LinuxSecurity.com

Syndikovat obsah
The central voice for Linux and Open Source security news.
Aktualizace: 36 min 5 sek zpět

Google tightens noose on HTTP: Chrome to stick 'Not secure' on pages with search fields

28 Duben, 2017 - 11:42
LinuxSecurity.com: Google is giving web developers six months to prepare for the next phase of its plan to mark all HTTP pages as 'Not secure'. October will mark stage two of Google's plan to label all HTTP pages as 'Not secure' in Chrome.
Kategorie: Hacking & Security

pemcracker - Tool For Cracking PEM Files

28 Duben, 2017 - 11:40
LinuxSecurity.com: pemcracker is a tool for cracking PEM files that are encrypted and have a password. The purpose is to attempt to recover the password for encrypted PEM files while utilising all the CPU cores.
Kategorie: Hacking & Security

GrSecurity Kernel Patches Will No Longer Be Free To The Public

27 Duben, 2017 - 12:19
LinuxSecurity.com: The GrSecurity initiative that hosts various out-of-tree patches to the mainline Linux kernel in order to enhance the security will no longer be available to non-paying users.
Kategorie: Hacking & Security

Meet the Nu-Nerds These College-Age Hackers Will Soon Shape Our Future

27 Duben, 2017 - 12:17
LinuxSecurity.com: Google the words "David Dworken" and you'll find a picture of a teenager in an oversize gray suit shaking hands with former secretary of defense Ash Carter, along with a headline that reads: "Meet David Dworken, the Teenager Who Hacked the Pentagon." Which is pure clickbait. Last spring, the Pentagon sponsored a "bug bounty," inviting computer security enthusiasts to dig into Defense.gov, DoDLive, and a few of its other public-facing websites.
Kategorie: Hacking & Security

Open Internet Advocates Vow to Fight Trump FCC's Plan to Kill Net Neutrality

27 Duben, 2017 - 12:14
LinuxSecurity.com: Ten years of fighting for internet freedom, potentially out the window because Donald Trump was elected president and chose as his top telecom regulator a former Verizon lawyer who's hell-bent on killing federal rules safeguarding net neutrality, the internet's open access principle.
Kategorie: Hacking & Security

Keybase on Fedora: crypto for everyone

26 Duben, 2017 - 10:49
LinuxSecurity.com: Keybase is a service that makes a security web of trust usable for everyone. It uses encryption to provide secure communications - including chat, file sharing, and publishing documents. But it extends encryption into a social context, like Github or Gitlab do for project and source code control.
Kategorie: Hacking & Security

FIN7 Evolution and the Phishing LNK

25 Duben, 2017 - 12:35
LinuxSecurity.com: FIN7 is a financially-motivated threat group that has been associated with malicious operations dating back to late 2015. FIN7 is referred to by many vendors as "Carbanak Group", although we do not equate all usage of the CARBANAK backdoor with FIN7. FireEye recently observed a FIN7 spear phishing campaign targeting personnel involved with United States Securities and Exchange Commission (SEC) filings at various organizations.
Kategorie: Hacking & Security

Phishing with Unicode Domains

25 Duben, 2017 - 12:31
LinuxSecurity.com: Before I explain the details of the vulnerability, you should take a look at the proof-of-concept. Punycode makes it possible to register domains with foreign characters. It works by converting individual domain label to an alternative format using only ASCII characters. For example, the domain "xn--s7y.co" is equivalent to "短.co".
Kategorie: Hacking & Security

The Cloud Foundry Approach to Container Storage and Security

24 Duben, 2017 - 12:06
LinuxSecurity.com: Recently, The New Stack published an article titled "Containers and Storage: Why We Aren't There Yet" covering a talk from IBM's James Bottomley at the Linux Foundation's Vault conference in March. Both the talk and article focused on one of the central problems we've been working to address in the Cloud Foundry Foundation's Diego Persistence project team, so we thought it would be a good idea to highlight the features we've added to mitigate it.
Kategorie: Hacking & Security

Russian hacker arrested in Spain for bot-herding not election-fiddling

24 Duben, 2017 - 12:03
LinuxSecurity.com: Last week ended badly for Russian hackers. The United States Department of Justice revealed that Peter Yuryevich Levashov was picked up in Barcelona a couple of weeks back for his association with the Kelihos botnet. Levashov said he'd been told the arrest was due to his creation of a virus in some way linked to the Russia's suspected interference in the recent US presidential election.
Kategorie: Hacking & Security

