The central voice for Linux and Open Source security news.


"Secure" Trump website defaced by hacker claiming to be from Iraq

Wed, 22 Feb 2017 11:45:50 +0000 Someone calling themselves "Pro_Mast3r" managed to deface a server associated with President Donald Trump's presidential campaign fundraising on Sunday, The server,, is behind Cloudflare's content management and security platform, and does not appear to be directly linked from the Trump Pence campaign's home page.

Java and Python FTP attacks can punch holes through firewalls

Wed, 22 Feb 2017 11:36:07 +0000 The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.

5 open source security tools too good to ignore

Wed, 22 Feb 2017 11:34:18 +0000 Open source is a wonderful thing. A significant chunk of today's enterprise IT and personal technology depends on open source software. But even while open source software is widely used in networking, operating systems, and virtualization, enterprise security platforms still tend to be proprietary and vendor-locked. Fortunately, that's changing.

Researchers offer simple scheme to stop the next Stuxnet

Wed, 22 Feb 2017 11:32:10 +0000 One of the world's oldest programming styles, the ladder logic that runs on industrial programmable logic controllers, remains dangerously vulnerable to attack, according to boffins from Singapore and India.

Kaspersky: No whiff of Linux in our OS because we need new start to secure IoT

Tue, 21 Feb 2017 12:32:59 +0000 Eugene Kaspersky, CEO of Kaspersky Lab, says its new KasperskyOS for securing industrial IoT devices does not contain "even the slightest smell of Linux", differentiating it from many other IoT products that have the open-source OS at the core.

Intent-Based Security Gains Momentum at RSA

Tue, 21 Feb 2017 12:31:56 +0000 It isn't a buzzphrase on par with "artificial intelligence" yet, but intent-based security has been gathering steam, as evidenced at this week's RSA Conference.

Debian: 3788-2: tomcat8: Summary

Wed, 22 Feb 2017 11:22:00 +0000 Security Report Summary

Debian: 3787-2: tomcat7: Summary

Wed, 22 Feb 2017 11:16:00 +0000 Security Report Summary

Gentoo: 201702-32 Ruby Archive::Tar::Minitar: Directory traversal

Wed, 22 Feb 2017 06:25:00 +0000 Ruby Archive::Tar::Minitar is vulnerable to a directory traversal attack.

Gentoo: 201702-31 GPL Ghostscript: Multiple vulnerabilities

Wed, 22 Feb 2017 06:20:00 +0000 Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code.

Ubuntu: 3208-1: Linux kernel vulnerabilities

Wed, 22 Feb 2017 03:16:00 +0000 Several security issues were fixed in the kernel.

Ubuntu: 3209-1: Linux kernel vulnerabilities

Wed, 22 Feb 2017 03:08:00 +0000 Several security issues were fixed in the kernel.

Social Engineering Methods for Penetration Testing

Fri, 21 Oct 2016 10:18:59 +0000 Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

Putting Infosec Principles into Practice

Fri, 23 Sep 2016 10:53:29 +0000 When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.