The central voice for Linux and Open Source security news.


Google tightens noose on HTTP: Chrome to stick 'Not secure' on pages with search fields

Fri, 28 Apr 2017 09:42:03 +0000 Google is giving web developers six months to prepare for the next phase of its plan to mark all HTTP pages as 'Not secure'. October will mark stage two of Google's plan to label all HTTP pages as 'Not secure' in Chrome.

pemcracker - Tool For Cracking PEM Files

Fri, 28 Apr 2017 09:40:08 +0000 pemcracker is a tool for cracking PEM files that are encrypted and have a password. The purpose is to attempt to recover the password for encrypted PEM files while utilising all the CPU cores.

GrSecurity Kernel Patches Will No Longer Be Free To The Public

Thu, 27 Apr 2017 10:19:41 +0000 The GrSecurity initiative that hosts various out-of-tree patches to the mainline Linux kernel in order to enhance the security will no longer be available to non-paying users.

Meet the Nu-Nerds These College-Age Hackers Will Soon Shape Our Future

Thu, 27 Apr 2017 10:17:03 +0000 Google the words "David Dworken" and you'll find a picture of a teenager in an oversize gray suit shaking hands with former secretary of defense Ash Carter, along with a headline that reads: "Meet David Dworken, the Teenager Who Hacked the Pentagon." Which is pure clickbait. Last spring, the Pentagon sponsored a "bug bounty," inviting computer security enthusiasts to dig into, DoDLive, and a few of its other public-facing websites.

Open Internet Advocates Vow to Fight Trump FCC's Plan to Kill Net Neutrality

Thu, 27 Apr 2017 10:14:04 +0000 Ten years of fighting for internet freedom, potentially out the window because Donald Trump was elected president and chose as his top telecom regulator a former Verizon lawyer who's hell-bent on killing federal rules safeguarding net neutrality, the internet's open access principle.

Keybase on Fedora: crypto for everyone

Wed, 26 Apr 2017 08:49:10 +0000 Keybase is a service that makes a security web of trust usable for everyone. It uses encryption to provide secure communications - including chat, file sharing, and publishing documents. But it extends encryption into a social context, like Github or Gitlab do for project and source code control.

Debian: 3838-1: ghostscript: Summary

Fri, 28 Apr 2017 07:54:00 +0000 Security Report Summary

Debian: 3837-1: libreoffice: Summary

Thu, 27 Apr 2017 17:13:00 +0000 Security Report Summary

Fedora 26 java-1.8.0-openjdk-

Thu, 27 Apr 2017 17:08:00 +0000

Fedora 26 drupal8-8.3.1-1.fc26

Thu, 27 Apr 2017 17:04:00 +0000

Fedora 26 tomcat-8.0.43-1.fc26

Thu, 27 Apr 2017 17:00:00 +0000

Fedora 26 dovecot-

Thu, 27 Apr 2017 16:59:00 +0000

Social Engineering Methods for Penetration Testing

Fri, 21 Oct 2016 10:18:59 +0000 Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

Putting Infosec Principles into Practice

Fri, 23 Sep 2016 10:53:29 +0000 When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.