Google Won't Trust Symantec and Neither Should You

20 Duben, 2017 - 10:43
LinuxSecurity.com: As bad as this controversy is for Symantec, the real damage will befall the company and individual web sites deemed untrustworthy by a Chrome browser on the basis of a rejected Symantec certificate.
Kategorie: Hacking & Security

Network Firewalls: How to Protect Your Network from Unauthorized Access

20 Duben, 2017 - 10:41
LinuxSecurity.com: They lack the buzz of more recent security innovations, so network firewalls can be overlooked. Yet firewalls are an essential aspect of any security strategy. We cover the basics of network firewall technology and look at the latest in next-generation firewalls.
Kategorie: Hacking & Security

Sneaky Exploit Allows Phishing Attacks From Sites That Look Secure

18 Duben, 2017 - 15:36
LinuxSecurity.com: Phishing attacks can make even crusading technovangelists paranoid. One wrong click can put you out a ton of cash, or cause a corporate breach. And they evolve constantly. Case in point: A cunning new exploit makes malicious phishing websites appear to have the same URL as known and trusted destinations.
Kategorie: Hacking & Security

Encryption: Usage grows again, but only at snail's pace

18 Duben, 2017 - 15:32
LinuxSecurity.com: Business usage of encryption to protect sensitive data, either in their own systems or in the cloud, continues to grow -- but only at a desperately slow pace.
Kategorie: Hacking & Security

Capsule8 Building Container-Aware Security Platform for Linux

17 Duben, 2017 - 11:35
LinuxSecurity.com: Security startup Capsule8 emerged from its stealth mode in February with a plan to help provide a new model for application container security. In a video interview with eWEEK, Capsule8 CTO Dino Dai Zovi and CEO John Viega explain what's missing from container security today and what they are building to help fill the gap.
Kategorie: Hacking & Security

Tor Security for Android and Desktop Linux

17 Duben, 2017 - 11:33
LinuxSecurity.com: Internet service providers in the United States have just been given the green light to sell usage history of their subscribers by S J Res 34, opening the gates for private subscriber data to become public. The law appears to direct ISPs to provide an "opt-out" mechanism for subscribers to retain private control of their usage history, which every subscriber should complete.
Kategorie: Hacking & Security

Big Linux bug, low security concerns

17 Duben, 2017 - 11:32
LinuxSecurity.com: This Linux/Android bug sure sounded bad. The National Institute of Standards and Technology (NIST) and Symantec announced a LinuxKernel ipv4/udp.c bug that made the LinuxKernel 4.4 and earlier vulnerable to remote code-execution. In turn, an attacker could exploit this issue to execute arbitrary code. Worse still, even failed exploits might cause denial-of-service attacks.
Kategorie: Hacking & Security

SSHGuard 2.0

17 Duben, 2017 - 02:00
LinuxSecurity.com: SSHGuard is an intrusion prevention utility that parses logs and automatically blocks misbehaving IP addresses with the system firewall. It's less configurable than the better-known Fail2Ban but has a smaller resource footprint and ships with full IPv6 support. The newly released SSHGuard version 2.0 have been made easier to configure for new users. It also gained support for FirewallD, ipset, and ipfilter firewall backends on Linux; as well as Capsicum sandboxing support on *BSD.
Kategorie: Hacking & Security

SEI CERT C++ Coding Standard

14 Duben, 2017 - 11:14
LinuxSecurity.com: The C++ rules and recommendations in this wiki are a work in progress and reflect the current thinking of the secure coding community. Because this is a development website, many pages are incomplete or contain errors. As rules and recommendations mature, they are published in report or book form as official releases. These releases are issued as dictated by the needs and interests of the secure software development community.
Kategorie: Hacking & Security

DNS record will help prevent unauthorized SSL certificates

13 Duben, 2017 - 10:59
LinuxSecurity.com: In a few months, publicly trusted certificate authorities will have to start honoring a special Domain Name System (DNS) record that allows domain owners to specify who is allowed to issue SSL certificates for their domains.
Kategorie: Hacking & Security