Language Selection

English French German Italian Portuguese Spanish

Security

Claws Mail 3.13 Open-Source Email Client Has Great New Features, Bugfixes

Filed under
OSS
Security

A new version of the GTK+ based, open-source, user-friendly, free, fast and lightweight Claws Mail email client for GNU/Linux and Windows operating systems is now available for download, as announced by its developers on October 11, 2015.

Read more

Security Leftovers

Filed under
Security
  • Tor browser co-creator: Experian breach shows encryption may not be security panacea

    The Experian/T-Mobile hack may be more worrisome than Experian’s carefully worded description of it suggests, some security experts said Friday.

    One is the co-creator of the Tor secure browser, David Goldschlag, (now SVP of strategy at Pulse Secure). Goldschlag previously was head of mobile at McAfee, and also once worked at the NSA.

    I asked Goldschlag a simple question: “After the Office of Personnel Management and Experian hacks, is there reason to fear that hackers now have the means to steal actual financial information (credit card numbers, etc.) from banks or insurers?”

  • AV-TEST tests Linux security solutions against Linux and Windows threats

    To do so, it is often sufficient to copy files from a Linux environment to Windows.” it further adds. The most obvious mode of attack involves luring victims to install software or updates via third-party package sources. The team conducted test by running 16 different Anti-virus solutions and splitting test session into three distinct phases,

    The detection of Windows malware
    The detection of Linux malware and
    The test for false positives.

    Out of 16 antivirus solutions 8 detected between 95-99% of the 12,000 Windows threat used in the test: The Anti-virus solutions that helped in detection include Bitdefender, ESET, Avast, F-Secure, eScan, G Data, Sophos and Kaspersky Lab (server version).

  • Outlook.com had classic security blunder in authentication engine

    The cross-site request forgery vulnerability means that any user visiting a malicious page can have their accounts hijacked without further interaction.

    The since-patched hole existed in Microsoft Live.com and could have been spun into a dangerous worm, Wineberg says.

  • Meet the White Team, Makers of the Linux.Wifatch Viligante Malware

    However, Softpedia News noted that the Linux.Wifatch source code has not been released in its entirety. That’s likely because the White Team is worried that traditional cybercriminals would exploit the malware for more nefarious purposes. It also explains why it was a clandestine operation in which router owners weren’t aware their systems had been infected, even if it was only to defend them against black-hat attackers.

    Whether or not anyone appreciates the White Team’s form of vigilante security tactics, they may believe the work should serve as a warning to those who don’t follow basic data protection procedures, Hacked said. For example, there are still untold numbers of home routers that use default passwords and leave admin access wide open to malware and other threats.

  • Practical SHA-1 Collision Months, Not Years, Away
  • Search engine can find the VPN that NUCLEAR PLANT boss DIDN'T KNOW was there - report

    The nuclear industry is ignorant of its cybersecurity shortcomings, claimed a report released today, and despite understanding the consequences of an interruption to power generation and the related issues, cyber efforts to prevent such incidents are lacking.

    The report adds that search engines can "readily identify critical infrastructure components with" VPNs, some of which are power plants. It also adds that facility operators are "sometimes unaware of" them.

    Nuclear plants don't understand their cyber vulnerability, stated the Chatham House report, which found industrial, cultural and technical challenges affecting facilities worldwide. It specifically pointed to a "lack of executive-level awareness".

FreeNAS 10 Enters Alpha, Brings Lots of New Technologies, Based on FreeBSD 10.2

Filed under
Security
BSD

FreeNAS' Jordan Hubbard was proud to announce the other day, October 8, the release and immediate availability for download of the first Alpha build of the upcoming FreeNAS open source Network Attached Storage (NAS) solution.

Read more

Lastpass sold to LogMeIn -- should Linux users panic?

Filed under
Linux
Security

Today, however, Lastpass drops a bombshell, announcing it has been bought by the company LogMeIn. I am not familiar with this new owner, but many people are unhappy -- the comment section on the announcement is full of outrage. If you only use Windows, Mac, iOS or Android, there are alternatives, so you can switch if things get bad. Users of Chrome OS, Ubuntu, Fedora and other such operating systems? Not so much. Should we Linux users panic?

