Linux

(get it in RSS or Atom)

Latest OpenSSL flaws can lead to information leakage, code execution and DoS

Only two months after the Heartbleed vulnerability in OpenSSL captured global headlines we have another critical update for OpenSSL fixing 6 new flaws.

Chinese government shuns Windows 8 - security, economy or politics?

Chinese government shuns Windows 8 - security, economy or politics?

China is banning the use of Windows 8 in government departments, with an announcement from the country's Central Government Procurement Center nicely timed to add to the sizzling diplomatic row between China and the US.

As one security hole closes, another one opens! 60 Sec Security [VIDEO]

How many years was that security hole in Linux ? How many security patches for XP? How many lock screen holes in iOS? How much do Google specs cost?

Find out in this week's 60 Second Security video...

Linux "got root" kernel bug patched after five years at large

bug-250

Here's a kernel bug in Linux that turned out to have been sitting there, Heartbleed style, awaiting discovery and exploitation for several years.

Paul Ducklin digs in...

More post-Heartbleed love/cash for OpenSSL

openssl-250

The Linux Foundation has announced the Core Infrastructure Initiative - a multi-million dollar project to fund and support critical elements of the global information infrastructure.

It's starting (surprise, surprise) with OpenSSL...

Monday review - the hot 24 stories of the week

Monday review

Missed anything last week? Catch up with everything we talked about with our weekly roundup.

Rudest man in Linuxdom rants about randomness - "We actually know what we are doing. You don't."

rant-lt-250

Yet more "NSA cracked my crypto" conspiracy, and this time, the rudest man in Linuxdom is in the thick of it!

Ubuntu users, relax: the gun-toting penguin says s/he means no harm

Ubuntu users, relax: the gun-toting penguin says s/he means no harm

Someone claiming to be behind the weekend's Ubuntu Forums gun-toting-penguin takeover has told users to "stop worrying about your passwords", it's just not worth the effort of unencrypting them.

Lifting the lid on the Redkit exploit kit

In the first of a two part series, Fraser Howard takes a closer look at the Redkit exploit kit.

Learn more about how this kit works and the compromised web servers that are being used to host it.

Anatomy of a bug - the five minute insecurity window in the sudo command

An authentication-related bug was patched recently in the Unix sudo command.

Ironically, the bug was more likely to affect those users who were more security-conscious.

Paul Ducklin explains...

FLAMING RETORT: Linux rootkit news "provides some comic relief"

About two weeks ago, a posting on the Full Disclosure Mailing List announced a new Linux rootkit.

Indeed, the posting didn't just announce the malware, but included a fully-working sample...

Sophos Techknow - All about Java

techknow-logo-170-of-250-at-0250x0250

Java brings with it some significant risks, yet for many people, it's "just there on my computer."

In this episode, Duck and Chet tell you All about Java, and help you to make an informed decision in balancing its risks and rewards at work and at home.

Multi-platform backdoor malware targets Windows, Mac and Linux users

Multi-platform backdoor malware targets Windows, Mac and Linux users

A web-based malware attack has been discovered, targeting users of Windows, Mac and Linux.

Although the amount of malware written for different operating systems can vary, it's becoming increasingly hard to argue that it's safe to surf the web on any OS without anti-virus protection.

FLAMING RETORT: All this new Mac malware - whose fault is it?

FLAMING RETORT: It's all your fault!

Flaming Retort is back, this time trying to Coole and Explayne the flames we've had from some Mac users in the past few days.

In a back-to-front way of making Mac fans feel better, I'll start by making everyone feel slightly worse, taking a small potshot at Windows, OS X and Linux fans alike.

Welcome back, Linux kernel!

Welcome back, Linux kernel!

Just under a month ago, the official distribution site for the Linux kernel was taken offline following an embarrasing malware incident.

The good news is that kernel.org is back online. It's not all roses, though.

Apple fakery, DNS hack, DigiNotar, Linux, Wikileaks - 60 Sec Security

60ss-20110913-250

Lots of readers said they'd like to see our 'news-with-a-conscience' videos more than once a month.

So here you go. 60 Second Security, once every two weeks.

Security breach: Kernel.org and Linux Foundation remain "temporarily unavailable"

Linux world in security spinout as Linux Foundation and Kernel.org remain "temporarily unavailable"

The Linux world is in a bit of a security spinout at the moment.

Could this be the moment that you finally decide to try OpenBSD?

IT security - what you must know in the mobile era

IT security - what you must know in the mobile era

Worried about the cloud? Data breaches? Mobile devices? Identity theft?

Join presenter James Kirby and experts Stephen Wilson, Charis Palmer and (ahem) me as we talk on the subject of IT security - what you must know in the mobile era.

Skype protocol cracked - what happens next?

skype-180-split

A chap by the name of Efim Bushmanov has just published a claim that he has reverse-engineered the Skype protocol.

But how did he do it? And will the lawyers take it from here?

FLAMING RETORT: Cooling the friction when Linux meets anti-virus

FLAMING RETORT

Welcome to the first installment of a brand new Naked Security column, Flaming Retort!

This week, Sophos Voice of Reason Paul Ducklin soothes the friction which seems to warm things up whenever Linux meets anti-virus.