The central voice for Linux and Open Source security news.
Aktualizace: 56 min 26 sek zpět
LinuxSecurity.com: Google has announced plans to reduce the trust in Symantec TLS certificates until a point is reached in early 2018 where Chrome 64 will only trust certificates issued for 279 days or less from the security giant and its subsidiaries.
LinuxSecurity.com: FBI director James Comey has suggested that an international agreement between governments could ease fears about IT products with government-mandated backdoors, but privacy advocates are doubtful.
LinuxSecurity.com: Linux Mint has been lambasted by some in the media for security problems over the last few years. But how accurate are such perceptions? Does Linux Mint really suffer from security problems or is it all much ado about nothing?
LinuxSecurity.com: Mozilla last week patched a Firefox vulnerability just a day after it was revealed during Pwn2Own, the first vendor to fix a flaw disclosed at the hacking contest.
LinuxSecurity.com: LastPass has closed a remote code execution vulnerability on its Chrome extension, but according to Google Project Zero researcher Tavis Ormandy, issues remain on its Firefox extension, as well as details on another password-stealing vulnerability to come. Writing in the Project Zero issue tracker, Ormandy said it was possible to proxy untrusted messages to LastPass.
LinuxSecurity.com: HTTPS inspection tools are, in essence, a security team's authorized man-in-the-middle attacker: they intercept encrypted SSL/TLS traffic, in order to, for example, search it for malware that uses HTTPS to connect to malicious servers. However, in an alert today, US-CERT warned that HTTPS interception weakens TLS security, advising that organizations "carefully consider the pros and cons of such products before implementing."
LinuxSecurity.com: Cisco Systems said that more than 300 models of switches it sells contain a critical vulnerability that allows the CIA to use a simple command to remotely execute malicious code that takes full control of the devices. There currently is no fix.
LinuxSecurity.com: OK, hands up, who knows what High-Level Data Link Control (HDLC) is? It's an archaic networking data framing protocol that's used in modems, X.25, frame-relay, ISDN, and other now uncommon networking technologies. I know it because I used to work with them back in the day. You'll get to know it now because a researcher discovered a security hole hidden within the Linux kernel driver that implements it.
LinuxSecurity.com: The operator of a website that accepts subscriber logins only over unencrypted HTTP pages has taken to Mozilla's Bugzilla bug-reporting service to complain that the Firefox browser is warning that the page isn't suitable for the transmission of passwords.
LinuxSecurity.com: Contestants at this year's Pwn2Own hacking competition in Vancouver just pulled off an unusually impressive feat: they compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in. The hack fetched a prize of $105,000, the highest awarded so far over the past three days.
LinuxSecurity.com: GitHub has awarded a researcher $18,000 for disclosing a security flaw in GitHub Enterprise which could have lead to remote code execution.
LinuxSecurity.com: If your company doesn't have an ethical hacker on the security team, it's playing a one-sided game of defense against attackers. Great power comes with great responsibility, and all heroes face the decision of using their powers for good or evil. These heroes I speak of are called white hat hackers, legal hackers, or, most commonly, ethical hackers.
LinuxSecurity.com: Remember that USB stick that would destroy almost anything in its path, from laptops, photo booths, kiosks, to even cars? Now there's a new version, and it's even more dangerous than before.
LinuxSecurity.com: Eight days after developers patched a critical flaw in the Apache Struts Web application framework, there has been no let-up in the volley of attacks attempting to exploit the vulnerability, which affects a disproportionate number of high-impact websites, a security researcher said Tuesday.
LinuxSecurity.com: One mistaken click. That's all it took for hackers aligned with the Russian state security service to gain access to Yahoo's network and potentially the email messages and private information of as many as 500 million people.
LinuxSecurity.com: According to Firefox maker Mozilla, we're nearly all afraid of hackers, but few of us feel we can protect ourselves from them.
LinuxSecurity.com: With the onrush of connected internet of things (IoT) devices, distributed denial-of-service attacks are becoming a dangerous trend. Similar to what happened to DNS service provider Dyn last fall, anyone and everyone is in the crosshairs. The idea of using unprotected IoT devices as a way to bombard networks is gaining momentum.
LinuxSecurity.com: From the boardroom to IT and the end user, the Domain Name System is often misunderstood, which can leave organizations vulnerable to attacks.
LinuxSecurity.com: A commercial malware scanner used by businesses has recently detected an outbreak of malware that came preinstalled on more than three dozen Android devices. An assortment of malware was found on 38 Android devices belonging to two unidentified companies. This is according to a blog post published Friday by Check Point Software Technologies, maker of a mobile threat prevention app.
LinuxSecurity.com: After Edward Snowden revealed that online communications were being collected en masse by some of the world's most powerful intelligence agencies, security experts called for encryption of the entire web. Four years later, it looks like we've passed the tipping point.