Wed, 29 Mar 2017 09:43:25 +0000LinuxSecurity.com: A Russian man accused of infecting tens of thousands of computer servers worldwide to generate millions in illicit profit has finally entered a guilty plea in the United States and is going to face sentencing in August.
Tue, 28 Mar 2017 10:02:00 +0000LinuxSecurity.com: The UK government has said it wants access to messages sent via encrypted communications apps such as WhatsApp, re-igniting the debate over end-to-end encryption.
Mon, 27 Mar 2017 10:31:52 +0000LinuxSecurity.com: Over the weekend, Chris Byrne, an information security consultant and instructor for Cloud Harmonics, published a post to Facebook outlining a serious problem with the processes and third-party API used to deliver and manage Symantec SSL certificates.
Fri, 24 Mar 2017 10:05:00 +0000LinuxSecurity.com: Google has announced plans to reduce the trust in Symantec TLS certificates until a point is reached in early 2018 where Chrome 64 will only trust certificates issued for 279 days or less from the security giant and its subsidiaries.
Fri, 24 Mar 2017 10:03:46 +0000LinuxSecurity.com: FBI director James Comey has suggested that an international agreement between governments could ease fears about IT products with government-mandated backdoors, but privacy advocates are doubtful.
Thu, 23 Mar 2017 08:15:56 +0000LinuxSecurity.com: Linux Mint has been lambasted by some in the media for security problems over the last few years. But how accurate are such perceptions? Does Linux Mint really suffer from security problems or is it all much ado about nothing?
Thu, 23 Mar 2017 08:12:07 +0000LinuxSecurity.com: Mozilla last week patched a Firefox vulnerability just a day after it was revealed during Pwn2Own, the first vendor to fix a flaw disclosed at the hacking contest.
Wed, 22 Mar 2017 10:02:31 +0000LinuxSecurity.com: LastPass has closed a remote code execution vulnerability on its Chrome extension, but according to Google Project Zero researcher Tavis Ormandy, issues remain on its Firefox extension, as well as details on another password-stealing vulnerability to come. Writing in the Project Zero issue tracker, Ormandy said it was possible to proxy untrusted messages to LastPass.
Wed, 22 Mar 2017 10:00:12 +0000LinuxSecurity.com: HTTPS inspection tools are, in essence, a security team's authorized man-in-the-middle attacker: they intercept encrypted SSL/TLS traffic, in order to, for example, search it for malware that uses HTTPS to connect to malicious servers. However, in an alert today, US-CERT warned that HTTPS interception weakens TLS security, advising that organizations "carefully consider the pros and cons of such products before implementing."
Wed, 22 Mar 2017 09:58:38 +0000LinuxSecurity.com: Cisco Systems said that more than 300 models of switches it sells contain a critical vulnerability that allows the CIA to use a simple command to remotely execute malicious code that takes full control of the devices. There currently is no fix.
Tue, 21 Mar 2017 11:42:35 +0000LinuxSecurity.com: OK, hands up, who knows what High-Level Data Link Control (HDLC) is? It's an archaic networking data framing protocol that's used in modems, X.25, frame-relay, ISDN, and other now uncommon networking technologies. I know it because I used to work with them back in the day. You'll get to know it now because a researcher discovered a security hole hidden within the Linux kernel driver that implements it.
Tue, 21 Mar 2017 11:17:07 +0000LinuxSecurity.com: The operator of a website that accepts subscriber logins only over unencrypted HTTP pages has taken to Mozilla's Bugzilla bug-reporting service to complain that the Firefox browser is warning that the page isn't suitable for the transmission of passwords.