Fri, 28 Oct 2016 09:37:42 +0000LinuxSecurity.com: Over the years I've bought some less than impressive consumer routers, so these days I run my own self-built hardware firewall appliance. Surprisingly, deciding on which option was best for my needs was not as easy as I had hoped.
Fri, 28 Oct 2016 09:35:29 +0000LinuxSecurity.com: When Mozilla ships Firefox 52, on or around March 7, 2017, the browser will come with the cryptographic protocol TLS 1.3 on by default. Martin Thomson, a principle engineer at Mozilla broke the news Wednesday in an email to Mozilla Development Platform members.
Fri, 28 Oct 2016 09:34:02 +0000LinuxSecurity.com: Thirty-one-year-old Laurie Love is currently staring down the possibility of 99 years in prison. After being extradited to the US recently, he stands accused of attacking systems belonging to the US government. It was allegedly part of the #OpLastResort hack in 2013, which targeted the US Army, the US Federal Reserve, the FBI, NASA, and the Missile Defense Agency in retaliation over the tragic suicide of Aaron Swartz as the hacktivist infamously awaited trial.
Wed, 26 Oct 2016 09:47:39 +0000LinuxSecurity.com: Kees Cook is a Google techie and security researcher whose interests include the Linux Kernel Self Protection Project. The idea of "self-protection" doesn't mean giving up on trying to create secure code in the first place, of course.
Wed, 26 Oct 2016 09:46:35 +0000LinuxSecurity.com: It's encouraging to read that the government understands the seriousness of the loss of $81 million dollars via the hacking of Bangladesh Bank, and that a cyber-security agency is going to be formed to prevent further disasters. Currently, information security in each government department is up to the internal IT staff of that department.
Tue, 25 Oct 2016 19:01:53 +0000LinuxSecurity.com: First, there was nothing -- nothing -- surprising about this attack. As Paul Mockapetris, creator of the Domain Name System (DNS), said, "The successful DDoS attack on DYN is merely a new twist on age-old warfare. ... Classic warfare can be anticipated and defended against. But warfare on the internet, just like in history, has changed. So let's take a look at the asymmetrical battle in terms of the good guys (DYN) and the bad guys (Mirai botnets), and realize and plan for more of these sorts of attacks."
Tue, 25 Oct 2016 13:01:32 +0000LinuxSecurity.com: Microsoft has released an analysis of the extent of malware worldwide and what specific threats are likely to hit each country.
Tue, 25 Oct 2016 11:27:54 +0000LinuxSecurity.com: A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible.
Mon, 24 Oct 2016 20:19:18 +0000LinuxSecurity.com: Six months ago, Hector Monsegur hit send on an email to about a dozen new hires on the IT staff of a certain Seattle-based tech company whose names were carefully chosen from social media. The email, as he describes it, was a classic phishing scheme: It spoofed a note asking the targets to log into a company wiki that would "provide an information sharing platform within the group."
Mon, 24 Oct 2016 20:16:35 +0000LinuxSecurity.com: Last Friday's massive DDoS that exploited online cameras and DVRs was simple to pull off -- and a new chapter in online attacks. The distributed denial-of-service (DDoS) attack last Friday via an army of infected webcams, DVRs, and other systems, that crippled a large chunk of the Internet's domain name system (DNS) served as a wake-up call after years of research and warning about vulnerable consumer and embedded devices.
Mon, 24 Oct 2016 20:14:33 +0000LinuxSecurity.com: EMS computers in Guilford County, NC were exposed for an unknown length of time, because the server managing system updates was publicly available on the internet. The problem was discovered earlier this month by a researcher scanning the internet for Rsync servers.
Fri, 21 Oct 2016 14:02:40 +0000LinuxSecurity.com: A major distributed denial-of-service (DDoS) attack on Internet domain service provider Dyn in the early morning hours on the East Coast today disrupted major websites - including Okta, CNN, Pinterest, Reddit, and Twitter - and provided a grim reminder of the vulnerability of a key element of the Internet's infrastructure.