Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Some HTTPS inspection tools might weaken security [iophk: "the death of web-mail UI"]

    In a typical enterprise environment, an HTTPS connection can even be intercepted and re-encrypted multiple times: at the network perimeter by gateway security products or data leak prevention systems and on endpoint systems by antivirus programs that need to inspect such traffic for malware.

    The problem is that users' browsers no longer get to validate the real server certificates because that task falls to the interception proxy. And as it turns out, security products are pretty bad at validating server certificates.

  • Defence against the Dark Arts involves controlling your hardware

    In light of the Vault 7 documents leak (and the rise to power of Lord Voldemort this year), it might make sense to rethink just how paranoid we need to be.

  • This laptop-bricking USB stick just got even more dangerous

    Remember that USB stick that would destroy almost anything in its path, from laptops, photo booths, kiosks, to even cars?

    Now there's a new version, and it's even more dangerous than before.

    In case you missed it the first time around, a Hong Kong-based company built a weaponized pocket-sized USB stick, which when plugged into a device, will rapidly charge its capacitors from the USB power supply and then discharge, frying the affected device's circuits.

  • Docker Image Vulnerability Research

    Managing known vulnerabilities is the first step towards a strong security posture. If we’re not updating our systems, and keeping an eye on emerging vulnerabilities that are yet to be patched upstream, we’re basically leaving the front door wide open.

Linux Security

Filed under
Security
  • Why Codethink is a founding member of the Civil Infrastructure Platform, a Linux Foundation initiative

    On April 4th 2016 a new Linux Foundation initiative called the Civil Infrastructure Platform was announced. CIP aims to share efforts around building a Linux-based commodity platform for industrial grade products that need to be maintained for anything between 25 and 50 years - in some cases even longer. Codethink is one of the founding members.

  • Ubuntu 12.04 Will Be End-Of-Life in April 28th 2017 & ESM Surprise
  • Update Shyness

    But the update madness had just started. A couple days after the PCLOS incident, I booted OpenMandriva and Discover notified me that there were updates. I must confess that the update process in OpenMandriva has not been easy for me: I prefer to use the Control Center, but sometimes it cannot install some packages and those have to be installed with Discover. Sometimes, the latter simply refuses to load the package list.

Security Leftovers

Filed under
Security
  • Security updates for Friday
  • Eight-year-old Linux security flaw finally fixed

    ANOTHER years-old vulnerability in the Linux kernel has been patched - the fourth such ageing security flaw that has been patched recently.

  • Paving with Good Intentions: The Attempt to Rescue the Network Time Protocol

    After the Heartbleed bug revealed in April 2014 how understaffed and under-funded the OpenSSL project was, the Network Time Foundation was discovered to be one of several projects in a similar condition. Unfortunately, thanks to a project fork, the efforts to lend NTP support have only divided the development community and created two projects scrambling for funds where originally there was only one.

  • Mozilla: Everyone's scared of hackers but clueless about fending them off

    According to Firefox maker Mozilla, we're nearly all afraid of hackers, but few of us feel we can protect ourselves from them.

    The non-profit's survey of 30,000 people found internet users' confidence is extremely low when it comes to privacy and security. The survey found that 90 percent of people are unsure how to protect themselves online, while 11.5 percent feel they know nothing about security.

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

  • Security updates for Thursday
  • Dormant Linux kernel vulnerability finally slayed

    A recently resolved vulnerability in the Linux kernel that had the potential to allow an attacker to gain privilege escalation or cause denial of service went undiscovered for seven years.

    Positive Technologies expert, Alexander Popov, found a race condition in the n_hdlc driver that leads to double-freeing of kernel memory. This Linux kernel flaw might be exploited for privilege escalation in the operating system. The (CVE-2017-2636) bug was evaluated as dangerous with a CVSS v3 score of 7.8, towards the higher end of the scale which runs from 1-10.

  • Another Years-Old Flaw Fixed in the Linux Kernel

    The Linux team has patched a "dangerous" vulnerability in the Linux kernel that allowed attackers to elevate their access rights and crash affected systems.

    The security issue, tracked as CVE-2017-2636, existed in the Linux kernel for the past seven years, after being introduced in the code in 2009.

How to Choose the Best Linux Distro for SysAdmin Workstation Security

Filed under
GNU
Linux
Security

If you’re a systems administrator choosing a Linux distribution for your workstation, chances are you’ll stick with a fairly widely used distro such as Fedora, Ubuntu, Arch, Debian, or one of their close spin-offs. Still, there are several security considerations you should weigh when picking which distribution is best for your needs.

