Press "Enter" to skip to content

Posts published in “Security”

ImageMagick’s ImageTragick: Exploits Not Yet Widespread

Breaking News: Patched versions of ImageMagick now available.

FOSS Force has now learned that the ImageTragick hole has been patched in versions 7.0.1-2 and 6.9.4-0. Websites using ImageMagick are urged to upgrade.

Security researchers are reporting that cracker/hackers are currently taking advantage of ImageTragick, the easy to exploit security vulnerability in ImageMagick, a popular open source image manipulation tool used by many websites. However, so far the attacks don’t appear to be widespread.

Rule 41: Getting Around the Constitution and Having It Too

You don’t have to be a rocket scientist to understand what’s wrong with the proposed federal court updates to Rule 41.

Anyone who’s even halfway following the news of the proposed updates to Rule 41 probably can’t help but be struck by the irony of the situation. It’s actually humorous, in a Vonnegutian tragicomic sort of way.

In case you haven’t been following the news, the proposed changes from the advisory committee on criminal rules for the Judicial Conference of the United States would update Rule 41 of the Federal Rules of Criminal Procedure and broadly expand law enforcement’s legal authority when it comes to hacking and surveillance. The Supreme Court has already passed the proposal to Congress, which must disavow the changes by December 1 or it becomes the governing rule for every federal court in the country.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Open Source ImageMagick Security Bug Puts Sites at Risk

A security vulnerability in the open source ImageMagick graphics tool used by a large number of websites could allow a malicious payload to be executed onsite.

ImageMagick, an open source suite of tools for working with graphic images used by a large number of websites, has been found to contain a serious security vulnerability that puts sites using the software at risk for malicious code to be executed onsite. Security experts consider exploitation to be so easy they’re calling it “trivial,” and exploits are already circulating in the wild. The biggest risk is to sites that allows users to upload their own image files.

Information about the vulnerability was made public Tuesday afternoon by Ryan Huber, a developer and security researcher, who wrote that he had little choice but to post about the exploit.

‘New’ Windows Security Flaw Runs Apps Without Admin Rights

Newly discovered Windows security hole bypasses AppLocker and lets apps run without admin rights. Proof-of-concept code published.

This is one of those “look what I found while looking for something else” sort of stories. Casey Smith was trying to solve a problem and accidentally discovered a security vulnerability that affects business and server editions of Windows 7 and up.

OSVDB Shuts Down, Firefox Add-ons Unsafe & More…

FOSS Week in Review

Bubbling beneath the headlines in this week’s FOSS news review: ownCloud gets a new release, the Linux kernel grows by a half million lines since January 1, a new OS for the Pi 3 and FOSS Force welcomes a new columnist.

It seems as if even some FOSS writers have been buying into “Microsoft luvs Linux” this week, as some have been been bending over backwards to applaud the Ubuntu connection with bash on Windows. I only have one thing to say about that: Windows with bash support is still Windows.

In the real FOSS news this week…

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Poll: Don’t Help Government Unencrypt Devices

The FOSS Force Poll

The results of our “Apple vs. the FBI” encryption poll are in. Most of our readers agree with Apple CEO Tim Cook’s decision to stand up to the FBI.

Often when we run a poll on FOSS Force, the results only go to confirm what we already know. Our latest completed poll is an example. What we got was exactly what we expected. You don’t think the makers of encrypted devices, or encryption software, should help the G-Men get inside — not even with a warrant.

Our ‘Breaking Encryption for the Man’ Poll

First it was the NSA, the FBI and every big city cop shop on the planet insisting we need legislation to force safe, secure and for their eyes only back doors in damn near every device on the planet, presumably including light switches, garbage disposals and dishwashers. Eventually they came to see that doors, hidden or not, are merely temptations for hackers to break on through, and just decided to go on the down low for a while so they could pull a sneak attack later when we least expect it, which is a favorite trick of government types.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Ethical Hackers Unethically Hacked, Keystroke IDs & More…

FOSS Week in Review

While Facebook and Google work to better identify you by your typing skills and Red Hat counts the bucks from its best ever year, Ubuntu finally makes it possible to launch from the bottom.

If you depend only on mainstream tech media’s coverage of FOSS, you might be excused for thinking that the biggest news of the week revolved either around Ubuntu’s new summer home in the world of BSD — which isn’t a Canonical project by the way — or Microsoft’s open sourcing of every scrap of code it can find that might benefit Microsoft if it were open sourced.

In my not-so-humble opinion, both of these stories were yawners. Of course somebody’s attempted to create a BSD *buntu. There are already Ubuntu flavors for every single desktop environment known to mankind, as well as a few DEs that are figments of Canonical’s imagination, so where else was there to go but to another operating system? What’s next? Given the way Ubuntu has been cozying up to Microsoft, I’m expecting Ubuntu for Windows.

As for Microsoft’s continuing open sourcing? There’s nothing new here, move on. When Redmond loves Linux and open source enough to quit suing open source projects over patents it claims it has — that will be news.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Verizon Case Illustrates Why We Need a Linux Phone

There are plenty of reasons to be anticipating the arrival of GNU/Linux phones and tablets. Verizon Wireless has given us another.

On March 7, the FCC slapped a $1.35 million fine on Verizon in a privacy case, a move that’s being hailed as a victory by some privacy advocates. If so, it would seem to be a hollow victory. For starters, the fine is too low to be much of a deterrent against a company which last year had annual gross income of over $63 billion. But there is much more wrong with the agreement the carrier reached with the FCC than merely the price tag.

Verizon logoThe case revolves around Verizon’s use of a supercookie — a cookie that uses a variety of techniques to make it nearly impossible to remove or disable — which the carrier began placing on its customers’ phones in 2012. The cookie gathered information that combined a person’s Internet history — whether through browsers or apps — with their unique customer information. The company ran afoul of the law because of the way it shared the information it gleaned with third parties.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Top Websites Hit With Malware Ads

Some of the biggest online advertising networks this weekend served malware laden ads to some of the Internet’s highest trafficked websites.

Some of the most visited sites on the Internet began delivering malware laden ads this weekend. The sites affected included The New York Times, the BBC, MSN, and AOL. Those who visited a site delivering the ads are not at risk unless they clicked on an infected ad. After clicking, users are taken to another website which attempts to infect them with either Cryptowall ransomware or a trojan that gives the attackers control of the infected computer. The good news for FOSS Force readers is that the malware seems to only work against Windows, so GNU/Linux users are considered safe.

Cyber Security Malware

Breaking News: