The central voice for Linux and Open Source security news.


The Pirate Bay Takes Heat for Testing Monero Mining

Fri, 22 Sep 2017 09:29:05 +0000 The Pirate Bay has come under fire for testing a Monero javascript miner as a possible means for generating new revenue to replace its current model of making money through advertising on the site.

Joomla patches eight-year-old critical CMS bug

Fri, 22 Sep 2017 09:23:20 +0000 Joomla has patched a critical bug which could be used to steal account information and fully compromise website domains. This week, the content management system (CMS) provider issued a security advisory detailing the flaw, which is found in the LDAP authentication plugin.

You lost your ballpoint pen, Slack? Why's your Linux version unsigned?

Thu, 21 Sep 2017 10:22:54 +0000 Slack is distributing open Linux-based versions of its technology that are not digitally signed, contrary to industry best practice.

Apple's facial recognition: Well, it is more secure for the, er, sleeping user

Thu, 21 Sep 2017 10:20:53 +0000 Hackers have defeated the Touch ID technology that has been superseded by Face ID. Galloway reckons it's only a matter of time before attacks against Apple's latest authentication technology are successful.

Equifax's disastrous Struts patching blunder: THOUSANDS of other orgs did it too

Wed, 20 Sep 2017 09:31:19 +0000 Thousands of companies may be susceptible to the same type of hack that recently struck Equifax. The Equifax breach was the result of a vulnerable Apache Struts component.

Cloud Security Error Exposes Half a Million Voters' Personal Information

Wed, 20 Sep 2017 09:25:26 +0000 Another day, another cloud leak: Kromtech researchers recently came across a misconfigured CouchDB database exposing information on 593,328 Alaskan voters.

Fedora 25: mpg123 Security Update

Fri, 22 Sep 2017 19:47:00 +0000 Update to upstream release 1.25.6

Fedora 25: drupal7-views Security Update

Fri, 22 Sep 2017 19:44:00 +0000 * [7.x-3.18]( * [7.x-3.17]( * [Moderately Critical - Access Bypass - DRUPAL-SA- CONTRIB-2017-068](

Fedora 25: krb5 Security Update

Fri, 22 Sep 2017 19:41:00 +0000 - Prevent applications from accidentally implementing CVE-2017-11462 (double free if sec_context is copied). - fc26+: Add ccselect hostrealm module for ccache selection based on service hostname.

Fedora 26: httpd Security Update

Fri, 22 Sep 2017 15:22:00 +0000 This is a release fixing a security fix applied upstream, known as "optionsbleed" in popular parlance. It is relevant for hosted and co-located instances of Fedora (and why wouldn't you?).

Fedora 26: gnome-shell Security Update

Fri, 22 Sep 2017 15:21:00 +0000 Fix crash on fast status icon remapping

Fedora 26: drupal7-views Security Update

Fri, 22 Sep 2017 15:13:00 +0000 * [7.x-3.18]( * [7.x-3.17]( * [Moderately Critical - Access Bypass - DRUPAL-SA- CONTRIB-2017-068](

Social Engineering Methods for Penetration Testing

Fri, 21 Oct 2016 10:18:59 +0000 Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

Putting Infosec Principles into Practice

Fri, 23 Sep 2016 10:53:29 +0000 When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.