Language Selection

English French German Italian Portuguese Spanish

Security

The NSA Is Looking At Systemd's KDBUS

Filed under
Red Hat
Security

While it's true that an NSA analyst sent out an email about KDBUS security, it hopefully shouldn't raise any alarm bells. The thread in question is about credential faking for KDBUS and why it's even there. Stephen Smalley of the NSA was asking why there's support for credential faking for this soon-to-be-in-kernel code while it wasn't part of the original D-Bus daemon in user-space. The preference of Stephen Smalley is to actually get rood of this functionality that could be abused.

Read more

Core Linux tools top list of most at-risk software

Filed under
Linux
Security

In a Core Infrastructure Initiative survey of at-risk software most in need of close attention, many fundamental Linux utilities sit at the top

Read more

CII and OpenSSL

Filed under
OSS
Security
Web

Another day, another OpenSSL patch

Filed under
OSS
Security

The latest OpenSSL security hole isn't a bad one as these things go. It's no Heartbleed, Freak, or Logjam. But it's serious enough that, if you're running alpha or beta operating systems, you shouldn't delay patching it.

Fortunately, the affected OpenSSL versions are not commonly used in enterprise operating systems. For example, it doesn't impact shipping and supported versions of Red Hat Enterprise Linux (RHEL) or Ubuntu. In the case of Ubuntu, it does affect the 15.10 development release, but the patch is already available.

Read more

OPNsense 15.7 Released As Fork Of Pfsense

Filed under
Security
BSD

The OPNsense 15.7 release added i386 and NanoBSD support, LibreSSL support, re-based to FreeBSD 10.1, added OpenDNS support, intrusion detection support, new local/remote backlist options, some security fixes, and added many other new features.

Read more

Also: Pfmatch, a packet filtering language embedded in Lua

bsdtalk 254 [Ogg]

finding bugs in tarsnap

From the Editors: When did open-source software get so scary?

Filed under
OSS
Security

When did the use of open-source software become such a worrisome thought? Big names such as VMware, Oracle, Microsoft and Cisco, to name but a few, have been caught infringing on open-source software licenses.

Read more

Can Data Infrastructure Vendors Stop Hackers?

Filed under
GNU
Linux
Server
Security

The ecosystem is based on Security-Enhanced Linux (SELinux), but it adds role-based access control with a policy for each role, so no one can get to the system root and the root can’t see user data. All access is logged, so any attempts to penetrate the system can be traced. Policies are based on roles such as security admin, audit admin and sysadmin, and each file is tagged with a security level so some users can see it while others can’t.

Read more

Will Red Hat Enter the Security Market?

Filed under
Red Hat
Security

Security is key part of the open source Linux operating system that Red Hat delivers to its customers. Yet despite the fact that security is baked into the operating system, Red Hat doesn't currently have a separate security offering.

Read more

Release of OpenMediaVault 2.1 (Stone burner)

Filed under
GNU
Linux
Server
Security

The main features at a glance:

Using Sencha ExtJS 5.1.1 framework for the WebGUI
Add a new dashboard and widgets
Many internal improvements and bugfixes
Improved the internal network interface backend
Add Wi-Fi support. Only WPA & WPA2 is supported
Add VLAN support
The network interface configuration page has been modified. Now only the configuration values are displayed. Use the dashboard widget to show the state of all network interfaces.
The public key of the user must now be specified in the RFC 4716 SSH public key file format. It is possible to add multiple keys.
Option to turn off the collection of system performance statistics.
Use the browser local storage to store the WebGUI state (e.g. displayed grid columns, column width, …) instead of cookies.

Read more

Not OK, Google: Chromium voice extension pulled after spying concerns

Filed under
Google
Security

Google has removed an extension from Chromium, the open source sibling to the Chrome browser, after accusations that the extension was installed surreptitiously and subsequently eavesdropped on Chromium users.

Read more

Syndicate content

More in Tux Machines

Android Leftovers

User Editorial: A different approach to calculating the popularity of Linux gaming on Steam

Now that the monthly Steam statistics are out again, we can see that the result has increased slightly from last month, we are back up to 0.90% from 0.85%. While that is a positive sign, we are again looking at a number below 1% this month. As has been previously pointed out there are a few flaws with the Steam statistics, such as that users of the Big Picture Mode do not get the survey at all. There are also likely a few flaws we don't know about. Still, we can safely assume that the Steam Hardware Survey isn't completely lying either: Linux usage might be off by a bit, but if it says below 1%, it is rather unlikely that the real numbers are for example above 2%. It is a statistic, and we have to treat it like a statistic, that gives us an indication of the Linux market share on Steam. An increase likely means a larger market share and a decrease a smaller market share. A fair point that has been made, however, that the amount of Steam users has been increasing over time. Therefore, it is reasonable to assume the number of Linux Steam users has increased as well. The question is: How did Steam grow? Read more

A Down and Dirty Look at Xubuntu 16.04

In our look at Xubuntu 16.04, we find it to be stable, quick and intuitive. It’s a distro that makes our short list of recommendations for those wishing to move from Windows to GNU/Linux. For a look at Ubuntu’s new LTS release, 16.04 or Xenial Xerus, I decided to forgo “Ubuntu prime” in favor of one of the officially sanctioned “baby *buntus,” choosing Xubuntu, the distro’s Xfce implementation. We use Xfce on Mint on nearly all of the computers here at FOSS Force’s office, so I figured this would put me in familiar territory, especially since Mint is also a Ubuntu based distro. Read more

With Banks' Help, Startup Chain Rolls Out Open Source Blockchain