Read more

Security Leftovers

Filed under
Linux
Security

How Xen Manages Security Disclosure

Filed under
OSS
Security

When security vulnerabilities are found in any piece of software, the ideal way to fix them is before the general public or attackers are made aware of bugs. Kurth explained that the traditional wisdom in security is to keep any type of predisclosure list for security as small as possible. In Xen's case, the project went through multiple iterations of its security disclosure process, in an attempt to keep things fair for both large and small vendors.

Read more

Security Leftovers

Filed under
Security
  • Malware Peddling Vigilantes behind Linux.Wifatch Speak Up

    The group also add that Linux.Wifatch was never intended to be secretive and added that to be “truly ethical, it needs to have a free license.” However, the developers did not go out of their way to make the Wifatch’s presence known in the wider community, to avoid detection by other malware authors.

    The group haven’t revealed their identity and contend that they are “nobody important,” while adding that although they can be trusted not to do “evil things” with users’ devices anybody could steal the key (speaking figuratively), no matter how well the group protects it.

  • Government Accountability Offices Finds Government Still Mostly Terrible When It Comes To Cybersecurity

    The government has done a spectacularly terrible job at protecting sensitive personal information over the past couple of years. Since 2013, the FDA, US Postal Service, Dept. of Veterans Affairs, the IRS and the Office of Personnel Management have all given up personal information. So, it's no surprise the Government Accountability Office's latest report on information security contains little in the way of properly-secured information.

  • This New 'Secure' App for Journalists May Not Be Secure At All

    When I started working as a journalist in Colombia in 2006, "What do I do if I get kidnapped?" was a common topic at parties. In fact in 2007, my brother (not a journalist) got kidnapped in a small town outside of Medellín. The Colombian anti-kidnapping squad (GAULA) rescued him.

    So let's just say I take an interest in journalist security tools. New apps have the potential to help journalists do their jobs, and stay safe while doing so.

    Unfortunately, Reporta, a new app from the International Women's Media Foundation (IWMF) billed as "the only comprehensive security app available worldwide created specifically for journalists," sounds like it may put journalists in danger.

Linux Security: Lock Down a New System Immediately

Filed under
GNU
Linux
Security

PCWorld recently published an article about Linux botnets launching DDoS attacks. The attackers find and exploit poorly secured Linux systems. Some Linux users have a fairly cavalier attitude about security, assuming the supposedly superior design of the OS somehow protects them. It doesn't. Now that Chromebooks outsell Windows laptops and Amdroid devices are ubiquitous the days when Linux was a secondary target for malware are long gone. Linux' prominence in both the server room and on consumer devices make it a prime target.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Tuesday
  • LinuxCon 2015 Report: Shrinking the Security Holes in OSS

    Dublin native James Joyce famously wrote that “mistakes are the portals of discovery.” LinuxCon 2015 keynote speaker Leigh Honeywell grabbed hold of the same theme here in Dublin, reminding hundreds of open source professionals that “you’re going to make mistakes; you’re going to introduce security bugs.” The goal, said Honeywell, who works as a senior security engineer at Slack Technologies, shouldn’t be the all-out elimination of these mistakes. Instead, security engineers should strive to make different mistakes next time around.

  • The perils of free digital certificates

    The current certificate is not cross-signed, so loading the page over HTTPS will give visitors an untrusted warning. The warning goes away once the ISRG root is added to the trust store. ISRG expects the certificate to be cross-signed by IdenTrusts’s root in about a month, at which point the certificates will work nearly anywhere. The project also submitted initial applications to the root programs for Mozilla, Google, Microsoft, and Apple so that Firefox, Chrome, Edge, and Safari would recognize Let's Encrypt certificates.

  • Get Simplified Web Encrytion For Your Website With Let's Encrypt
  • InvizBox Go Offers Open Source Online Privacy And Security (video)

    Team InvizBox have unveiled a new pocket sized device which has been created to provide an open source solution to online privacy and security.

    The small InvizBox box is capable of offering users a broad range of privacy options, allowing secure connectivity to the Internet from both desktop and mobile devices.

  • New programmer pow-wow for coders paranoid about Android

    DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, it will exchange and create new ideas on how to leverage the best of both worlds and adopt a new mind-set of inclusiveness and collaboration.

