security

History of the L0pht

Schneier on Security - Wed, 2015-09-02 08:04
This Washington Post article uses the history of the L0pht to talk about the broader issues of Internet security....
Categories: security

Google Patches Critical Vulnerabilities in Chrome 45

LinuxSecurity.com - Wed, 2015-09-02 06:26
LinuxSecurity.com: Tuesday turned out to be a busy day for browser makers. The three major vendors in the space-Google; Mozilla; and Microsoft-joined arms and announced their intent to stop support for the weakened RC4 encryption algorithm starting early next year. Google, having already announced it would pause Flash-based ads in Chrome yesterday, pushed through version 45 of the browser, patching 29 security vulnerabilities in the process.
Categories: linux, news, security

How CISOs can beat the information security skills-gap

LinuxSecurity.com - Wed, 2015-09-02 06:25
LinuxSecurity.com: The information security skills gap may have become a huge issue for Chief Security Offices (CSOs) and Chief Information Security Officers (CISOs), but there are a number of ways InfoSec teams can work around the shortage so to protect their networks and stay ahead of the attackers.
Categories: linux, news, security

Victims of US gov't mega-breach still haven't been notified

LinuxSecurity.com - Wed, 2015-09-02 05:45
LinuxSecurity.com: Nearly three months after the US Office of Personnel Management (OPM) discovered its databases had been compromised by Chinese hackers, the government still hasn't notified the employees and contractors affected by the breach. On Tuesday, the OPM said it planned to start the process of informing victims "later this month," and that reaching everyone is expected to take several weeks.
Categories: linux, news, security

Slackware: 2015-244-01: gdk-pixbuf2: Security Update

LinuxSecurity.com - Tue, 2015-09-01 17:41
LinuxSecurity.com: New gdk-pixbuf2 packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix a security issue. [More Info...]
Categories: linux, news, security

Fedora 23 erlang-17.4-5.fc23

LinuxSecurity.com - Tue, 2015-09-01 10:43
LinuxSecurity.com: Security fix for CVE-2015-2774
Categories: linux, news, security

Fedora 23 xen-4.5.1-6.fc23

LinuxSecurity.com - Tue, 2015-09-01 10:41
LinuxSecurity.com: Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] QEMUleak of uninitialized heap memory in rtl8139 device model [XSA-140,CVE-2015-5165]
Categories: linux, news, security

What Can you Learn from Metadata?

Schneier on Security - Tue, 2015-09-01 07:36
An Australian reporter for the ABC, Will Ockenden published a bunch of his metadata, and asked people to derive various elements of his life. They did pretty well, even though they were amateurs, which should give you some idea what professionals can do....
Categories: security

Tired of memorizing passwords? A Turing Award winner came up with this algorithmic trick

LinuxSecurity.com - Tue, 2015-09-01 05:34
LinuxSecurity.com: Passwords are a bane of life on the Internet, but one Turing Award winner has an algorithmic approach that he thinks can make them not only easier to manage but also more secure.
Categories: linux, news, security

12 Must-Follow Feeds in the World of Security

LinuxSecurity.com - Tue, 2015-09-01 05:33
LinuxSecurity.com: The US ambassador to the United Nations is someone who actually knows what's going on instead of just, you know, talking about it. Plus, is there a better handle than @ambassadorpower?
Categories: linux, news, security

Lizard Squad cyber-attackers disrupt National Crime Agency website

LinuxSecurity.com - Tue, 2015-09-01 05:29
LinuxSecurity.com: Cyber-attackers have taken down the website of the National Crime Agency (NCA) in apparent revenge for arrests made last week.
Categories: linux, news, security

Ubuntu: 2727-1: GnuTLS vulnerabilities

LinuxSecurity.com - Tue, 2015-09-01 04:05
LinuxSecurity.com: GnuTLS could be made to crash or run programs if it processed a speciallycrafted certificate.
Categories: linux, news, security

Red Hat: 2015:1699-01: nss-softokn: Moderate Advisory

LinuxSecurity.com - Mon, 2015-08-31 23:49
LinuxSecurity.com: Updated nss-softokn packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security [More...]
Categories: linux, news, security

Fedora 21 qemu-2.1.3-9.fc21

LinuxSecurity.com - Mon, 2015-08-31 23:32
LinuxSecurity.com: * Fix crash in qemu_spice_create_display (bz #1163047) * CVE-2015-3209: pcnet:multi-tmd buffer overflow in the tx path (bz #1230536) * CVE-2015-3214: i8254:out-of-bounds memory access (bz #1243728) * CVE-2015-5154: ide: atapi: heapoverflow during I/O buffer memory access (bz #1247141) * CVE-2015-5745: bufferoverflow in virtio-serial (bz #1251160) * CVE-2015-5165: rtl8139 uninitializedheap memory information leakage to guest (bz #1249755)
Categories: linux, news, security

Using Samsung's Internet-Enabled Refrigerator for Man-in-the-Middle Attacks

Schneier on Security - Mon, 2015-08-31 14:56
This is interesting research:: Whilst the fridge implements SSL, it FAILS to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. This includes those made to Google's servers to download Gmail calendar information for the on-screen display. So, MITM the victim's fridge from next door, or on the road outside and you can potentially steal their Google credentials. The...
Categories: security

These were the biggest hacks at Black Hat and Def Con 2015

LinuxSecurity.com - Mon, 2015-08-31 05:38
LinuxSecurity.com: Weren't in Vegas? Here's what you need to know Hacks, exploits, vulnerabilities -- it's time to showcase them all. In a ten-day security extravaganza in Las Vegas, NV, the world's best security experts, hackers, and researchers come together to show the world how utterly unsafe it is.
Categories: linux, news, security

Oh Good, the Weaponized Police Drones Are Here

LinuxSecurity.com - Mon, 2015-08-31 05:36
LinuxSecurity.com: We're still feeling the ripple effect from the Ashley Madison hack this week. Not only is its parent company, Avid Life Media, offering a $500K CDN reward for info on the hackers, and not only are the lawsuits rolling in, but on Friday CEO Noel Bidermen stepped down.
Categories: linux, news, security

Fake EFF site serving espionage malware was likely active for 3+ weeks

LinuxSecurity.com - Mon, 2015-08-31 04:27
LinuxSecurity.com: A spear-phishing campaign some researchers say is linked to the Russian government masqueraded as the Electronic Frontier Foundation in an attempt to infect targets with malware that collects passwords and other sensitive data.
Categories: linux, news, security

Debian: 3346-1: drupal7: Summary

LinuxSecurity.com - Mon, 2015-08-31 02:39
LinuxSecurity.com: Security Report Summary
Categories: linux, news, security

Red Hat: 2015:1694-01: gdk-pixbuf2: Moderate Advisory

LinuxSecurity.com - Mon, 2015-08-31 01:18
LinuxSecurity.com: Updated gdk-pixbuf2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security [More...]
Categories: linux, news, security

Pages