Read more

Also: Linux Sucks — The Latest And Last From Bryan Lunduke

Security News

Filed under
Security

Security News

Filed under
Security

Security News

Filed under
Security
Syndicate content

More in Tux Machines

today's howtos

Security Leftovers

Leftovers: Debian, Ubuntu and Derivatives

  • Debian Developers Make Progress With RISC-V Port
    Debian developers continue making progress with a -- currently unofficial -- port of their Linux operating system to RISC-V. There is a in-progress Debian GNU/Linux port to RISC-V along with a repository with packages built for RISC-V. RISC-V for the uninitiated is a promising, open-source ISA for CPUs. So far there isn't any widely-available RISC-V hardware, but there are embedded systems in the works while software emulators are available.
  • 2×08: Pique Oil
  • [Video] Ubuntu 17.04 KDE
  • deepin 15.4 Released, With Download Link & Mirrors
    deepin 15.4 GNU/Linux operating system has been released at April 19th 2017. I list here one official download link and two faster mirrors from Sourceforge. I listed here the Mega and Google mirrors as well but remember they don't provide direct download. The 15.4 provided only as 64 bit, the 32 bit version has already dropped (except by commercial support). I hope this short list helps you.

Leftovers: OSS and Sharing

  • Overlayfs snapshots
    At the 2017 Vault storage conference, Amir Goldstein gave a talk about using overlayfs in a novel way to create snapshots for the underlying filesystem. His company, CTERA Networks, has used the NEXT3 ext3-based filesystem with snapshots, but customers want to be able to use larger filesystems than those supported by ext3. Thus he turned to overlayfs as a way to add snapshots for XFS and other local filesystems. NEXT3 has a number of shortcomings that he wanted to address with overlayfs snapshots. Though it only had a few requirements, which were reasonably well supported, NEXT3 never got upstream. It was ported to ext4, but his employer stuck with the original ext3-based system, so the ext4 version was never really pushed for upstream inclusion.
  • Five days and counting
    It is five days left until foss-north 2017, so it is high time to get your ticket! Please notice that tickets can be bought all the way until the night of the 25th (Tuesday), but catering is only included is you get your ticket on the 24th (Monday), so help a poor organizer and get your tickets as soon as possible!
  • OpenStack Radium? Maybe…but it could be Formidable
    OK the first results are in from the OpenStack community naming process for the R release. The winner at this point is Radium.
  • Libreboot Wants Back Into GNU
    Early this morning, Libreboot’s lead developer Leah Rowe posted a notice to the project’s website and a much longer post to the project’s subreddit, indicating that she would like to submit (or resubmit, it’s not clear how that would work at this point) the project to “rejoin the GNU Project.” The project had been a part of GNU from May 14 through September 15 of last year, at which time Ms. Rowe very publicly removed the project from GNU while making allegations of misdeeds by both GNU and the Free Software Foundation. Earlier this month, Rowe admitted that she had been dealing with personal issues at the time and had overreacted. The project also indicated that it had reorganized and that Rowe was no longer in full control.
  • Understanding the complexity of copyleft defense

    The fundamental mechanism defending software freedom is copyleft, embodied in GPL. GPL, however, functions only through upholding it--via GPL enforcement. For some, enforcement has been a regular activity for 30 years, but most projects don't enforce: they live with regular violations. Today, even under the Community Principles of GPL Enforcement, GPL enforcement is regularly criticized and questioned. The complex landscape is now impenetrable for developers who wish their code to remain forever free. This talk provides basic history and background information on the topic.

  • After Bill Gates Backs Open Access, Steve Ballmer Discovers The Joys Of Open Data
    A few months ago, we noted that the Gates Foundation has emerged as one of the leaders in requiring the research that it funds to be released as open access and open data -- an interesting application of the money that Bill Gates made from closed-source software. Now it seems that his successor as Microsoft CEO, Steve Ballmer, has had a similar epiphany about openness. Back in 2001, Ballmer famously called GNU/Linux "a cancer". Although he later softened his views on software somewhat, that was largely because he optimistically claimed that the threat to Microsoft from free software was "in the rearview mirror". Not really: today, the Linux-based Android has almost two orders of magnitude more market share than Windows Phone.
  • New Open Door Policy for GitHub Developer Program
    GitHub has opened the doors on its three year old GitHub Developer Program. As of Monday, developers no longer need to have paid accounts to participate. "We're opening the program up to all developers, even those who don't have paid GitHub accounts," the company announced in a blog post. "That means you can join the program no matter which stage of development you're in,"
  • MuleSoft Joins the OpenAPI Initiative: The End of the API Spec Wars
    Yesterday, MuleSoft, the creators of RAML, announced that they have joined the Open API Initiative. Created by SmartBear Software and based on the wildly popular Swagger Specification, the OpenAPI Initiative is a Linux Foundation project with over 20 members, including Adobe, IBM, Google, Microsoft, and Salesforce.