Italian Portuguese Spanish

Security

Join the FSF and allies: strengthen the Tor anti-surveillance network

Filed under
OSS
Security

Today we're joining our allies at the Electronic Frontier Foundation (EFF) in kicking off the Tor Challenge, an effort to strengthen the global Tor network that protects Internet traffic from surveillance.

Tor is a publicly accessible, free software-based system for anonymizing Internet traffic. Tor relies on thousands of computers around the world called relays, which route traffic in tricky ways to dodge spying. The more relays, the stronger and faster the network.

Read more

Kali Linux Improves Penetration Testing

Filed under
Reviews
Security

There are a lot of tools and applications available to security researchers to conduct penetration testing. Many of those tools run on the open-source Linux operating system, though not every distribution is properly configured to be a proper platform for security research. That's where the Kali Linux distribution comes into play as an optimized Linux distribution built for security researchers. The Kali Linux 1.0.7 distribution was officially released on May 27, providing users with a number of new features. Kali Linux was originally known as Backtrack Linux, before being renamed and rebuilt in March 2013. One of the primary new features in Version 1.0.7 is the introduction of encrypted USB persistence for Live images. With that feature, Kali Linux can be installed onto a USB storage key, with user storage that can be updated and fully encrypted. One of the key benefits of Kali Linux is that it assembles in one place many tools that security researchers need. Tools for information gathering, vulnerability analysis, Web applications, password attacks, stress testing and even hardware hacking are all included. In this slide show, eWEEK takes a look at some of the features of the Kali Linux 1.0.7 release.

Read more

OpenSSL Security Advisory [05 Jun 2014]

Filed under
OSS
Security

OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g.

Read more

More: How I discovered CCS Injection Vulnerability (CVE-2014-0224)

OSSEC 2.8 has been released

Filed under
Security

OSSEC is a cross-platform host intrusion detection system. Hence it’s also known as OSSEC HIDS. It is Free software released under the GNU General Public License, and features log analysis, file integrity monitoring, rootkit detection and real-time active responses. If you intend to run a server anywhere, this is one of the first applications you want to install on it.

OSSEC is a much better security application than Fail2ban, another popular host intrusion prevention application. OSSEC offers a centralized management server with support for agent and agentless monitoring. A complete description of its features are available here.

Read more

Why open source development is getting more secure

Filed under
OSS
Security

With fewer defects being found in major open source projects than in large proprietary software packages, what are the security strengths and weaknesses of open source development?

Read more

Google's Nexus devices get stealth Android update

Filed under
Android
Security

Google has quietly begun rolling out a new version of Android to its flagship Nexus devices, but so far it has remained shtum on just what has changed.

Support pages from US wireless player T-Mobile reveal that the Nexus 4 and Nexus 5 handsets and the 2013 version of the Nexus 7 tablet all began receiving over-the-air updates to Android 4.4.3 on Monday.

Read more

Announcing Rapid Progress on Core Infrastructure Initiative

Filed under
OSS
Security

A month ago we announced the Core Infrastructure Initiative, a project to help fund critical open source projects that we all rely upon but that are in need of support. We moved quickly to organize the initiative and the industry reaction was swift and enthusiastic. I am proud to report on significant progress that I believe matches the quality of the reaction to the formation of the project.

First order of business was electing the Advisory Board, which will help the Steering Group (made up of funders and The Linux Foundation) determine which projects to fund. We are fortunate to have assembled many of the brightest minds in open source, web technology and computer security. I am thrilled to work with these individuals.

Read more

Tails 1.1 Beta 1 Secure Distro Now Has Windows 8 Comouflage Mode

Filed under
GNU
Linux
Security
Debian

Tails is a distribution based on Debian and Tor technologies that aims to keep its users as anonymous as possible. It gained a lot more visibility after Edward Snowden said that he used exactly this Linux distribution to hide his tracks. The developers are now implementing more changes and fixes that should ensure it becomes even more secure.

Read more

TrueCrypt Not Dead, Forked and Relocated to Switzerland

Filed under
Security

The development of TrueCrypt, an open source piece of software used for on-the-fly encryption, has been terminated and users have been advised not to use it because it is not secure enough. Now, it seems that another team of developers have forked the software and rebased it in Switzerland.

Read more

Kali Linux 1.0.7 review

Filed under
Reviews
Security

The latest update to Kali Linux was released a few days ago. Kali Linux 1.0.7 review is a summary review of the main features of this latest upgrade to the security distribution from Offensive Security, a security and penetration training outfit based somewhere on this third rock from the Sun.

The main feature introduced in Kali Linux 1.0.7 is the ability to transfer the system to a USB stick with encrypted persistence.

Read more

Syndicate content

More in Tux Machines

Firefox gets preliminary support for casting to Chromecast

Mozilla is in the process of adding the ability to “cast” videos from Firefox to Chromecast devices, and you can try it now if you have the right hardware. As announced in a post on Google+ post by Mozilla developer Lucas Rocha, “Chromecast support is now enabled in Firefox for Android’s Nightly build.” To check this out, I downloaded the latest Firefox Nightly, installed it on my Nexus 10, and tested it with my Chromecast. It worked… although, it has some rough edges right now. Read more

SparkyLinux GameOver Is a Winning Work-Play Combo

This SparkyLinux game edition builds in access to a large collection of popular games compiled for the Linux platform. It brings the latest game fare via the Steam and Desura platforms. It provides handy access from a quick launch bar to a dozen plus emulators to let you run top-line games from leading gaming boxes and platforms. GameOver does not wimp out on providing all of the needed everyday computing tools found in other Linux distros, either. It provides nearly all of the standard Linux applications out-of-the-box, so you do not have to install them on your own. Read more

WebKitGTK+ 2.5.2 Drops GTK+2 Dependency

WebKitGTK+, a version of the WebKit open source web engine that uses GTK+ as its user-facing frontend, has reached version 2.5.2. Read more

today's leftovers