Language Selection

English French German Italian Portuguese Spanish

Security

On the Security of Containers

Filed under
Linux
Security

I agree that the security of a container isn’t any better than a well-secured application using sys_setcap(), a custom suite of SeLinux labels, and a roll-your-own use of Linux namespaces. However, that’s precisely what Linux containers are. Containers are not contradictory to other, existing best-practices. They’re not contradictory to VMs, but work well with them. It’s not contradictory to SeLinux or AppArmor, but works with them. In fact, when you come down to it, once you start tweaking and configuring all of the security tunables in Linux to secure your application as much as possible, you’ll realize that you’ve simply rolled your own container solution.

Read more

Feeling Scammed After Anonabox? Android-Based Project Sierra Claims To Be The Real Deal

Filed under
Android
Linux
Security

In the wake of former NSA contractor Edward Snowden's big reveal on government spying, there's been a concerted effort by companies big and small to try and make our lives truly private. One seemingly promising solution was Anonabox, a little plug-and-play device that routes traffic through Tor to keep our online activities anonymous. Unfortunately, we were all misled on a number of levels, prompting Kickstarter to remove the project forever. Hot on its heels is Project Sierra, a network encryption device that's supposedly the real deal.

Read more

Linux Container Security

Filed under
Linux
Security

Hypervisors present a smaller attack surface than containers. This is somewhat mitigated in containers by using seccomp, selinux and restricting capabilities in order to reduce the number of kernel entry points that untrusted code can touch, but even so there is simply a greater quantity of privileged code available to untrusted apps in a container environment when compared to a hypervisor environment[1].

Read more

NSA recommends several Samsung smartphones

Filed under
Android
Security

The list of allowed smartphones, which US officials may share confidential information has become a bit longer. The National Information Assurance Partnership (NIAP) - a product tester under the supervision of the NSA - announced Tuesday the green light for the S5 Galaxy, Galaxy Note 4 and the tablet Galaxy Note 10.1 (2014 Edition).

Read more

Free and Open Source Electronic Signature in Costa Rica

Filed under
LibO
OSS
Security

The LibreOffice component designed by the University of Costa Rica (UCR) is similar to similar software enhancements currently used for electronic signatures in other countries.

Read more

TOR GUI `SELEKTOR` SEES NEW MAJOR RELEASE

Filed under
OSS
Security

SelekTOR, an open source Java-based GUI front-end for Tor, was updated to version 3.12 (now 3.12e) recently and it includes new advanced options as well as a new Tor Monitor panel that shows the Tor client startup info and its current status.

Read more

UNITY PRIVACY INDICATOR 0.4 RELEASED WITH NEW PRIVACY SETTINGS

Filed under
Security
Ubuntu

For those not familiar with Privacy Indicator, this is an Ubuntu AppIndicator especially created for Unity, which allows you to control various privacy aspects.

Until this release, the indicator could be used to enable / disable Dash online search results and Zeitgeist logging (and also clear the Zeitgeist log), clear recently used files (which show up in the Nautilus or Nemo "Recent" sidebar item for instance) and to show or hide your real name on the Unity panel.

Read more

Kickstarter pulls Anonabox, a Tor-enabled router that raised over $585,000

Filed under
Development
Security

The Anonabox, which was created by August Germar, of Chico, California, aimed to be an “open source embedded networking device designed specifically to run Tor.” Its fundraising goal was $7,500, and in five days, it raised $585,549 from nearly 9,000 backers—including three Ars editors.

Germar told Ars that he was not aware that it had been suspended until Ars forwarded him an e-mail from Kickstarter outlining the possible reasons why it could have been cancelled.

Read more

Tor Browser 4.0 is released

Filed under
Security
Web

This release also features an in-browser updater, and a completely reorganized bundle directory structure to make this updater possible. This means that simply extracting a 4.0 Tor Browser over a 3.6.6 Tor Browser will not work. Please also be aware that the security of the updater depends on the specific CA that issued the www.torproject.org HTTPS certificate (Digicert), and so it still must be activated manually through the Help ("?") "about browser" menu option. Very soon, we will support both strong HTTPS site-specific certificate pinning (ticket #11955) and update package signatures (ticket #13379). Until then, we do not recommend using this updater if you need stronger security and normally verify GPG signatures.

Read more

DOCKER 1.3: SIGNED IMAGES, PROCESS INJECTION, SECURITY OPTIONS, MAC SHARED DIRECTORIES

Filed under
Linux
Server
Security

First up, in this release, the Docker Engine will now automatically verify the provenance and integrity of all Official Repos using digital signatures. Official Repos are Docker images curated and optimized by the Docker community to be the best building blocks for assembling distributed applications. A valid signature provides an added level of trust by indicating that the Official Repo image has not been tampered with.

Read more

Syndicate content

More in Tux Machines

Can Jolla Deliver the First Open Source Tablet?

Some dreams die hard. After the KDE-based Vivaldi tablet failed to appear after three years of anticipation, Jolla is planning a free software tablet of its own. The product is off to a roaring start, having just raised $1,824,055 in its crowdfunding campaign-- almost five times the original target. So, this time, we might actually see some hardware. Mind you, whether the tablet will satisfy everyone remains open to doubt. Although Jolla is talking loudly about being "people powered" and listening to want users want, some requests, especially for hardware, may be impossible to fulfill. The manufacturing capacity of advanced features is limited world-wide, and monopolized by large companies like Apple and Samsung. More importantly, exactly how free the tablet will be has yet to be announced. Read more

First Ubuntu Phone Will Launch In Europe This February

The first Ubuntu Phone will go on sale in Europe in the second week of February. Read more

Sandia looks to open-source robot tech

Researchers at federal defense and energy laboratories are open sourcing some of the electronics and software for two advanced ambulatory robots in hopes of boosting their ability to handle perilous situations. In a Dec. 16 announcement, the Energy Department's Sandia National Laboratories said it is developing more energy-efficient motors to dramatically improve the endurance of legged robots performing the types of motions that are crucial in disaster response situations. The project is supported by the Defense Advanced Research Projects Agency. Read more

Google releases open-source Java SDK for Cloud Dataflow service to form data pipelines

It’s been a long, long time since Google came up with the foundational technologies for storing and processing big data. This year, the company developed a new tool for working with data as it comes in, and now Google is keen to see people use it. Read more