In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
| |
EnGarde Secure Community 3.0.22 Now Available! (Dec 9) |
| |
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668
|
| |
Attack Of The Tweets: Major Twitter Flaw Exposed (Aug 28) |
| |
A newly exposed cross-site scripting (XSS) vulnerability in Twitter lets an attacker wrest control of a victim's account merely by sending him or her a tweet.
U.K. researcher James Slater reported the serious flaw earlier this week, and now says Twitter's fix in response to his disclosure doesn't actually fix the problem. http://www.linuxsecurity.com/content/view/149913
|
| |
Swiss coder publicises government spy Trojan (Aug 28) |
| |
A software engineer who created Trojans for the Swiss authorities to intercept Voice-over-IP (VoIP) phone calls has published the source code to his programs in order to draw attention to the surveillance threat posed by such software. http://www.linuxsecurity.com/content/view/149912
|
| |
SSH key compromise shuts down Apache website (Aug 28) |
| |
The Apache website was taken offline for several hours after attackers used a SSH key to access one of its servers.
Apache shut down all its machines as a precaution and switched over to an unaffected European mirror server. On its blog, the Apache Infrastructure TeamApache said it did not believe any end-users or downloads of enormously popular Web server software were affected. http://www.linuxsecurity.com/content/view/149911
|
| |
Researchers who hack the Mac OS (Aug 27) |
| |
Before his coffee was cold he had found a local privilege escalation vulnerability in Mac OS X Tiger, which could allow people to elevate from normal user to full super user, and had written code that could exploit the hole. http://www.linuxsecurity.com/content/view/149906
|
| |
Hacker pleads guilty in massive bank fraud case (Aug 27) |
| |
Hacker Ehud Tenenbaum has pleaded guilty in connection to charges of fraud that netted millions of dollars from banks in Indiana, Florida, Texas and California, according to the U.S. Attorney's office in New York. http://www.linuxsecurity.com/content/view/149905
|
| |
Researchers crack WPA Wi-Fi encryption in 60 seconds (Aug 27) |
| |
Computer scientists in Japan have developed a way to break the WPA encryption system used in wireless routers in just one minute. http://www.linuxsecurity.com/content/view/149904
|
| |
Sun plans on-chip security boost for Ultrasparc (Aug 26) |
| |
Sun Microsystems' product plans are up in the air pending its acquisition by Oracle, but the company's chip engineers continue to present new designs in the hope they'll see the light of day. http://www.linuxsecurity.com/content/view/149901
|
| |
Why Windows security is awfulA friend of mine suggested that I should include as boilerplate in my s (Aug 26) |
| |
A friend of mine suggested that I should include as boilerplate in my security stories, a line like: "Of course, if you were running desktop Linux or using a Mac, you wouldn't have this problem." She's got a point. Windows is now, always has been, and always will be insecure. Here's why. http://www.linuxsecurity.com/content/view/149896
|
| |
Tech Tip: More ssh Tunneling (Aug 26) |
| |
Using ssh tunnelling I can protect services which are not normally protected and/or encrypted against unauthorized access. In this example I show how I set up a secure connection to my IRC proxy, but you can use this same recipe for other things. http://www.linuxsecurity.com/content/view/149895
|
| |
Cracking GSM phone crypto via distributed computing (Aug 26) |
| |
If you are using a GSM phone (AT&T or T-Mobile in the U.S.), you likely have a few more months before it will be easy for practically anyone to spy on your communications.
Security researcher Karsten Nohl is launching an open-source, distributed computing project designed to crack the encryption used on GSM phones and compile it into a code book that can be used to decode conversations and any data that gets sent to and from the phone. http://www.linuxsecurity.com/content/view/149894
|
| |
Google patches severe Chrome vulnerabilities (Aug 25) |
| |
Google has fixed two high-severity vulnerabilities in the stable version of its Chrome browser that could have let an attacker remotely take over a person's computer.
