The central voice for Linux and Open Source security news.


Hacker Who Used Linux Botnet to Send Millions of Spam Emails Pleads Guilty

Wed, 29 Mar 2017 09:43:25 +0000 A Russian man accused of infecting tens of thousands of computer servers worldwide to generate millions in illicit profit has finally entered a guilty plea in the United States and is going to face sentencing in August.

The uncrackable problem of end-to-end encryption

Tue, 28 Mar 2017 10:02:00 +0000 The UK government has said it wants access to messages sent via encrypted communications apps such as WhatsApp, re-igniting the debate over end-to-end encryption.

API flaws said to have left Symantec SSL certificates vulnerable to compromise

Mon, 27 Mar 2017 10:31:52 +0000 Over the weekend, Chris Byrne, an information security consultant and instructor for Cloud Harmonics, published a post to Facebook outlining a serious problem with the processes and third-party API used to deliver and manage Symantec SSL certificates.

Google proposes sending Symantec to TLS sin bin

Fri, 24 Mar 2017 10:05:00 +0000 Google has announced plans to reduce the trust in Symantec TLS certificates until a point is reached in early 2018 where Chrome 64 will only trust certificates issued for 279 days or less from the security giant and its subsidiaries.

FBI director floats international framework on access to encrypted data

Fri, 24 Mar 2017 10:03:46 +0000 FBI director James Comey has suggested that an international agreement between governments could ease fears about IT products with government-mandated backdoors, but privacy advocates are doubtful.

Is Linux Mint a secure distribution?

Thu, 23 Mar 2017 08:15:56 +0000 Linux Mint has been lambasted by some in the media for security problems over the last few years. But how accurate are such perceptions? Does Linux Mint really suffer from security problems or is it all much ado about nothing?

Gentoo: 201703-07 Xen: Privilege Escalation

Mon, 27 Mar 2017 23:22:00 +0000 A vulnerability in Xen's bundled QEMU version might allow privilege escalation.

Gentoo: 201703-06 Deluge: Remote execution of arbitrary code

Mon, 27 Mar 2017 23:13:00 +0000 A vulnerability in Deluge might allow remote attackers to execute arbitrary code.

Gentoo: 201703-05 GNU Libtasn1: Denial of Service

Mon, 27 Mar 2017 23:06:00 +0000 A vulnerability in Libtasn1 allows remote attackers to cause a Denial of Service condition.

Gentoo: 201703-04 cURL: Certificate validation error

Mon, 27 Mar 2017 22:51:00 +0000 A coding error has been found in cURL, causing the TLS Certificate Status Request extension check to always return true.

Debian: 3820-1: gst-plugins-good1.0: Summary

Mon, 27 Mar 2017 18:09:00 +0000 Security Report Summary

Debian: 3822-1: gstreamer1.0: Summary

Mon, 27 Mar 2017 18:09:00 +0000 Security Report Summary

Social Engineering Methods for Penetration Testing

Fri, 21 Oct 2016 10:18:59 +0000 Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

Putting Infosec Principles into Practice

Fri, 23 Sep 2016 10:53:29 +0000 When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.