Press "Enter" to skip to content

Posts published in “Security”

Ubuntu Hacked, Linux Journal Extremists & More…

By Christine Hall on July 15, 2016 |

Community, Distros, Operating Systems, Politics, Security and Software

Ubuntu Hacked, Linux Journal Extremists & More…Bumblehive NSA

Also included: Microsoft shows love of Linux with gift of Skype and Torvalds continues to be Torvalds.

FOSS Week in Review

The biggest Linux story this week by mainstream tech sites’ standards was Skype working to include Linux users in its installed base by releasing a new Linux client to replace obsolete software that hadn’t been updated in at least two years. According to many of the comments on FOSS Force’s coverage, Skype might consider itself a day late and a dollar short.

The big problem, of course, is Skype’s ownership by Microsoft, whose love of Linux is so far unrequited. Add to that the fact that Skype, like Microsoft, doesn’t have the monopoly it once had and the result is a less than enthusiastic response. However, it wouldn’t surprise me if Ubuntu doesn’t start installing the Skype client by default once it comes out of beta.

Now on to some news that’s really newsworthy…

Continue readingUbuntu Hacked, Linux Journal Extremists & More…
David A. Wheeler: Working to Prevent the Next HeartbleedDavid A. Wheeler Core Infrastructure Initiative

David A. Wheeler: Working to Prevent the Next Heartbleed

By Robin "Roblimo" Miller on July 14, 2016 |

Community, Interview, Security and Software

The Heartbleed bug revealed that some important open source projects were so understaffed that they were unable to properly implement best security practices. The Linux Foundation’s Core Infrastructure Initiative , formed to help open source projects have the ability to adopt these practices, uses a lot of carrot and very little stick.

Robin "Roblimo" Miller

Robin “Roblimo” Miller is a freelance writer and former editor-in-chief at Open Source Technology Group, the company that owned SourceForge, freshmeat, Linux.com, NewsForge, ThinkGeek and Slashdot, and until recently served as a video editor at Slashdot. Now he’s mostly retired, but still works part-time as an editorial consultant for Grid Dynamics, and (obviously) writes for FOSS Force.

Continue readingDavid A. Wheeler: Working to Prevent the Next Heartbleed
SourceForge Tightens Security With Malware ScansSourceForge warning badge

SourceForge Tightens Security With Malware Scans

By FOSS Force on May 17, 2016 |

Business, News, Security and Software

After taking down the controversial DevShare program in early February, the new owners of popular software repository, SourceForge, have begun scanning all projects it hosts for malware in an attempt to regain trust that was lost by Dice Holdings, the site’s previous owners.

It appears as if the new owners at SourceForge are serious about fixing the mistakes made by the site’s previous owners. FOSS Force has learned that as of today, the software repository used by many free and open source projects is scanning all hosted projects for malware. Projects that don’t make the grade will be noticeably flagged with a red warning badge located beside the project’s download button.

SourceForge warning badge
A screenshot of the SourceForge warning badge that now displays on any project found to be containing malware.

According to a notice posted on the SourceForge website this afternoon, the scans look for “adware, viruses, and any unwanted applications that may be intentionally or inadvertently included in the software package.” Account holders with projects flagged as containing malware will be notified by SourceForge.

Continue readingSourceForge Tightens Security With Malware Scans
ImageMagick’s ImageTragick: Exploits Not Yet WidespreadImageMagick logo

ImageMagick’s ImageTragick: Exploits Not Yet Widespread

By FOSS Force on May 10, 2016 |

Internet, News, Security and Web Apps

Breaking News: Patched versions of ImageMagick now available.

FOSS Force has now learned that the ImageTragick hole has been patched in versions 7.0.1-2 and 6.9.4-0. Websites using ImageMagick are urged to upgrade.

Security researchers are reporting that cracker/hackers are currently taking advantage of ImageTragick, the easy to exploit security vulnerability in ImageMagick, a popular open source image manipulation tool used by many websites. However, so far the attacks don’t appear to be widespread.

Continue readingImageMagick’s ImageTragick: Exploits Not Yet Widespread

Rule 41: Getting Around the Constitution and Having It Too

By Christine Hall on May 4, 2016 |

Politics and Security

You don’t have to be a rocket scientist to understand what’s wrong with the proposed federal court updates to Rule 41.

