Subscribe: LinuxSecurity.com - Latest News
http://www.linuxsecurity.com/static-content/linuxsecurity_articles.rss
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
certificates  end  firefox  https inspection  https  inspection tools  linux mint  linux  linuxsecurity  security  ssl  symantec  tls  vulnerability 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: LinuxSecurity.com - Latest News

LinuxSecurity.com - Latest News



The central voice for Linux and Open Source security news.



 



Hacker Who Used Linux Botnet to Send Millions of Spam Emails Pleads Guilty

Wed, 29 Mar 2017 09:43:25 +0000

LinuxSecurity.com: A Russian man accused of infecting tens of thousands of computer servers worldwide to generate millions in illicit profit has finally entered a guilty plea in the United States and is going to face sentencing in August.



The uncrackable problem of end-to-end encryption

Tue, 28 Mar 2017 10:02:00 +0000

LinuxSecurity.com: The UK government has said it wants access to messages sent via encrypted communications apps such as WhatsApp, re-igniting the debate over end-to-end encryption.



API flaws said to have left Symantec SSL certificates vulnerable to compromise

Mon, 27 Mar 2017 10:31:52 +0000

LinuxSecurity.com: Over the weekend, Chris Byrne, an information security consultant and instructor for Cloud Harmonics, published a post to Facebook outlining a serious problem with the processes and third-party API used to deliver and manage Symantec SSL certificates.



Google proposes sending Symantec to TLS sin bin

Fri, 24 Mar 2017 10:05:00 +0000

LinuxSecurity.com: Google has announced plans to reduce the trust in Symantec TLS certificates until a point is reached in early 2018 where Chrome 64 will only trust certificates issued for 279 days or less from the security giant and its subsidiaries.



FBI director floats international framework on access to encrypted data

Fri, 24 Mar 2017 10:03:46 +0000

LinuxSecurity.com: FBI director James Comey has suggested that an international agreement between governments could ease fears about IT products with government-mandated backdoors, but privacy advocates are doubtful.



Is Linux Mint a secure distribution?

Thu, 23 Mar 2017 08:15:56 +0000

LinuxSecurity.com: Linux Mint has been lambasted by some in the media for security problems over the last few years. But how accurate are such perceptions? Does Linux Mint really suffer from security problems or is it all much ado about nothing?



Mozilla beats rivals, patches Firefox's Pwn2Own bug

Thu, 23 Mar 2017 08:12:07 +0000

LinuxSecurity.com: Mozilla last week patched a Firefox vulnerability just a day after it was revealed during Pwn2Own, the first vendor to fix a flaw disclosed at the hacking contest.



LastPass hit by password stealing and code execution vulnerabilities

Wed, 22 Mar 2017 10:02:31 +0000

LinuxSecurity.com: LastPass has closed a remote code execution vulnerability on its Chrome extension, but according to Google Project Zero researcher Tavis Ormandy, issues remain on its Firefox extension, as well as details on another password-stealing vulnerability to come. Writing in the Project Zero issue tracker, Ormandy said it was possible to proxy untrusted messages to LastPass.



US-CERT Warns That HTTPS Inspection Tools Weaken TLS

Wed, 22 Mar 2017 10:00:12 +0000

LinuxSecurity.com: HTTPS inspection tools are, in essence, a security team's authorized man-in-the-middle attacker: they intercept encrypted SSL/TLS traffic, in order to, for example, search it for malware that uses HTTPS to connect to malicious servers. However, in an alert today, US-CERT warned that HTTPS interception weakens TLS security, advising that organizations "carefully consider the pros and cons of such products before implementing."



A simple command allows the CIA to commandeer 318 models of Cisco switches

Wed, 22 Mar 2017 09:58:38 +0000

LinuxSecurity.com: Cisco Systems said that more than 300 models of switches it sells contain a critical vulnerability that allows the CIA to use a simple command to remotely execute malicious code that takes full control of the devices. There currently is no fix.



Old Linux kernel security bug bites

Tue, 21 Mar 2017 11:42:35 +0000

LinuxSecurity.com: OK, hands up, who knows what High-Level Data Link Control (HDLC) is? It's an archaic networking data framing protocol that's used in modems, X.25, frame-relay, ISDN, and other now uncommon networking technologies. I know it because I used to work with them back in the day. You'll get to know it now because a researcher discovered a security hole hidden within the Linux kernel driver that implements it.



Firefox gets complaint for labeling unencrypted login page insecure

Tue, 21 Mar 2017 11:17:07 +0000

LinuxSecurity.com: The operator of a website that accepts subscriber logins only over unencrypted HTTP pages has taken to Mozilla's Bugzilla bug-reporting service to complain that the Firefox browser is warning that the page isn't suitable for the transmission of passwords.