The central voice for Linux and Open Source security news.


Linus Torvalds: 'I don't trust security people to do sane things'

Mon, 20 Nov 2017 10:48:42 +0000 Linus Torvalds has offered his thoughts on Linux security approaches, branding some security professionals as "f*cking morons" for focusing on process-killing rather than debugging.

White House Releases New Charter for Using, Disclosing Security Vulnerabilities

Mon, 20 Nov 2017 10:47:38 +0000 Updated Vulnerability Equities Process provides transparency into how government will handle new vulnerabilities that it discovers in vendor products and services.

Captain Crunch aka John Draper banned from DefCon for sexual misconduct

Mon, 20 Nov 2017 10:46:22 +0000 Due to accusations of sexual misconduct, legendary hacker John Draper, aka Captain Crunch, has been banned from attending several hacker conferences.

DNS resolver will check requests against IBM threat database

Mon, 20 Nov 2017 10:44:36 +0000 The Global Cyber Alliance has given the world a new free Domain Name Service resolver, and advanced it as offering unusually strong security and privacy features.

Let's enable AppArmor by default (why not?)

Sun, 19 Nov 2017 10:09:40 +0000 Done ⇒ AppArmor is now enabled by default in sid. Let the experiment begin!

DJI bug bounty NDA is 'not signable', say irate infosec researchers

Fri, 17 Nov 2017 10:12:26 +0000 Chinese drone maker DJI faces questions from infosec researchers about its bug bounty programme. Sources have told The Register that a non-disclosure agreement (NDA) they were invited to sign would result in the company "owning their actions".

Fedora 25: python-copr Security Update

Wed, 22 Nov 2017 05:09:00 +0000 Change default COPR URL route from to

Fedora 25: perl-Net-Ping-External Security Update

Wed, 22 Nov 2017 05:09:00 +0000 Fixes a command injection vulnerability (CVE-2008-7319)

Fedora 25: thunderbird Security Update

Wed, 22 Nov 2017 05:09:00 +0000 For changes see:

Fedora 25: memcached Security Update

Wed, 22 Nov 2017 05:09:00 +0000 Update to 1.4.39, which includes a security fix for CVE-2017-9951

Fedora 25: python-XStatic-jquery-ui Security Update

Wed, 22 Nov 2017 05:09:00 +0000 Security fix for `CVE-2016-7103 `

Fedora 26: compat-openssl10 Security Update

Wed, 22 Nov 2017 02:35:00 +0000 Minor update release 1.0.2m from upstream.

Social Engineering Methods for Penetration Testing

Fri, 21 Oct 2016 10:18:59 +0000 Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

Putting Infosec Principles into Practice

Fri, 23 Sep 2016 10:53:29 +0000 When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.