Anyone who’s even halfway following the news of the proposed updates to Rule 41 probably can’t help but be struck by the irony of the situation. It’s actually humorous, in a Vonnegutian tragicomic sort of way.

In case you haven’t been following the news, the proposed changes from the advisory committee on criminal rules for the Judicial Conference of the United States would update Rule 41 of the Federal Rules of Criminal Procedure and broadly expand law enforcement’s legal authority when it comes to hacking and surveillance. The Supreme Court has already passed the proposal to Congress, which must disavow the changes by December 1 or it becomes the governing rule for every federal court in the country.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingRule 41: Getting Around the Constitution and Having It Too
Open Source ImageMagick Security Bug Puts Sites at RiskImageMagick logo

Open Source ImageMagick Security Bug Puts Sites at Risk

By FOSS Force on May 3, 2016 |

News and Security

A security vulnerability in the open source ImageMagick graphics tool used by a large number of websites could allow a malicious payload to be executed onsite.

ImageMagick, an open source suite of tools for working with graphic images used by a large number of websites, has been found to contain a serious security vulnerability that puts sites using the software at risk for malicious code to be executed onsite. Security experts consider exploitation to be so easy they’re calling it “trivial,” and exploits are already circulating in the wild. The biggest risk is to sites that allows users to upload their own image files.

Information about the vulnerability was made public Tuesday afternoon by Ryan Huber, a developer and security researcher, who wrote that he had little choice but to post about the exploit.

Continue readingOpen Source ImageMagick Security Bug Puts Sites at Risk
‘New’ Windows Security Flaw Runs Apps Without Admin RightsSecurity hole

‘New’ Windows Security Flaw Runs Apps Without Admin Rights

By FOSS Force on April 25, 2016 |

News and Security

Newly discovered Windows security hole bypasses AppLocker and lets apps run without admin rights. Proof-of-concept code published.

This is one of those “look what I found while looking for something else” sort of stories. Casey Smith was trying to solve a problem and accidentally discovered a security vulnerability that affects business and server editions of Windows 7 and up.

Continue reading‘New’ Windows Security Flaw Runs Apps Without Admin Rights
OSVDB Shuts Down, Firefox Add-ons Unsafe & More…OSVDB icon

OSVDB Shuts Down, Firefox Add-ons Unsafe & More…

By Christine Hall on April 8, 2016 |

Community, Distros, News, Operating Systems, Security and Software

FOSS Week in Review

Bubbling beneath the headlines in this week’s FOSS news review: ownCloud gets a new release, the Linux kernel grows by a half million lines since January 1, a new OS for the Pi 3 and FOSS Force welcomes a new columnist.

It seems as if even some FOSS writers have been buying into “Microsoft luvs Linux” this week, as some have been been bending over backwards to applaud the Ubuntu connection with bash on Windows. I only have one thing to say about that: Windows with bash support is still Windows.

In the real FOSS news this week…

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingOSVDB Shuts Down, Firefox Add-ons Unsafe & More…
Poll: Don’t Help Government Unencrypt DevicesApple vs FBI encryption poll

Poll: Don’t Help Government Unencrypt Devices

By FOSS Force on April 7, 2016 |

Politics, Polls and Security

The FOSS Force Poll

The results of our “Apple vs. the FBI” encryption poll are in. Most of our readers agree with Apple CEO Tim Cook’s decision to stand up to the FBI.

Often when we run a poll on FOSS Force, the results only go to confirm what we already know. Our latest completed poll is an example. What we got was exactly what we expected. You don’t think the makers of encrypted devices, or encryption software, should help the G-Men get inside — not even with a warrant.

Continue readingPoll: Don’t Help Government Unencrypt Devices

Our ‘Breaking Encryption for the Man’ Poll

By Christine Hall on March 31, 2016 |

Mobile, Politics and Security

First it was the NSA, the FBI and every big city cop shop on the planet insisting we need legislation to force safe, secure and for their eyes only back doors in damn near every device on the planet, presumably including light switches, garbage disposals and dishwashers. Eventually they came to see that doors, hidden or not, are merely temptations for hackers to break on through, and just decided to go on the down low for a while so they could pull a sneak attack later when we least expect it, which is a favorite trick of government types.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingOur ‘Breaking Encryption for the Man’ Poll
Latest Articles