With one attack on Google's V8 JavaScript engine, malicious JavaScript on a Web site could let an attacker gain access to sensitive data or run arbitrary code on the computer within a Chrome protected area called the sandbox, Google said in a blog post Tuesday. http://www.linuxsecurity.com/content/view/149892
|
| |
Red Hat, Novell and CentOS update for kernel vulnerability - Update (Aug 25) |
| |
Red Hat has finally managed to release a patch for the previously reported critical Linux kernel vulnerability. Red Hat's initial response was to provide a workaround for the problem that involved blacklisting certain network protocols, preventing the exploit from functioning. Novell has also released updates for openSUSE 10.3 to 11.1, SUSE Linux Enterprise Desktop and SUSE Linux Enterprise Server. http://www.linuxsecurity.com/content/view/149888
|
| |
Secure Virtualization Using SELinux (sVirt) (Aug 25) |
| |
While virtualization seems to be next big thing, providing great opportunities in resource allocation, system management, savings on power and cooling, and the ability to grow and shrink resources depending on demand.
But what about the security?
What happens when a cracker breaks into a virtual machine and takes it over? What happens if there is a bug in the hypervisor? http://www.linuxsecurity.com/content/view/149887
|
| |
Mozilla security chief on Firefox improvements: (Aug 25) |
| |
Mozilla's "human shield" Johnathan Nightingale discusses Firefox browser privacy and security issues at the recent Black Hat briefings in Las Vegas. Firefox, the open-source challenger to Microsoft's Internet Explorer, passed the 1-billion download mark on July 31. In Firefox 3.5 Mozilla improved JavaScript performance, added a new Private Browsing mode, native support for open video and audio, and Location Aware Browsing. In this interview with Information Security magazine's Michael Mimoso, Nightingale talks about the privacy mode, Mozilla's security processes and its automated patching process. http://www.linuxsecurity.com/content/view/149886
|
| |
The Pirate Bay Returns With Guns Blazing (Aug 25) |
| |
After initially being taken offline by Swedish authorities, and after its first escape route failed, The Pirate Bay has returned with all guns blazing. With a modified copy of one of Churchill's most famous speeches, The Pirate Bay team tells the public that they will defend the Internet, with or without the site. http://www.linuxsecurity.com/content/view/149885
|
| |
Monitor your system for threats with rsec alerts (Aug 24) |
| |
Vincent Danen gives an overview of the monitoring and reporting tool rsec, which can help you keep a close eye on your system's security without having to pore over log files. Mandriva has long had their security tool called msec. Love it or hate it, it has been an integral part of all Mandriva Linux versions for years. http://www.linuxsecurity.com/content/view/149871
|
| |
It's not just Facebook. 4Chan hack Christian's social network, email, Paypal accounts and more… (Aug 23) |
| |
An unknown Christian dating site was recently hacked and whoever responsible managed to gain access to a list of email addresses and passwords. It's likely the file was posted to anonymous message board 4Chan.org and in doing so, some of its frequenters have begun a rampant attack on Facebook, e-store profiles, email accounts and other social networks. http://www.linuxsecurity.com/content/view/149865
|
| |
25 Great Pirate Bay Alternatives (Aug 23) |
| |
TorrentFreak has a great article on a collection of the best torrent search engines and trackers out there, to replace TPB when it gets dissolved or sold. This includes a great Google Torrent Search Engine.The end of the Pirate Bay is nearing. Even if the deal with GGF doesn't go through the current owners are likely to sell to one of the other interested parties. For many BitTorrent fans this means that they have to find an alternative. Luckily there are plenty of good ones out there. http://www.linuxsecurity.com/content/view/149864
|
| |
Jailed SF network administrator faces fewer charges (Aug 23) |
| |
A judge has dismissed most of the charges against a former San Francisco network administrator accused of hijacking the city's computer network he designed and maintained. http://www.linuxsecurity.com/content/view/149863
|
Only registered users can write comments.
Please login or register.
