Language Selection

English French German Italian Portuguese Spanish

Security

Parrot 3.9 “Intruder” Ethical Hacking Linux Distro Released With New Features — Download Here

Filed under
GNU
Linux
Security

In mid-October, The Parrot Project announced that it’s going to be releasing the latest Parrot Security 3.9 operating system for ethical hacking and penetration testing in the upcoming weeks. The team also released its beta release for testers. After the wait of a couple of weeks, the final Parrot 3.9 release is here.

Read more

Tor Improvements and Bugfix

Filed under
Security
Web
  • Next-Gen Algorithms Make Tor Browser More Secure And Private, Download The Alpha Now

    Tor, the anonymity network was in need of an upgrade, as the world started raising concerns about its reliability. It was this year only when a hacker managed to take down almost 1/5th of the onion network.

    The possible applications of Tor have reached far ahead than calling it a grey market for drugs and other illegal things. It’s already actively used for the exchange of confidential information, file transfer, and cryptocurrency transactions with an expectation that nobody can track it.

  • TorMoil Vulnerability Leaks Real IP Address from Tor Browser Users

    The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users' real IP addresses.

    The vulnerability was spotted by Filippo Cavallarin, CEO of We Are Segment, an Italian company specialized in cyber-security and ethical hacking.

  • Critical Tor flaw leaks users’ real IP address—update now

    Mac and Linux versions of the Tor anonymity browser just received a temporary fix for a critical vulnerability that leaks users' IP addresses when they visit certain types of addresses.

    TorMoil, as the flaw has been dubbed by its discoverer, is triggered when users click on links that begin with file:// rather than the more common https:// and http:// address prefixes. When the Tor browser for macOS and Linux is in the process of opening such an address, "the operating system may directly connect to the remote host, bypassing Tor Browser," according to a brief blog post published Tuesday by We Are Segment, the security firm that privately reported the bug to Tor developers.

IPFire 2.19 - Core Update 115 released

Filed under
GNU
Linux
Security

finally, we are releasing the long-awaited IPFire 2.19 – Core Update 115 which brings the shiny new Captive Portal and various security and performance improvements as well as fixing security vulnerabilities.

This is a large Core Update with a huge number of changes and to support our efforts to develop new features and maintain the existing system as well as constantly improving it, we would like to ask you to donate!

Read more

Security: Dashlane, Coverity, FireEye's GoCrack

Filed under
Security

Security: Pwn2Own, WordPress, Black Duck's Latest FUD (Sales Pitch), Claims of Russian Meddling

Filed under
Security

Security: Kaspersky, GDPR, NIST, Voting

Filed under
Security
  • Kaspersky purged from 'vast majority' of US government systems

    Michael Duffy, who leads cybersecurity and communications at the DHS, explained that fewer than half of their agencies were using Kaspersky's anti-virus software.

  • The EU’s GDPR is even more relevant to Linux systems, and here is why

    This new regulation represents a tightening of the data protection laws. The new regulation requires far faster responses to data breaches (within 72 hours), and the maximum penalty for breaching the legislation has increased by over four times to twenty million euros or four percent of a business’s annual global turnover, whichever is higher. In addition, GDPR will unify the processes by which EU countries regulate their data security. This will ensure breaches are easier to report, investigate and respond to the new supervisory authorities being introduced.

  • New Network Security Standards Will Protect Internet’s Routing

    Electronic messages traveling across the internet are under constant threat from data thieves, but new security standards created with the technical guidance of the National Institute of Standards and Technology (NIST) will reduce the risk of messages being intercepted or stolen. These standards address a security weakness that has been a part of the internet since its earliest days.

  • Disney-branded internet filter had Mickey Mouse security

    A Disney-branded home internet filtering device might keep bad content out, but it was an open door to bad actors until earlier this month.

    That's what Cisco Talos's William Largfent found when he took a look at "Circle with Disney", a Circle Media parental control device on which the entertainment giant slapped its brand.

    Whatever its qualities in filtering an screen time management, the US$99 box is riddled with 23 vulns, as the Talos post discloses.

  • Episode 68 - Ruining the Internet: Episode 68 - Ruining the Internet
  • Security updates for Wednesday
  • Trump administration reportedly kills vehicle-to-vehicle safety mandate [Updated]
  • Members of Congress want you to hack the US election voting system

    This summer, DefCon's "Voting Machine Hacking Village" turned up a host of US election vulnerabilities (PDF). Now, imagine a more mainstream national hacking event backed by the Department of Homeland Security that has the same goal: to discover weaknesses in voting machines used by states for local and national elections.

    That might just become a reality if federal legislation (PDF) unveiled Tuesday becomes law. The proposal comes with a safe harbor provision to exempt participants from federal hacking laws. Several federal exemptions for ethical hacking that paved the way for the DefCon hacking village expire next year.

    The bipartisan "Securing America's Voting Equipment Act" also would provide election funding to the states and would designate voting systems as critical infrastructure—a designation that would open up communication channels between the federal government and the states to share classified threat information.

Security: Nextcloud, Microsoft/Windows, Canonical/Ubuntu

Filed under
Security

pfSense 2.3.5-RELEASE now available

Filed under
Security

As we have promised, will will continue to deliver security and stability fixes to the pfSense 2.3.x line even after we have released pfSense 2.4.0, since i386 and NanoBSD were deprecated in pfSense 2.4.0. These updates will continue for a minimum of one year after the pfSense 2.4.0 release date, which means they will continue through at least October 2018.

