LinuxSecurity.com

Syndikovat obsah
The central voice for Linux and Open Source security news.
Aktualizace: 57 min 6 sek zpět

We need to talk about mathematical backdoors in encryption algorithms

15 Prosinec, 2017 - 11:01
LinuxSecurity.com: Security researchers regularly set out to find implementation problems in cryptographic algorithms, but not enough effort is going in comparison is being put into looking for mathematical backdoors, two cryptography professors argue.
Kategorie: Hacking & Security

BlueBorne Attack Highlights Flaws in Linux, IoT Security

15 Prosinec, 2017 - 10:58
LinuxSecurity.com: Bluetooth vulnerabilities let attackers control devices running Linux or any OS derived from it, putting much of the Internet of Things at risk, including popular consumer products.
Kategorie: Hacking & Security

Why Hackers Are in Such High Demand, and How They're Affecting Business Culture

15 Prosinec, 2017 - 10:44
LinuxSecurity.com: News headlines often focus on the hackers who launch cyber attacks and leak confidential data such as National Security Agency exploits, sensitive political emails, and unreleased HBO programming, but hackers can also affect organizations in positive ways.
Kategorie: Hacking & Security

Is source code inspection a security risk? Maybe not, experts say

14 Prosinec, 2017 - 12:13
LinuxSecurity.com: Moscow's recent demand to inspect the source code of American software vendors supplying the Russian government does not pose the severe security threat some are making it out to be, experts say, emphasizing that while sharing source code with a nation-state adversary does make it easier for an attacker to find security flaws, source code is far from the "keys to the kingdom" for bug hunters.
Kategorie: Hacking & Security

NIST Releases New Cybersecurity Framework Draft

13 Prosinec, 2017 - 10:56
LinuxSecurity.com: Updated version includes changes to some existing guidelines - and adds some new ones. The National Institute of Standards and Technology (NIST) has released the second draft of a proposed update to the national Cybersecurity Framework of 2014.
Kategorie: Hacking & Security

File with 1.4 Billion Hacked and Leaked Passwords Found on the Dark Web

12 Prosinec, 2017 - 11:10
LinuxSecurity.com: There have been numerous high-profile breaches involving popular websites and online services in recent years, and it's very likely that some of your accounts have been impacted. It's also likely that your credentials are listed in a massive file that's floating around the Dark Web.
Kategorie: Hacking & Security

Newly Revealed Flaw in Intel Processors Allows Undetectable Malware

12 Prosinec, 2017 - 11:08
LinuxSecurity.com: UPDATED NEWS ANALYSIS: Intel's Management Engine, which runs inside most recent Intel processors, can be hijacked by hackers, who can then gain unlimited access to everything on the device.
Kategorie: Hacking & Security

Watch: How to Pick a Lock

11 Prosinec, 2017 - 12:02
LinuxSecurity.com: You can't keep your data secure software alone. A good hacker knows a complex set of skills that includes computers, social engineering, and physical security. That means a hacker that really wants your stuff will know how to pick a lock to get it.
Kategorie: Hacking & Security

Dyn Inc. DDoS anniversary, and the truth about the Reaper botnet

11 Prosinec, 2017 - 11:58
LinuxSecurity.com: For this week's episode of Salted Hash, we're joined by Josh Shaul, the vice president of web security at Akamai. He shares his story about his experiences during the Dyn Inc. DDoS attacks, and offers some details about the Reaper botnet.
Kategorie: Hacking & Security

Security Vulnerabilities in Certificate Pinning

8 Prosinec, 2017 - 11:11
LinuxSecurity.com: New research found that many banks offer certificate pinning as a security feature, but fail to authenticate the hostname. This leaves the systems open to man-in-the-middle attacks.
Kategorie: Hacking & Security

10 useful ncat (nc) Command Examples for Linux Systems

8 Prosinec, 2017 - 11:09
LinuxSecurity.com: ncat or nc is networking utility with functionality similar to cat command but for network. It is a general purpose CLI tool for reading, writing, redirecting data across a network. It is designed to be a reliable back-end tool that can be used with scripts or other programs. It's also a great tool for network debugging, as it can create any kind of connect one can need.
Kategorie: Hacking & Security

WordPress hit with keylogger, 5,400 sites infected

8 Prosinec, 2017 - 11:07
LinuxSecurity.com: The cryptomining malware that has been pushed from cloudflare.solutions since earlier this year has been modified with the addition of keylogger functionality to its mix with PublicWWW reporting that more than 5,400 Wordpress sites are now infected.
Kategorie: Hacking & Security

Quantum Computing Is the Next Big Security Risk

7 Prosinec, 2017 - 10:23
LinuxSecurity.com: The 20th century gave birth to the Nuclear Age as the power of the atom was harnessed and unleashed. Today, we are on the cusp of an equally momentous and irrevocable breakthrough: the advent of computers that draw their computational capability from quantum mechanics.
Kategorie: Hacking & Security

The Most Exciting Linux Kernel Stories Of 2017

7 Prosinec, 2017 - 10:21
LinuxSecurity.com: This year on Phoronix has been more than 290 original news articles pertaining to advancements and changes within the Linux kernel. Here are those highlights.
Kategorie: Hacking & Security

FCC Chair Ajit Pai Falsely Claims Killing Net Neutrality Will Help Sick and Disabled People

7 Prosinec, 2017 - 10:15
LinuxSecurity.com: For the duration of the fight over net neutrality, there have been a constant stream of falsehoods pushed by AT&T, Verizon, and Comcast to justify their frontal assault on the popular rules. One popular bogeyman has been that net neutrality rules devastated telecom sector investment, a claim consistently disproven by publicly-accessible SEC filings, earnings reports, independent analysis, and statements to investors from more than a half-dozen industry executives.
Kategorie: Hacking & Security

Build a Privacy-respecting and Threat-blocking DNS Server

5 Prosinec, 2017 - 11:11
LinuxSecurity.com: DNS blackholing can be an powerful technique for blocking malware, ransomware and phishing on your home network. Although numerous public DNS services boast threat-blocking features, these providers cannot guarantee you total privacy.
Kategorie: Hacking & Security

DR.CHECKER - A Soundy Vulnerability Detection Tool for Linux Kernel Drivers

5 Prosinec, 2017 - 11:09
LinuxSecurity.com: DR.CHECKER: A Soundy Vulnerability Detection Tool for Linux Kernel Drivers Tested on Ubuntu >= 14.04.5 LTS
Kategorie: Hacking & Security

BoopSuite - A Suite of Tools for Wireless Auditing and Security Testing

5 Prosinec, 2017 - 11:07
LinuxSecurity.com: BoopSuite is an up and coming suite of wireless tools designed to be easy to use and powerful in scope, that support both the 2 and 5 GHz spectrums. Written purely in python. A handshake sniffer (CLI and GUI), a monitor mode enabling script and a deauth script are all parts of this suite with more to come.
Kategorie: Hacking & Security

Deception: Why It's Not Just Another Honeypot

4 Prosinec, 2017 - 12:32
LinuxSecurity.com: Deception - isn't that a honeypot? That's a frequently asked question when the topic of deception technology arises. This two-part post will trace the origins of honeypots, the rationale behind them, and what factors ultimately hampered their wide-scale adoption.
Kategorie: Hacking & Security

Dirty COW redux: Linux devs patch botched patch for 2016 mess

4 Prosinec, 2017 - 12:29
LinuxSecurity.com: Linus Torvalds last week rushed a patch into the Linux kernel, after researchers discovered the patch for 2016's Dirty COW bug had a bug of its own.
Kategorie: Hacking & Security