This Washington Post article uses the history of the L0pht to talk about the broader issues of Internet security....
LinuxSecurity.com: Tuesday turned out to be a busy day for browser makers. The three major vendors in the space-Google; Mozilla; and Microsoft-joined arms and announced their intent to stop support for the weakened RC4 encryption algorithm starting early next year. Google, having already announced it would pause Flash-based ads in Chrome yesterday, pushed through version 45 of the browser, patching 29 security vulnerabilities in the process.
LinuxSecurity.com: The information security skills gap may have become a huge issue for Chief Security Offices (CSOs) and Chief Information Security Officers (CISOs), but there are a number of ways InfoSec teams can work around the shortage so to protect their networks and stay ahead of the attackers.
LinuxSecurity.com: Nearly three months after the US Office of Personnel Management (OPM) discovered its databases had been compromised by Chinese hackers, the government still hasn't notified the employees and contractors affected by the breach. On Tuesday, the OPM said it planned to start the process of informing victims "later this month," and that reaching everyone is expected to take several weeks.
LinuxSecurity.com: New gdk-pixbuf2 packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix a security issue. [More Info...]
LinuxSecurity.com: Security fix for CVE-2015-2774
LinuxSecurity.com: Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] QEMUleak of uninitialized heap memory in rtl8139 device model [XSA-140,CVE-2015-5165]
An Australian reporter for the ABC, Will Ockenden published a bunch of his metadata, and asked people to derive various elements of his life. They did pretty well, even though they were amateurs, which should give you some idea what professionals can do....
LinuxSecurity.com: Passwords are a bane of life on the Internet, but one Turing Award winner has an algorithmic approach that he thinks can make them not only easier to manage but also more secure.
LinuxSecurity.com: The US ambassador to the United Nations is someone who actually knows what's going on instead of just, you know, talking about it. Plus, is there a better handle than @ambassadorpower?
LinuxSecurity.com: Cyber-attackers have taken down the website of the National Crime Agency (NCA) in apparent revenge for arrests made last week.
LinuxSecurity.com: GnuTLS could be made to crash or run programs if it processed a speciallycrafted certificate.
LinuxSecurity.com: Updated nss-softokn packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security [More...]
LinuxSecurity.com: * Fix crash in qemu_spice_create_display (bz #1163047) * CVE-2015-3209: pcnet:multi-tmd buffer overflow in the tx path (bz #1230536) * CVE-2015-3214: i8254:out-of-bounds memory access (bz #1243728) * CVE-2015-5154: ide: atapi: heapoverflow during I/O buffer memory access (bz #1247141) * CVE-2015-5745: bufferoverflow in virtio-serial (bz #1251160) * CVE-2015-5165: rtl8139 uninitializedheap memory information leakage to guest (bz #1249755)
This is interesting research:: Whilst the fridge implements SSL, it FAILS to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. This includes those made to Google's servers to download Gmail calendar information for the on-screen display. So, MITM the victim's fridge from next door, or on the road outside and you can potentially steal their Google credentials. The...
LinuxSecurity.com: Weren't in Vegas? Here's what you need to know Hacks, exploits, vulnerabilities -- it's time to showcase them all. In a ten-day security extravaganza in Las Vegas, NV, the world's best security experts, hackers, and researchers come together to show the world how utterly unsafe it is.
LinuxSecurity.com: We're still feeling the ripple effect from the Ashley Madison hack this week. Not only is its parent company, Avid Life Media, offering a $500K CDN reward for info on the hackers, and not only are the lawsuits rolling in, but on Friday CEO Noel Bidermen stepped down.
LinuxSecurity.com: A spear-phishing campaign some researchers say is linked to the Russian government masqueraded as the Electronic Frontier Foundation in an attempt to infect targets with malware that collects passwords and other sensitive data.
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Updated gdk-pixbuf2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security [More...]