The central voice for Linux and Open Source security news.


Democracy-minded DEF CON hackers promise punishing probe on US election computers

Fri, 26 May 2017 08:44:19 +0000 Organizers at the DEF CON hacking conference in July are planning a mass cracking of US electronic election machines. The event, which for over 20 years has attracted the best and the brightest in the hacking community, will see a group hackathon against the voting machines that are used in every US election these days. The purpose is to check whether the machinery that underpins the electoral system is up to scratch.

Samba exploit - not quite WannaCry for Linux, but patch anyway!

Fri, 26 May 2017 08:36:29 +0000 Samba is an open source project that is widely used on Linux and Unix computers so they can work with Windows file and print services. Samba can work as a client that lets you connect to Windows servers, and as a server that can accept connections from Windows clients.

A wormable code-execution bug has lurked in Samba for 7 years. Patch now!

Thu, 25 May 2017 10:10:26 +0000 Maintainers of the Samba networking utility just patched a critical code-execution vulnerability that could pose a severe threat to users until the fix is widely installed. The seven-year-old flaw, indexed as CVE-2017-7494, can be reliably exploited with just one line of code to execute malicious code, as long as a few conditions are met.

4 Reasons the Vulnerability Disclosure Process Stalls

Wed, 24 May 2017 10:17:20 +0000 The relationship between a manufacturer or vendor and security researchers can be filled with tension and unease, and it's most often put to the test during the vulnerability disclosure process. Although their intentions are pure, researchers often feel they are being shut out of the process, while vendors may see disclosure deadlines as a threat from researchers looking to produce headlines.

Sn1per - Penetration Testing Automation Scanner

Tue, 23 May 2017 10:45:07 +0000 Sn1per is a penetration testing automation scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

Hackers Unlock Samsung Galaxy S8 With Fake Iris

Tue, 23 May 2017 10:40:57 +0000 Biometric locks for phones are just getting more and more elaborate. Not content with fingerprints, some devices now offer facial recognition tech for accessing a device, and in the Samsung Galaxy S8's case, an iris scanner too.

openSUSE: 2017:1412-1: important: rpcbind

Fri, 26 May 2017 06:13:00 +0000 An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

Gentoo: GLSA-201705-14: Smb4K: Arbitrary command execution as root

Fri, 26 May 2017 02:47:00 +0000 A vulnerability in Smb4K could allow local attackers to execute commands as root.

Gentoo: GLSA-201705-13: Teeworlds: Remote execution of arbitrary code on client

Fri, 26 May 2017 02:41:00 +0000 Teeworlds client vulnerability in snap handling could result in execution of arbitrary code.

Gentoo: GLSA-201705-12: Adobe Flash Player: Multiple vulnerabilities

Fri, 26 May 2017 02:36:00 +0000 Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.

Gentoo: GLSA-201705-11: Xen: Multiple vulnerabilities

Fri, 26 May 2017 02:31:00 +0000 Multiple vulnerabilities have been found in Xen, the worst of which could allow for privilege escalation.

Fedora 25: kernel Security Update

Fri, 26 May 2017 00:23:00 +0000 The 4.10.17 stable kernel update contains a number of important fixes across the tree.

Social Engineering Methods for Penetration Testing

Fri, 21 Oct 2016 10:18:59 +0000 Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

Putting Infosec Principles into Practice

Fri, 23 Sep 2016 10:53:29 +0000 When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.