Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Progress Towards 100% HTTPS, June 2016
  • Exploiting Recursion in the Linux Kernel
  • Home Computers Connected to the Internet Aren't Private, Court Rules [iophk: "MS Windows == insecure, therefore all computer are game"]

    A judge in Virginia rules that people should have no expectation of privacy on their home PCs because no connected computer "is immune from invasion."
    A federal judge for the Eastern District of Virginia has ruled that the user of any computer that connects to the Internet should not have an expectation of privacy because computer security is ineffectual at stopping hackers.

    The June 23 ruling came in one of the many cases resulting from the FBI's infiltration of PlayPen, a hidden service on the Tor network that acted as a hub for child exploitation, and the subsequent prosecution of hundreds of individuals. To identify suspects, the FBI took control of PlayPen for two weeks and used, what it calls, a "network investigative technique," or NIT—a program that runs on a visitor's computer and identifies their Internet address.

Security Leftovers

Filed under
Security
  • 11 essential data security tips for travelers [iophk: "unfortunately VPNs have dated crypto"]

    I travel all over the world for my job, and for my hobbies. Although there are still plenty of places I haven't been, I've visited enough foreign countries that I don't deny it when someone calls me a world traveler. Over the years, I've experienced my fair share of foreign spying. I know what it's like to be snooped on.

    I'm no longer surprised when I suddenly get gobs of spam from a country I've visited. My best guess is that someone in the country intercepted my email and recorded my email address. I still get porn spam in Arabic and ads for weight loss products in Mandarin. I've had my laptop and USB keys searched at countless borders.

  • Yet another letsencrypt (ACME) client

    Well, I apparently joined the hordes of people writing ACME (the Protocol behind Let’s Encrypt) clients.

    Like the fairy tale Goldilocks, I couldn’t find a client in the right spot between minimalistic and full-featured for my needs: acme-tiny was too bare-bones; the official letsencrypt client (now called certbot) too huge; and simp_le came very close, but it’s support for pluggable certificate formats made it just a bit too big for me.

  • Keynote - Complexity: The Enemy of Security
  • Security Holes Found in Widely-Used File Compression Library, Leaving Other Products Dangerously Exposed
  • StartEncrypt considered harmful today

    Recently, one of our hackers (Thijs Alkemade) found a critical vulnerability in StartCom’s new StartEncrypt tool, that allows an attacker to gain valid SSL certificates for domains he does not control. While there are some restrictions on what domains the attack can be applied to, domains where the attack will work include google.com, facebook.com, live.com, dropbox.com and others.

  • Unikernels Will Create More Security Problems Than They Solve

    Unikernels, the most recent overhyped technology in search of a problem to solve, have a number of claimed attributes that make them a “better choice.” One most often claimed is that they are “more secure.” This is the first in a series of articles bringing some light to the reality of unikernels so that you can think about them properly, employ them for what they are good for, and avoid the hype.

  • The Python security response team

    As the final presentation of the 2016 Python Language Summit—though it was followed by a few lightning talks that we are not covering—Christian Heimes led a discussion on the Python security response team. There have been some problems along the way that generally boil down to a need for more people working on the team.

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

Debian Pushes Major Kernel Update to Debian Jessie, Fixes Over 20 Security Flaws

Filed under
Security
Debian

Today, June 28, 2016, Debian Project, through Salvatore Bonaccorso, published details about a major Linux kernel security update for the Debian GNU/Linux 8 "Jessie" operating system.

Read more

Security Leftovers

Filed under
Security
  • Chrome vulnerability lets attackers steal movies from streaming services

    A significant security vulnerability in Google technology that is supposed to protect videos streamed via Google Chrome has been discovered by researchers from the Ben-Gurion University of the Negev Cyber Security Research Center (CSRC) in collaboration with a security researcher from Telekom Innovation Laboratories in Berlin, Germany.

  • Large botnet of CCTV devices knock the snot out of jewelry website

    Researchers have encountered a denial-of-service botnet that's made up of more than 25,000 Internet-connected closed circuit TV devices.

    The researchers with Security firm Sucuri came across the malicious network while defending a small brick-and-mortar jewelry shop against a distributed denial-of-service attack. The unnamed site was choking on an assault that delivered almost 35,000 HTTP requests per second, making it unreachable to legitimate users. When Sucuri used a network addressing and routing system known as Anycast to neutralize the attack, the assailants increased the number of HTTP requests to 50,000 per second.

  • Study finds Password Misuse in Hospitals a Steaming Hot Mess

    Hospitals are pretty hygienic places – except when it comes to passwords, it seems.

    That’s the conclusion of a recent study by researchers at Dartmouth College, the University of Pennsylvania and USC, which found that efforts to circumvent password protections are “endemic” in healthcare environments and mostly go unnoticed by hospital IT staff.

    The report describes what can only be described as wholesale abandonment of security best practices at hospitals and other clinical environments – with the bad behavior being driven by necessity rather than malice.

  • Why are hackers increasingly targeting the healthcare industry?

    Cyber-attacks in the healthcare environment are on the rise, with recent research suggesting that critical healthcare systems could be vulnerable to attack.

    In general, the healthcare industry is proving lucrative for cybercriminals because medical data can be used in multiple ways, for example fraud or identify theft. This personal data often contains information regarding a patient’s medical history, which could be used in targeted spear-phishing attacks.

  • Making the internet more secure
  • Beyond Monocultures
  • Dodging Raindrops Escaping the Public Cloud

Security Leftovers

Filed under
Security

Canonical Patches Seven Linux Kernel Vulnerabilities in Ubuntu 16.04, Update Now

Filed under
Linux
Security
Ubuntu

Today, June 27, 2016, Canonical published a new security notice to inform users of the Ubuntu 16.04 LTS (Xenial Xerus) operating system about the availability of an important kernel update.

Read more

Leftovers: Security

Filed under
Security
Syndicate content

More in Tux Machines

COM and Pico-ITX dev kit run Linux on dual-core Cortex-A7

iWave has launched a rugged, SODIMM-style COM and Pico-ITX form factor carrier board that run Linux on the Renesas dual-core, Cortex-A7 RZ/G1E SoC. In January, iWave launched the iW-RainboW-G20M-Qseven computer-on-module, built around the dual-core 1.5GHz Cortex-A15 based Renesas RZ/G1M and RZ/G1N SoCs. Now the company has followed up with a 67.6 x 37mm, SODIMM form factor “iW-RainboW-G22M-SM” COM that runs Linux 3.10.31 on the dual-core Cortex-A7 based RZ/G1E SoC from the same RZ/G series SoCs. Read more

today's leftovers