news aggregator

Debian: 3050-3: iceweasel: Summary - Wed, 2014-11-12 10:46 Security Report Summary
Categories: linux, news, security

Google's VirusTotal puts Linux malware under the spotlight - Wed, 2014-11-12 04:22 The rise of malware designed to infect Linux servers' distributed denial-of-service attacks has earned greater attention from VirusTotal, the Google-owned go-to tool for malware hunters. For security researchers that need to stay on top of emerging malware threats, the VirusTotal malware database has become an integral tool.
Categories: linux, news, security

Ubuntu, ownCloud, and a hidden dark side of Linux software repositories - Wed, 2014-11-12 04:17 The version of ownCloud in Ubuntu's Universe repositories is old and full of "multiple critical security vulnerabilities." It's no secret. The ownCloud project itself asked Ubuntu to remove it so users wouldn't have vulnerable server software.
Categories: linux, news, security

Notorious 'Anonymous' hacker shares motives from prison - Wed, 2014-11-12 04:03 Cocaine dealers, bank robbers and carjackers converge at Manchester Federal Prison in rural Kentucky - and then there is Jeremy Hammond, a tousle-haired and talented hacker whose nimble fingers have clicked and tapped their way into the nation's computing systems.
Categories: linux, news, security

Debian: 3072-1: file: Summary - Tue, 2014-11-11 23:20 Security Report Summary
Categories: linux, news, security

Red Hat: 2014:1846-01: gnutls: Moderate Advisory - Tue, 2014-11-11 20:06 Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
Categories: linux, news, security

Narrowly Constructing National Surveillance Law

Schneier on Security - Tue, 2014-11-11 15:13
Orin Kerr has a new article that argues for narrowly constructing national security law: This Essay argues that Congress should adopt a rule of narrow construction of the national security surveillance statutes. Under this interpretive rule, which the Essay calls a "rule of lenity," ambiguity in the powers granted to the executive branch in the sections of the United States...
Categories: security

Red Hat: 2014:1827-01: kdenetwork: Moderate Advisory - Tue, 2014-11-11 12:26 Updated kdenetwork packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
Categories: linux, news, security

Hacking Internet Voting from Wireless Routers

Schneier on Security - Tue, 2014-11-11 07:37
Good paper, and layman's explanation. Internet voting scares me. It gives hackers the potential to seriously disrupt our democratic processes. EDITED TO ADD (11/14): Another article....
Categories: security

Sophisticated Targeted Attack Via Hotel Networks

Schneier on Security - Mon, 2014-11-10 15:34
Kaspersky Labs is reporting (detailed report here, technical details here) on a sophisticated hacker group that is targeting specific individuals around the world. "Darkhotel" is the name the group and its techniques has been given. This APT precisely drives its campaigns by spear-phishing targets with highly advanced Flash zero-day exploits that effectively evade the latest Windows and Adobe defenses, and...
Categories: security

diff -u: What's New in Kernel Development

Linux Journal - Mon, 2014-11-10 13:07

Hardware errors are tough to code for. In some cases, they're impossible to code for. A particular brand of hardware error is the Machine-Check Exception (MCE), which means a CPU has a problem. On Windows systems, it's one of the causes of the Blue Screen of Death. more>>

Categories: linux, news, open source

21 Years of Linux Journal on One DVD - Now Available

Linux Journal - Mon, 2014-11-10 11:23

21 years of Linux Journal on one DVD. Order yours today and receive $10 off! more>>

Categories: linux, news, open source

The Future of Incident Response

Schneier on Security - Mon, 2014-11-10 07:51
Security is a combination of protection, detection, and response. It's taken the industry a long time to get to this point, though. The 1990s was the era of protection. Our industry was full of products that would protect your computers and network. By 2000, we realized that detection needed to be formalized as well, and the industry was full of...
Categories: security

TA14-310A: Microsoft Ending Support for Windows Server 2003 Operating System

US-CERT - Mon, 2014-11-10 07:19
Original release date: November 10, 2014
Systems Affected

Microsoft Windows Server 2003 operating system


Microsoft is ending support for the Windows Server 2003 operating system on July 14, 2015.[1] After this date, this product will no longer receive:

  • Security patches that help protect PCs from harmful viruses, spyware, and other malicious software
  • Assisted technical support from Microsoft
  • Software and content updates

All software products have a lifecycle. End of support refers to the date when Microsoft will no longer provide automatic fixes, updates, or online technical assistance.[2] As of July 2014, there were 12 million physical servers worldwide still running Windows Server 2003.[3]


Computer systems running unsupported software are exposed to an elevated risk to cybersecurity dangers, such as malicious attacks or electronic data loss.

Users may also encounter problems with software and hardware compatibility since new software applications and hardware devices may not be built for Windows Server 2003.

Organizations that are governed by regulatory obligations may find they are no longer able to satisfy compliance requirements while running Windows Server 2003.


Computers running the Windows Server 2003 operating system will continue to work after support ends. However, using unsupported software may increase the risks of viruses and other security threats. Negative consequences could include loss of confidentiality, integrity, and or availability of data, system resources and business assets.

The Microsoft "Microsoft Support Lifecycle Policy FAQ" page offers additional details.[2]

Users have the option to upgrade to a currently supported operating system or other cloud-based services. There are software vendors and service providers in the marketplace who offer assistance in migrating from Windows Server 2003 to a currently supported operating system or SaaS (software as a service) / IaaS (infrastructure as a service) products and services.[4,5] US-CERT does not endorse or support any particular product or vendor.

References Revision History
  • November 10, 2014: Initial Release

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: news, security

Friday Squid Blogging: Dried Squid Sold in Korean Baseball Stadiums

Schneier on Security - Fri, 2014-11-07 17:11
I'm not sure why this is news, except that it makes for a startling headline. (Is the New York Times now into clickbait?) It's not as if people are throwing squid onto the field, as Detroit hockey fans do with octopus. As usual, you can also use this squid post to talk about the security stories in the news that...
Categories: security