The central voice for Linux and Open Source security news.


Understanding The Basics Of Two-Factor Authentication

Tue, 17 Jan 2017 09:26:08 +0000 With data breaches resulting in leaked passwords occurring almost daily, two-factor authentication has become an essential tool in the security toolkit.

Advances in SSL: 5 Strategies For Secure, High-Performance Load Balancers

Tue, 17 Jan 2017 09:25:12 +0000 Today, even Netflix is streaming hit movies and TV shows via encrypted connections! Here's how to manage higher volumes of encrypted traffic without bogging down your network.

Free IoT Vulnerability Scanner Hunts Enterprise Threats

Mon, 16 Jan 2017 14:42:31 +0000 Businesses will struggle to stay secure as the IoT permeates the workplace. An estimated 200 billion connected devices are projected to be in use by 2020, creating a broad new attack vector for cybercriminals.

The CSO guide to top security conferences

Mon, 16 Jan 2017 14:40:45 +0000 There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don't have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.

Just in Time for Trump, the NSA Loosens Its Privacy Rules

Fri, 13 Jan 2017 11:18:26 +0000 As the privacy and civil liberty community braces for Donald Trump's impending control of US intelligence agencies like the NSA, critics have called on the Obama administration to rein in those spying powers before a man with a reputation for vindictive grudges takes charge.

First came mass MongoDB ransacking: Now copycat ransoms hit Elasticsearch

Fri, 13 Jan 2017 11:10:22 +0000 Hundreds of unsecured Elasticsearch servers have been wiped in the past few hours in what could be a repeat of the recent mass ransom attacks on MongoDB databases.

Red Hat: 2017:0065-01: kernel: Important Advisory

Tue, 17 Jan 2017 04:44:00 +0000 An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact [More...]

Gentoo: 201701-42 file: Multiple vulnerabilities

Tue, 17 Jan 2017 04:33:00 +0000 Multiple vulnerabilities have been found in file, the worst of which could allow remote attackers to execute arbitrary code.

Gentoo: 201701-41 MiniUPnPc: Buffer overflow

Tue, 17 Jan 2017 04:28:00 +0000 A buffer overflow in MiniUPnPc might allow remote attackers to cause a Denial of Service condition.

Gentoo: 201701-40 xdelta: User-assisted execution of arbitrary code

Mon, 16 Jan 2017 22:52:00 +0000 A buffer overflow in xdelta might allow remote attackers to execute arbitrary code.

Gentoo: 201701-39 VLC: Buffer overflow

Mon, 16 Jan 2017 22:45:00 +0000 A buffer overflow in VLC might allow remote attackers to execute arbitrary code.

Gentoo: 201701-38 Pidgin: Multiple vulnerabilities

Mon, 16 Jan 2017 22:40:00 +0000 Multiple vulnerabilities have been found in Pidgin, the worst of which could lead to execution of arbitrary code.

Social Engineering Methods for Penetration Testing

Fri, 21 Oct 2016 10:18:59 +0000 Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

Putting Infosec Principles into Practice

Fri, 23 Sep 2016 10:53:29 +0000 When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.