The central voice for Linux and Open Source security news.


Watch a Homemade Robot Crack a Safe in Just 15 Minutes

Fri, 21 Jul 2017 09:05:53 +0000 Last Christmas, Nathan Seidle's wife gave him a second-hand safe she'd found on Craigslist. It was, at first glance, a strange gift. The couple already owned the same model, a $120 SentrySafe combination fire safe they'd bought from Home Depot. But this one, his wife explained, had a particular feature: The original owner had locked it and forgotten the combination. Her challenge to Seidle: Open it.

Scammers demand Bitcoin in DDoS extortion scheme, deliver empty threats

Fri, 21 Jul 2017 08:35:24 +0000 The FBI has issued an advisory to businesses over a recent string of DDoS extortion attempts. The perpetrators are claiming to be affiliated with Anonymous or Lizard Squad, and their demands threaten sustained attacks unless a Bitcoin payment is made.

Best of Black Hat: 20 Epic Talks in 20 Years

Thu, 20 Jul 2017 08:55:48 +0000 This year marks the 20th anniversary of Black Hat, the information security conference founded by Jeff Moss in 1997. What began as a single meetup in Las Vegas has expanded around the world to host events in the United States, Europe, and Asia.

Russian man who helped create notorious malware sentenced to 5 years

Thu, 20 Jul 2017 08:52:22 +0000 A Russian man who helped create and spread the notorious Citadel malware back in 2011 was sentenced Wednesday to five years in prison by a federal judge in Atlanta.

Zero-Day Exploit Surfaces that May Affect Millions of IoT Users

Wed, 19 Jul 2017 10:14:02 +0000 Millions of IoT devices relying on widely used third-party toolkit gSOAP could face a zero-day attack, security firm Senrio disclosed Tuesday, which dubbed the vulnerability Devil's Ivy.

Let's harden Internet crypto so quantum computers can't crack it

Wed, 19 Jul 2017 08:45:19 +0000 In case someone manages to make a general purpose quantum computer one day, a group of IETF authors have put forward a proposal to harden Internet key exchange.

Gentoo: GLSA-201707-15: Adobe Flash Player: Multiple vulnerabilities

Fri, 21 Jul 2017 19:28:00 +0000 Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.

Slackware: 2017-202-01: seamonkey Security Update

Fri, 21 Jul 2017 19:15:00 +0000 New seamonkey packages are available for Slackware 14.2 and -current to fix security issues.

Ubuntu 3360-2: Linux kernel (Trusty HWE) vulnerabilities

Fri, 21 Jul 2017 16:00:00 +0000 Several security issues were fixed in the Linux kernel.

Debian: DSA-3916-1: atril security update

Fri, 21 Jul 2017 15:15:00 +0000 It was discovered that Atril, the MATE document viewer, made insecure use of tar when opening tar comic book archives (CBT). Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely.

SuSE: 2017:1925-1: important: Linux Kernel Live Patch 6 for SLE 12 SP2

Fri, 21 Jul 2017 09:24:00 +0000 An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes is now available. is now available.

SuSE: 2017:1924-1: important: Linux Kernel Live Patch 19 for SLE 12

Fri, 21 Jul 2017 09:22:00 +0000 An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes is now available. is now available.

Social Engineering Methods for Penetration Testing

Fri, 21 Oct 2016 10:18:59 +0000 Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

Putting Infosec Principles into Practice

Fri, 23 Sep 2016 10:53:29 +0000 When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.