Linux Security Week: September 18th, 2017

Ls Default Copy 1

Anthony Pell

2 - 4 min read Sep 18, 2017

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

	(Sep 13)
	San Francisco in January could become the first U.S. city to adopt open source software to run its voting machines.City officials last month authorized consulting group Slalom to prepare a report on the benefits and challenges involved in using an open source voting machine platform. The city voted to pay Slalom US$150,000 for its research.
	(Sep 14)
	Whether you use the anonymized browsing of Tor to protect your privacy, to get around censorship, or to shop on the Dark Web, you likely won't be pleased to know a big red target has been painted on Tor after an exploit broker offered to pay $1 million for zero-day exploits targeting the Tor Browser on Tails Linux and Windows. Those zero-days will be sold to Johnny Law working in the government sector.
	(Sep 12)
	If Akamai, Cisco and Google's post-platform security and privacy machine learning security systems protecting the web and mobile platforms are indicative of the future, IoT device makers will only be part of a larger security ecosystem. That's because they will not have the data to train the AI machine learning models.
	(Sep 14)
	The security perils inherent in Internet of Things (IoT) devices are painfully obvious at this point in 2017, but why are there so many security issues? At a session during the Open Source Summit here Marti Bolivar, senior software engineer at Linaro detailed what he described as "anti-patterns" that ultimately lead to negative security outcomes.
	(Sep 15)
	While most Americans were enjoying the Labor Day weekend, Linux creator Linus Torvalds was busy releasing the Linux 4.13 kernel on Sept. 3. Linux 4.13 is the fourth new Linux kernel released in 2017 and follows Linux 4.12, which debuted in July.
	(Sep 14)
	Five years ago, IT was decentralized at the University of New Mexico. "Every school or college had their own IT, and in most cases they were completely under-resourced – a one-person shop having to do phones, apps, email, desktop, servers, storage, disaster recovery, all of that," said Brian Pietrewicz, deputy CIO at University of New Mexico.
	(Sep 15)
	Twenty-six years ago, Linus Torvalds started the Linux operating system, and at the Open Source Summit here on Sept. 11, Torvalds detailed his views on security, development and collaboration and why he's still having fun working on Linux.
	(Sep 13)
	Researchers at Check Point say they've found a way to use Microsoft's Windows 10 Subsystem for Linux (WSL) to allow malware to slip by antivirus.
	(Sep 13)
	A notorious startup is offering up to $1 million in rewards to security researchers who can find bugs and develop techniques to exploit the anonymous web surfing tool the Tor Browser.
	(Sep 11)
	Microsoft surprised the technology world last year when it announced that users will be able to run native Linux applications in Windows 10 without virtualization. While this feature is meant to help developers, researchers believe it could be abused by attackers to hide malware from security products.
	(Sep 12)
	A Raspberry Pi is a tiny computer designed for markers and all sorts of Internet-of-Things types of projects. Make magazine has an article about securing it. Reading it, I am struck by how much work it is to secure. I fear that this is beyond the capabilities of most tinkerers, and the result will be even more insecure IoT devices.
	(Sep 12)
	According to the researchers, the the vulnerability affected virtually all Bluetooth devices, including Android phones, older iPhones, Windows computers some devices running Linux.

LinuxSecurity Poll

Which open source security automation tool do you use to protect against vulnerabilities?

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

News

Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Advisories

Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
HOWTOs

Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Features

Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
About Us

Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Powered By

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

© 2024 Guardian Digital, Inc All Rights Reserved