Read more

Security: Certificate Authorities, Coverity SPAM, and WordPress Patches

Filed under
Security
  • Mozilla devs discuss ditching Dutch CA, because cryptowars

    Concerns at the effect of The Netherlands' new security laws could result in the country's certificate authority being pulled from Mozilla's trust list.

    The nation's Information and Security Services Act will come into force in January 2018. The law includes metadata retention powers similar to those enacted in other countries, and also grants broad-based interception powers to Dutch security services.

  • Francisco Partners Acquires Comodo's Certificate Authority Business

    Private equity firm Francisco Partners announced on Oct. 31 that it has acquired the SSL/TLS Certificate Authority (CA) business from security firm Comodo Group. Financial terms of the deal are not being publicly disclosed.

    "This is a carve-out of the Comodo SSL business, which is now going to be a separate legal and operational entity," Bill Holtz, CEO of Comodo CA told eWEEK.

  • Open source developers make progress in adopting secure practices [Ed: Coverity marketing disguised as an article. Because journalism is dead. The business model is PR as 'reports']
  • WordPress 4.8.3 Security Release
Syndicate content

More in Tux Machines

Graphics: Mesa 17.2.6 RC, AMDGPU, and Vulkan

  • Mesa 17.2.6 release candidate
  • Mesa 17.2.6 RC Arrives With 50+ Fixes
    While Mesa 17.3 is imminent and should be released as stable within the next few days, Mesa 17.2.6 is being prepped for release as the current point release.
  • 43 More AMDGPU DC Patches Hit The Streets
    While the massive AMDGPU DC infrastructure has been merged for Linux 4.15, the flow of improvements to this display code continues and it looks like the next few kernel cycles at least could be quite busy on the AMD front.
  • A Prototype Of The Vulkan Portability Initiative: Low-Level 3D To Vulkan / D3D12 / Metal
    A Mozilla engineer has put out a prototype library in working on the Vulkan Portability Initiative for allowing low-level 3D graphics support that's backed by Vulkan / Direct3D 12 / Metal. With Apple sticking to their own Metal graphics API and Direct3D 12 still being the dominant graphics API on Windows 10, The Khronos Group has been working towards better 3D portability for where Vulkan may not be directly supported by the OS/drivers or otherwise available. They've been working to target a subset of the Vulkan API that can be efficiently mapped to these other native graphics APIs and to have the libraries and tooling for better compatibility and code re-use of these different graphics APIs.

Kernel: Linux 4.15, TLDR, and Linus Torvalds' Latest Rant

  • Linux 4.15 Adds AMD Raven Ridge Audio ID
    Not only is AMD Stoney Ridge audio (finally) being supported by the Linux 4.15 kernel, but it also looks like Raven Ridge audio should now be working too.
  • Linux 4.14.2 Fixes The BCache Corruption Bug
    Normally I don't bother mentioning new Linux kernel point releases on Phoronix unless there are some significant changes, as is the case today with Linux 4.14.2.
  • TLDR is what Linux man pages always should have been
    If you get stuck using a Linux tool, the first port of call shouldn’t be to Stack Overflow, but rather its “man pages.” Man — which is short for manual — retrieves documentation for a given program. Unfortunately, this can often be dense, hard to understand, and lacking in practical examples to help you solve your problem. TLDR is another way of looking at documentation. Rather than being a comprehensive guide to a given tool, it instead focuses on offering practical example-driven instructions of how something works.
  • Linux creator Linus Torvalds: This is what drives me nuts about IT security
    Developers are often accused of not thinking about security, but Linux kernel founder Linus Torvalds has had enough of security people who don't think about developers and end-users. After blasting some kernel developers last week for killing processes in the name of hardening the kernel, Torvalds has offered a more measured explanation for his frustration with security myopia. While he agrees that having multiple layers of security in the kernel is a good idea, certain ways of implementing it are not, in particular if it annoys users and developers by killing processes that break users' machines and wreck core kernel code. Because ultimately, if there are no users, there's not much point in having a supremely secure kernel, Torvalds contends.

Unity 7 Hoping To Become An Official Flavor For Ubuntu 18.04 LTS

While Canonical abandoned their work on the Unity desktop environment in favor of the Unity-inspired customized GNOME Shell that debuted in Ubuntu 17.10, some within the community have remained interested in maintaining Unity 7 and even getting it into an official spin/flavor of Ubuntu. Posted today to the community.ubuntu.com was a Unity maintenance roadmap, reiterating the hope by some in the Ubuntu community for Ubuntu Unity to become an official LTS distribution of Ubuntu. They are hoping to make it an official flavor alongside Kubuntu, Ubuntu Budgie, Xubuntu, and others. Read more Original/direct: Unity Maintenance Roadmap

Programming/Development: Django and Google India

  • An introduction to the Django ORM
    One of the most powerful features of Django is its Object-Relational Mapper (ORM), which enables you to interact with your database, like you would with SQL. In fact, Django's ORM is just a pythonical way to create SQL to query and manipulate your database and get results in a pythonic fashion. Well, I say just a way, but it's actually really clever engineering that takes advantage of some of the more complex parts of Python to make developers' lives easier.
  • Hey, Coders! Google India Is Offering 130,000 Free Developer Scholarships — Here’s How To Apply
  • Google to prepare 1.3 lakh Indians for emerging technologies

    "The new scholarship programme is in tandem with Google's aim to train two million developers in India. The country is the second largest developer ecosystem in the world and is bound to overtake the US by 2021," William Florance, Developer Products Group and Skilling Lead for India, Google, told reporters here.