The central voice for Linux and Open Source security news.


yescrypt - modern KDF and password hashing scheme

Fri, 16 Mar 2018 11:22:50 +0000 yescrypt is a password-based key derivation function (KDF) and password hashing scheme. It builds upon Colin Percival's scrypt and includes classic scrypt, a minor extension of scrypt known as YESCRYPT_WORM (named that for "write once, read [potentially] many [times]", which is how scrypt works), and the full native yescrypt also known as YESCRYPT_RW (for "read-write").

The Chrome extension that knows its you by the way you type

Fri, 16 Mar 2018 11:10:38 +0000 Using multi-factor authentication (MFA) is more secure than relying on passwords alone - but could it be made even better?

Warning - 3 Popular VPN Services Are Leaking Your IP Address

Fri, 16 Mar 2018 11:09:32 +0000 Researchers found critical vulnerabilities in three popular VPN services that could leak users' real IP addresses and other sensitive data.

Why a hard drive RAID array can save your bacon

Thu, 15 Mar 2018 10:28:53 +0000 How valuable is your data? If your storage drive crashed, would it ruin your day? Your week? Your entire career? Only you can answer those questions for yourself and your organization. But I'll tell you, personally, I need my files -- not only to get my day-to-day job done, but to reference older information and even look at personal keepsakes (like all my digital photos).

Linus Torvalds slams CTS Labs over AMD vulnerability report

Thu, 15 Mar 2018 10:27:48 +0000 CTS Labs, a heretofore unknown Tel Aviv-based cybersecurity startup, has claimed it's found over a dozen security problems with AMD Ryzen and EPYC processors. Linus Torvalds, Linux's creator, doesnt buy it. Torvalds, in a Google+ discussion, wrote:

Samba settings SNAFU lets any user change admin passwords

Wed, 14 Mar 2018 11:41:26 +0000 Samba admins: get patching and/or updating. Unless you're content to have your admin passwords overwritten by, well, anyone else using Samba.

RedHat: RHSA-2018-0549:01 Critical: firefox security update

Mon, 19 Mar 2018 05:18:00 +0000 An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

Gentoo: GLSA-201803-09: KDE Plasma Workspaces: Multiple vulnerabilities

Mon, 19 Mar 2018 01:15:00 +0000 Multiple vulnerabilities have been found in KDE Plasma Workspaces, the worst of which allows local attackers to execute arbitrary commands.

Gentoo: GLSA-201803-08: Adobe Flash Player: Multiple vulnerabilities

Mon, 19 Mar 2018 01:10:00 +0000 Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.

Gentoo: GLSA-201803-07: JabberD 2.x: Multiple vulnerabilities

Mon, 19 Mar 2018 01:05:00 +0000 Multiple vulnerabilities have been found in Gentoo's JabberD 2.x ebuild, the worst of which allows local attackers to escalate privileges. [More...]

Gentoo: GLSA-201803-06: Oracle JDK/JRE: Multiple vulnerabilities

Mon, 19 Mar 2018 00:55:00 +0000 Multiple vulnerabilities have been found in Oracle's JDK and JRE software suites, the worst of which may allow execution of arbitrary code. [More...]

Debian LTS: DLA-1309-1: curl security update

Sun, 18 Mar 2018 22:22:00 +0000 Multiple vulnerabilities were found in cURL, an URL transfer library: CVE-2018-1000120

Social Engineering Methods for Penetration Testing

Fri, 21 Oct 2016 10:18:59 +0000 Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

Putting Infosec Principles into Practice

Fri, 23 Sep 2016 10:53:29 +0000 When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.