Language Selection

English French German Italian Portuguese Spanish

Login

Enter your Tux Machines username.
Enter the password that accompanies your username.

More in Tux Machines

Security Leftovers

  • Friday's security updates
  • Hacking Slack accounts: As easy as searching GitHub
    A surprisingly large number of developers are posting their Slack login credentials to GitHub and other public websites, a practice that in many cases allows anyone to surreptitiously eavesdrop on their conversations and download proprietary data exchanged over the chat service. According to a blog post published Thursday, company researchers recently estimated that about 1,500 access tokens were publicly available, some belonging to people who worked for Fortune 500 companies, payment providers, Internet service providers, and health care providers. The researchers privately reported their findings to Slack, and the chat service said it regularly monitors public sites for posts that publish the sensitive tokens.
  • Time for a patch: six vulns fixed in NTP daemon
  • NTP Daemon Gets Fixes for Vulnerabilities Causing DoS and Authentication Bypass
  • Cisco Spots New NTP Bugs
  • Network Time Keeps on Ticking with Long-Running NTP Project [Ed: corrected URL]
  • Open Source Milagro Project Aims to Fix Web Security for Cloud, Mobile, IoT
    As the Internet continues to both grow in size and widen in scope, so do demands on the supporting infrastructure. The number of users and devices, amount of activity, internationalization of the web, and new devices that range from mobile apps and cloud instances to "Internet of Things," put strain on the system. Not just for bandwidth or service availability, but also on the assurance of trust -- trust that the entities at each end are who (or what) they say they are, and that their communications are private and secure.
  • M2Mi Obtains DHS Open-Source Cryptographic Tool Development Funds
    Machine-to-Machine Intelligence Corp. has been awarded $75,000 in funds by the Department of Homeland Security‘s science and technology directorate to create a deployable cryptographic protocol for an Internet of Things security initiative.
  • Encrypted Network Traffic Comes at a Cost
    The use of encryption over the Internet is growing. Fueled by Edward Snowden's revelations on the extent of NSA and GCHQ content monitoring, encryption is now increasingly provided by the big tech companies as part of their standard product offerings. It's effectiveness can be seen in the continuing demands by different governments for these same tech companies to provide government backdoors for that encryption. Encryption works: it safeguards privacy. Against this background, the use of Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to encrypt network traffic is likely to grow dramatically. Google is encouraging this. It already uses HTTPS as a positive weight for web sites in its search algorithm, while current rumors suggest it will soon start to place a warning red X in the URL bar of sites that do not use it. Taken together, these are strong incentives for businesses that don't currently use SSL/TLS to start doing so. Some predictions believe that almost 70% of network traffic will be encrypted by the end of this year.
  • Raptor Engineering Updates Details On Their POWER8-Based Talos Secure Workstation
    Raptor Engineering has published new information around their proposed high-performance Talos Secure Workstation that for around $3k is a high-end POWER8 motherboard.

GNOME privacy options give users even more desktop security

GNOME is helping you to improve security by wiping away that breadcrumb trail. Instead of having to manage these issues in various places such as display settings, file manager, and location settings, the developers of GNOME put these security-centric settings in one location: the GNOME Privacy tool. Read more

FRAND Is Not A Compliance Issue

The European Commission has been persuaded by lobbyists to change its position on standards to permit the use of FRAND license terms for patents applicable to technologies within those standards. This is a massive mistake that will harm innovation by chilling open source community engagement. Read more