Language Selection

English French German Italian Portuguese Spanish

Security

The security flaws in Tails Linux are not its only problem

Filed under
Security
Debian

If you want to use Tor, then Tails is your best friend. Tails is a version of Linux that sends data through the Tor network.

All Internet traffic to/from Tails goes through Tor, making it resistant to end user mistakes. Tails is not normally installed on a computer, instead it's run from a bootable DVD, USB flash drive or flash memory card. Compared to the Tor Browser Bundle, Tails is unquestionably the way to go. Ed Snowden uses it.

Read more

Also related:

Homeland Security gets into software security

Filed under
OSS
Security

Personally, while I still think the DHS is an unlikely sponsor for this project — the National Security Agency (NSA) or NIST seem like its more natural home — I think the SWAMP sounds like a very useful one-stop for anyone wanting to double-check their pre-production code for errors before release.

Read more

The world's most secure OS may have a serious problem

Filed under
GNU
Linux
Security
Debian

The Tails operating system is one of the most trusted platforms in cryptography, favored by Edward Snowden and booted up more than 11,000 times per day in May. But according to the security firm Exodus Intelligence, the program may not be as secure as many thought. The company says they've discovered an undisclosed vulnerability that will let attackers deanonymize Tails computers and even execute code remotely, potentially exposing users to malware attacks. Exodus is currently working with Tails to patch the bug, and expects to hand over a full report on the exploit next week.

Read more

Docker security with SELinux

Filed under
GNU
Linux
Server
Security

This article is based on a talk I gave at DockerCon this year. It will discuss Docker container security, where we are currently, and where we are headed.

Read more

Tor, trust and the NSA

Filed under
OSS
Security

Tor is an anonymizing network that’s designed to protect you by “bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.”

That’s cool, but does Tor really guarantee you what you think or assume it does? I can’t say for sure, but when facing a state-sponsored entity with time and resources on its side, you cannot be too careful. At least if pays to know what other people think about Tor, especially when what they have to say runs counter to what you know, or what you think you know.

Read more

Avoid the Android vampire apps

Filed under
Android
Security

Some Android applications will drain your smartphone or tablet of battery life, storage or bandwidth like a blood-sucking fiend. Here's what's what with the worst of the worst.

Read more

Snowden on Dropbox: It’s hostile to privacy

Filed under
Software
Security

Dropbox is a very popular Cloud storage services, but is it good for the privacy-conscious?

According to Edward Snowden, it’s not.

In an interviewed published on GuardianNews, Snowden described Dropbox as “hostile to privacy.”

So what are the better alternatives. Snowden recommended Cloud storage services with zero-knowledge as a key feature.

Read more

How to use public PCs safely with Linux

Filed under
GNU
Linux
Security
HowTos

Public PCs aren't safe, so what's a PC user to do? Carry a Linux distribution on a USB stick in their backpocket of course!

Read more

Announcing Project Zero

Filed under
Google
OSS
Security

Security is a top priority for Google. We've invested a lot in making our products secure, including strong SSL encryption by default for Search, Gmail and Drive, as well as encrypting data moving between our data centers. Beyond securing our own products, interested Googlers also spend some of their time on research that makes the Internet safer, leading to the discovery of bugs like Heartbleed.

The success of that part-time research has led us to create a new, well-staffed team called Project Zero.

Read more

LibreSSL Portable Encounters Its First Release

Filed under
OSS
Security

OpenBSD developers have announced their first release of LibreSSL portable.

LibreSSL 2.0.0 is the release and is tested to build on Linux, Solaris, Mac OS X, and FreeBSD systems. Bob Beck of OpenBSD explains, "This is intended as an initial release to allow the community to start using and providing feedback. We will be adding support for other platforms as time and resources permit."

Read more

Syndicate content

More in Tux Machines

Uselessd: A Stripped Down Version Of Systemd

The boycotting of systemd has led to the creation of uselessd, a new init daemon based off systemd that tries to strip out the "unnecessary" features. Uselessd in its early stages of development is systemd reduced to being a basic init daemon process with "the superfluous stuff cut out". Among the items removed are removing of journald, libudev, udevd, and superfluous unit types. Read more

Open source is not dead

I don’t think you can compare Red Hat to other Linux distributions because we are not a distribution company. We have a business model on Enterprise Linux. But I would compare the other distributions to Fedora because it’s a community-driven distribution. The commercially-driven distribution for Red Hat which is Enterprise Linux has paid staff behind it and unlike Microsoft we have a Security Response Team. So for example, even if we have the smallest security issue, we have a guaranteed resolution pattern which nobody else can give because everybody has volunteers, which is fine. I am not saying that the volunteers are not good people, they are often the best people in the industry but they have no hard commitments to fixing certain things within certain timeframes. They will fix it when they can. Most of those people are committed and will immediately get onto it. But as a company that uses open source you have no guarantee about the resolution time. So in terms of this, it is much better using Red Hat in that sense. It’s really what our business model is designed around; to give securities and certainties to the customers who want to use open source. Read more

10 Reasons to use open source software defined networking

Software-defined networking (SDN) is emerging as one of the fastest growing segments of open source software (OSS), which in itself is now firmly entrenched in the enterprise IT world. SDN simplifies IT network configuration and management by decoupling control from the physical network infrastructure. Read more

Only FOSSers ‘Get’ FOSS

Back on the first of September I wrote an article about Android, in which I pointed out that Google’s mobile operating system seems to be primarily designed to help sell things. This eventually led to a discussion thread on a subreddit devoted to Android. Needless to say, the fanbois and fangrrls over on Reddit didn’t cotton to my criticism and they devoted a lot of space complaining about how the article was poorly written. Read more