  • Cisco disrupts $30 million browser plug-in hacking operation
  • ​Cisco: notorious hackers using Linux cloak earn $30m a year

    Cisco notes that Linux servers were being managed remotely via SSH using root, adding that they were likely compromised systems in Europe and Asia.

  • Linux.Wifatch: The Wireless Router Malware that Increases IoT Security
  • Vigilante Malware
  • Creators of the Benevolent Linux.Wifatch Malware Reveal Themselves

    The Linux.Wifatch malware, also dubbed as the "vigilante malware" has been going around the Internet, infecting IoT devices, cleaning out malware infections, and boosting the devices' security.

  • Linux.Wifatch Is Protecting Unpatched Routers, Devices

    Today's topics include how vigilante malware is protecting unpatched routers, HP launches its Open-Source Network OS, Twitter locks in Jack Dorsey as its permanent CEO, and Cisco is driving its investments in network chip startup Aquantia.

    Countless numbers of routers and Internet-connected devices around the world are not properly updated, leaving the devices, their owners and the Internet at large at risk. A new code infection, however, dubbed Linux.Wifatch, is taking unpatched routers and devices a different route, protecting them, rather than exploiting them.

  • Microsoft OWA falls victim to password-pinching APT attack

    SECURITY RESEARCHERS FROM Cybereason have sounded a klaxon over a problem with the Microsoft Outlook Web Application (OWA) that could let attackers swoop in and tag and bag data and documents through the use of APT techniques.

    Cybereason discovered the bug when a customer with some 19,000 endpoints suspected that it was the victim of infection.

  • New Outlook mailserver attack steals massive number of passwords

    Backdoor in Outlook Web Application operates inside target's firewall.

  • Vint Cerf: The Headline I Fear Is '100,000 Fridges Hack Bank of America'

    When the ILOVEYOU worm struck on May 4, 2000, it thrust the reality of computer vulnerabilities into the public consciousness in a very big way.

    Sure, computer worms had spread before, but some estimates pegged this particular worm as causing billions of dollars in damage. Entire government departments were crippled. The nature of its spread was unprecedented in scale.

KDE Ships Plasma 5.4.2, bugfix Release for October

Filed under
KDE
Security

Today KDE releases a bugfix update to Plasma 5, versioned 5.4.2.
Plasma 5.4 was released in August with many feature refinements and new modules to complete the desktop experience.

This release adds a month's worth of new translations and fixes from KDE's contributors. The bugfixes are typically small but important and include:

Many new Breeze icons.
Support absolute libexec path configuration, fixes binaries invoked by KWin work again on e.g. Fedora. Commit. Fixes bug #353154. Code review #125466
Set tooltip icon in notifications applet. Commit. Code review #125193

Read more

Syndicate content

More in Tux Machines

today's howtos

KaOS 2016.06 Moves the Distro to Linux Kernel 4.6, Adds Full-Disk Encryption

The developers of the KaOS Linux operating system have had the great pleasure of announcing the release and immediate availability for download of the KaOS 2016.06 ISO image with some very exciting goodies. First and foremost, the devs have decided to move the distribution from the long-term supported Linux 4.4 kernel series to Linux kernel 4.6, which makes it possible to fully automate the early microcode update. Furthermore, the default desktop environment has been migrated to the Beta of the upcoming KDE Plasma 5.7. Read more

Tiny Core Linux 7.2 Enters Development, First Release Candidate Is Out Now

The developers of one of the smallest GNU/Linux operating systems, Tiny Core, have announced that the next point release in the Tiny Core Linux 7 series, version 7.2, is now open for development. Tiny Core Linux 7.2 RC1 (Release Candidate 1) has been released today, June 25, 2016, and it lets early adopters and public testers get an early taste of what's coming to the final Tiny Core Linux 7.2 operating system in the coming weeks. Read more

Huawei CEO: Will keep using Android as long as it's open

He made the said comment in a Weibo post, where-in he also noted that Google's mobile OS has promoted the development of smartphones, which in turn has benefited consumers. Interestingly, he didn't say anything about whether or not Huawei is developing an in-house mobile OS - said to be called Kirin OS. His silence on the matter, though, can be taken as a confirmation of sorts, especially when his comment reflects the possibility of Google restricting the companies’ freedom with Android in future. Read more Also: Huawei CEO Comments On Rumors about its Independent OS